Smart parking, building automation, drone deliveries, Industry 4.0, agricultural monitoring. The applications for IoT now reach into almost every vertical market with new ideas, concepts and products entering the market every day. As is the way with enterprise growth, we would expect to see a corresponding rise in legislation. This turns out to not be the case with IoT as governments, both domestic and international, are falling behind.
The regulation of technology typically comes after its inception – an understandable dynamic considering its unpredictable nature. For example, prior to the introduction of the U.S. Telecommunications Act in 1996, approximately 1-in-4 Americans were already using the Internet. Considering the U.S. does not have any major legislative policies for IoT, it would seem that dynamic is repeating itself.
If we cross the Atlantic; regulation in the EU seems to have progressed further with the introduction of 2 pieces of IoT legislation. Most recently is the series of rules that will govern the use of IoT data, recently introduced by the European Commission in November. Earlier in the year came the adoption of the NIS Directive for cybersecurity. Whilst this came into effect in August, member states have 21 months to implement it into national law, followed by a further 6 months for the identification of service and support operators. Whereas the U.S. operates on a state and federal level, the EU must operate across its 28 member countries. With an approximate 2-year implementation time, it’s clear that inconsistencies in the speed of IoT adoption is crippling progress.
Security remains vital as IoT continues to embed. The economic advantages are undeniable however so are the opportunities for cyberattack. Experian, the IRS, the DNC and even CIA Director John Brennan are just 4 examples of high-profile hacks over the last few years, all varying in scale and impact. From an IoT perspective, there have been demonstrations highlighting the vulnerabilities inherent within the market. In 2015, hackers managed to remotely commandeer a Jeep Cherokee, leading to the recall of 1.4 million vehicles. A year earlier, hackers managed to remotely control smart meters, essentially giving them the ability to cause blackouts.
Regulation might be slow; however, the U.S. Senate is certainly taking strides towards improving the regulation of IoT. The Senate Committee on Commerce, Science and Transportation held a hearing in early 2015 to investigate the issue, whilst the House called for a resolution last month, urging “a national strategy for the Internet of Things to promote economic growth and consumer empowerment”. Delays in uptake could potentially come from a perceived lack of impact and ROI. With the FCC, the FDA, the FTC and the NHTSA all having some authority over IoT activities, another reason for delays could be the fact that it’s not clear who should take ownership of this regulation.
As with any industry, market or vertical, regulation plays a critical role in growth, advancement and development. By establishing IoT infrastructure and legislation, there are more opportunities for businesses to grow and design the applications that will one-day power the cities and nations of tomorrow.