CCTV Camera BIS Compliance 2026: IS/IEC 62368-1:2023 Plus Cybersecurity Requirements

IP-based CCTV cameras are one of the most regulated product categories under BIS CRS, and they have become significantly more complex under IS/IEC 62368-1:2023. This is because CCTV cameras require compliance with two separate sets of requirements: electrical safety under IS/IEC 62368-1:2023 AND cybersecurity essential requirements.

Why CCTV Cameras Have Additional Requirements

CCTV cameras are network-connected devices that handle sensitive video data. The Indian government has recognized that electrical safety alone is insufficient for such devices. Accordingly, BIS has mandated cybersecurity essential requirements for IP-based CCTV cameras in addition to IS/IEC 62368-1:2023 safety certification.

This dual-compliance requirement means your CCTV camera BIS CRS registration needs test reports addressing both:

1. IS/IEC 62368-1:2023 (electrical safety)
2. Cybersecurity essential requirements (as notified by BIS/MeitY)

IS/IEC 62368-1:2023 Tests for CCTV Cameras

Electrical Safety:

• Touch current (ES classification) — most CCTV cameras are low voltage, typically ES1
• Dielectric strength for mains-powered cameras
• PoE (Power over Ethernet) circuit evaluation — most IP cameras use PoE, which involves specific electrical requirements under IS/IEC 62368-1:2023
• Marking requirements

Thermal Safety:

• Surface temperature limits for outdoor cameras exposed to direct sunlight
• Thermal requirements for cameras with integrated IR illuminators (which generate significant heat)

Mechanical Safety:

• Housing robustness — particularly for outdoor cameras rated for extreme weather
• IP rating for outdoor cameras (IEC 60529) — note: IP rating is not covered by IS/IEC 62368-1:2023 but is separately evaluated for outdoor products

Cybersecurity Essential Requirements for CCTV

BIS has notified specific cybersecurity essential requirements for IP-based CCTV cameras. These typically include:

• No hardcoded default passwords: The device must require users to set a strong password at first use, or must have a unique device-specific default password
• Secure communication: Network communications must use encryption (TLS/SSL for video streams)
• Firmware update capability: The device must support firmware updates through a secure, authenticated mechanism
• Data protection: Video data stored on the device must be protected against unauthorized access
• Authentication requirements: Web interface and API access must require authentication

These cybersecurity requirements are tested at BIS-recognized labs that have cybersecurity testing capability in addition to electrical safety testing.

Migration for Existing IS 13252 CCTV Registrations

If you have existing CCTV camera BIS registrations under IS 13252:

1. Both safety testing (IS/IEC 62368-1:2023) AND cybersecurity essential requirements testing are needed for the Standard Revision
2. Your BIS-recognized lab must have both capabilities — not all labs test cybersecurity requirements
3. Firmware updates after registration may affect cybersecurity compliance — maintain a process for re-evaluation when firmware changes

Practical Recommendations

• Choose a BIS-recognized lab that tests both IS/IEC 62368-1:2023 safety AND cybersecurity essential requirements
• Engage your firmware and software team alongside hardware engineers for CCTV compliance — cybersecurity testing requires software-level evaluation
• Maintain documentation of cybersecurity features for each firmware version

House of Testing (HOT) handles IS/IEC 62368-1:2023 testing for CCTV cameras. Contact us regarding cybersecurity testing capability and complete CCTV compliance packages.