Contact Us

India: Source Code Security Assurance Clause Amended in ITSAR Requirements

Home / Country Update / India: Source Code Security Assurance Clause Amended in ITSAR Requirements

On June 18, 2025, the Telecommunication Engineering Centre (TEC) in Bangalore issued an official memorandum amending the “Source Code Security Assurance” clause applicable across all published Indian Telecom Security Assurance Requirements (ITSARs). These changes are effective immediately.

india pointed out with green pointer on blue world map

Updated Compliance Documentation for OEMs

To meet the revised clause, all Original Equipment Manufacturers (OEMs) must now submit two key documents:

  1. Internal Security Test Report
    OEMs must provide an internal security test report that omits intellectual property (IP)-sensitive content but includes a mandatory summary. This summary must detail the number of identified security vulnerabilities or weaknesses, categorized by risk level.

  2. Self-Declaration of Conformity
    OEMs are also required to complete a self-declaration that confirms adherence to secure development and testing practices as specified in the ITSAR documentation. The declaration covers the entire software development lifecycle, including:

    • Secure coding standards for both proprietary and third-party software

    • Absence of known high-risk vulnerabilities from the CWE Top 25, OWASP Top 10, and OWASP API Security Top 10 lists

Incident-Driven Obligations & Proforma Submission Format

In the event of a security incident that compromises a telecom network and is suspected to be linked to the OEM’s product vulnerabilities, the manufacturer must submit full internal test reports. They are also obligated to cooperate with source code testing conducted by India’s National Centre for Communication Security (NCCS).

The Self-Declaration of Conformity must be submitted using a standardized format, capturing detailed product information such as brand name, model number, and associated application ID.

This regulatory adjustment reflects India’s commitment to enhancing cybersecurity assurance within telecom infrastructure, requiring OEMs to proactively verify and disclose their software security posture during ITSAR certification.

For this article’s source information and any product certification guidance, please contact Global Validity. 

Quick Country Facts

India

Certification Body: Ministry of IT and Communications, Wireless Planning & Coordination Wing

Certification Type: Mandatory

License Validity: Indefinite

Application Language: English

Legal License Holder: Local Representative

In-Country Testing Requirement: Testing Not Required

The regulatory information above is based on radio type approval certification. Access additional certification requirements in over 200 countries and territories with Global Validity’s free proprietary product certification management software, Access Manager. Learn more about the platform here or fill our quick contact form! 

Global Validity is your partner for global certification success

Want to learn more about regulatory compliance and how we can help? Simply fill out the form below and we’ll be in touch! 

Let's start your project to be realize.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Get Started

Have a question on what regulations and requirements are needed for your product’s compliance?

Contact us
Obtain the global regulatory certifications your products need with Global Validity. Expert-led, technology-driven, and built to simplify your path to market.
Linkedin-in Envelope
Company
Newsletter
Copyright © 2025 Global Validity, All rights reserved.
  • 8601 Six Forks Rd. Suite 400 Raleigh, NC 27615
  • support@globalvalidity.com
  • (877) 464-6753