Awakening Global Governments: An International Survey of Internet of Things Regulation
21 Pages Posted: 16 Mar 2018 Last revised: 10 Sep 2018
Date Written: March 16, 2018
The rapid proliferation of connected devices has the potential to transform and enrich our lives and to drive significant productivity gains in the broader economy. However, the lack of sufficient security in many “Internet of Things” (IoT) devices creates a meaningful risk to consumers and to the basic functionality of the Internet. The increasingly frequent and high-profile cyberattacks, often fueled by insecure IoT, are driving governments globally to develop responsive policy measures.
This paper provides a qualitative survey of the current public policy and emerging regulatory frameworks facing consumer IoT devices in the European Union (EU) and the United States (US). For each geography, we provide an overview of the current regulatory landscape, as well as emerging policy developments, primarily in the area of IoT security and to a lesser extent IoT privacy. In so doing, we develop a broad comparison of the two jurisdictions that draws out the commonalities and differences. We accomplish this through a survey of each jurisdiction’s “hard” and “soft” law applicable to IoT as well as an examination of proposed or otherwise developing policies in the jurisdiction.
We find that although there is broad recognition of the risks associated with insecure IoT among policymakers in the EU and the US, each government is approaching how to address these risks quite differently, particularly in how they view the role of government visa vie the role of industry and market forces. Not surprisingly, US policymakers currently see industry-led initiatives and a close partnership with industry as the preferred approach, while the EU is approaching these challenges through more centralized, government-led efforts. However, looking beyond the “how,” there is substantial agreement on the “what” – the specific technical areas that must be addressed to improve IoT security. We conclude by identifying the risks these varied approaches create to the promised benefits of IoT as well as the need to expand the analysis to include Asian jurisdictions, particularly China.
Keywords: Internet, things, Internet of things, IoT, security, privacy, law, regulation, certification, international, online, connected, devices, global
JEL Classification: O14, O3, R5, G18, L86, L88, L5, K2
Suggested Citation: Suggested Citation