What Developers Need to Know About Global IoT Security Regulations
May 5, 2023
Learn about regional IoT security regulations and how developers can enhance security at the technology level using IoT standards and advanced security features with Telink.
With billions of devices in the hands of consumers, security for the Internet of Things (IoT) has become a significant concern. Governments worldwide have introduced regulations and standards to ensure the safety and privacy of users. Product developers should be aware of the latest upper-level security regulations for IoT devices from different regions — and understand how to improve security at the technology level using IoT standards and SoCs with up-to-date security features.
Regional IoT Security Considerations
While regulations vary, developers should be familiar with the standards they may need to implement for certain markets.
ETSI EN 303 645 is a cybersecurity standard developed by the European Telecommunications Standards Institute (ETSI). It consists of 13 provisions that cover various aspects of IoT security, such as secure software updates, data protection, and system integrity.
ITU X. 1352 is a cybersecurity standard developed by the International Telecommunication Union (ITU), a specialized agency of the United Nations. It addresses authentication, access control, data confidentiality, and system integrity.
NIST IR 8425 is a publication by the National Institute of Standards and Technology that focuses on core capabilities, such as device identification, secure data transfer, and vulnerability management.
Understand and comply with the security regulations in each target country. For example, China has mandatory IoT security regulations, while Australia, India, Japan, Singapore, South Korea, Thailand, and Vietnam have voluntary regulations. Familiarize yourself with the key standards referenced in these regulations, such as ETSI EN 303 645, ITU X. 1352, and NIST guidelines.
Several Asian countries require IoT devices to be certified and labeled as per their respective security guidelines. Comply with these requirements to gain trust from both customers and regulators.
While some countries, like the United Kingdom, have mandatory IoT security regulations, others, such as France, Germany, and Spain, have voluntary guidelines. The key standard referenced across many European countries is ETSI EN 303 645. Ensure your IoT devices comply with these regulations to avoid penalties and maintain a positive reputation in the market.
Several European countries, like Germany and the United Kingdom, require IoT devices to be certified and labeled according to their security guidelines.
In the United States, IoT security regulations are voluntary, with the NIST IR 8425 serving as a key guideline. Although compliance is not mandatory, adhering to these guidelines can enhance your product’s security, making it more appealing to customers and reducing the risk of security breaches. On the other hand, regulations are mandatory in Brazil, which follows the ETSI EN 303 645 or ISO/IEC 27402.
Certification and labeling for IoT devices in the Americas are essential to demonstrate compliance with voluntary security guidelines.
IoT Security Considerations for IoT Developers
Regional regulations only define product-level security requirements. To meet these general requirements, developers need to consider technology-level protection that helps ensure functions such as data privacy, secure communication, device authentication and access control, and interoperability.
Telink can help developers implement the following at the technology level:
Build your products using the latest IoT standards with higher-level security protections. For instance, Matter and Zigbee R23 are designed with up-to-date security features for IoT devices. Zigbee R23 offers dynamic link key, device interview, APS frame counter synchronization, and additional features to enhance a secure build. Bluetooth also upgraded its security protection by introducing Encrypted Advertising Data in the latest 5.4 specification.
Select underlying SoCs that have stronger security features to support upper-layer protocols. These features include true random number generator, hardware encryption accelerator, and more advanced security mechanisms like root of trust (RoT), secure boot, secure over-the-air updates, and anti-reverse engineering mechanism.
With the right technology-level approach, IoT developers can meet a range of regional standards with secure, compliant, and well-suited devices for their target audience.