This clarification follows a denial from the Ministry of Electronics and Information Technology (MeitY) regarding a Reuters report that stated India was considering new smartphone security regulations, which could mandate manufacturers to share source code, inform authorities before significant software updates, and adhere to additional software-related requirements.
In an interview with CNBC-TV18, Pankaj Mohindroo, Chairman of the India Cellular and Electronics Association (ICEA), stated that the narrative surrounding source code sharing is misplaced and does not represent the essence of ongoing discussions between the government and industry stakeholders.
“There is no mandate for sharing source code. How can source code be shared? It is proprietary technology belonging to a brand. No government anywhere seeks or desires source code,” Mohindroo remarked.
Not a New Issue: Consultations Ongoing Since 2020
Mohindroo stressed that consultations regarding smartphone security are not a recent occurrence and have been in progress since at least 2020. He highlighted previous discussion papers and proposals related to security assurance frameworks as part of a continuous policy dialogue rather than an abrupt regulatory change.
“These discussions have spanned several years. There are no new developments that warrant alarm or special attention,” he noted, adding that the current consultations are “routine, open and transparent”.
Industry participants are engaging with MeitY to discuss global best practices, technical feasibility, and compliance standards, analogous to past regulatory efforts that led to flexible frameworks aligned with international norms.
What the Government Is Actually Examining
Both ICEA and MeitY have emphasized that the ongoing discussions do not concern proprietary intellectual property, but aim to establish a broader smartphone security framework that clearly outlines responsibilities across the ecosystem.
According to Mohindroo, contemporary smartphones encompass a complex blend of hardware, operating systems, firmware, and third-party applications—many of which fall outside the direct oversight of device manufacturers.
“For example, financial applications on a smartphone do not fall under the responsibility of the phone brand. They are managed by app developers and regulated by authorities like the RBI,” he explained.
The focus of the consultations, he added, is on delineating responsibilities—what resides on the device, what requires testing, whose jurisdiction it falls under, and what manufacturers can reasonably certify or disclose.
Jurisdictional Confusion Fuelled the Panic
A primary reason for the controversy, industry leaders assert, is the mixing of telecom equipment regulations with smartphone policies.
Mohindroo clarified that discussions regarding mobile devices are steered by MeitY, while separate frameworks governed by the Department of Telecommunications (DoT) apply to telecom equipment and network infrastructure.
“A commotion has arisen due to the confusion around telecom equipment, handsets, and other consumer devices,” he stated, adding that conversations on mobile devices lie squarely within MeitY’s jurisdiction and are progressing “very harmoniously”.
Also Read | Apple takes 20% share as global smartphone shipments rise in 2025; Samsung 19%, Xiaomi 13%
Security Is Multi-Layered, Say Industry Leaders
Echoing similar sentiments, Ashok Chandak, President of the India Electronics and Semiconductor Association (IESA), remarked that the focus should be on bolstering cybersecurity while fostering trust with industry stakeholders.
“From what I understand, MeitY has itself stated that it has not requested source code. These are structured consultations. Security is vital, but it encompasses multiple layers of hardware and software,” Chandak told CNBC-TV18.
He added that safeguarding user data, combating cybercrime, and adhering to global best practices necessitate collaboration not just from manufacturers, but also from operating system developers, software vendors, and component suppliers.
“Source code is not the sole topic for discussion. It is a much more comprehensive conversation,” Chandak noted.
Industry Sees Consensus, Not Coercion
Importantly, industry bodies assert that the nature of engagement with the government remains constructive, with no indication of regulatory pressure.
“No one within the industry feels that we are being coerced,” Mohindroo stated, expressing confidence that MeitY will ultimately establish a framework that harmonizes security concerns with innovation and business facilitation.
