The government is said to have assured companies that it will issue clear policy guidelines. “The NCCS (National Centre for Communication Security) is working on the policy and it will be finalised soon,” said an official.
Govt said to be finalising clear guidelines after execs of major cos met DoT officials last week
In the absence of well-defined rules, the self-declaration sought from vendors would seem to be of little relevance, the companies said. Such a declaration is mandatory to secure a Pro Tem certificate from the government to sell products such as 5G equipment, routers and wi-fi devices. In the event that a threat is identified after the declaration, vendors have to pay a penalty.
“No risk manager can identify all the security threats or vulnerabilities that may come in future when things change so fast in the artificial intelligence (AI)-led era” said a person aware of the discussions.
The government has also not shared any specified list to comply, which makes the things complicated,” said a person aware of the discussions.
The Pro Tem security certification scheme is being run by DoT’s NCCS. It was envisaged as a stopgap arrangement by DoT ahead of the planned mandatory testing and certification of telecom equipment. This framework was to start October 1, 2024. After companies highlighted the lack of testing labs and other supporting infrastructure to get security certificates, the government allowed them to give a self-declaration and get a Pro Tem certificate.
The certificate issued by NCCS originally had a validity of six months, which was extended to two years last year in a bid to provide business continuity and avoid disruptions in equipment supply.
“The industry has been submitting self-declaration and over 100 Pro Tem certificates have been issued but in case some vulnerability emerges, the vendors face the consequences, including penalties,” said a second person.