Absence of product lifecycle planning: unlike the software and computer hardware industries, the IoT device manufacturing industry is characterised by a relative lack of product lifecycle planning. IoT devices may become vulnerable as security weaknesses become exposed, but may continue to operate in situ without any plan for replacement or obsolescence. Moreover, IoT device manufactures often rely on third party components, which themselves may not benefit from software development lifecycles, making product lifecycle planning even more difficult.
Updates and patches: patching of known vulnerabilities in IoT devices remains problematic, with many devices (particularly those aimed at consumer markets) being manufactured without any ability to be upgraded, or if there is an upgrade process, it is cumbersome or impractical. Where patching is available, it may still depend on manual intervention by the end user, severely limiting practical uptake. Moreover, security flaws may also be exploited in the wider IoT ecosystem within which devices operate. In the absence of economic incentives, regulators may come to the view that they need to compel IoT stakeholders to implement and maintain patching capability over a long period of time.
Interoperability and standards: component parts of any IT ecosystem need to be able to work together so as to allow information and data exchange. This is known as interoperability, and it is a key issue in relation to IoT ecosystems. In order to facilitate interoperability between interconnected IoT devices derived from different commercial sources, those IoT devices will need to depend on the same set of technical standards. In the absence of standardisation there is a risk that the value to be extracted from current IoT solutions could be eroded by different technologies, protocols and technical architectures.
Traditionally in the technology and telecommunications industries, technical standards have been promulgated by standard-setting bodies, such as IETF (in the case of internet) and ETSI (for telecoms in Europe). The European Union has its own IoT-specific initiative, the IoT European Platform Initiative, whose aim (among other things) is to promulgate open and easily accessible IoT platforms (including IT architecture) through a range of projects.
Some IoT device manufacturers consider there is a market advantage in creating a so-called “walled garden” of (typically) branded IoT product lines within a proprietary IoT ecosystem, limiting interoperability to those devices and that ecosystem, and so creating vendor “lock-in”.
While such behaviour might benefit some vendors individually, it has been estimated that interoperability issues that typically hinder the exchange of data in IoT ecosystems could put at risk forty per cent of the potential total value of IoT technology.
IoT experts tend to believe that there is never going to be a single, generally accepted IoT standard, and that businesses will need to make sure that their IoT solutions can adapt to new standards over time. Interoperability with other standards will accordingly be important.
Need for graphical user interfaces or similar: IoT devices typically have no screen or keyboard. Due in part to constraints in size and processing capacity, IoT devices typically do not have graphical user interfaces (or “GUIs” - that is, user interfaces that allow users to interact with electronic devices, typically through graphical icons) or any other form of user interface within which to configure privacy (or any other) preferences. Device miniaturisation has exacerbated this problem. The physical state of IoT devices therefore complicates the discharge of various legal requirements (particularly in relation to end user consumers), such as notification and consent under data privacy laws (see Privacy).