Blog: Internet Of Things

Objections to IoT regulation. A rational reply

Ken Munro 24 Oct 2019

I often hear objections to consumer IoT regulation, specifically IoT security regulation. It’s typically from industry lobby groups that have a vested interest in keeping regulation very ‘light touch’. Their mantra is:

It’ll stifle innovation and increase cost

I strongly disagree, and here’s why.

“Regulation stifles innovation”

The argument goes that mandating security in smart products will make it harder for companies to succeed as new entrants to the market. Either innovative products won’t be manufactured because the cost of entry is prohibitive, or they will be developed and manufactured overseas where there are fewer, or no, regulations.

The problem with that argument is that IoT security regulation is an enabler NOT a barrier.

That’s a bold claim, so let’s break it down.

Innovation comes from someone having an idea, “let’s make a smart thing”. No problem there, but it’s rare that the innovator has security expertise. The prime objective is getting a minimum viable product to market quickly, at least cost.

Development, prototyping, mobile app development, and platform provision often run concurrently. They are rarely all on schedule, and rarely work correctly first time. In this common scenario security is usually an afterthought, if it’s even considered at all.

Sadly, often the first time security becomes important to manufacturers is when a security researcher makes contact to say that their customer’s data is exposed. See our blog for numerous examples.

By that time, the cost of correcting mistakes can be prohibitive. A recall could take a start-up business under, yet not taking action can lead to significant brand damage, let alone the risk of class actions from users and regulatory enquiries from data protection authorities.

Catch 22: lose/lose. The start-up goes under. Innovation is stifled by a lack of security.

Instead, how about manufacturers implement one of the many secure IoT platforms instead of trying to roll their own? Time to market is reduced and security is improved. Innovation is enabled by security.

Caveat: only some of the 300+ IoT platforms are secure; some are terrible. Choose wisely!

“Regulation increases costs”

The argument here is that even one single penny of additional cost will make an IoT product economically unviable and so put it out of contention.

By implementing an existing IoT platform the product gets to market faster. IoT platforms provide an API and back end, and some offer the hardware for your IoT device’s PCB. Some platforms can even help develop your mobile app. That saves $$. It also means that you’re more likely to get first mover advantage.

But what about that cost? Economy of scale is the key here. As more start-ups realise the value of IoT platforms, economy of scale creeps in. Platforms can commission larger runs of hardware and development costs around that are amortised, so the cost per unit drops.

Most start-ups tend to only investigate these platforms and short cuts to market if they are mandated to. You can wave ‘good practice’ documentation all you like, but few will pursue it if there is no regulation to consider.

Various surveys have shown that a strong reason cited by consumers against adoption of IoT is their concerns around security. There’s a typical example here. We can remove that concern through regulation, removing an obstacle to growth.


In my opinion, regulation actually encourages innovation, reduces cost, reduces time to market and helps increase sales volume by removing consumer objections on the grounds of security.

Regulation can actually stimulate growth in the consumer IoT market.