India's government refuted reports about requiring smartphone manufacturers to share source code, clarifying that ongoing security consultations aim to understand industry practices rather than impose burdensome regulations.
The Indian government has formally denied circulating regulatory proposals that would compel smartphone manufacturers to disclose proprietary source code, countering a Reuters report that triggered industry concerns. While confirming ongoing security consultations, officials emphasized these discussions focus on understanding international best practices rather than enforcing unilateral demands.
According to the Ministry of Electronics and Information Technology (MeitY), the government is conducting "structured stakeholder consultations" to develop mobile security standards given smartphones' role as repositories of sensitive user data. The consultations specifically address:
- Source code access: Alleged requirement for manufacturers to share proprietary code
- Update notifications: Reported mandate for advance disclosure of major software updates
- Security protocols: Examination of existing device-level protection mechanisms
Apple and Samsung previously opposed such measures, citing intellectual property risks and operational burdens. MeitY's statement clarified: "We are fully committed to working with the industry and addressing their concerns. Engagement focuses on understanding technical constraints and global compliance practices."
This approach aligns with India's recent regulatory pattern where stringent proposals face industry pushback. Examples include:
- December 2025: Mandatory pre-installation of government apps was abandoned within a week after opposition
- 2022 Cybersecurity Directive: Six-hour breach reporting requirement for cloud providers was substantially eased following industry objections
Practical compliance considerations emerge from this development:
- Vendor obligations: Manufacturers should participate actively in consultations while maintaining standard security protocols
- Timeline: No immediate regulatory changes; continue monitoring MeitY's consultation outcomes (expected Q2 2026)
- Risk mitigation: Document security practices aligning with frameworks like ISO 27001 to demonstrate compliance readiness
While India's digital ecosystem requires robust protections—especially with over 1 billion mobile users—the government acknowledges manufacturers' operational constraints. The consultation process reflects pragmatic recognition that source code disclosure would disrupt global supply chains without proportionate security benefits, particularly given India's unsuccessful attempts to establish domestic mobile OS alternatives.
Compliance professionals should:
- Review device security documentation
- Prepare incident response plans meeting global standards
- Engage with MeitY working groups through industry associations
- Monitor for formal draft regulations expected later this year
This measured approach balances national security priorities with practical industry realities, avoiding the economic disruptions seen during previous regulatory missteps.
Comments
Please log in or register to join the discussion