New Delhi: The ministry of electronics and information technology (Meity) is working on a plan to introduce stricter quality standards to prevent the sale of spurious electronic goods and block data breaches, said two people familiar with the matter.

Minister of state for electronics and IT P.P. Chaudhary, earlier this month, held a meeting with officials to tighten provisions of Electronics and Information Technology Goods (Requirements for Compulsory Registration) Order, 2012 to consider including parts of the products themselves under the ambit of the compulsory registration order (CRO), one of the two people said on the condition of anonymity.

The current rules focus on registration of products and do not prevent an importer from bringing in poor quality products (registered in CRO) in a completely knocked down or semi-knocked down (CKD/SKD) condition.

CRO is the first regulation in India in the electronics sector. It was notified in 2012 under the Bureau of Indian Standards (BIS) Act. The regulation currently covers 43 categories of electronic goods, according to the first person.

“CRO should not only address hardware aspects but also the software aspects of the product, especially with respect to embedded software," the first person cited above said.

“The government is trying to build an institutional capacity to confront the new issues of data security breaches. The existing IT Act misses on clauses to fight data security challenges of the modern day. Identifying data theft in itself is a challenge," the second person said on the condition of anonymity.

The ministry had recently asked 35 smartphone makers and Alibaba-owned UC Browser to furnish details on data security. On 25 August, Mint reported that the information technology ministry will also seek similar details from makers of Internet of Things or IoT devices and set-top boxes. The first person said the government may use the information collected from companies to introduce data security standards in CRO.

“Currently, there are no fixed standards on data security that the industry players can be asked to comply with," the second person said.

There are three nodal authorities for implementation of CRO—Meity for registration and monitoring of compliance; BIS for action on non-compliant goods; and customs authorities for ensuring compliance of imported goods to CRO.

The government is in the process of evaluating existing customs procedures and provisions of BIS Act that are resulting in weaker compliance of the CRO, the first person said.

The issues that are related to the customs department, as identified by Meity, include import of notified second-hand goods without registration and “units being imported in complete knockdown/ semi knocked down/separate consignments".

“BIS Act 1986 has provisions for misuse of Standard Mark but doesn’t have provision for goods sold without Standard Mark. BIS also needs to get strict on failed reports," the first person said.

Close