Introduction
The Department of Telecommunications (DoT), through the National Centre for Communication Security (NCCS), has introduced an important update in the Communication Security Requirement (CSR) testing framework. This update marks a significant step toward strengthening the security of IoT (Internet of Things) devices operating within India’s telecom ecosystem.
With the growing use of connected devices across sectors such as transportation, energy, and smart infrastructure, the need for structured security compliance and testing has become essential. To address this, DoT has expanded the CSR framework by introducing a new category, Group VI, which brings specific IoT devices under mandatory security evaluation.
Key Highlights of the DoT Update
- Issued By: Department of Telecommunications (DoT) For NCCS
- Issue Date: 27 March 2026
- Reference: Amendment to Office Memorandum dated 2 January 2025
- Subject: Expansion of CSR Testing Scope to Include IoT Devices
- Category Introduced: Group VI under CSR Testing Framework
- Devices Covered: Vehicle Tracking Devices, Smart Electricity Meters, Feedback Devices
- Standards Applicable: ITSAR (Indian Telecom Security Assurance Requirements)
- Applicable To: Manufacturers, Importers, Dealers, and IoT Device Stakeholders
- Purpose: To bring IoT devices under telecom security compliance and testing
- Key Benefit: Simplified testing approach with common CSR requirements
View Official Notification
What Has Changed in the Latest DoT Update?
The latest update issued by the Department of Telecommunications (DoT) brings a significant expansion in the CSR (Communication Security Requirement) testing framework. Earlier, the framework covered devices categorized under Group I to Group V, but IoT devices were not included due to the absence of defined security standards (ITSARs).
With the publication of IoT-specific ITSARs, the DoT has now taken a crucial step by introducing a new category — Group VI — to formally include IoT devices within the telecom security compliance ecosystem.
Key Changes Introduced
- Addition of a new category Group VI under CSR testing
- Inclusion of IoT devices within the compliance framework)
- Expansion of CSR testing scope to cover connected and smart devices
In simple terms, this update ensures that IoT devices are no longer outside regulatory oversight and must now comply with defined security testing requirements before deployment in India.
Devices Covered Under Group VI
With the introduction of Group VI, the Department of Telecommunications (DoT) has clearly defined the specific IoT devices that are now included under the CSR testing framework. These devices are widely used in real-world applications such as transportation systems, energy management, and user interaction platforms, making their security compliance essential.
devices are covered under this category
- Vehicle Tracking Devices
- Smart Electricity Meters
- Feedback Devices
These devices operate within connected environments and interact with telecom networks, which increases the need for secure communication and data protection. By bringing them under CSR testing, the government aims to ensure that these products meet the required telecom security standards (ITSARs).
In practical terms, any business dealing with these devices must now ensure proper testing and compliance before market deployment or sale in India.
CSR Testing Requirements for IoT Devices
With the inclusion of IoT devices under Group VI, the Department of Telecommunications (DoT) has made it clear that these products must now comply with the Communication Security Requirement (CSR) testing framework before being deployed or sold in India.
CSR testing ensures that devices meet the required security standards (ITSARs) and are safe to operate within telecom networks. This step is essential to prevent security risks and ensure reliable communication across connected systems.
Key Requirements
- IoT devices must undergo CSR testing before market entry
- Products must comply with ITSAR-based security standards
- Testing must be conducted through designated Telecom Security Testing Labs (TSTLs)
- Proper documentation and test reports are required for approval
In simple terms, businesses dealing with these devices need to complete the security testing process in advance to avoid delays, rejections, or compliance issues during product launch.
Get Service NowSimplified Testing Approach
One of the most practical and industry-friendly aspects of this update is the simplified testing approach introduced for IoT devices under Group VI. The Department of Telecommunications (DoT) has ensured that the compliance process remains efficient while maintaining strict security standards.
All the devices covered under this group—vehicle tracking devices, smart electricity meters, and feedback devices—follow identical CSR (Communication Security Requirement) clauses. This means that separate testing for each device category is not required.
Key Benefits
- Uniform CSR requirements for all listed IoT devices
- Testing can be conducted on any one device
- Test results are applicable across the entire group
- Reduces testing time, cost, and effort
This approach significantly simplifies the compliance process for manufacturers and importers, making it easier to meet regulatory requirements without unnecessary duplication. It is a well-balanced move that supports both security enforcement and ease of doing business.
Compliance Impact on Businesses
The inclusion of IoT devices under Group VI brings a clear shift in compliance responsibilities for businesses operating in the telecom and smart device ecosystem. With this update from the Department of Telecommunications (DoT), companies can no longer treat these devices as outside the regulatory scope.
Businesses dealing with vehicle tracking devices, smart electricity meters, or feedback devices must now ensure that their products meet the required CSR (Communication Security Requirement) standards before entering the Indian market. This makes compliance a critical step in the product lifecycle, especially for manufacturers, importers, and distributors.
Key Impact Areas
- Mandatory compliance requirement for listed IoT devices
- Increased focus on security testing and documentation
- Risk of delays in approvals or market entry if not prepared
- Need for early planning and testing readiness
In practical terms, businesses should start aligning their products with ITSAR standards and initiate CSR testing processes in advance. Proactive compliance will help avoid last-minute issues and ensure a smooth and timely product launch.
Get Service NowOfficial Notification: Introduction of Group VI
The update has been officially issued by the Department of Telecommunications (DoT) through the National Centre for Communication Security (NCCS) via an Office Memorandum dated 27 March 2026. This notification serves as an amendment to the earlier Office Memorandum issued on 2 January 2025, which initially defined the CSR testing framework for telecom devices.
Conclusion
The introduction of Group VI under the CSR testing framework marks a significant step by the Department of Telecommunications (DoT) toward strengthening the security of IoT devices in India. By bringing commonly used connected devices under structured telecom security compliance, the government has ensured better regulation and reliability within the growing digital ecosystem.
At the same time, the implementation of a simplified testing approach makes compliance more practical and accessible for businesses. This balance between strict security standards and ease of compliance is a key highlight of the update.
Read Also
Frequently Asked Questions (FAQs)
It includes
- Vehicle Tracking Devices
- Smart Electricity Meters/li>
- Feedback Devices
Request Service Today!
Ready to get certified or need expert compliance support? Fill out the form below and our team at SS Global Services will connect with you shortly.
We offer fast, reliable, and hassle-free assistance for all BIS and regulatory certification needs.