Major global telecom equipment makers have urged the Department of Telecommunications to refine guidelines for cybersecurity self-declarations. Companies are concerned that guaranteeing hardware is permanently vulnerability-free is technically impossible, creating potential liability risks. The discussions highlight the ongoing regulatory transition toward a mandatory testing regime for the telecom sector.
What Happened
Leading global telecom equipment manufacturers, including Nokia, Ericsson, Cisco, and Ciena, have approached the Department of Telecommunications (DoT) to seek clarity on cybersecurity compliance rules. The primary point of contention is the current requirement for vendors to self-declare their equipment as entirely free from security vulnerabilities to receive a temporary certification, known as a Pro Tem certificate. This certification is currently necessary for companies to sell and deploy 5G gear, routers, and various network devices within the Indian market.
The Core Security Challenge
Vendors argue that the current self-declaration process creates a significant and undefined liability risk. In the age of advanced artificial intelligence and rapidly evolving cyber threats, companies state that it is technically impossible for any manufacturer to guarantee that a device will remain free from vulnerabilities indefinitely. If a security flaw is discovered in a device after it has been certified, the current framework leaves vendors exposed to potential penalties. Industry executives have emphasized that these penalties could be severe, creating a deterrent for companies operating in the domestic telecom infrastructure space.
Why This Matters for the Industry
The Pro Tem certification scheme serves as an interim measure while the government prepares for a broader, mandatory testing and certification regime for all telecom equipment. While this temporary framework has allowed for business continuity, allowing over 100 certificates to be issued based on self-declarations, the underlying regulatory ambiguity is causing concern. For the telecom equipment sector, this is not just a compliance issue; it represents a fundamental challenge in balancing national security standards with the practical realities of software and hardware development.
Regulatory Outlook
The National Centre for Communication Security (NCCS), which operates under the DoT, has reportedly acknowledged these concerns. Government officials have signaled that they are working on finalizing clearer policy guidelines to address the practical constraints faced by vendors. The move is seen as an effort to align security requirements with the evolving technology landscape without stifling the supply of critical network equipment.
What Investors Should Track
The most important monitorable for stakeholders is the upcoming policy update from the DoT and NCCS. Investors should watch for changes in the liability framework, specifically whether the government introduces a more defined list of compliance parameters or shifts away from the open-ended self-declaration model. Any delay in finalizing these guidelines or a strict enforcement of current penalty structures could impact the ease of doing business for telecom vendors. Conversely, a clearer policy framework would reduce operational uncertainty and allow for smoother equipment deployment across Indian networks.