Should the Government Regulate IoT Devices?

Should the government regulate IoT devices?As security concerns rise about Internet of Things (IoT) devices, so does the debate about the necessity of government regulations. Should the government regulate IoT? Many Internet of Things devices on the market today have little to no security built in, which can compromise the privacy and even personal security of consumers.

Many consumers today are not (yet) clamoring for more regulation. A lot of them do not realize that their smart devices may be compromising their privacy in significant ways. Yet there is a growing concern from those in government and industry that something must be done. The question is, however, whether more secure devices will arise through government regulations imposed by governments that are often hacked themselves, or by the Internet of Things industry itself.

Should the government regulate IoT?

Proponents of government regulations see the following benefits to having the government regulate IoT devices:

  • Standards applied to every device that help to protect the security of consumers
  • Requirements for patches that take new security concerns into account

Opponents take a different view. Should the government regulate IoT devices, they are concerned about:

  • Regulation and bureaucracy stifling innovation
  • Expensive regulations eliminating smaller companies, reducing consumer choice and competition
  • The government lacks the expertise to effectively regulate these devices

What are lawmakers doing today?

Several countries are already proposing regulations related to this issue. For example, in Australia, lawmakers have proposed a certification for IoT devices with requirements such as:

  • Changeable, non-guessable, non-default passwords
  • Not to expose ports to the wider internet
  • Software updates to fix known vulnerabilities

In the United States, lawmakers are working on a bill related to devices purchased by the federal government that includes requirements such as:

  • Devices must be patchable, rely on industry standard protocols, and be built without hard-coded passwords and known security vulnerabilities
  • Alternative network-level security requirements for devices with limited data processing and software functionality
  • Cybersecurity coordinated vulnerability disclosure policies will be required of all contractors that provide connected devices to the U.S. Government

It is essential that Internet of Things devices become more secure in order to protect consumers, governments, and organizations alike, while complying with international data privacy regulations. Whether that is done through government regulation or industry self-regulation remains to be seen. Likely it will be a combination of both. As consumers and organizations alike become more aware of the security risks of IoT devices, the market demand for more secure devices will grow, increasing the supply in a market-driven economy. Likely we will see the government regulate IoT devices, while the market demand increases.

What do you think?

Should governments regulate Internet of Things devices? Or can the industry self-regulate? Please share your thoughts in the comments.

And if you’d like to learn more about the Internet of Things, check out our newest course program: IEEE Guide to the Internet of Things.



List, J. (2017, 16 Oct). Aussies Propose Crackdown on Insecure IoT Devices. Hackaday.

Corsec. (2017, 27 Sept). IoT Security Facing Government Regulation. Corsec blog.

Thierer, A. and O’Sullivan, A. (2017, 12 June). Leave the Internet of Things Alone. US News & World Report.

Thomson, I. (2017, 15 Feb). You Know IoT Security is Bad when Libertarians Call for Strict RegulationsThe Register.

, , , , , , , , , , ,

6 Responses to Should the Government Regulate IoT Devices?

  1. Rahim July 13, 2020 at 6:09 am #

    Thanks for the post. I think governments should regulate the Internet of Things devices. Sometimes Government bears up more responsibility and it should fill it up…


  1. Does the IoT Want Oversight? UK Introduces “Code of Observe” of Cybersecurity for IoT Builders | Rapida - October 22, 2018

    […] Such concepts may arguably make it more durable for companies to promote merchandise as a consequence of crimson tape and the doable necessities of submitting technical paperwork to a safety board. By the identical token, some consider that these measures may stop injury to crucial providers and shield economies. […]

  2. 5 Predictions for the Cybersecurity Industry in 2019 - ChannelE2E - December 4, 2018

    […] the Consumer Electrical Safety Certifications already meted out today, or a governmental agency could step in to lay down the law. With the ever-increasing prevalence of internet-connected devices, the […]

  3. To Understand IoT Security: Look to the Clouds - Pixallus - February 11, 2019

    […] key question will be whether more government regulations are coming for IoT in the near future. If there is a big mistake, such as a death related to insecure IoT, more […]

  4. Challenges and Solutions to Expanding the Internet of Things - IEEE Innovation at Work - March 12, 2020

    […] the rapid pace of IoT development, both lawmakers and industry leaders are having trouble deciding whether to introduce security standards as well as how best to do […]

  5. The Future of the Internet of Things – Wishful Tech - October 14, 2022

    […] addition, government and industry leaders are working to create standards for the IoT that will help to ensure its […]

Leave a Reply