In a significant move aimed at tightening India’s hardware security ecosystem, the Ministry of Electronics and Information Technology (MeitY) has expanded mandatory Bureau of Indian Standards (BIS) certification requirements to cover all standalone hard disk drives (HDDs), including internal storage drives sold separately in the market.
The amendment, notified on May 5, 2026 under the Electronics and Information Technology Goods (Requirement of Compulsory Registration) Order, 2021, replaces the earlier category of “USB Type External Hard Disk Drives” with the broader “Standalone Hard Disk Drives.” The regulation becomes effective from November 5, 2026.
Under the revised framework, all covered HDDs must comply with Indian Standard IS 13252 (Part 1): 2010 relating to safety requirements for information technology equipment.
The move is being viewed as a major step toward addressing growing concerns over counterfeit, refurbished, relabelled, and obsolete storage devices entering India through grey channels. Industry sources cited by reports said counterfeit standalone drives were increasingly being sold as genuine products, raising both cybersecurity and reliability concerns.
Cybersecurity experts warn that unregulated storage hardware can become a hidden attack vector. Refurbished or tampered drives may contain malicious firmware, spyware, or backdoors capable of compromising sensitive enterprise or government information. In addition, salvaged drives often retain residual data from previous users, exposing individuals and organisations to data theft and privacy breaches.
The BIS compliance requirement is expected to improve traceability and accountability in the storage-device supply chain by mandating testing at BIS-approved laboratories and formal registration before products can be sold in India.
The development also has important implications for the security industry, especially for CCTV surveillance, data centres, command-and-control infrastructure, and enterprise storage deployments where HDD integrity is critical. Security integrators and corporate procurement teams may now need to verify BIS compliance while sourcing storage hardware for surveillance and critical infrastructure projects.
Industry observers believe the success of the measure will depend heavily on enforcement and public awareness. Consumers, enterprises, retailers, and e-commerce platforms are expected to be educated on identifying BIS-certified products and avoiding unverified storage devices that may pose cybersecurity and operational risks.
