The proposed framework aims to strengthen device security and curb data breaches in India’s vast smartphone market, but technology companies warn that mandatory disclosures and oversight could disrupt innovation, update cycles, and global operating practices.
The government is evaluating a new set of stringent security requirements for smartphones that could significantly alter how global technology companies operate in the country. The proposed rules, currently under consultation, would expand regulatory oversight over device software, security processes, and system architecture.
At the heart of the proposal is the draft Indian Telecom Security Assurance Requirements (ITSAR), a framework that outlines 83 security-related standards for smartphone manufacturers. The move is part of the Narendra Modi government’s broader effort to enhance user data protection amid rising incidents of cyber fraud, data leaks, and digital crimes in a market that now counts close to 750 million smartphone users.
Source code access and update oversight
One of the most debated provisions would require smartphone makers to submit their source code for inspection and testing at government-approved laboratories. Authorities are also considering rules that would compel companies to inform the government in advance about major operating system updates and security patches, allowing regulators to review them for potential vulnerabilities before public release.
Government officials maintain that the objective is to improve national cybersecurity rather than gain access to proprietary business information. IT Secretary S. Krishnan has said the administration remains open to discussions and will examine legitimate industry concerns as consultations continue, noting that the framework is still at a preliminary stage.
Industry warns of regulatory overreach
Technology companies and industry associations, however, have raised strong objections. The Mobile and Electronics Association of India (MAIT), which represents major brands including Apple, Samsung, Google, and Xiaomi, has cautioned that such measures exceed global regulatory norms. In representations to the government, the association has argued that no major market in Europe, North America, or Australia mandates source code disclosure for official scrutiny.
MAIT has also flagged concerns around other provisions, including mandatory malware scans that could impact device performance and battery life, as well as requirements to store detailed system logs on devices for extended periods. Additionally, the industry has questioned the feasibility of pre-notifying authorities about software updates, arguing that security patches often need to be deployed rapidly to counter emerging threats.
The ongoing debate underscores a larger challenge facing India as it seeks to balance national security priorities with the need to maintain an attractive environment for global technology investment. With India emerging as one of the world’s most important smartphone markets, the final shape of these rules could carry significant implications for both consumers and device makers.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
