Awakening Global Governments: An International Survey of Internet of Things Regulation

21 Pages Posted: 16 Mar 2018 Last revised: 10 Sep 2018

Date Written: March 16, 2018


The rapid proliferation of connected devices has the potential to transform and enrich our lives and to drive significant productivity gains in the broader economy. However, the lack of sufficient security in many “Internet of Things” (IoT) devices creates a meaningful risk to consumers and to the basic functionality of the Internet. The increasingly frequent and high-profile cyberattacks, often fueled by insecure IoT, are driving governments globally to develop responsive policy measures.

This paper provides a qualitative survey of the current public policy and emerging regulatory frameworks facing consumer IoT devices in the European Union (EU) and the United States (US). For each geography, we provide an overview of the current regulatory landscape, as well as emerging policy developments, primarily in the area of IoT security and to a lesser extent IoT privacy. In so doing, we develop a broad comparison of the two jurisdictions that draws out the commonalities and differences. We accomplish this through a survey of each jurisdiction’s “hard” and “soft” law applicable to IoT as well as an examination of proposed or otherwise developing policies in the jurisdiction.

While existing surveys of individual jurisdictions help develop a clear picture for those countries or regions, a broader perspective on IoT security and privacy policy is needed, given the global nature of the security challenges posed by insecure IoT as well as the global market for IoT devices. It has become clear that no single government or industry actor will be able to alone address the problem of insecure IoT, and cooperation and consensus across borders and industries are needed to more fully address the problem and to fully realize the promised benefits of IoT. This paper provides a first step in developing that broader perspective through a survey and comparison of the current policy approaches in the EU and US. This understanding is essential to formulating coherent and effective policy responses to the problems that arise from insecure IoT.

We find that although there is broad recognition of the risks associated with insecure IoT among policymakers in the EU and the US, each government is approaching how to address these risks quite differently, particularly in how they view the role of government visa vie the role of industry and market forces. Not surprisingly, US policymakers currently see industry-led initiatives and a close partnership with industry as the preferred approach, while the EU is approaching these challenges through more centralized, government-led efforts. However, looking beyond the “how,” there is substantial agreement on the “what” – the specific technical areas that must be addressed to improve IoT security. We conclude by identifying the risks these varied approaches create to the promised benefits of IoT as well as the need to expand the analysis to include Asian jurisdictions, particularly China.

Keywords: Internet, things, Internet of things, IoT, security, privacy, law, regulation, certification, international, online, connected, devices, global

JEL Classification: O14, O3, R5, G18, L86, L88, L5, K2

Suggested Citation

Walker, Mark and Shockey, Kelton and Neiman, Andrew and Stephan, Ashtyn, Awakening Global Governments: An International Survey of Internet of Things Regulation (March 16, 2018). TPRC 46: The 46th Research Conference on Communication, Information and Internet Policy 2018. Available at SSRN: or

Mark Walker (Contact Author)

CableLabs ( email )

No Address Available

Kelton Shockey

CableLabs ( email )

858 Coal Creek Circle
Louisville, CO 80027
United States

Andrew Neiman


No Address Available

Ashtyn Stephan


No Address Available

Register to save articles to
your library


Paper statistics

Abstract Views
PlumX Metrics