No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

What Is Next for IoT Regulation?

Predictions for the Future: Security and Innovation

by Maria Zervaki
May 1, 2020
in Cybersecurity, Featured
floating icons, concept of internet of things

Cyberattacks on connected devices continue at a rapid pace, and regulators are well aware of this fact. Access Partnerships’ Maria Zervaki discusses the past year of regulations surrounding the internet of things, as well as predicted upcoming topics in IoT regulation.

Although it’s already two decades old, the internet of things (IoT) is still one of the trendiest acronyms in the world of tech. First used in enterprise applications such as manufacturing, IoT now has a stronger consumer approach and has expanded to more verticals, from the automotive industry to smart homes and health care. With IoT’s rapid evolution, the technology has, not surprisingly, attracted the attention of regulators worldwide. In the past year, lawmakers have started regulating IoT, especially network and device security — a trend that will only grow in 2020. There has also been a push to regulate less obvious issues of e-SIM technology and roaming, key contributors to the growth of IoT.

How to Secure IoT

It will come as no surprise that network security is at the forefront of regulatory concern. Cyberattacks on IoT devices have grown at an unprecedented rate, reaching 2.9 billion in first half of 2019. The IoT is a global network infrastructure connecting physical and virtual objects with a high degree of autonomy and interoperability. Because its ecosystem is only as safe as the weakest link in the system, the risks to infrastructure such as electrical grids are a major cybersecurity concern. Additionally, IoT networks collect large amounts of data, worrying regulators and end users about data security.

The question is, who is responsible for securing IoT devices/networks, and who is liable if there is a security breach? Current self-regulatory regimes are gradually being replaced by governments imposing security implementation requirements on device manufacturers, with some due diligence responsibilities falling on IoT providers. The U.K. has already concluded a consultation on regulatory proposals for consumer IoT security, laying down safety guidelines for manufacturers. As of 2020, U.S. manufacturers in California and Oregon will be held responsible for adding “reasonable security features” to devices or physical objects that can directly or indirectly connect to the internet. Both laws, however, are vague in their call for “reasonable security features” and thus difficult to implement. On the other hand, the Emirati regulator TRA has included security by design as a key requirement for type approval of IoT communication equipment.

Current legislative actions tend to focus on consumer IoT devices. This is possibly due to the emergence of data protection laws, since consumer privacy and information security are linked. Breaches of other IoT networks, in smart cities for example, would also have significant consequences. Therefore, it is likely that initiatives such as the Federal IoT Cybersecurity Improvement Bill, which imposes the development of security standards for government-purchased IoT devices, will become more popular in 2020.

Innovative Use of Mobile Connectivity

As many IoT networks use cellular connectivity through a SIM connection, concerns arise surrounding the possibility of switching mobile operators and roaming. 2020 will see increased regulation on these topics.

IoT devices are widely deployed, making it impractical to change SIM cards when switching mobile operators. The SIM card has evolved, however, into the embedded SIM (“eSIM”), offering the ability to change service providers over-the-air (OTA) without physically changing the card. More commercial uses for eSIM services will increase in 2020 — along with its regulation. Turkey has already introduced a limited legal framework where operators and device manufacturers can market eSIMs. The UAE also permits the use of eSIMs with the prior approval of the telecommunications regulator.

Cellular connectivity-reliant IoT services use permanent roaming for IoT devices outside their country of production, while the SIM originates from the production country. For example, e-cars use SIMs stemming from their country of production even though the e-cars are used worldwide. However, there is no uniform handling of permanent roaming. This is problematic, as restrictions on permanent roaming in one country inhibit the use of data internationally and present challenges to global device deployment. Concerns about competition are behind regulatory inconsistency in permanent roaming, as roaming operators can use it to gain a competitive advantage over national operators. The Body of European Regulators, BEREC, believes that permanent roaming for IoT connectivity should not be discarded. Brazil, on the other hand, observes that permanent roaming could lead to unbalanced competition, as the roaming operator would provide full-scale telecommunications services in the country without license and without paying local taxes.

What’s Next for IoT Regulation?

While there are restrictions to IoT, many countries want to encourage IoT innovation and reform their regulatory framework to ensure they do not inhibit its growth. However, there is still regulatory uncertainty regarding the IoT market, and adjusting regulations will be a gradual process. For example, there is lack of clarity on the applicability of telecommunication regulatory obligations to players in the IoT value chain; security requirements also vary significantly.

The imminent implementation of the European Electronic Communications Code may affect the rules surrounding licensing, portability and quality of services. In addition, the EU’s Cybersecurity Act is an opportunity to create a coherent cybersecurity certification based on common standards and requirements for IoT applications, devices and connectivity. The value IoT could bring — from increased GDP growth from shared data to enhanced quality of life through smart applications — is becoming more recognized, with Brazil recently launching its National IoT Plan. It is evident that IoT will be on the agenda of most lawmakers in 2020. However, regulators must carefully balance new regulation with creating an environment that allows IoT innovation to thrive.


This is the final installment in a five-part series. Each article has been extracted from a larger report by Access Partnership on the trajectory of tech policy in 2020.


Tags: Cyber RiskInternet of Things (IoT)
Previous Post

D&B Helps Companies Identify Risk and Opportunity with New COVID-19 Impact Index

Next Post

Many Roads Can Lead to Compliance

Maria Zervaki

Maria Zervaki

Maria Zervaki is Policy Manager, Compliance & Market Intelligence at Access Partnership, a global public policy consultancy for the tech sector. Maria provides advice on policy and regulation to a number of clients, helping them access markets around the globe. Prior to joining Access Partnership, Maria worked in the legal service of the Council of the European Union, where she worked on data protection rules and issues around Brexit, and several law firms in Greece, where she is a qualified lawyer. Maria is currently a Master of Laws candidate in Computer and Communications Law at Queen Mary University of London and already holds a Master of Laws in Specialised Public Law from the University of Bordeaux IV. She works in English, French, Spanish and Greek.

Related Posts

castle pixel art

Building a Defense-in-Depth Culture to Combat Phishing

by Perry Carpenter
March 22, 2023

Phishing attempts are only growing more sophisticated by the day, and effective cybersecurity means defending all the vectors of attack,...

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

cisa website

What Can Your Organization Learn From the New CISA Strategic Plan?

by FTI Consulting
January 11, 2023

Cyber threats against organizations of all sizes are only rising as scammers and fraudsters become more and more sophisticated. Kyung...

data minimization practices_w

Ransomware Threats Are Growing. How Can Boards Protect Mission-Critical Assets?

by Jim DeLoach
December 14, 2022

As the sophistication level of cyber attackers continues to rise, there’s probably not a business on Earth that isn’t at...

Next Post
woman in red suit highlighted among many candidates in black and white

Many Roads Can Lead to Compliance

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT