India is set to roll out a mandatory cybersecurity certification framework for all connected devices, impacting key sectors such as healthcare, energy, transport, telecom, and industrial infrastructure. Prompted by rising concerns over vulnerabilities in imported equipment and critical national systems, the upcoming policy will require stringent security testing, verification of sourcing, and uniform deployment standards across major industries.
The implementation is expected to take place in phases, with parliamentary and sector-specific consultations shaping the final regulatory roadmap.
Further, the initiative is being led by the National security council secretariat under the Prime Minister’s office, with coordination responsibilities shared among the Department of Telecommunications (DoT), the Ministry of Electronics and Information Technology (MeitY), and the Ministry of Home Affairs. Earlier efforts in the telecom sector have shown that mandatory certification and the use of trusted sources can help mitigate systemic security risks, and similar safeguards are now anticipated to cover the broader set of internet of things (IoT) devices supporting India’s expanding digital infrastructure. Given varying sectoral readiness and input from stakeholders, the overall rollout may span three to four years to accommodate compliance, capacity-building, and interoperability needs.
