India is one of the largest telecom markets in the world. It is also one of the most regulated when it comes to equipment security. Since 2021, the Mandatory Testing and Certification of Telecommunications Equipment scheme has required that a wide range of telecom products be tested and certified before they can be sold or deployed in India.
For OEMs that manufacture Wi-Fi access points, routers, customer premises equipment, and network infrastructure, MTCTE is not optional background reading. It is a market access requirement. Equipment that has not been certified cannot legally enter the Indian market.
This guide explains what MTCTE is, which equipment it covers, how the certification process works, and what OEMs need to do to prepare.
In This Guide
- What Is MTCTE?
- Why MTCTE Exists
- Which Equipment Does MTCTE Cover?
- How the MTCTE Certification Process Works
- What Is a Conformity Assessment Body?
- What Does MTCTE Testing Involve?
- How MTCTE Relates to ITSAR and NCCS
- How OEMs Should Prepare
- How ProtoCrawler Supports MTCTE Preparation
- Common Questions About MTCTE
What Is MTCTE?
MTCTE stands for Mandatory Testing and Certification of Telecommunications Equipment. It is a certification scheme administered by the Telecommunications Engineering Centre, a technical body of India’s Department of Telecommunications, that requires telecom equipment to be tested against defined technical standards before it can be imported, sold, or deployed in India.
The scheme was introduced under the Indian Telegraph Act and the Indian Wireless Telegraphy Act, and has been progressively expanded since its initial rollout in 2021. Equipment that falls within MTCTE scope must receive certification from a TEC-designated Conformity Assessment Body before it can enter the Indian market. Operating without that certification is a legal violation, not a compliance gap.
MTCTE is India’s equivalent of the type approval and market access certification schemes that operate in European, North American, and other regulated markets. The principle is the same: governments require that telecom equipment meets defined technical and security standards before it reaches the network or the end user.
Why MTCTE Exists
The scheme exists because India’s telecommunications infrastructure is strategically critical and the equipment that runs it comes overwhelmingly from international manufacturers. The Department of Telecommunications and the Ministry of Electronics and Information Technology have, over the past several years, implemented a suite of measures designed to ensure that equipment entering Indian networks meets defined security and quality standards and does not introduce vulnerabilities that could be exploited by foreign governments or criminal actors.
MTCTE is the market access instrument in that suite. It creates a verifiable process through which equipment is tested against defined standards by accredited Indian labs before it enters the market. For the Indian government, it provides assurance. For the telecom operators that deploy the equipment, it provides a baseline of quality and security verification. For OEMs, it creates a defined compliance process with a clear gate between manufacturing and market access.
The security dimension of MTCTE has become increasingly prominent as the scheme has matured. Testing now includes security-related requirements alongside conformance and interoperability testing, and the ITSAR security assurance framework sits alongside MTCTE as an additional layer of security-specific requirements for certain equipment categories.
Which Equipment Does MTCTE Cover?
MTCTE applies across a wide range of telecommunications equipment categories. The scheme has expanded progressively since launch, and the list of covered categories continues to grow as the Department of Telecommunications extends the scope of mandatory certification.
The equipment categories most relevant to OEMs currently addressing MTCTE include the following.
Wi-Fi access points and wireless LAN equipment are within scope, covering both indoor and outdoor access points across the major Wi-Fi generations. WLAN controllers that manage access point infrastructure are also covered.
Customer premises equipment, including routers, residential gateways, and broadband modems, is within scope. This covers both fixed-line CPE and devices that combine routing and wireless functionality.
Network infrastructure equipment including switches, routers used in carrier and enterprise networks, and related networking hardware is covered across multiple product categories.
Optical line terminals and optical network terminals used in fibre access networks are within scope, as is equipment used in passive optical network deployments.
Telecom-connected IoT equipment has been progressively brought into scope through the Group-VI expansion, covering device categories including smart electricity meters, vehicle tracking devices, and feedback devices.
The practical implication for OEMs is that if a product connects to or operates within an Indian telecommunications network, it is very likely to require MTCTE certification. The safe assumption is that certification is required unless a specific product category has been explicitly confirmed as out of scope.
How the MTCTE Certification Process Works
The MTCTE certification process runs through TEC-designated Conformity Assessment Bodies. An OEM submits an application to a relevant CAB, the CAB conducts testing against the applicable standards, and if the equipment passes, the TEC issues the certification mark.
The process has several distinct stages. The OEM first identifies which CABs are designated for the relevant equipment category and selects one to work with. Not all CABs are designated for all equipment categories, so the selection depends on the product type. The OEM then submits the application with the required technical documentation: the product specification, the test plan, the relevant technical standards the product is being tested against, and the supporting technical file.
The CAB conducts the testing programme. For equipment with security requirements, this includes conformance testing against the applicable standard, interoperability testing where required, and security testing that covers how the equipment handles both normal and abnormal conditions. The testing may be conducted at the CAB’s own facilities, at a designated external test lab, or in some cases at the OEM’s facilities under CAB supervision.
If testing identifies failures, the OEM must address them and resubmit. If the equipment passes all required tests, the CAB issues a test report and submits the certification recommendation to the TEC. The TEC reviews and issues the MTCTE certification, which allows the equipment to carry the certification mark and enter the Indian market.
The timeline from application to certification varies depending on the equipment category, the number of standards applicable, the completeness of the OEM’s technical file, and whether any failures are identified during testing. OEMs that arrive at the CAB assessment with equipment that has already been pre-tested internally and has known failure modes resolved typically move through the process considerably faster than those arriving with untested products.
What Is a Conformity Assessment Body?
A Conformity Assessment Body is an organisation designated by the TEC to carry out MTCTE testing and certification for one or more equipment categories. CABs must meet defined accreditation requirements to be designated, and the TEC maintains the list of designated CABs and their authorised equipment categories.
CABs are the operational centre of the MTCTE scheme. They receive applications, conduct or oversee the testing programme, issue test reports, and make the certification recommendation to the TEC. An OEM’s relationship with a CAB is therefore the practical relationship that determines the speed, cost, and outcome of the certification process.
For OEMs, choosing the right CAB matters. CABs differ in their technical capability for specific equipment categories, their testing throughput, their experience with international OEM documentation formats, and the specific test facilities they operate or have access to. In equipment categories with multiple designated CABs, the choice between them is worth making deliberately rather than defaulting to the most familiar name.
Several CABs operate internationally, including organisations that are also active in IEC 62443 certification and other security assurance schemes. For OEMs with compliance obligations across multiple markets, working with a CAB that has capability in more than one scheme can reduce the overhead of managing separate testing relationships for each certification.
What Does MTCTE Testing Involve?
MTCTE testing covers conformance to the applicable technical standards for the equipment category. The standards applicable to a given product depend on the equipment type and the features it implements. For Wi-Fi and router equipment, the applicable standards cover electromagnetic compatibility, radio frequency parameters, safety requirements, and telecommunications-specific technical requirements including security-related testing.
The security testing component has become more significant as the scheme has matured. For equipment categories with defined security requirements, testing includes assessment of how the device handles both normal operating conditions and adverse or unexpected conditions. For protocol-based equipment, this includes testing the behaviour of the device’s protocol implementations when they receive malformed, unexpected, or out-of-specification traffic.
This is the category of testing that most OEMs are least prepared for. Conformance testing verifies that the implementation follows the specification. Security testing verifies that the implementation handles conditions the specification does not explicitly define, including the conditions that real-world attackers are most likely to create. The two types of testing are related but distinct, and passing conformance testing does not demonstrate security robustness.
The protocols relevant to Wi-Fi and router equipment testing under MTCTE include network layer protocols such as DHCP , BGP, and ARP , management protocols including CWMP TR-069 , and wireless protocols covering WPA2 and WPA3. For each of these, security testing assesses how the device’s implementation behaves when it receives traffic that is structurally plausible but contains specific flaws: invalid field values, unexpected lengths, malformed sequences, and combinations the specification prohibits.
How MTCTE Relates to ITSAR and NCCS
MTCTE and ITSAR are related but distinct frameworks that address different aspects of telecom equipment certification in India.
MTCTE is the broader market access scheme. It covers conformance, interoperability, electromagnetic compatibility, safety, and security requirements across a wide range of equipment categories. Achieving MTCTE certification is the requirement for market access.
ITSAR, which stands for Indian Telecommunication Security Assurance Requirements, is a security-specific framework developed by the National Cyber Coordination and Communication Centre. ITSAR defines the security assurance requirements that apply to telecom equipment, and ITSAR security testing is conducted by a separate set of organisations called Telecom Security Test Labs, which are designated by NCCS rather than by TEC.
In practice, OEMs selling security-relevant telecom equipment into India may need to satisfy both frameworks. MTCTE provides the market access certification. ITSAR provides the security assurance evidence. For some equipment categories and some customers, both are required. Understanding which frameworks apply to a given product and which testing organisations are involved is a necessary first step in planning an India market compliance programme.
The overlap between MTCTE CABs and NCCS-designated TSTLs is relevant here. Several organisations operate in both frameworks, providing both MTCTE conformance assessment and ITSAR security testing. For OEMs managing compliance across both frameworks, working with organisations that have capability in both can reduce the complexity of the process.
How OEMs Should Prepare
The most consistent finding from OEMs that have gone through the MTCTE certification process is that preparation quality before submission determines outcome speed after submission. Equipment that arrives at a CAB with unresolved security issues, incomplete technical documentation, or untested protocol implementations takes longer to certify and costs more to remediate than equipment that has been thoroughly pre-tested.
The practical preparation steps are as follows.
Identify which MTCTE equipment categories apply to your product and confirm which standards are applicable. The TEC publishes the relevant standards for each category and the list of designated CABs. Start with this rather than with an assumption about what will be required.
Prepare the technical file completely before submission. CABs will request a product specification, test plan, and supporting technical documentation. Incomplete submissions delay the process.
Conduct internal pre-testing before CAB submission, specifically covering the security testing areas where failures are most commonly found. For protocol-based equipment, this means testing how each implemented protocol handles malformed traffic, including the protocol surfaces that MTCTE security testing is most likely to assess. Finding and resolving failures internally is substantially faster and cheaper than discovering them during CAB assessment.
Engage with a CAB early. Many CABs offer pre-submission consultation that helps OEMs understand the testing scope, the documentation requirements, and the likely timelines for their specific product. This conversation is worth having before completing the technical file rather than after.
Allow realistic timelines. MTCTE certification is not a fast process for equipment with significant security testing requirements. OEMs that factor certification timelines into their India market entry planning, rather than treating it as a final step before launch, avoid the schedule compression that causes most certification delays.
How ProtoCrawler Supports MTCTE Preparation
ProtoCrawler is CyTAL’s automated protocol fuzz testing platform and is directly applicable to the pre-certification testing that MTCTE OEMs need to conduct before CAB submission.
For Wi-Fi and router OEMs, ProtoCrawler tests the protocol implementations that MTCTE security testing will assess. It uses protocol-aware fuzzing to generate test cases that are structurally plausible but contain specific targeted flaws, exercising the application logic that handles each protocol under adverse conditions. The protocols supported by ProtoCrawler that are relevant to MTCTE Wi-Fi and router testing include DHCP , BGP , ARP, and CWMP TR-069
The output from a ProtoCrawler test run gives OEMs the specific findings they need to resolve before CAB submission: the exact input that triggered each failure, the observed behaviour, and a severity classification that helps prioritise remediation. This is the shift-left testing approach that reduces the risk of discovering protocol security failures during the CAB assessment itself.
For OEMs with compliance obligations across both MTCTE and IEC 62443, ProtoCrawler’s structured, audit-ready reporting output maps to both frameworks. The protocol testing evidence produced for MTCTE pre-certification preparation also contributes to the IEC 62443-4-1 Practice 6 SVV-3 evidence that industrial certification requires.
For the full list of protocols supported by ProtoCrawler, see the protocol models page. For information on how India telecom security testing relates to ITSAR and NCCS requirements, see the India telecom security hub.
Common Questions About MTCTE
Is MTCTE certification required for all telecom equipment sold in India?
MTCTE applies to equipment categories defined by the Department of Telecommunications. The scheme has been progressively expanded since 2021 and covers a growing range of categories. Equipment in a covered category cannot legally be imported, sold, or deployed in India without certification. OEMs should verify whether their specific product category is in scope rather than assuming it is or is not.
How long does MTCTE certification take?
The timeline varies significantly by equipment category, the number of applicable standards, and whether pre-submission testing has been conducted. For equipment with security testing requirements, the process typically takes several months from initial application to certification mark. OEMs that submit with complete documentation and pre-tested equipment move through faster than those who do not.
Can a product be sold in India while certification is pending?
No. MTCTE certification is a pre-market requirement. Equipment in scope cannot be imported, sold, or deployed until certification has been granted. There is no provisional or conditional market access while certification is in progress.
Does MTCTE certification in India help with other market certifications?
Partly. The testing evidence generated for MTCTE covers some of the same ground as certification schemes in other markets. However, MTCTE certification itself is India-specific and is not directly recognised as equivalent to European, North American, or other market certifications. OEMs should treat MTCTE as a distinct certification process with its own requirements.
What happens if equipment fails MTCTE testing?
The CAB documents the failures and the OEM must address them before retesting. Depending on the nature of the failure, this may require software fixes, hardware changes, or both. The CAB typically provides a test report identifying which requirements were not met and what the observed failure was. OEMs can then remediate and resubmit for the specific failed tests rather than repeating the entire certification from the start.
Is MTCTE the same as BIS certification?
No. Bureau of Indian Standards certification covers product quality and safety standards under a separate regulatory framework. MTCTE is specific to telecommunications equipment under the Department of Telecommunications framework. Some products may require both, but they are separate schemes administered by different bodies.