Regulating the IoT Ecosystem: Who are the Targeted Players?

Posted on 28th March 2019

The Internet of things (IoT) is the interconnection of physical devices — including ones taking input from humans — through a mobile or satellite network, or over the Internet. The idea has been around since the early 90s, but the growth of Internet access and capacity means that 2017’s estimated 8.4 billion connected devices will jump to 20.4 billion devices by 2020.

As with any new technology, widespread deployment requires a regulatory framework to address associated concerns; specifically, which regulations apply to this new category, the availability of scarce resources (frequencies and numbers), and privacy and security.

This is the first of a series of articles aiming to dissect IoT by addressing the ensuing regulatory challenges, starting with the provision of telecommunications service regulations.

Navigating the IoT value chain: How a car manufacturer can be considered a telecom service provider

IoT value chain

Figure 1: The Internet of Things Value Chain

The IoT ecosystem differs from the traditional telecommunications ecosystem as it involves a lot of incumbent players, including the connectivity service provider (typically a mobile or satellite operator) device manufacturers, platform providers, and IoT service providers.

Services in the IoT value chain depend, ultimately, on the connectivity provider, but the connectivity itself accounts for a relatively low proportion of the overall revenue in the value chain. As a result, connectivity service providers are moving vertically across the value chain to become software companies, manufacturers of IoT devices, and application providers in addition to providing connectivity, blurring the definitions of who is providing what.

Provision of IoT Connectivity

The complicated IoT ecosystem makes the previously straightforward task of applying telecommunications regulations much more difficult:  which of the respective services in the IoT value chain can be described as an electronic communication service (ECS)?

At first glance, the connectivity service provider is an ECS provider — and, accordingly, subject to a series of obligations — in most jurisdictions because it provides the wireless connectivity underlying the IoT network and is responsible for the conveyance of signals to the end-users. However, a closer look may lead to a different conclusion: in the IoT ecosystem, the main service provided is not the connectivity but the applications and related devices and sensors.

Complicating things more, the connectivity service providers will usually contract with hardware manufacturers or the IoT service providers rather than with the end users. In some IoT applications, communication may be restricted to machine-to-machine (M2M) with limited or no interaction with end users at all, and may not classify as an ECS in the strict definition of the term.

It is important for telecom regulatory frameworks to clarify this ambiguity and provide clear definitions. For instance, the EU’s newly adopted European Electronic Communications Code classifies  transmission of M2M communications as a specific category of ECS. Similarly, the Communications and Multimedia Act 1998 of Malaysia includes the communication between “things and things” in the definition of ECS, with “things” being any connected device.

Defining the Undefinable

Beyond connectivity service providers, there is no consensus worldwide on whether IoT service providers, such as connected-car manufacturers or producers of smart farming equipment, should be considered ECS providers.

On one hand, when the IoT service providers sell connected devices they are (usually) not responsible for the conveyance of connectivity and could hardly be considered ECS providers. The IoT service provider uses the connectivity, along with other inputs from software and hardware providers, to create a distinct and integrated IoT service for its customers.

This uncertainty complicates the role of national authorities who must decide where in the value chain to regulate. Some governments, like Canada, have opted for a consultation to gain a better understanding of the role of IoT service providers and their potential obligations.

Shaping Appropriate IoT Policies

Stakeholders within the IoT value chain must be aware of the applicable regulatory framework — if their role is considered ECS provision, they will be subject to obligations including licensing requirements, regulatory fees or consumer protection obligations, and risk of penalties for non-compliance.

For regulators, the approach of regulating on a case-by-case basis based on the regulatory framework adapted for traditional telecommunication services is not sustainable. Regulatory mechanisms need to be revisited to create a regulatory framework capable of fostering IoT development. The Body of European Regulators for Electronic Communications (BEREC) and the South Asian Telecommunication Regulator’s Council (SATRC) have already taken the initiative to deploy effective licensing mechanisms for IoT services and more jurisdictions will follow.

Author: Maria Zervaki, Policy Analyst, Access Partnership


Back to document archive