Navigating IoT Regulations in the EU

Most IoT companies see public decision processes — law and norms — as a black box for read-only. Although organizing a huge and long lobbying campaign is likely to be both uncertain and expensive, it doesn’t mean you have to be disconnected from this world. The sooner you become aware of a future law or norm that may affect your business (positively or negatively), the more possibilities you have to adapt your strategy accordingly or even impact the decision-making.

To understand the subject better, we need to explain the different layers of regulating the law, the norm, and the standard:

• the government, parliament decide the law, any elected or representative institution (e.g., establishing the distance a 5G antenna can be installed from a house or a school)
• the norm is decided by a public, international (ISO), or national entity (e.g., establishing the wind speed a 5G antenna should be at before breaking)
• any other private entity decides the standard, generally, a group of companies, to ensure interoperability. )

This is dramatically important for IoT because it touches on personal data regulations, security concerns, health, and the like. Each IoT device needs to fit in those criteria, and navigating in the jungle of laws, norms, and standards is particularly complex. So, below you’ll find the three types of actions you can set up in your IoT company to avoid surprises.

1. Stay Informed and Updates

The deployment of 5G networks, personal data regulations, security concerns (the use of drones, self-driven cars), among others, are the topics discussed in being regulated everywhere (and differently) in the world.

The decisions adopted in the EU will have a huge impact on the ways IoT is — and will be — commercialized in the upcoming years. It would definitely help if you were up-to-date with new regulations, or the consequences for your business may be devastating.

First, you need to understand who the decision-makers are. We can divide them into the lawmakers (the frame) called legislators and norm-makers (technical aspects, ISO certification requirements). For the European market, the lawmakers are by order of apparition (in the very simplistic way):

• the European Commission (which proposes a directive)
• the European Parliament and European Council (which votes it)
• A national parliament (which implements it in the country, with some adaptations).

One must bear in mind that this entire process takes years, is extremely organized, and the decisions are published and accessible online. At each step, the content is being modified. Thus, there’s a long way between an initial provision prepared by the European Commission and its final version adopted in each European country. That’s why you need to keep your finger on the pulse all along the process.

Then there are so-called “norm makers”, appointed by the industry actors:

• ISO
• CEN (European Committee for Standardization)
• all the national certified entities (norms adopted nationally can’t be less demanding but can be stricter)

Standards makers, appointed by the industry actors:

• ETSI (European Level)
• ONEM2M (International Level)

To follow actions taken by those different entities, there are several ways (from the cheapest to the most expensive):

• on your own: set up the Google alerts with the chosen keywords, review their agenda, reports, publications
• hire a monitoring agency who is going to do it for you and send you a monthly report
• hire a dedicated public affairs specialist in your team or outsource one

2. Don’t Be a Spectator

3. Being a Part of the Process