European vendors Ericsson and Nokia have secured the coveted “trusted sources” approval from the Indian government, even as their Chinese rivals Huawei and ZTE continue to struggle to meet the documentation obligation to be eligible for the nod.
US-based networking vendor Cisco, industrial IoT solutions provider Proscend and France-based identity-related security services provider IDEMIA, along with PC Solutions, Dori Software and Tata-owned Tejas Networks have also secured “Trusted Sources” status from the designated authority, the National Cyber Security coordinator (NCSC).
The decision was recently made by India’s National Security Committee on Telecom. The committee, which was formed under the Deputy National Security Advisor (NSA), will now meet on a monthly basis to decide whether it wants to allow or bar companies under the new regime.
“Details of these are intimated to the telcos who had submitted their requirements on the portal. This process has commenced with effect from October 21 and the system is working as desired by the Cabinet decision,” the National Cyber Security coordinator Lt General (retired) Rajesh Pant was quoted as saying by the Economic Times.
As speculated previously by the Indian media, Pant recently clarified that Huawei and ZTE were not barred from participating in the process to identify trusted sources and trusted products, and were going through the process of scrutiny like other European and American vendors.
Huawei and ZTE are seeking the approval under the Indian Registered Entity (IRE) category. However, companies like Ericsson and Nokia with local manufacturing have received approval under the Indian Registered (IR) category similar to domestic vendors.
Notably, the approved vendors still can’t supply equipment and telecom products to Indian telecom operators, as they still need “trusted products” approval for every piece of equipment they intend to sell. Consequently, as per the report, trusted sources approval is still not sufficient for these European and American brands, as their equipment can be rejected if the authority is unsatisfied.
“…There are chances that if any product or component is manufactured in China, then the approval may not be given and this may also apply on non-Chinese vendors,” an executive working with a European vendor was quoted as saying by the publication. “There is no clarity yet on the origin of the component. A large part of the global supply chain is in China and you can’t simply shift that to India overnight.”
The first list of trusted products is expected by mid-December this year.
As per the Indian government, “trusted products” are products whose critical components and the products themselves are sourced from “trusted sources.” Under the new process, the designated authority is seeking detailed information related to active components, place of manufacturing and the equipment player’s ownership structure of the organisation along with details about the intellectual property rights.
The new directive, however, does not mandate replacement of existing equipment already deployed by telcos. Additionally, the directive will also not affect ongoing annual maintenance contracts or updates to existing equipment already deployed in the network.
Indian telecom operators had reportedly delayed large scale network expansion orders for their partners such as Nokia and Ericsson in the absence of approvals from the office of the NCSC.
The NCSC, however, recently came up with the provision of a one-time exemption for one year, allowing telcos to execute “critical” network deployments without the trusted sources approvals.