In April 2026, a series of arrests by the Delhi Police’s Special Cell exposed the scale of foreign surveillance in India. A network associated with Pakistan’s Inter-Services Intelligence (ISI) had installed commercially available, solar-powered Chinese CCTV cameras connected via 4G SIM cards near defense installations in Punjab, Haryana, Rajasthan, and Jammu and Kashmir. For nearly three months, live footage of troop movements, logistics convoys, and deployment patterns at Kapurthala, Pathankot, Ambala, Kathua, and Bikaner was transmitted to data servers in China and then relayed in real time to ISI handlers in Pakistan. The cameras used EseeCloud, a streaming platform from Guangzhou Juan Intelligent Tech. Each camera was cheap, costing just a few thousand rupees, but the information they collected was extremely valuable.
After the story broke, India’s Ministry of Home Affairs ordered a nationwide CCTV audit and began banning non-certified cameras from April 1.
For more than 10 years, Chinese companies like Hangzhou Hikvision, and Dahua Technology have led India’s CCTV market, as they have in many other countries. The reasons for China’s success in the industry were obvious: these cameras were cheaper, well-marketed, and there was no strong local industry. By 2023, about 90 percent of India’s 2 million surveillance cameras came from China.
The extent of this penetration was considerable. India’s railways, airports, government buildings, state police forces, municipal authorities, and, most notably, areas adjacent to military establishments were equipped with Hikvision and Dahua cameras. A Hikvision camera was even photographed inside a sensitive defense facility, directed at the control station of an indigenous drone program. Between 2020 and 2022, Delhi’s Public Works Department installed 274,000 cameras, all of which were Hikvision units.
This was not a secret. As far back as 2021, the then-minister of state for IT acknowledged in Parliament that approximately 1 million CCTV cameras in government institutions were sourced from Chinese manufacturers and posed data-transmission risks. Indian intelligence agencies reported to government ministries that Chinese firms, operating through local partners, were using backdoor access to transmit footage to servers in China. A senior security official put it plainly: “You don’t need to send spies across the border anymore. These CCTVs become the eyes of any country wanting to do mischief.”
To see why this is important, we need to look beyond the hardware. In 2017, China passed its National Intelligence Law, which requires all Chinese organizations and citizens, including companies, to help with state intelligence work. This law applies even outside China. So, if Chinese intelligence agencies ask for data from Hikvision or Dahua products anywhere in the world, these companies cannot refuse, no matter what their privacy policies say. Hikvision is not simply a private company that happens to sell cameras. Its controlling shareholder is the China Electronics Technology Group Corporation, a state-owned defense conglomerate described in Chinese official documents as the primary technology supplier to the People’s Liberation Army. Hikvision’s cameras are products whose ownership structure and legal obligations make them, by design, part of China’s intelligence apparatus.
Other countries saw the risk early and acted quickly. The United States banned Hikvision and Dahua from federal use in 2019 and from all sales by 2022. The United Kingdom removed Chinese cameras from sensitive sites that same year. In 2023, Australia’s Defense Department took out over 900 devices. India, however, waited until 2024 to begin Standardization Testing and Quality Certification (STQC) certification and only imposed a full ban in April 2026. Meanwhile, Chinese cameras quietly recorded scenes at India’s borders, stations, and government offices.
The April 2026 ban on non-certified internet-connected CCTV cameras is, by any measure, a significant and overdue step. Indian brands – CP Plus, Sparsh, Matrix, Qubo – now control over 80 percent of the market, a remarkable industrial reversal achieved in under two years. The STQC regime, which mandates chipset-level security testing rather than merely product certification, is the most rigorous surveillance technology framework adopted by any Global South nation. But replacing the cameras is the easy part. The harder tasks remain undone.
Network Video Recorders, the hard drives that store and manage CCTV footage, were not included in the initial certification mandate. Cloud management platforms, including EseeCloud and similar Chinese-origin services, continue to operate in India. Firmware already deployed in hundreds of thousands of installed cameras cannot be recalled or audited retroactively. And there is no systematic process for assessing what data may have been collected and transmitted over the past decade.
India must act on several fronts. First, the STQC certification should cover the entire surveillance system, not just the camera hardware. A camera that passes checks at the time of sale is useless if it is managed by a platform that sends data to Chinese servers.
Second, the Ministry of Home Affairs should complete the CCTV audit and share the findings with the public. India cannot solve a problem it has not measured. The audit should cover government buildings, railways, airports, seaports, and areas near defense sites.
Third, drones need to be regulated just like CCTV cameras. DJI drones, which are made in China and also fall under the National Intelligence Law, are operating freely across India, even near military and border areas. A Chinese drone flying over an army post can gather more useful intelligence than a camera at the gate.
Finally, and most crucially, India must start evaluating technology security before disaster strikes, not just after. The surveillance camera threat was obvious in 2017, when China enacted its intelligence law. The United States acted by 2019. India recognized the danger in 2021, but waited until 2026, after an espionage scandal, to respond. This cycle of spotting risks, waiting for disaster, and then scrambling to react is not a strategy. It is a weakness.
The Ghaziabad case is a warning for India: putting cameras from a rival’s state-owned defense companies across the country lets them watch you. The real challenge now is whether India will learn to prevent the next problem before it starts, or wait again for a crisis to force action.
