Contact Us

India: Allows Software Changes During Security Testing

Home / Country Update / India: Allows Software Changes During Security Testing

The National Centre for Communication Security (NCCS) under the Department of Telecommunications in India has issued a new notification that introduces greater flexibility for applicants undergoing security testing. Released on March 17, 2026, this directive permits manufacturers and original equipment manufacturers to modify the software of their Device Under Test (DUT) while evaluations are actively being conducted at designated Telecommunication Security Testing Laboratories (TSTLs).

india pointed out with green pointer on blue world map

This regulatory update addresses a significant challenge in the Indian Telecom Security Assurance Requirement (ITSAR) framework by streamlining the process for implementing necessary software updates. Prior to this notification, the regulatory framework presented obstacles when devices required minor software adjustments to meet security standards during the evaluation phase.

Implementation and Documentation Requirements

To implement these software modifications during the testing phase, applicants must submit specific declarations to ensure traceability and maintain compliance integrity. The NCCS has established clear guidelines on the documentation required based on the nature of the modifications being made to the device.
 
When actual software changes are made to the device to achieve compliance with the ITSAR standards, applicants are required to submit both Annexure-I and Annexure-II declarations. These documents must detail the original and modified software signatures, including version and hash information, along with a comprehensive impact assessment document to verify that previously complied clauses remain unaffected.

Handling Minor Typographical Corrections

The notification also provides a simplified pathway for administrative corrections that do not involve actual software alterations. In scenarios where no software changes are made and the applicant only needs to correct typographical errors in the ITSAR Bill of Materials (BOM) details, the regulatory burden is significantly reduced.
 
For these minor administrative updates, the submission of only the Annexure-II declaration is sufficient. This distinction between substantive software modifications and simple typographical corrections demonstrates a pragmatic approach to regulatory oversight.

For this article’s source information and any product certification guidance, please contact Global Validity. 

Quick Country Facts

India

Certification Body: Ministry of IT and Communications, Wireless Planning & Coordination Wing

Certification Type: Mandatory

License Validity: Indefinite

Application Language: English

Legal License Holder: Local Representative

In-Country Testing Requirement: Testing Not Required

The regulatory information above is based on radio type approval certification. Access additional certification requirements in over 200 countries and territories with Global Validity’s free proprietary product certification management software, Access Manager. Learn more about the platform here or fill our quick contact form! 

Global Validity is your partner for global certification success

Want to learn more about regulatory compliance and how we can help? Simply fill out the form below and we’ll be in touch!