Navigating IoT Regulations and Compliance: A Guide
By Telit Cinterion
June 1, 2023
The world has an insatiable appetite for the Internet of Things (IoT), as products and connectivity make life easier. Innovation is a continuous cycle, from new and improved smart devices to advancements in 5G.
The urgency around IoT devices makes time to market even more critical. It can affect your competitive advantage and revenues. However, development cycles can hold the entire process back and even halt the project.
As more IoT devices are developed, the greatest challenge is cybersecurity. IoT is making life easier for users and hackers. Solution providers must carefully meet device regulatory requirements to decrease these risks earlier in the design phase.
This article discusses the IoT regulations and compliance landscape and identifies this process’s complexity and uncertainty.
IoT devices, networks and infrastructure can have security vulnerabilities. The chances of going to market in a timely manner are slim unless you pass all the testing requirements.
Not passing the tests and earning certifications for your IoT project could set you back in terms of time and incremental costs. Worse yet, it can lead to reliability issues and suspended licenses.
As a result, your reputation could be damaged. You could lose customers in addition to hundreds of thousands of dollars invested in development, materials and production costs. However, if you catch problems early in the design phase, these risks and certification failures can be avoided.
IoT is used for various purposes and requires different components to automate devices that connect to people and machines. There are many things to address when designing an IoT device. The device architecture is not universal and can include several layers. Each of these layers must be tested to eliminate security risks.
These are three layers to consider, each with security risks:
This layer uses sensors to monitor conditions and collect data. Devices include radio frequency identification (RFID) systems and surveillance scanners.
Security risk: Distributed denial-of-service (DDoS) attacks through signal interference (e.g., on RFID systems).
This is the communications layer. It transfers data using technologies like Wi-Fi and 5G.
Security risk: Unauthorized access in which data can be read, altered and deleted due to poor authentication.
Software is the biggest security risk. This level accepts data and delivers it via automated service to the end user.
Security risk: Phishing attacks trick users into providing access and can damage or steal information. ActiveX scripts can access the network gateway and shut down entire IoT systems.
When it comes to networks involving the IoT, many layers are vulnerable as potential targets of security attacks. These layers, if not designed and managed properly, will create security threats, especially in the 5G network.
— Dean Babak D. Beheshti, Ph.D., New York Institute of Technology’s College of Engineering and Computing Sciences
Cyber risks rise with system complexity. The more devices online and apps on a device, the greater the security threat risk, regardless of 5G or other networks. The more layers in the IoT device architecture, the more testing is needed so that each layer is as secure as possible.
Consumers are more aware of how critical security is for their devices. To maintain trust with customers, solution providers must realize the value of a secure, reliable IoT device. Creating a robust security plan to follow IoT regulations and compliance is crucial.
Governments worldwide recognize IoT security as a critical challenge. However, IoT compliance standards are still being developed worldwide. Each country has regulatory compliance standards that solution providers must follow to sell their products.
Here is a snapshot of a few countries and their approval certification process:
There are three standard levels of approvals. Some require all three, while others may require the first two.
Some examples are the FCC, CE RED and CCC.
What they look for:
These include the Global Certification Forum (GCF) and PCS Type Certification Review Board (PTCRB).
What they look for:
These include mobile network operators (MNOs), such as AT&T, Verizon and Vodafone.
What they look for:
Part of IoT regulatory compliance testing includes detailed documentation. Three examples are:
Labeling requirements must also be met, from markings to product traceability in a language understood by local authorities.
As you can see, these approvals are not clear-cut. Therefore, staying current on the latest IoT regulations is vital to ensuring devices pass testing so they can be sold and operated in each country.
Timewise, the approval process can easily take six months and often more. Some certifications can be done in parallel while others have dependencies. Overall, the length of time depends on the complex IoT device design and pass-failure rate. However, there are even more challenges behind the scenes of IoT regulations and compliance.
One major challenge is getting local approvals in different countries. It requires understanding unique government requirements for each country and complying with their regulations. The process can be complicated by:
To make it even more complex, some changes in device design require additional certification testing, depending on the authority’s definition of the requirements. However, other changes are allowed without additional testing, and most firmware version changes (i.e., software upgrades) don’t require government approval.
It’s important to find suppliers with IoT labs with R&D and technical resources locally in the countries where you need compliance. Having a local presence can break communication and time zone barriers. Local resources can efficiently address requirements for faster approvals and save thousands of dollars over the whole process while hastening time to market.
There are two considerations for IoT regulatory compliance. The first is your needs. Think about adding IoT modules or smart modules to your devices.
Modules are a prebuilt block of components that are fully tested in the production line. They are certified and ready to use.
Being precertified means these modules can reduce certification efforts, as testing will still need to be completed on the device level. IoT modules and smart modules can simplify IoT device development and shorten the path to market.
The second is prework, which is critical. Normally, no testing can be conducted during the design stage. Work with a third-party module supplier that will review and check your design before sample production.
This partner would do precompliance testing to see if the device would pass regulatory approvals and then make appropriate changes. Prework can save time, effort and money before you get to the compliance testing.
Telit Cinterion can bring your IoT solutions to market quickly and securely at scale. We have over 23 years of IoT experience. Our solution experts help you navigate every aspect of your IoT project including compliance testing at every stage.
We have local labs with R&D and technical resources worldwide to accommodate your needs. We help you simplify a very complex process. Contact our experts to create your custom IoT solution and avoid regulatory and compliance issues.