Explore the full briefing

What is the Internet of Things?

What is an IoT platform?

What are the economic, sectoral and geographical impacts of IoT technology?

Are there vulnerabilities in the technology?

What are the key operational issues?

What are the key legal considerations?

What are the issues to consider in acquiring IoT technology?

What should manufacturers and suppliers of IoT technology be doing now?

What will the future of IoT technology look like?

What will the impact be on specific industries?

What will the future hold for IoT ecosystems?  Some say that, in time, the Internet of Things will become the Internet of Everything.  Others say we are approaching that already with the convergence of IoT technologies, AI, Distributed Ledger Technologies, communications and big data analytics. 

And when we get there?  IoT stakeholders who control the higher data layers of an IoT ecosystem will have an intrinsic advantage, because that is where insights lie.[1]  Using such data, they will be able to implement entirely new business models, such as dynamic data bundling horizontally across sectors (not just vertically within a sector),[2] raising the prospect of an entirely new order of insights. 

Some predictions

We can therefore expect to see: 

  • Businesses migrating from products (things) – a one-off transactional relationship with the customer - to premium products and services, and then to platforms (a relational or ongoing relationship with the customer); and
  • Those businesses who already offer platforms (services) beginning to offer products as well (for example, an IoT device as the gateway for a service) in order to occupy the IoT ecosystem end-to-end.

Evolution of IoT and customer relationship

Source:  attributed to PwC US by the European Commission in Executive Summary, Cross-Cutting Business Models for IoT, 2017

As already described (see Liability), an IoT ecosystem is typically made up of disparate component elements not supplied in accordance with the requirements of a single end-to-end specification.  There will be both operational problems and legal consequences for some IoT stakeholders (and their customers) that flow from this.  This may lead to market demand for the role of systems integrator. 

For example, a car manufacturer will be expected to ensure that its various IoT-enabled systems (braking, tyres, steering etc) work on an end-to-end and integrated basis.  It will increasingly become a systems integrator.[3]  This effect will be magnified when IoT is combined with other systems, such as autonomous driving and AI. 

Regulatory Policy

How will these industry developments interact with regulatory policy?  Regulators may feel the need to intervene higher up the IoT supply chain.  For example, car manufacturers typically struggle to get their system component providers to guarantee long software maintenance periods or to permit the car manufacturer to maintain the software itself.[4]  The result is that a car manufacturer may struggle to create an integrated vehicular IoT ecosystem.  Such an outcome:

  • could well have safety implications (particularly with the advent of autonomous vehicles), perhaps prompting regulators to require the suppliers of software components to provide upgrades for a specified period;
  • may cause regulators to focus on the impact on end user consumers in B2C supply chains (in relation to vehicles and more generally).  While existing consumer protection laws may provide some comfort to consumers (see Contractual Liability), there may be aspects of the technology that regulators and legislators consider require additional consumer protection measures (as in the case of California’s new IoT Cybersecurity Law – see  U.S: California Senate Bill Number 327).

As many of the problems (operational and legal) stem from an absence of IoT end-to-end integration, regulators may (particularly in relation to areas of public health and safety, and consumer protection) increasingly insist upon end-to-end certification of IoT systems. It is reasonable to suppose that much of the regulatory focus in relation to health and safety and consumer protection will be sectoral in nature.[5]

“It will not be enough to certify components; we will have to test, certify and monitor whole systems.”

Eireann Leverett, Richard Clayton and Ross Anderson, Standardisation and Certification of the “Internet of Things”,  22 May 2017, page 19

IoT technology is highly disruptive to existing markets and business models.  IoT stakeholders need to prepare for situations in which regulation itself may disrupt their own hard-won new business models.  To do that, they need to factor legal and regulatory risk in at the design stage, lest the disruptors themselves become the disrupted.

 

[1] European Commission, Cross-Cutting Business Models for IoT, 2017, page 61.

[2] European Commission, Executive Summary, Cross-Cutting Business Models for IoT, 2017.

[3] Eireann Leverett, Richard Clayton and Ross Anderson, Standardisation and Certification of the “Internet of Things”,  22 May 2017, page 15.

[4] Eireann Leverett, Richard Clayton and Ross Anderson, Standardisation and Certification of the “Internet of Things”,  22 May 2017, page 17.

[5] Eireann Leverett, Richard Clayton and Ross Anderson, Standardisation and Certification of the “Internet of Things”,  22 May 2017, page 21.