The Indian government is exploring the possibility of replacing older SIM cards after an investigation revealed that some of them may contain chipsets sourced from China, sparking significant national security concerns.
According to two senior officials familiar with the matter, a probe led by the National Cyber Security Coordinator (NCSC), in coordination with the Ministry of Home Affairs, uncovered instances of Chinese-origin chipsets embedded in SIM cards used by mobile subscribers. The move comes as part of a broader effort to tighten security across India’s telecommunications infrastructure, especially in light of long-standing concerns regarding Chinese technology firms.
India has a mobile subscriber base of over 1.15 billion. Even if a small portion of these SIMs contain unapproved foreign components, the implications for data security could be considerable, especially given that companies like Huawei and ZTE are already barred from participating in India’s telecom sector.
Talks with Telecom Giants
The NCSC has already engaged in high-level discussions with major telecom operators, including Vodafone Idea, Bharti Airtel, and Reliance Jio, alongside officials from the Department of Telecommunications (DoT). The discussions focused on addressing existing vulnerabilities in the SIM procurement process and laying out a potential framework for replacing compromised SIM cards.
However, executing a nationwide SIM card replacement would pose both technological and legal challenges. It would also lead to increased costs for telecom operators, many of whom outsource SIM card procurement to vendors operating under the trusted source certification system.
Misuse of Trusted Source Certification
One official indicated that certain vendors misused their certification by initially sourcing SIM components from approved suppliers but later switching to chipsets of Chinese origin. The vendors in question have not been named due to the sensitive nature of the investigation. “The problem lies in the lack of continuous audits and a loophole in the certification process. Some equipment is entering India from trusted countries but contains unverified or unapproved components,” the official noted.
Government’s Security Measures
The NCSC, which functions under the National Security Council Secretariat and advises the Prime Minister’s Office, is responsible for approving trusted sources for telecom hardware. To strengthen the supply chain, the government is reportedly considering:
-
More stringent vetting of trusted vendors
-
Mandatory and continuous testing of imported telecom equipment
-
Enhanced oversight of vendors supplying SIM cards and other network gear
Telecom equipment is already subject to testing and certification under existing laws, including those enforced by the National Centre for Communication Security (NCCS) and the Telecommunication Engineering Centre (TEC).
Legal Backing and Industry Concerns
The Telecom Act of 2023 grants the government power to mandate that operators procure equipment only from certified trusted sources. However, the industry is apprehensive about the operational and financial implications of mass SIM card replacement, especially if implementation is rushed or not adequately supported. An industry executive, speaking on condition of anonymity, stated, “There’s a clear gap in continuous monitoring. Replacing SIM cards will not only raise operational issues but also significantly increase costs for telecom companies already under financial stress.”
As India takes strides to bolster its digital infrastructure and secure critical communication networks, the SIM card security scare has spotlighted the urgent need for robust, transparent, and accountable supply chains — especially in a sector so vital to national interests.