HD Cameras and Webcam
Projectors and Speakers
VOIP Phones and Gateway
Access Control
LTE and 5G Devices
Smart Sensors And Automation
Fiber and SFP Modules
Firewall & Cloud Controllers
Network Adapters and Accessories
Network Switches
PoE Switches
Point To Point Wireless Radio
Routers
Wireless Access Points
IP Cameras
Memory Cards
NVR
Smart WiFi Cameras
Storage Devices
Desktop & Laptop RAMs
Internal and External Hard Drives
NAS Storage & Enclosures
SSD and NVMe Drives
USB Flash Drives
STQC Certification Cost for CCTV Cameras in India 2026
The STQC certification cost for CCTV cameras in India is estimated at Rs 3 to 8 lakh per product series, covering application fees, lab testing charges, and certification fees. It’s invoiced on a case by case basis after your application is reviewed, rather than publishing a fixed fee schedule. This estimate is based on comparable STQC certification schemes (biometric devices, cloud services) because STQC does not publish a fixed fee schedule. Add Rs 1 to 3 lakh if you use a consultant to prepare the TCF. GST applies on top. Below is the full breakdown of where that estimate comes from, along with the complete step-by-step process and timeline
Everything below comes from official STQC documents on stqc.gov.in. Where STQC doesn't publish specific numbers (fees and timelines), we say so and give the closest available reference.
Source: STQC IoTSCS scheme page, CCTV Testing Procedure P01, IoTSCS Rules D01 Issue 5.0
How much does it cost to get STQC Certification for CCTV cameras?
STQC does not publish a fixed fee schedule for IoTSCS CCTV certification. The fee structure depends on multiple things, which we will cover below, and is determined case by case.
However, STQC does publish fee schedules for its other certification schemes, which give a rough reference point. The Biometric Device Certification Scheme (BDCS) charges Rs 20,000 to Rs 25,000 for application, Rs 2 to 6 lakh for lab testing and certification, and Rs 50,000 for annual surveillance over a 3 year period. The Cloud Service Provider scheme charges Rs 25,000 for the application, Rs 50,000 for the certification, and Rs 55,000 for annual surveillance.
Based on these comparable schemes, the total cost for IoTSCS CCTV certification is likely in the range of Rs 3 to 8 lakh per product series, covering STQC's application and certification fees plus the lab's testing charges. GST applies on top. If you use a consultant to prepare the TCF and manage the application, add Rs 1 to 3 lakh for their fees.
These are estimates, not official numbers. Contact STQC directly for an actual quote.
Source: STQC BDCS Fee Schedule (BDCS-D02), STQC Cloud Certification Fee Schedule (CSP-02-02)
Why STQC doesn’t publish a fixed fee schedule?
STQC publishes fee schedules for some of its other certification schemes (biometric devices, cloud services), but not for IoTSCS CCTV certification. The total cost depends on three variables that change per application:
Number of models in your product series. Certifying a single camera model requires one full test cycle. Certifying a series of 9 models under one certificate (which is what Matrix and Sparsh have done) requires full testing of one reference product plus differential evaluation for each additional model. More models means more lab time and higher testing charges.
Complexity of your camera's security architecture. The P01 procedure has 33 checkpoints across 4 categories. A camera with TEE (Trusted Execution Environment ), external crypto chips, and multiple communication interfaces triggers more checkpoints than a simpler design. More checkpoints means longer lab engagement.
Which empaneled lab gets assigned. STQC charges its own application and certification fee. The lab charges testing fees separately. Different labs may quote differently based on their equipment, capacity, and backlog. The two are invoiced separately, which is why there's no single number on the portal.
Should I certify each camera model separately or submit them as a product series?
You can certify one camera model on its own or submit a group of models as a product series under one certificate. Most brands on the STQC portal have gone the series route. Matrix certified 9 bullet cameras under one certificate (ER/016). Sparsh certified 10 models under ER/039. CP Plus certified 10 models under ER/022.
The difference in process:
For a product series, the lab tests one reference product through the full 33-checkpoint evaluation. The remaining models in the series go through a differential evaluation based on the Differential Analysis Report (DAR) you submit, which documents exactly what differs between models (sensor, firmware build, resolution, housing). The lab checks whether those differences affect the security behaviour tested on the reference product. If they do, the lab runs targeted tests on those specific models. If they don't, the reference product results carry over.
To qualify as a product series, all models must share the same SoC, PCB layout, crypto modules, and base firmware. A 2MP and an 8MP camera using different chipsets would not qualify as a series. A 2MP and a 4MP camera on the same SoC and PCB with different image sensors likely would.
Step-by-step process to get STQC certification
The certification process has 8 steps: study the Essential Requirements, prepare your Technical Construction File (TCF), optionally consult with STQC before submission, submit your application with Form F05, pay after STQC sends an invoice, contact the assigned test lab and deliver samples, go through lab testing (33 checkpoints across hardware security, firmware security, secure processes, and development-stage security), and receive your certificate if everything passes. We've written the full step-by-step breakdown with every form, document, and lab detail in our STQC certification process guide.
How long does it take to get the STQC Certificate?
STQC does not publish official timelines. Based on third-party certification consultancies that handle STQC applications, here's a rough breakdown:
TCF preparation and internal readiness: 4 to 8 weeks (this is entirely on you, depends on how ready your product and documentation are)
Application review by STQC: 1 to 2 weeks
Lab testing: 4 to 8 weeks (the biggest variable, depends on lab capacity and how many issues come up during testing)
Certification Committee review and certificate issuance: 1 to 4 weeks
Total from submission to certificate: roughly 6 to 14 weeks if everything goes smoothly. Add 4 to 8 weeks if re-testing is needed due to a failed checkpoint.
The most common delays: incomplete TCF documentation, missing ISO 9001 certificates, lab backlog, and firmware issues discovered during testing that require a patch and re-test cycle.
These are estimates from industry sources, not official STQC numbers. Plan conservatively.
Validity and renewal
Validity
Level 1, 2, and 3 certifications are valid for three years from the date of issue. One surveillance audit is required each year.
What happens during the annual surveillance audit?
The D01 requires one surveillance audit per year for the certificate to stay valid. The audit verifies that the certified product is still being manufactured and sold in conformance with the conditions of certification. This can include a review of your production processes, a check that the firmware running on current production units matches the certified firmware version and hash, and verification that your quality management system (ISO 9001) is still active. STQC can request production samples for spot-check testing. If you've made any changes to the product (hardware, firmware, supply chain) since the last audit, you need to declare them. Undeclared changes discovered during a surveillance audit are grounds for suspension
What happens if you fail a surveillance audit?
STQC suspends your certificate. Suspension is not the same as cancellation. You get a limited period (up to six months, per D01 Section 15.2) to fix the non-conformance. If you rectify the issue within that window, the certificate is restored. If you fail to fix it within six months, STQC withdraws the certificate entirely, and you would need to reapply from scratch. The D01 document does not specify whether restoring a suspended certificate requires full re-testing fees or only a surveillance audit fee. Contact STQC directly for clarity on the cost of remediation.
Suspension of the certificate can also happen for other reasons. The D01 lists five triggers:
- Continuous user complaints against the certified product
- The certified supplier is not regularly involved in certified activities (meaning they've essentially abandoned the product but the certificate is still active)
- Contravention of the rules and procedures of the IoTSCS scheme
- Failure to demonstrate conformance during a surveillance audit
- National security concerns raised by the government about the product or its supply chain
The fifth one has no appeals process described in the D01. If the government flags your product as a national security risk, the certificate can be suspended or withdrawn immediately.
Source: IoTSCS Rules D01, Section 15.1 and 15.2
Renewal
After three years, you apply for re-certification using the same F01 form (it has a "Re-Certification" checkbox). Major firmware or hardware changes during the validity period can require re-testing.
Source: IoTSCS Rules D01 Issue 5.0
What happens when you update firmware after certification?
The STQC certificate is tied to the specific firmware version and firmware hash listed in the certificate annexure. This raises a practical question every manufacturer faces: what happens when you push a security patch or feature update to cameras already in the field?
The official documents don't draw a clear line between a minor patch (e.g. a bug fix that doesn't change security-relevant code) and a major update (e.g. a new firmware version with changed crypto libraries). The D01 states that certification may need re-validation if the product changes materially. In practice, if your update changes any of the security mechanisms tested during certification (secure boot chain, encryption libraries, key management, debug port configuration), you should assume re-testing is required. Contact STQC before pushing the update to understand whether your specific change triggers re-evaluation.
This is one reason some certified manufacturers maintain separate firmware branches: one for the certified production build and one for development. The certified build only gets patches that don't touch security-relevant code.
Can you transfer a certificate to another entity?
The D01 does not describe a certificate transfer process. Certificates are issued to a specific manufacturer (legal entity) for a specific product. If the manufacturing entity changes (acquisition, merger, restructuring), you would likely need to reapply. Contact STQC directly if this situation applies to you.