Hikvision and Dahua Under Pressure: India Is Rewriting the Surveillance Market

Starting April 1, India’s market for internet-connected surveillance cameras entered a different era. This is not a case of a regulator waking up in a bad mood and deciding to ruin Hikvision and Dahua’s breakfast. It is a much bigger shift. India has moved surveillance cameras out of the cheap electronics bucket and into the far more serious category of sensitive digital infrastructure. Once a government starts treating cameras like infrastructure, the conversation gets painfully boring for vendors and painfully expensive for anyone who built a business on murky supply chains and shrug-emoji compliance.

The legal backbone is quite specific. India’s March 2024 Gazette notification imposed Essential Requirements for the security of CCTV systems and tied them to public procurement rules and STQC security testing. STQC then published its CCTV testing, evaluation, and certification procedure in May 2024, explicitly requiring cameras to be tested against those security requirements. In February 2026, STQC clarified that the same security requirements used under compulsory registration also apply for compliance under India’s procurement-preference framework. In plain English, this is no longer a polite suggestion. If a vendor cannot pass the process, the market starts closing its doors.

These rules are not built around soft-focus buzzwords like “cyber resilience” and “trusted innovation,” the sort of phrases consultants love because they invoice by the syllable. The certification procedure demands a technical construction file, or TCF, with evidence on architecture, security controls, and compliance artifacts. Manufacturers have to identify the entities in their supply chain involved in design, manufacturing, quality assurance, and chip supply. They also have to support lab testing with samples, tools, engineering boards, documentation, and proof that their claims are real. The camera stops being a black box and becomes something more awkward: a device whose guts, pedigree, and software lineage have to survive government inspection.

The hardest blow is not the paperwork itself. It is the supply-chain scrutiny. STQC guidance tells test labs to verify bills of materials and invoices for security-critical components like the SoC and firmware, confirm traceability from procurement into the final product, and verify that the SoC and firmware are not sourced from countries sharing a land border with India. The guidance also requires vendors to show supply-chain risk identification, mitigation plans, business continuity policies, disruption playbooks, and post-incident summaries. It even says that if proprietary network protocols are used, the vendor must provide implementation details and source code for review. That is not a certification sticker. That is a cavity search for your camera.

This is where Hikvision and Dahua run into concrete. The Indian documents do not need to say “Hikvision and Dahua are banned by name” for the market effect to become obvious. The practical result is what matters. If a vendor cannot obtain certification under the new regime, that vendor is effectively squeezed out of normal sales of internet-connected cameras. That is how you get a de facto market lockout without the theatrical pleasure of a loud official ban.

There is a second layer to this, and it matters. India is not just filtering products technically. It is reshaping the market structurally through procurement preferences tied to domestic value addition. That means the question is no longer just which camera is cheaper or which model sees better at 2 a.m. in ugly parking lot lighting. The question is also whose components are inside, where the firmware comes from, how much of the value chain is domestic, and whether the product can legally sit on sensitive projects at all. The surveillance market did not evolve into a cybersecurity market. It got dragged there by the collar.

By late March 2026, STQC’s official certified-product list already showed which companies had made it through the gate. The list included Samriddhi Automation, Prama India, Aditya Infotech, Matrix Comsec, Vicon Security Tech, Equus Digital Solution, and Honeywell International India. Hikvision and Dahua were not on that list. At that point, the market was no longer arguing over rumors. There was an approved roster. And when two of the most famous names in global surveillance are missing from the guest list, the bouncer has effectively answered the question for you.

That brand shift is one of the most revealing parts of the story. In India, the winners are increasingly not the companies with the loudest marketing or the cheapest hardware, but the ones that can survive the paperwork, the chip-origin scrutiny, the firmware scrutiny, and the trust corridor built by the regulator. That gives an edge to domestic or domestically aligned players like Prama India, Aditya Infotech, Matrix, and Samriddhi, as well as international firms that adapted to India’s compliance architecture. The old surveillance market loved arguing about dynamic range, low-light performance, and price per channel. The new one asks an uglier question first: what exactly is inside the box, and can you prove it under audit.

For users and integrators, this does not mean that every installed Chinese camera turns into a pumpkin on April 1. The new regime is aimed at manufacture, import, registration, and sale of compliant models, not at magically bricking equipment already mounted on walls and poles. But for new purchases, system expansions, bids, public projects, and future imports, the rules change sharply. If your design depends on a manufacturer that cannot clear the certification path, then the practical work begins: finding substitutes, checking interoperability, reworking bills of materials, recalculating costs, retesting software integrations, and explaining to a client why yesterday’s standard camera choice has suddenly become a procurement migraine.

For an American reader, this should sound familiar. Not identical, but familiar. The United States has already been moving in its own version of this direction. Surveillance gear is no longer treated as harmless commodity hardware. It is treated as part sensor network, part edge computer, part security liability, and part geopolitical argument with a lens attached. India’s system is different in structure and more explicit about supply-chain documentation for cameras, but the strategic logic rhymes.

And this is where the Iran case matters, because it explains why governments are digging this deep into camera supply chains in the first place. In March 2026, reporting described how hacked surveillance cameras were used among other intelligence sources in the operation that killed Iran’s Supreme Leader, Ayatollah Ali Khamenei. According to those reports, Israeli intelligence used Tehran’s own street cameras after years of compromise warnings, and one source briefed on the operation said that for years almost all the traffic cameras in Tehran had been hacked, with information transferred to servers outside Iran. Earlier compromises of Iranian surveillance infrastructure had also been reported, including hacks of thousands of cameras around Tehran and previous leaks of footage from Iranian institutions. That is not a side note. That is the point.

The lesson from Iran is brutal and simple. Cameras in modern conflict are not just passive recording devices. They can become reconnaissance tools, pattern-of-life sensors, and targeting infrastructure. Algorithms can help derive addresses, routes, routines, and protection patterns from compromised camera data. Once that happens, all the old consumer-electronics innocence around internet-connected cameras evaporates. A network camera with weak security, stale firmware, lazy password hygiene, or a supply chain nobody can honestly explain may not be working for its owner anymore. It may be working for whoever is better at reading the feed. In geopolitics, as in IT, the packet does not care about your feelings.

So the Indian move should not be read as just another trade fight with Chinese brands, even if it absolutely has trade-war consequences. It is a recognition that an IP camera is not a dumb appliance. It is a networked computer with a lens, storage hooks, update logic, telemetry paths, and often cloud ties. It can watch, listen, stream, identify, and in the wrong hands, quietly become someone else’s sensor. India’s answer is to formalize that reality through certification, chip and firmware origin scrutiny, supply-chain traceability, and market access only for vendors that can document what they are selling. That is less glamorous than a giant ban headline, but much more serious. Bureaucracy is rarely cinematic. It is just devastatingly effective when it decides to be.

In the end, the picture is clear. India built this shift on the March 2024 Gazette framework, the May 2024 STQC certification procedure, and the February 2026 STQC clarification tying the same security requirements into broader compliance and procurement logic. The key filter is security certification backed by supply-chain verification. The market impact lands hardest on Hikvision, Dahua, and any vendor whose products cannot survive scrutiny of Chinese-origin SoCs or firmware. The official certified lists already show which brands are making it through. And the Iran case shows why this is no longer theoretical: in a crisis, surveillance networks can become intelligence infrastructure for the other side. Cameras used to be sold as peace of mind. Governments now increasingly treat them as potential attack surface with night vision.