No demand for source code, say phone makers

The clarification from the Manufacturers' Association for Information Technology (MAIT) that the government's mandate requiring phone makers to share source code was amended in June last year marks a significant development in India's technology regulation landscape. This policy shift, removing a contentious demand, has profound implications for the electronics manufacturing sector, national security, and India's ambition to become a global manufacturing hub.

Initially, the demand for source code from smartphone manufacturers stemmed from national security concerns, particularly regarding potential backdoors, malware, or vulnerabilities that could compromise user data or facilitate surveillance. In an increasingly digital world, where smartphones are integral to daily life, governments worldwide grapple with ensuring the security of communication networks and devices. India, facing geopolitical complexities and a growing digital economy, sought to strengthen its control over the technology infrastructure operating within its borders. The underlying rationale was likely to allow for security audits and ensure that devices sold in India were free from malicious code or unauthorized data transmission capabilities, thereby protecting its citizens and critical infrastructure.

However, this demand was met with considerable apprehension from the industry. Key stakeholders included the **Ministry of Electronics and Information Technology (MeitY)**, the government body responsible for formulating and implementing policies related to electronics and IT; **MAIT**, the apex body representing India's IT hardware, manufacturing, and services sector; and various **domestic and international smartphone manufacturers**. For manufacturers, sharing source code, which is proprietary and highly sensitive intellectual property (IP), posed several challenges. It raised concerns about potential IP theft, competitive disadvantage, and the sheer logistical and legal complexities of complying with such a demand across diverse product lines and global supply chains. Companies argued that providing access to their core software architecture could expose trade secrets and undermine their competitive edge, potentially deterring foreign investment in India's burgeoning electronics market.

The amendment, which reportedly removed the source code sharing clause in June (likely June 2023), signifies the government's responsiveness to industry feedback and a pragmatic re-evaluation of its regulatory approach. This move is immensely significant for India. Firstly, it substantially improves the **Ease of Doing Business** for electronics manufacturers. By alleviating a major compliance burden and addressing IP concerns, India becomes a more attractive destination for global tech companies looking to invest in manufacturing, research, and development. This aligns perfectly with the government's flagship **"Make in India" initiative** and **Production Linked Incentive (PLI) schemes** aimed at boosting domestic manufacturing and exports, particularly in the electronics sector. A more favorable regulatory environment can attract greater foreign direct investment (FDI) and foster job creation.

Secondly, it reflects a delicate **balancing act between national security imperatives and economic growth objectives**. While the government remains committed to cybersecurity, it appears to have recognized that demanding source code might be counterproductive to its broader economic goals without necessarily guaranteeing enhanced security, given the complexities of modern software development and supply chains. Alternative mechanisms, such as stringent security audits, penetration testing, and adherence to global cybersecurity standards, might be more effective and less intrusive.

From a constitutional perspective, while there isn't a direct article on source code, the broader implications touch upon fundamental rights and economic policies. The **Right to Privacy**, enshrined as a fundamental right under **Article 21** of the Constitution (as affirmed by the Puttaswamy judgment), is paramount. Government access to source code could, in theory, be seen as a measure to protect this right by preventing malicious software, but also raised concerns about potential state surveillance. The **Information Technology Act, 2000**, and its subsequent amendments, along with the recently enacted **Digital Personal Data Protection Act, 2023 (DPDPA)**, form the legal framework governing data security and privacy in India. The DPDPA, in particular, emphasizes data fiduciary obligations and individual rights, making a less intrusive regulatory approach more congruent with its spirit.

The historical context shows that India has consistently aimed to strengthen its domestic manufacturing capabilities and assert greater control over its digital sovereignty. Policies like the **National Policy on Electronics (NPE) 2019** envision India as a global hub for electronics system design and manufacturing. The initial demand for source code was perhaps an attempt to operationalize aspects of digital sovereignty. However, the amendment demonstrates a mature and evolving understanding of how to achieve these goals without stifling innovation or deterring investment.

Looking ahead, this policy shift is likely to bolster investor confidence in India's electronics sector. It signals a pragmatic, industry-friendly approach from the government, which could lead to increased foreign investment and greater participation of global players in India's manufacturing ecosystem. While the direct demand for source code is removed, the focus on cybersecurity will undoubtedly intensify through other means, such as mandating adherence to common security standards, promoting secure coding practices, and leveraging independent third-party audits. The government may also explore other collaborative mechanisms with industry to ensure device security without resorting to IP-sensitive demands. This move positions India more favorably in global supply chains, fostering an environment where innovation and security can coexist, driving the nation towards its ambitious goal of becoming a trillion-dollar digital economy.