NEW DELHI: India’s top telcos have raised concerns around legal ramifications of the National Security Directive, including who will be held responsible in case of a security breach on trusted equipment used in a telecom network, officials and industry executives familiar with the matter said.

In their meetings with security officials as part of the process to identify trusted sources for telecom gear to ensure a secure network, telcos also urged the government to ensure adequate number of vendors to keep costs in check, while seeking clarifications around maintenance, upgradation and repair of already installed equipment, say executives.

“What if there is a security breach in trusted gear, then who is going to take responsibility? So, we have asked authorities to take the decision technically and with the help of mandatory testing,” a senior executive at one of the three private telcos, who attended the meeting, told ET.

A second telco executive added that the government was asked to ensure that operators have enough vendors to choose from and there aren’t exclusive tie-ups between an operator and a vendor. “For affordable services, vendor diversity is needed since. India is a cost sensitive market,” he said.

Reliance Jio, Bharti Airtel, Vodafone Idea (Vi) and state-run Bharat Sanchar Nigam Ltd. (BSNL) were called in for separate meetings with National Security Council Secretariat officials and National Cyber Security Coordinator, Lt Gen. (Dr) Rajesh Pant over the last couple of weeks. As per the December 16 Cabinet decision, Pant is tasked with preparing a list of ‘trusted sources’ for acquiring gear for telecom networks. The NCSC in turn will make its list based on approval of a committee – the National Security Committee on Telecom (NSCT) – headed by Deputy NSA, and consisting of relevant ministries such as telecom and commerce.

Experts say the government’s move is aimed at keeping Chinese gear makers Huawei and ZTE out of India’s 5G deployments, in line with the US and the UK which have taken proactive steps to bar them from critical infrastructure. But they added that equipment from European vendors being made in China could also come under the scanner.

For both, Airtel and Vodafone Idea, China’s Huawei and ZTE – besides Sweden’s Ericsson and Finland’s Nokia – have been critical partners for 4G networks in several circles. They will have topartner with others for 5G networks even for circles which are currently being served by the Chinese vendors. Jio currently sources its gear only from Samsung.

Telcos also pressed for a swift conclusion to this initiative to identify trusted sources, saying any delay in what will be a complex process will push back their 5G network planning efforts. “We are also seeing how the geo-political issue changes which may have an impact in India,” a third executive said.

The government is yet to specify a timeline for holding 5G auctions. Even 5G trials are yet to be held.

Officials, on their part, said the government will focus on continuity of supply chain, control over supply and allowing only secured components in the supply chain, executives said.

The government is currently considering ‘whitelisting’ – or deeming secure – equipment from Indian vendors based on how much control they have over their supply chain, while multinational vendors may be asked to submit declarations on securing gear and submit source code of their gear into an escrow account, for greater accountability, officials said.

After the ongoing input gathering exercise, the government will come up with a portal by April 15 for mainly equipment vendors to submit data related to gear, which could include the type of equipment being manufactured, where it is being manufactured and who is using it currently, among other details. It is aiming to complete this detail gathering process by June 15, people familiar with the matter said.

Besides representatives of telcos, security officials have also held separate meetings with industry bodies Cellular Operators Association of India (COAI), Telecom Equipment Manufacturers Association (TEMA), representing local gear vendors, Telecom Equipment and Services Export Promotion Council (TEPC), and Tejas Networks. Overseas gear makers such as Ericsson, Nokia, Samsung, Huawei or ZTE haven’t been called in as yet.

Key officials of the telecom, commerce and DRDO were also called for a separate meeting.

Telcos also want clarity on maintenance, upgradation and repair of already installed equipment, a third executive said. For instance, if a particular vendor’s gear has been blacklisted, then what will happen to the already deployed equipment and if India will allow an active component to be replaced or upgraded.

Queries sent to Airtel, Vodafone Idea, Jio, Tejas and the industry bodies didn’t elicit any response.

While announcing the security directive on December 16, telecom minister RS Prasad had said that the new directive would kick in within 180 days from the date of approval.