India’s government is preparing one of its most far-reaching technology security overhauls yet, proposing that smartphone makers share source code and comply with dozens of new software rules, a move that has quietly alarmed global tech giants operating in the country.
A push driven by fraud fears and scale
The proposal sits at the heart of Prime Minister Narendra Modi’s broader push to tighten digital security as online fraud and data leaks rise sharply.
India is now the world’s second-largest smartphone market, with nearly 750 million active devices. That scale cuts both ways. It powers digital payments, public services, and commerce, but it also creates an enormous attack surface for cybercrime.
Officials argue the new framework is about protecting users before things spiral further.
The draft measures fall under updated Indian Telecom Security Assurance Requirements and stretch across 83 separate standards, according to people familiar with the matter.
Some are technical. Others are structural. One, however, stands out immediately.
Source code access sparks industry anxiety
Among the most sensitive proposals is a requirement for smartphone manufacturers to provide the government access to source code, the core programming instructions that control how devices function.
For technology companies, this is a red line.
Executives privately argue that source code represents the crown jewels of their businesses. Sharing it, even with safeguards, risks exposing proprietary systems, trade secrets, and security architectures that have taken years to build.
Behind closed doors, companies such as Apple, Samsung, Google, and Xiaomi have pushed back, according to multiple people involved in the discussions.
They also point out something else. There is no widely known global precedent for governments demanding routine access to smartphone source code as part of consumer device regulation.
That argument is being repeated often.
More than code: a broad compliance net
The proposals go well beyond source code.
Under the draft plan, smartphone makers would also be required to notify the Indian government about major software updates in advance. That includes operating system upgrades and substantial feature changes.
Officials say this would allow security agencies to assess potential vulnerabilities before updates roll out at scale. Industry executives counter that it could slow innovation and complicate global release schedules.
According to a Reuters review of confidential documents, the standards also cover encryption practices, device testing, and internal security controls.
Some industry representatives say the sheer breadth of the requirements is part of the concern.
There are 83 standards in total. That number alone has raised eyebrows.
Government signals flexibility, but not retreat
Publicly, the government is striking a measured tone.
IT Secretary S. Krishnan told Reuters that “any legitimate concerns of the industry will be addressed with an open mind,” adding that it was too early to draw conclusions.
A spokesperson for the Ministry said detailed comments were not possible while consultations with companies were still ongoing.
Privately, however, officials remain firm on the underlying goal. User data security, they argue, cannot rely solely on corporate assurances, especially in a market as large and strategically important as India.
For policymakers, this is about trust, visibility, and control.
For companies, it feels like overreach.
An industry caught in a familiar tug of war
This is not the first time India’s technology sector has bristled at new government mandates.
Only last month, authorities withdrew an order that would have required phones to carry a state-run cyber safety application, following concerns over surveillance and user privacy.
But there is another side to that history.
Last year, the government ignored heavy lobbying and imposed strict security testing requirements on surveillance cameras, citing fears of foreign spying. Those rules stayed.
That mixed track record leaves companies uncertain. Sometimes pressure works. Sometimes it does not.
The Manufacturers’ Association for Information Technology, which represents several major firms, has been involved in consultations but has not commented publicly.
Silence, in this case, may be strategic.
Why India is taking a harder line now
Several factors are converging.
Online fraud cases have surged, often exploiting software loopholes or delayed updates. High-profile data breaches, both domestic and global, have sharpened political focus on digital safety.
India’s expanding digital public infrastructure adds urgency. Smartphones are now gateways to banking, healthcare, identity services, and government benefits.
When something goes wrong, the consequences are no longer abstract.
That context helps explain why officials believe stronger oversight is justified, even if it unsettles multinational companies.
What companies worry about most
For smartphone makers, the risks are layered.
First, there is intellectual property exposure. Even limited access to source code raises questions about leaks, replication, or misuse.
Second, there is operational complexity. Different rules in different countries already strain global development pipelines. India-specific source code disclosures could add friction.
Third, there is precedent. If India moves ahead, other governments may follow with similar demands.
That possibility is making boardrooms nervous.
Some executives privately describe the proposal as a slippery slope, even if the intent is framed as consumer protection.
A decision that could reshape the market
How this standoff resolves will matter well beyond India.
If the government pushes through most of the requirements unchanged, it would signal a new phase of assertive tech regulation in one of the world’s biggest consumer markets.
If compromises are reached, the outcome could become a template for balancing state security concerns with corporate confidentiality.
For now, talks continue. Lobbying continues too, quietly.
And somewhere in between, hundreds of millions of smartphone users wait, mostly unaware, as the rules governing the devices in their pockets edge closer to a major rewrite.
