Telecom equipment makers reportedly seek a 2-year WiFi testing delay, citing cost and lab constraints. The Department of Telecommunications had earlier postponed the application start date to July 1, 2024, providing additional extensions for certified models.
Telecom component manufacturers in India have requested an extension of the July 1 deadline, pushing for a minimum two-year extension for mandatory security testing of WiFi customer premises equipment (CPE) and IP routers. They have also suggested that security certification remain voluntary for the time being.
The primary reasons behind this demand are budget and resource limitations. The manufacturers have emphasised that the National Centre for Communication Security (NCCS) has accredited only three labs capable of conducting security testing on WiFi CPE. The Manufacturer’s Association of Information Technology (MAIT) informed the Department of Telecommunications (DoT) that due to this scarcity of labs, the expense for security testing is substantial, ranging from ₹40-60 lakh per model.
The application acceptance start date was supposed to be from July 1, 2023, earlier. In December 2023, the Department of Telecommunications pushed back the deadline to January 1, 2024, on demand. This date was further extended to July 1, 2024, for models lacking mandatory testing and certification of telecom equipment (MTCTE), and to October 1, 2024, for models already holding MTCTE certificates.
According to MAIT, the industry now fears that July 1, 2024, is an impossible deadline to meet. It has cited the circumstances that according to NCCS protocols, the duration needed for security testing and certification is 6-7 months. This period can be extended to 10-12 months due to factors like the time taken for contractual agreements, availability of time slots, logistics for equipment, and skilled resources.
The manufacturers’ association has further pointed out various ambiguities in the Indian Telecommunication Security Assurance Requirements (ITSAR) document issued by the DoT in 2022. ITSAR’s requirement for testing various hardware models with identical software is unnecessary, according to MAIT. This redundancy is raising compliance costs for component manufacturers and is causing delays in product certification due to repetitive testing.
ITSAR is a set of security testing guidelines and standards formulated by NCCS under MTCTE to safeguard the security and reliability of Indian telecom networks.
The Telecom gear makers have urged the department to postpone the enforcement of security testing and certification until these concerns are addressed. As per MAIT’s statement to the Economic Times, drawing from MTCTE experience, the industry strongly recommends that DoT allow a minimum of two years for adherence to security testing requirements. They further requested DoT to maintain security certification as voluntary until that time.
