
Indian Telecom Security Assurance Requirements (ITSAR)
- MeitY clarified that the government hasn’t mandated smartphone manufacturers to disclose proprietary source code under the Indian Telecom Security Assurance Requirements (ITSAR).
About Indian Telecom Security Assurance Requirements (ITSAR)
- ITSAR are technical security standards for telecom equipment, designed to safeguard network integrity and national security.
- Authority: They are issued by the National Centre for Communication Security (NCCS) under the Department of Telecommunications (DoT).
- Application: ITSAR apply to designated telecom equipment sold, imported, or used in India that connects to telecom networks.
- Coverage: Requirements are legally binding on OEMs, importers, dealers, and telecom service providers.
Key Provisions of ITSAR
- Security: Equipment must be free of undisclosed backdoors and malware to ensure system integrity.
- Testing: Network elements will be evaluated at Telecom Security Test Laboratories before deployment.
- Crypto Control: Equipment will only use NCCS-approved cryptographic algorithms and protocols.
Proposed Provisions for Mobile Devices
- Source Disclosure: Smartphone manufacturers may be required to share proprietary source code with government-approved labs for security testing.
- App Removal: Users should be able to uninstall non-essential pre-installed apps to reduce attack surfaces.
- Log Retention: Devices will keep security logs, like system events and login records, for one year.
- Malware Scanning: Smartphone OS to include automatic and periodic malware scans.
- Update: Companies will inform NCCS before releasing major software updates or patches.
Read More> India’s Telecom Security Reforms for 2026














