Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AntoinetteHodes
Employee
Employee

Global IoT Regulations | What you need to know

In today's interconnected world, the Internet of Things - IoT has emerged as a powerful force, transforming industries and enhancing the way we live and work. However, with this rapid growth in IoT devices and applications, the need for global regulations to govern this technology has become imperative. 

Global regulations.JPG

                                       Figure 1: Overview of global IoT regulations (voluntary or mandatory)

Why do we need Global IoT Regulation

As IoT devices become more prevalent in our work and daily lives, concerns regarding data privacy, security and interoperability have become increasingly significant. Global IoT regulations aim to address these concerns and establish a framework that ensures the responsible and secure deployment of IoT technologies worldwide.

Key elements of Global IoT Regulations

1. Data Privacy and Security | Privacy is a fundamental right and protecting individuals' data or sensitive data is of utmost importance. Global IoT regulations emphasize the need for robust data protection measures, including clear consent mechanisms, secure data storage and encryption protocols. Additionally, regulations often require device manufacturers to implement security features to safeguard against cyber threats.

2. Interoperability and Standardization | With a vast array of IoT devices and platforms available, ensuring interoperability is essential for seamless communication and efficient data exchange. Global regulations encourage the adoption of open standards and protocols, promoting compatibility and interoperability among different IoT systems.

3. Ethical Considerations | As IoT technologies become more sophisticated, ethical concerns arise. Global IoT regulations may address issues such as algorithmic transparency, bias mitigation and the responsible use of AI in IoT systems. These regulations aim to ensure that IoT deployments adhere to ethical principles and do not infringe upon individual rights.

4. Spectrum Allocation and Connectivity | IoT devices rely on wireless connectivity, making spectrum allocation a critical consideration. Global regulations seek to allocate appropriate frequency bands for IoT applications while ensuring optimal spectrum management and minimizing interference with other wireless services.

5. Certification and Compliance | To ensure the adherence to established regulations, certification and compliance programs are often implemented. These programs require manufacturers to undergo testing and assessment to verify that their IoT devices and systems meet regulatory requirements. Compliance with these programs assures users that the IoT products they utilize conform to the necessary standards.

The Importance of Staying Informed

As the IoT landscape continues to evolve, it is crucial for individuals and organizations to stay informed about global IoT regulations. Being aware of these regulations enables stakeholders to make informed decisions, develop IoT solutions that comply with legal requirements and mitigate potential risks associated with non-compliance.

In conclusion, global IoT regulations play a vital role in shaping the responsible and secure deployment of IoT technologies worldwide. By addressing data privacy, security, interoperability, ethical considerations, and more, these regulations provide a framework for the sustainable growth of the IoT ecosystem. 

4 Replies
the_rock
Legend
Legend

Absolutely needed topic. IoT conversation comes up almost always these days, so more we do about it, the better.

Regards,

Andy

AntoinetteHodes
Employee
Employee

Thank you @the_rock / Andy. Stay tuned! More information in regards to regulations and legislative acts is coming.

0 Kudos
the_rock
Legend
Legend

Great! Have a nice weekend 

WeekendVibesGIF.gif

AntoinetteHodes
Employee
Employee

  • The Proposal for a Regulation laying down harmonized rules for artificial intelligence AKA as the EU AI Act will be finalized by the end of the year. The proposed EU AI Act aims to provide a legal framework for the development and deployment of AI systems in Europe. It includes provisions related to cybersecurity, transparency and accountability to ensure the safe and ethical use of AI technologies. In example what does this mean for IoT devices? The act will likely be adopted in early 2024 (before June 2024 European Parliament elections).
  • EU Cyber Resilience Act (CRA), the Council removed explicit references to highly critical products mandated by the EU cybersecurity certification scheme. They now insist that impact assessment should be conducted before mandatory certification. Besides that, the product life time has change. The ITRE (Parliamentary Committee on Industry, Research and Energy) voted that compliance responsibility should be shifted to the product manufactures. The Council suggested and proposed assigning national CSIRTs. This is currently debated as it might pose a risk as it gives insight in national organizations weaknesses.
  • The NIS2 requires adaptation of Zero Trust principles, overcoming shortcomings in implicit trust setups. Given rising IoT adoption, erosion of the corporate perimeter due to work-from-everywhere and increasingly sophisticated threats that exploit “trusted” users and subsequent devices for malicious purposes, leads to an expanded attack surface of an organization. Additionally, the NIS2 regulations also focus on securing the supply chain of operators of essential services.
  • Digital Operational Resilience Act (DORA): The European Commission is working on the Digital Operational Resilience Act (DORA), which aims to establish a comprehensive framework for the operational resilience of the financial sector. This regulation will address cybersecurity threats and incidents impacting financial entities. As a result, DORA is expected to be adopted and into force early 2025.
  • The Digital Markets Act (DMA) was legally implemented on November 1, 2022. The majority of its regulations became effective in May 2023, while the gatekeepers were officially appointed on September 6, 2023. These gatekeepers are required to comply with the DMA by March 6, 2024.
  • The UK Cyber Security Council has announced the country's first cohort of chartered cybersecurity practitioners following the launch of its Cyber Security Governance and Risk Management and Secure System Architecture and Design professional standard pilot schemes last year.
  • UK Parliament and committee have launched an inquiry into the cyber resilience of UK CNI. I will explore the progress of UK CNI toward achieving recently announced resilience targets by 2025, and what support the sector needs to achieve those targets and efforts to make computer hardware architecture more secure by design to protect CNI
  • Did you know that 5G and healthcare assets do not fall under the RED directive? The RED directive has been postponed 1st of August 2025.
  • Lastly an interesting read: UK Risk Register
0 Kudos
Upcoming Events

    CheckMates Events