The IoT Security Foundation have published an “IoT Cybersecurity: Regulation Ready” white paper to enable organisations to get ahead of the approaching security regulations that will apply to sensors, devices, data, software, systems, processes, services and networks throughout the IoT ecosystem.

This publication provides a detailed analysis on the IoT regulation environment of governments, regulatory bodies and legislation including the EU, US, UK, and Australia, and also serve as a resource for IoT manufacturers, innovators, distributors, retailers and regulatory bodies to better understand the current regulatory landscape and the differences and similarities across jurisdictions.

Industry needs to be proactive and not only adopt a security-focused mind set to adapt to an evolving regulatory landscape and global marketplace, but also communicate clearly that it is doing so. This security-focused mind set should, at minimum, take into consideration the design, production, operation, tools and lifecycle processes of IoT products and services. This will support regulatory compliance, demonstrate due diligence and a duty of care, and reduce risks of non-compliance. Adopting this approach also enhances baseline security of IoT products and services in the marketplace and can help protect against risks associated with some legacy devices.

Today, some governments and regulatory bodies are applying existing regulation to IoT products and services in an attempt to influence product security and drive user awareness. Although some may not have been applied to the IoT yet, the regulations analysed in this white paper are relevant to the IoT and that particular types of existing regulation and their compliance mechanisms are more applicable than others to security-related risks. This is particularly true for regulations such as consumer protection, competition, product marking or labelling, child protection, data protection, cybersecurity, and (tele)communications.

The regulatory landscape around IoT is expected to change significantly in the near future, with unpredictable impacts on innovation and the security of legacy devices.  For these reasons, this white paper examines a cross-section of fifteen existing regulations in five global jurisdictions as of September 2018 and explores how these policies may be applied to the IoT. It also considers how IoT products which implement good security practices mitigate regulatory liabilities in the IoT supply chain and create baseline security of IoT technologies.

Security is not a destination, it is a journey which moves and evolves with technology and capabilities. Adopting a security-focused mind set will support IoT product and service providers in mitigating risks ranging from cybersecurity threats to regulatory action. Technical tools, best practices, and practical steps implemented now may position organisations favourably for future regulatory changes.