Recent regulatory developments suggest that India has reportedly eased its telecom source code disclosure mandates. With the implementation of the Telecom Act, 2023 and the proposed amendments to the Telecom Cyber Security Rules, 2025, the emphasis has shifted towards self-declaration and rigorous testing processes, moving away from the earlier requirement of mandatory source code submission by vendors.
While these changes are expected to ease operations for global telecom manufacturers and service providers, they could also intensify challenges for Indian companies competing in this space.
The relaxed norms on source code and local content are likely to streamline compliance and operational procedures for international players, allowing greater participation in the Indian market and accelerating network deployment in line with global business practices.
On the other hand, local telecom equipment makers may find themselves at a disadvantage, as the regulatory changes dilute the benefits once provided by localisation requirements. Industry stakeholders have raised concerns that these relaxations could impact the momentum of domestic manufacturing and self-reliance initiatives.
Further, under the new framework, both Indian and foreign telecom vendors can comply with security regulations by submitting a self-declaration affirming that their equipment has been developed and tested in line with prescribed standards, such as those outlined in the Indian Telecom Security Assurance Requirements (ITSAR). This approach preserves the confidentiality of proprietary source code while meeting compliance norms.
Meanwhile, original equipment manufacturers (OEMs) are now required to submit internal test reports that exclude intellectual property-related information but must include a summary of identified security vulnerabilities and their classification based on risk levels.
There is no longer a blanket requirement for regulatory submission of source code. Instead, authorities may request access only in exceptional circumstances, such as during a targeted security investigation or incident response. Even in such cases, strict protocols will be followed to safeguard IP rights.
Furthermore, the revised regulatory approach aims to lower entry barriers, especially for startups and small-to-medium enterprises (SMEs), by focusing on compliance outcomes rather than intrusive procedural requirements.
These changes align India’s telecom regulatory framework more closely with global standards, enhancing the market’s appeal to international technology firms and investors.
Overall, the shift reflects the government’s effort to balance national security imperatives with the promotion of innovation and commercial interests, addressing industry concerns over source code exposure while ensuring a robust cybersecurity regime.
