India’s surveillance landscape is undergoing a significant transformation with the enforcement of new compliance regulations—STQC ER, PPO’24, and CRO’24. These frameworks, introduced by the Ministry of Electronics and Information Technology (MeitY), are designed to raise the bar for quality, cybersecurity, and trust in video surveillance products across the country.
At the center of this transformation is Essential Requirements (ER), a mandatory compliance standard aimed at ensuring hardware-level security, robust firmware protection, and transparent supply chains in network cameras. To certify products against these requirements, MeitY has authorized STQC (Standardization Testing and Quality Certification) to evaluate surveillance devices under the IoT System Certification Scheme (IoTSCS). This certification process ensures that cameras are not only secure and reliable but also aligned with global benchmarks like ISO/IEC 27402 for IoT cybersecurity.
Who Needs to Comply?
While the regulations began with a focus on government tenders, their scope has expanded. Under the Public Procurement Order 2024 (PPO’24), all government entities are mandated to use only STQC-certified, ER-compliant cameras in their projects. Whether it’s a smart city installation, law enforcement initiative, or defense setup, only certified products are now eligible for procurement. PPO’24 also strengthens the Make-in-India movement by giving preference to locally manufactured solutions. Vendors are categorized based on local content, and those found misrepresenting their compliance risk being blacklisted.
India’s surveillance landscape is undergoing a significant transformation with the enforcement of new compliance regulations—STQC ER, PPO’24, and CRO’24. These frameworks, introduced by the Ministry of Electronics and Information Technology (MeitY), are designed to raise the bar for quality, cybersecurity, and trust in video surveillance products across the country.
At the center of this transformation is Essential Requirements (ER), a mandatory compliance standard aimed at ensuring hardware-level security, robust firmware protection, and transparent supply chains in network cameras. To certify products against these requirements, MeitY has authorized STQC (Standardization Testing and Quality Certification) to evaluate surveillance devices under the IoT System Certification Scheme (IoTSCS). This certification process ensures that cameras are not only secure and reliable but also aligned with global benchmarks like ISO/IEC 27402 for IoT cybersecurity.
Who Needs to Comply?
While the regulations began with a focus on government tenders, their scope has expanded. Under the Public Procurement Order 2024 (PPO’24), all government entities are mandated to use only STQC-certified, ER-compliant cameras in their projects. Whether it’s a smart city installation, law enforcement initiative, or defense setup, only certified products are now eligible for procurement. PPO’24 also strengthens the Make-in-India movement by giving preference to locally manufactured solutions. Vendors are categorized based on local content, and those found misrepresenting their compliance risk being blacklisted.
India’s surveillance landscape is undergoing a significant transformation with the enforcement of new compliance regulations—STQC ER, PPO’24, and CRO’24. These frameworks, introduced by the Ministry of Electronics and Information Technology (MeitY), are designed to raise the bar for quality, cybersecurity, and trust in video surveillance products across the country.
At the center of this transformation is Essential Requirements (ER), a mandatory compliance standard aimed at ensuring hardware-level security, robust firmware protection, and transparent supply chains in network cameras. To certify products against these requirements, MeitY has authorized STQC (Standardization Testing and Quality Certification) to evaluate surveillance devices under the IoT System Certification Scheme (IoTSCS). This certification process ensures that cameras are not only secure and reliable but also aligned with global benchmarks like ISO/IEC 27402 for IoT cybersecurity.
Who Needs to Comply?
While the regulations began with a focus on government tenders, their scope has expanded. Under the Public Procurement Order 2024 (PPO’24), all government entities are mandated to use only STQC-certified, ER-compliant cameras in their projects. Whether it’s a smart city installation, law enforcement initiative, or defense setup, only certified products are now eligible for procurement. PPO’24 also strengthens the Make-in-India movement by giving preference to locally manufactured solutions. Vendors are categorized based on local content, and those found misrepresenting their compliance risk being blacklisted.
The private sector is not left out either. Customer Requirement Order 2024 (CRO’24) makes STQC ER compliance mandatory for all network cameras sold in India, regardless of the buyer. This means that even retail chains, corporate offices, or manufacturing facilities must now ensure that the surveillance products they buy meet these cybersecurity and safety standards. By April 9, 2025, all non-compliant products will be barred from sale in the Indian market.
What Does STQC ER Certification Test?
The certification process is rigorous, covering five key areas:
- Hardware-Level Security: Cameras must have secure boot, disabled debug interfaces, protection against tampering, and secure storage for credentials or certificates.
- Software and Firmware Security: Compliance requires encrypted communication, secure firmware updates, and protection against known cyber threats like hardcoded credentials or rollback attacks.
- Secure Communication Standards: Devices must use standard, encrypted protocols with mutual authentication for all remote communication.
- Supply Chain Security: Manufacturers must prove that components are sourced from trusted vendors, and that risk management and anti-counterfeit policies are in place.
- Development-Stage Security: Products are reviewed for secure design practices, quality assurance protocols, and pre-release malware scanning.
Together, these parameters ensure that certified products are secure at every stage—from manufacturing to real-world deployment.
Why It’s Time to Upgrade
For businesses that already have legacy surveillance systems in place, the shift to compliance may seem complex—but it’s inevitable. While existing systems may remain operational temporarily, non-compliant products will not be eligible for tenders or expansion under new regulatory requirements. For private sector buyers, using non-certified products could lead to legal issues or disruption in operations as enforcement tightens.
Moreover, the Bureau of Indian Standards (BIS) is also stepping in with additional safety certifications, making compliance even more comprehensive. The message is clear: if you’re investing in surveillance today, certified products aren’t optional—they’re essential.
The Risks of Non-Compliance
Failing to comply with ER standards can have serious consequences. Government projects using uncertified cameras will be rejected outright. Vendors or manufacturers making false claims regarding certification or local content can be blacklisted. In the private sector, non-certified products may be pulled from shelves or banned from installation, with legal penalties for violators.
How to Choose the Right Products
To avoid these risks, buyers must take an informed approach. Always request official STQC certification numbers from vendors and ensure the product is listed under the IoTSCS framework. Cross-verifying listings on the official STQC or Government e-Marketplace (GeM) platforms can also provide assurance of authenticity.
Companies like Matrix offer a wide range of STQC-certified, ER-compliant network cameras—including ruggedized models for harsh environments and high-precision PTZ cameras for wide-area surveillance. These products are readily available through certified distributors, GeM, or directly through the company.
Final Thoughts
STQC ER compliance is not just a regulatory checkbox—it’s a crucial step toward building a secure and trustworthy surveillance infrastructure in India. With rising cyber threats, public safety challenges, and national security priorities, choosing compliant solutions is no longer just a smart move—it’s a necessary one. For businesses and agencies looking to future-proof their surveillance systems, the path forward is clear: choose certified, compliant products built to meet the standards of today and tomorrow.
