**India Eases Telecom Source Code Requirements for Equipment Suppliers**
India has eased its previous demand for telecom equipment suppliers to provide proprietary source code, offering relief to local telecom operators and multinational companies like Ericsson, Nokia, and Cisco. This shift, however, presents challenges for domestic manufacturers. Under the new guidelines, suppliers are now only required to submit a summary of their internal security test results and confirm adherence to testing procedures. In cases where there are concerns about product vulnerabilities during a security breach, full test reports must be submitted, and cooperation with the telecom department’s source code testing unit is mandatory. This change has been confirmed by two officials familiar with the situation.
The initial requirement for source code submission, announced in February, had raised alarms among foreign equipment suppliers, including those providing switches, routers, and modems. An industry executive noted that while the new regulations are somewhat positive, the process of sharing internal security tests remains burdensome and complex. Telecom operators stand to benefit from this change, as it allows them to procure equipment and deploy networks without delays associated with source code requirements.
This development is particularly significant amid ongoing trade negotiations between India, the US, and the European Union. In March, the US Trade Representative expressed concerns regarding the costly nature of third-party equipment testing and the disclosure of proprietary information, including source code and internal tests. The original deadline for source code submission was set for January 1, 2026.
Telecom networks are considered critical infrastructure, and any compromise could impact defense, emergency services, banking, and government operations. Access to source code is essential for the government to ensure that there are no backdoors, malware, or embedded vulnerabilities left by vendors, as highlighted by one of the officials.
The National Centre for Communication Security (NCCS), part of the Department of Telecommunications, issued a notification on June 18, stating that manufacturers must submit internal test reports, excluding intellectual property-related information, but must include a summary of identified security vulnerabilities classified by risk.
In 2020, the Indian government launched the Communication Security Certification Scheme (ComSec) to establish India-specific standards, testing processes, and a certification ecosystem. However, the implementation of this scheme has faced delays.
**FAQ**
**What are the new requirements for telecom equipment suppliers in India?**
Telecom equipment suppliers in India are now required to provide a summary of internal security test results and confirm adherence to testing procedures, rather than submitting proprietary source code. In cases of suspected vulnerabilities, full test reports must be submitted.
