The National Centre for Communication Security (NCCS) has made Wi-Fi security in India better than ever before. The government announced the new Indian Telecom Security Assurance Requirements (ITSAR) for Wi-Fi Customer Premises Equipment (CPE) on December 1, 2025. The new version is called ITSAR402122512, Version 2.0.0.
This new standard is now the minimum requirement for all Wi-Fi devices in the country that need to get MTCTE (Mandatory Testing & Certification of Telecom Equipment) certification.
What Counts as “Wi-Fi CPE”?
The new ITSAR covers a lot more ground and is considerably clearer than earlier editions. You must observe these rules if you make or bring in any of the following:
- Wi-Fi Routers & Modems: Standard home and office internet gateways.
- Access Points: Both standalone units and those managed via hardware or cloud controllers.
- Mesh Wi-Fi Systems: Modern multi-node home network systems.
- Cloud-Managed Wi-Fi: Any Wi-Fi solution where the management interface is hosted in the cloud.
5 Critical Security Upgrades in ITSAR 2.0
The NCCS has set some specific standards to bring India’s telecom security up to par with worldwide standards, such as 3GPP and WPA3:
- Mandatory WPA3 Support: Devices need to support enhanced encryption like WPA3 and OWE (Opportunistic Wireless Encryption) to protect against new hacking methods.
- Forced Password Resets: Now, manufacturers have to make sure that users have to change the default password the first time they log in or after a factory reset.
- No Unused Software: Before certification, any orphaned code, unneeded services, or unnecessary software parts must be taken out of the device firmware to make the “attack surface” smaller.
- Mutual Authentication: Management interfaces must utilise mutual authentication to make sure that only verified computers and authorised users may get to the network’s backend.
- Web Interface Security: The new standard requires HTTPS, input validation (to stop XSS attacks), and turning off HTTP methods that are not being utilised for devices with a browser-based setup page.
The 2026 Deadline: Why You Need to Act Now
The new standard is already in use, however the NCCS has extended the security certification exemption for cloud-based Wi-Fi CPE until March 31, 2026.
This extension gives the industry time to adjust. But getting NCCS certification is a long and hard procedure that requires extensive vulnerability assessments and source code declarations. If you start the process now, your supply chain won’t be affected when the deadline comes.
Stay Compliant with Instacertify
We at Instacertify are experts at helping people understand the complicated rules that govern Indian telecommunications. Our staff can help you with anything from getting your products to market safely and legally, from getting your MTCTE certification to helping you understand the technical parts of ITSAR 2.0.
Are your Wi-Fi devices ready for ITSAR 2.0? [Click here to talk to a certification professional] and make sure your products satisfy the most recent national security standards.
