MeitY Issues Series Guidelines for BIS Registration Under IS/IEC 62368-1:2023

The Indian Ministry of Electronics and Information Technology (MeitY) has released the long-awaited series guidelines for products subject to the IS/IEC 62368-1:2023 standard, providing greater clarity for manufacturers seeking Bureau of Indian Standards (BIS) registration. The new framework introduces a streamlined approach that allows multiple product variants to be covered under a single registration, potentially reducing testing and certification burdens for manufacturers and brand owners.

Under the newly published guidelines, applicants may register up to ten models as part of a single series, consisting of one Lead Model and up to nine Series Models. The Lead Model must represent the highest power rating or worst-case configuration within the series and will serve as the basis for testing and compliance evaluation. Electronic and ICT products usually require BIS Registration in order to be approved for import and sale in India.

Common Technical Requirements for Series Registration

To qualify for inclusion within a single series registration, all models must satisfy a range of common technical requirements. These include maintaining identical ingress protection (IP) ratings, construction class, enclosure characteristics, energy source classifications, safeguard systems, and input voltage specifications.

The guidelines further specify that products within a series must share the same classifications for electrical, power, and thermal energy sources and safeguards, including ES1–ES3, PS1–PS3, and TS1–TS3 categories. Additional provisions address products using external energy sources such as power adapters and power banks, mains-operated internal power supplies, and battery-operated devices.

MeitY has also established detailed product-specific criteria. For example, devices must use the same type of microphone or earphone configuration where applicable, maintain identical charging methods, and share the same display technology. Certain product variations will be treated as separate series, including smartwatches with and without SIM functionality, devices with and without displays, and products that differ in touch-screen capability.

Implications for Manufacturers and Market Access

The publication of the series guidelines represents a significant milestone in the implementation of IS/IEC 62368-1:2023. Manufacturers may now benefit from a more efficient registration process by grouping eligible product variants under a single BIS certification application, provided all prescribed technical conditions are met.

The guidelines also clarify requirements for products incorporating different processors. While processor variations are permitted within a series, the designated Lead Model must possess the highest Thermal Design Power (TDP) to ensure testing reflects the most demanding operating conditions.

With the release of the Series Guidelines, the Uniform Test Report Format (UTRF), and the empanelment of BIS-recognized laboratories for IS/IEC 62368-1 testing, original equipment manufacturers (OEMs), importers, and brand owners can now move forward with new registrations and transition applications for products already registered under previous requirements. These developments provide greater regulatory certainty and support ongoing compliance efforts for market access in India.

If you are interested in understanding what requirements are needed for your product to be imported into India, please do not hesitate to contact us by email or phone (Europe: +49-69-271 37 69 261, US: +1 773 654-2673). If a certification need is discovered we can provide a quotation to make sure that all your certification needs are covered.

If you have any questions you can also use our chat-window in the bottom right. (Please check your browser settings if you can’t see the window)

For more information about BIS certification, please refer to our free brochure “BIS Certification Made Easy“.

India Clarifies BIS Software Update Rules for IP Cameras

India’s updated BIS compliance framework for IP cameras introduces stricter obligations for firmware management, End-of-Life (EoL) monitoring, and cybersecurity reporting under the ER certification regime. The Ministry of Electronics and Information Technology (MeitY) has released new guidance requiring manufacturers to document and report software-related changes through the Bureau of Indian Standards (BIS) CCL update process.

The new requirements, effective from 26 November 2025, apply to OEMs supplying ER-certified IP cameras in the Indian market. The guidance focuses on lifecycle security management, including firmware integrity, vulnerability mitigation, and component traceability. IP cameras usually require BIS certification in order to be approved for import and sale in India.

New EoL and Firmware Compliance Obligations

Under the revised framework, firmware used in ER-certified IP cameras must not include End-of-Life libraries or unsupported software components. MeitY stated that any unpatched EoL component remaining unresolved six months after expiry may result in the product being considered non-compliant under the BIS Act, 2016.

To support compliance, manufacturers are expected to maintain detailed Software and Hardware Bills of Materials (BOMs). These records should include component versions, EoL status, and known cybersecurity vulnerabilities, including Common Vulnerabilities and Exposures (CVEs).

The guidance also differentiates between minor and major software modifications. Minor changes, such as cosmetic user interface updates, require submission of an Impact Analysis Report together with updated firmware hashes. Major changes, including security patches, kernel updates, and feature additions, require a laboratory verification report to be submitted to BIS for review and approval.

In addition, a CCL update becomes mandatory for a wide range of software and hardware modifications, including emergency vulnerability fixes, replacement of EoL components, voluntary firmware updates, and other security-critical changes.

BIS Reporting Procedures and Surveillance Requirements

For emergency cybersecurity vulnerabilities, OEMs are instructed to deploy corrective patches immediately and notify BIS within 10 working days via email. The notification must include an Impact Analysis Report, while supporting test reports should later be uploaded through the BIS portal once available.

MeitY also confirmed operational procedures for the BIS portal. The online CCL update option is now active for major changes, while minor changes continue to require hard-copy submissions to the BIS Head Office followed by email confirmation.

The updated framework further emphasizes ongoing post-certification obligations. Even after obtaining ER-BIS approval, manufacturers must continuously monitor firmware and component status, track vulnerabilities, and report all significant modifications to BIS.

MeitY audits may include verification of firmware hashes, secure boot implementation, bootloader and kernel versions, source code scans, and evidence of CVE mitigation measures. The clarification reflects India’s broader effort to strengthen cybersecurity controls and lifecycle compliance requirements for connected surveillance equipment entering the domestic market.

If you are interested in understanding what requirements are needed for your product to be imported into India, please do not hesitate to contact us by email or phone (Europe: +49-69-271 37 69 261, US: +1 773 654-2673). If a certification need is discovered we can provide a quotation to make sure that all your certification needs are covered.

If you have any questions you can also use our chat-window in the bottom right. (Please check your browser settings if you can’t see the window)

For more information about BIS certification, please refer to our free brochure “BIS Certification Made Easy“.

India Expands BIS CRS to Include Standalone Hard Disk Drives

India’s regulatory landscape for electronics is evolving with the expansion of the BIS CRS framework to cover additional product categories. The recent update introduces mandatory requirements for standalone hard disk drives, reinforcing the scope of BIS certification for IT and electronic hardware. This development reflects the government’s ongoing efforts to strengthen product safety and quality standards in the domestic market.

The Ministry of Electronics and Information Technology (MeitY) has amended the Compulsory Registration Order (CRO) originally issued in 2021 by adding standalone hard disk drives (HDDs) to the list of regulated products. Under this revision, these devices must comply with Indian Standard IS 13252 (Part 1): 2010, which specifies safety requirements for information technology equipment. The enforcement date for this requirement has been set for 05 November 2026, providing manufacturers and importers with a defined transition period to achieve compliance. Standalone Hard Disk Drives usually require BIS certification in order to be approved for import and sale in India.

Scope Expansion Under the BIS CRS Framework

Prior to this amendment, certain storage devices were already regulated under the BIS Compulsory Registration Scheme (CRS), including USB-based external hard drives and solid-state drives with capacities exceeding 256 GB. The inclusion of standalone HDDs closes a regulatory gap by ensuring that non-USB-integrated storage devices are also subject to the same safety and quality benchmarks.

Indian Standard IS 13252 (Part 1): 2010 is aligned with international safety principles and addresses risks associated with electrical equipment, including fire hazards, electric shock, and mechanical safety. By extending these requirements to standalone HDDs, regulators aim to create a more consistent compliance environment across different types of storage technologies.

Implications for Market Access and Compliance

Manufacturers, importers, and distributors of standalone hard disk drives must now prepare to meet BIS CRS requirements ahead of the November 2026 deadline. This includes product testing through BIS-recognised laboratories, registration with the Bureau of Indian Standards, and proper marking of compliant products.

Failure to comply with the updated regulation may result in restrictions on market entry, including the inability to import or sell non-certified products in India. Companies operating in the data storage segment should review their product portfolios and initiate certification processes early to avoid disruptions.

This regulatory update underscores India’s commitment to strengthening consumer protection and ensuring that electronic products meet established safety standards. Further details on compliance procedures and certification updates may be available through official BIS communications and related regulatory resources.

If you are interested in understanding what requirements are needed for your product to be imported into India, please do not hesitate to contact us by email or phone (Europe: +49-69-271 37 69 261, US: +1 773 654-2673). If a certification need is discovered we can provide a quotation to make sure that all your certification needs are covered.

If you have any questions you can also use our chat-window in the bottom right. (Please check your browser settings if you can’t see the window)

For more information about BIS certification, please refer to our free brochure “BIS Certification Made Easy“.

India Issues BIS Quality Control Order for Aluminium Products

India has announced a new regulatory measure for the aluminium sector through the Aluminium and Aluminium Alloy Products (Quality Control) Order, 2026. Issued by the Department for Promotion of Industry and Internal Trade (DPIIT), the order introduces mandatory BIS certification requirements for a range of aluminium and aluminium alloy products intended for the Indian market. The move reflects the government’s broader efforts to strengthen product quality, industrial safety, and standardisation across manufacturing sectors. Aluminium and aluminium alloy products usually require BIS certification in order to be approved for import and sale in India.

Under the new regulation, 17 categories of aluminium products will be required to comply with applicable Indian Standards (IS) and carry the ISI Mark granted by the Bureau of Indian Standards (BIS). The notified categories include products such as irrigation tubes, EC-grade aluminium rods, pharmaceutical packaging foil, and aluminium composite panels.

BIS Certification Requirements for Aluminium Products

The Quality Control Order (QCO) establishes compulsory conformity assessment obligations for manufacturers and importers supplying covered aluminium products in India. Companies falling within the scope of the regulation must ensure that their products meet the corresponding Indian Standards before placing them on the market.

The BIS certification process generally involves product testing, factory inspections, and ongoing surveillance activities to confirm compliance with Indian regulatory requirements. Once approved, manufacturers are authorised to apply the ISI Mark, demonstrating conformity with national quality and safety standards.

The implementation schedule has been structured according to enterprise size. Large and medium enterprises must comply with the order from 1 December 2026, while small enterprises have until 1 March 2027. Micro enterprises are granted additional transition time, with compliance becoming mandatory from 1 June 2027.

Exemptions and Market Access Implications

The order also specifies limited exemptions for certain activities. Products manufactured exclusively for export are excluded from the mandatory BIS certification requirements. In addition, up to 200 kilograms of covered products may be imported annually for research and development purposes, provided the materials are used strictly for non-commercial applications and appropriate records are maintained.

The introduction of this QCO is expected to increase regulatory oversight within India’s aluminium supply chain and may require manufacturers, exporters, and importers to review their compliance strategies ahead of the implementation deadlines. Companies supplying affected products to India may need to initiate certification planning early, particularly where factory audits, testing procedures, or technical documentation updates are required.

The latest notification forms part of India’s continuing expansion of mandatory quality control regulations across industrial materials and manufactured goods. Further regulatory guidance and certification updates may be published through BIS and related industry compliance channels.

If you are interested in understanding what requirements are needed for your product to be imported into India, please do not hesitate to contact us by email or phone (Europe: +49-69-271 37 69 261, US: +1 773 654-2673). If a certification need is discovered we can provide a quotation to make sure that all your certification needs are covered.

If you have any questions you can also use our chat-window in the bottom right. (Please check your browser settings if you can’t see the window)

For more information about BIS certification, please refer to our free brochure “BIS Certification Made Easy“.

India Updates WPC Rules for IP Camera Software Compliance

India has introduced a revised framework affecting WPC certification compliance for IP cameras, following an updated circular issued by the Ministry of Electronics and Information Technology (MeitY) on February 2, 2026. The revision refines earlier guidance from November 2025 and focuses on software update timelines and security requirements for ER-certified devices. The updated WPC certification rules aim to provide manufacturers with greater flexibility while maintaining cybersecurity standards for connected surveillance equipment. IP cameras usually require WPC certification in order to be approved for import and sale in India.

Extended Firmware Update Deadlines and EoL Requirements

A key change in the revised circular concerns the management of End-of-Life (EoL) software libraries within device firmware. Under the previous regulation, manufacturers were required to update expired libraries within six months. This deadline has now been extended to one year from the date of expiry, offering additional time for original equipment manufacturers (OEMs) to implement necessary updates.

Despite the extended timeline, compliance expectations remain strict. Devices that continue to operate using outdated or unsupported libraries beyond the one-year limit will be classified as non-compliant. This adjustment reflects a balance between practical development timelines and the need to maintain secure, up-to-date firmware in connected devices.

The revised circular also clarifies the status of products undergoing certification testing. Devices submitted as samples will be considered compliant during evaluation, provided EoL updates are completed within the new one-year timeframe and no vulnerabilities are identified during testing or disclosed externally. This clarification reduces ambiguity in the certification process and helps streamline product approvals.

Continued Enforcement of Security and Testing Obligations

While timelines have been relaxed, MeitY has maintained strict requirements for addressing security vulnerabilities. Emergency fixes must still be implemented immediately upon identification, and manufacturers are required to submit an impact analysis within ten days. Laboratory verification remains mandatory to confirm the effectiveness of corrective actions.

Importantly, the revised notification reinforces that any vulnerability detected during testing or verification will result in the product being deemed non-compliant. This applies equally to devices under evaluation and those already certified, underscoring the regulator’s continued emphasis on cybersecurity resilience.

Overall, the revision introduces greater clarity and flexibility without altering the core compliance framework. Manufacturers exporting IP cameras to India must ensure robust firmware management processes and timely updates to meet WPC certification requirements. Further regulatory details may be referenced through official certification resources and compliance updates issued by relevant authorities.

WPC certification is necessary for wireless products in order to be used and sold in India.
The national broadcasting authority WPC (Wireless Planning & Coordination) is responsible for this certification, in order to regulate the issuing of issuing of amateur radio licenses and the allocation and monitoring of the frequency spectrum.

If you are interested in understanding what requirements are needed for your product to be imported into India, please do not hesitate to contact us by email or phone (Europe: +49-69-271 37 69 261, US: +1 773 654-2673). There is no cost or obligation for us to check for you. If a certification need is discovered we can provide a quotation to make sure that all your certification needs are covered.

For more information about WPC certification, please refer to our free brochure “WPC Certification Made Easy“.