Digital Sovereignty: Why India Needs Homegrown, Secure Operating Systems 

Talks on developing the Bharat Operating System Solutions (BOSS) have been on for sometime but there has been little success on that front.

Sources said that the Centre will now look at carving out the guidelines for the same.  

China has put in place its own homegrown operating systems, Kylin -- based on Linux for desktops and HarmonyOS built for mobiles. The move is strategic--to reduce dependence on foreign tech for key segments, which can affect national security.

For a nation of India’s scale and strategic weight, developing a sovereign and secure operating system is not a luxury; it is a national security imperative. The country’s security forces, diplomats, and intelligence agencies operate in an era where cyber warfare is as real as traditional warfare.

Although the nation is not considering an outright ban on Android or iOS for all government officials, security forces, diplomats, and intelligence personnel, it has implemented restrictions on the use of commercial smartphones and apps for official and sensitive communications. Over the past few years, the government and various security agencies have repeatedly cautioned against threats to the national cybersecurity from known threats like China and other inimical alien powers.  

Developmental Need

With hacking becoming a real threat in today's changing global scenario, India is promoting the development and adoption of homegrown operating systems to reduce dependence on foreign software platforms (Google's Android and Apple's iOS) and ensure digital sovereignty.

Official sources have pointed out that the country aims to develop various indigenous, secure operating systems (OS), such as BharOS and SAMBHAV, for use on government-issued devices.
 
The armed forces have repeatedly issued advisories banning personnel from using certain Chinese-made phones and a large list of social media platforms and apps due to security and intelligence concerns.

An official advisory issued by the Controller General of Defence Accounts states, "on use of components /items of Chinese origin. As per this letter, hardware /software of system /sub system which are sensitive and critical must not be from a Chinese origin due to security implications. The OEM should supply components of non-Chinese origin, if the OEM has production facilities outside China) Components of Chinese origin must be tested for absence of embedded malware (within or outside the country) and a certificate to this effect to be given by the supplier."

Security Speak

Today, India stands at a crucial inflexion point. Through initiatives like the India Stack, trusted telecom networks, the Defence Cyber Agency, DRDO’s secure OS projects, and homegrown cyber R&D, we have made significant progress toward digital sovereignty. "The foundations of an indigenous operating system are being laid, and with the right push, India can emerge as a global leader in secure, trusted computing," Jiten Jain, cyber security analyst, told The Secretariat.

Selective bans on Chinese apps and devices were not political decisions—they were security decisions based on real risk assessments. "However, India must now move toward a more comprehensive and consistent technology-trust framework that evaluates all external platforms, irrespective of country, based on transparent national-security criteria. The time has come for a ‘Zero-Trust Tech Policy’ that prioritises India’s digital independence above all else," Jain added.  

Need For Secure Communication Protocols

The government's restrictions are primarily aimed at preventing espionage and data breaches that could occur through commercial devices and third-party apps. Sources stated that making government apps for these needs can help curb any attempt by enemy nations to breach our data and intelligence.

Government sources stated that the nation was at an advanced stage of the development of a secure cyber environment for our defence and strategic needs. The caution expressed by security agencies has been taken seriously, and critical infrastructure organisations have been asked to periodically review and implement the actions in these advisories. 

International Advisories

Similar warnings have also been seen internationally. The US defence establishment has also repeatedly pointed to the need for enhancing cybersecurity.  America's Cyber Defence Agency last year published an advisory on the People’s Republic of China's state-sponsored hacking of US critical infrastructure. " It is confirmed that this group of PRC state-sponsored cyber actors has compromised entities across multiple critical infrastructure sectors in cyberspace, including communications, energy, transportation, and water and wastewater, in the United States and its territories," the advisory cautioned.

 "In recent years, the US has seen a strategic shift in PRC cyber threat activity from a focus on espionage to pre-positioning for possible disruptive cyber-attacks against U.S. critical infrastructure. By using “living off the land” techniques, PRC cyber actors blend in with normal system and network activities, avoid identification by network defences, and limit the amount of activity that is captured in common logging configurations," the advisory added.