Falling on the wrong side of IoT: Key Legal and Regulatory Considerations for Built Environment and Technology Businesses

April 13, 2023

From innovation and efficiency, to data breaches and compromised security - the Internet of Things (IoT) presents both an abundance of opportunities and an abundance of challenges.

The IoT has the potential to transform the built environment and technology sectors, by driving innovation, increasing efficiency, and improving sustainability. However, a question that many businesses should be asking themselves is “When unlocking this potential, what risks are they also being exposed to?”

If a business wishes to enable the easy facilitation of data, how can they satisfy the requirements of all relevant data protection/privacy laws? If a business is profiting off of the interconnectivity of devices, how are their cybersecurity measures in alignment with the Network and Information Systems (NIS) Regulations? If a business wishes to commercialise their IoT technology, how can they meet buyers' desire for openness about the underlying technology, whilst also protecting their own intellectual property?

The widespread adoption of IoT solutions has confronted many businesses with these exact questions.

This article will explore not only the role of the IoT in the built environment and technology sectors, but it will also serve as a brief checklist for the legal and regulatory issues that businesses must consider when developing and implementing IoT solutions.

IoT Applications in the Built Environment and Technology Sectors

1. Smart buildings: IoT-enabled building management systems monitor and control various aspects of a building's performance, such as energy consumption, lighting, heating, and security, enabling improved efficiency, cost savings, and occupant comfort.

2. Infrastructure monitoring: IoT devices can be used to monitor the condition of infrastructure, such as bridges, tunnels, and roads, allowing organisations to proactively maintain their infrastructure and reduce the risk of failures.

3. Environmental monitoring: IoT sensors can collect real-time data on environmental factors, such as air quality, noise, and water quality, informing urban planning decisions and enabling more sustainable development.

4. Energy management: IoT-enabled smart grids and energy management systems can optimise energy consumption, reduce waste, and support the integration of renewable energy sources.

5. Transportation and logistics: IoT technology can be used to enhance the efficiency and safety of transportation systems, such as traffic management, vehicle tracking, and fleet management.

With the innovation of IoT solutions, businesses in the built environment and technology sectors must navigate a complex legal and regulatory landscape. Here are 7 areas that all businesses should consider:

7 Areas for Legal and Regulatory Consideration

1. Data protection and privacy: “The more sophisticated the tech, the more crucial data is to it”. And the more crucial data is, the greater the risk if it isn't adequately protected. The IoT generates vast amounts of data, some of which may be classified as personal data under the UK GDPR and Data Protection Act 2018, or under other applicable data protection laws. In order to ensure compliance, businesses need to comply with the 7 principles of the UK GDPR, implement data security measures, ensure they have a lawful basis for the processing (including obtaining any necessary consents), and be able to prove that the way their IoT systems handle data respects the rights of individuals.

2. Cybersecurity: Data breaches, hacks and cyber attacks are just a few of the potential vulnerabilities and risks that arise with the interconnectivity of IoT devices. Businesses must implement appropriate cybersecurity measures to protect their IoT systems and comply with relevant regulations, such as the (NIS) Regulations.

3. Product liability and safety: Businesses must ensure that their IoT devices are safe, fit for purpose, and meet applicable standards. This means that they may be subject to product liability and safety regulations, such as the Consumer Rights Act 2015 and the General Product Safety Regulations 2005.

4. Intellectual property: IoT technology may involve the use of patented, copyrighted, or trademarked materials, and businesses must ensure they have the necessary rights and permissions to use such materials. Businesses should consider how to protect their own IoT-related intellectual property, such as software, firmware, or innovative designs.

5. Telecommunications and spectrum regulation: Wireless communication technologies are subject to telecommunications and spectrum regulations such as the Wireless Telegraphy Act 2006. These are the same technologies that IoT devices are often reliant upon. Businesses must ensure that their IoT systems comply with these regulations, including obtaining appropriate licences and adhering to frequency allocation requirements.

6. Standards and interoperability: As the IoT ecosystem continues to evolve, businesses must be aware of emerging industry standards and protocols, which can impact the interoperability and compatibility of IoT devices and systems.

7. Artificial Intelligence: AI is causing shifts within all sectors it comes into contact with. IoT is no different. From predictive maintenance, to construction site safety software, the uses are potentially endless. However, this smart decision-making of data that has had minimal human involvement, can impact a company's ability to fulfil the requirements of transparency and explainability of the decision-making process. Consequently, this could prove to be a liability for any UK company that is unable to prove their AI's adherence to data transfer and use requirements under the GDPR.

Harnessing the power of transformative technology must go hand-in-hand with managing the associated risks and responsibilities. The IoT has the potential to revolutionise the built environment and technology sectors, but that competitive advantage can only truly be unlocked if businesses understand the legal and regulatory landscape surrounding it.

A proactive and comprehensive approach to compliance can drive innovation, multiply growth and set businesses apart in an increasingly connected and data driven world. Here are 5 ways that businesses can tap into that:

1. Conduct a thorough risk assessment to identify potential legal, regulatory, and operational risks associated with IoT technology.

2. Develop and implement robust data protections, privacy, and cybersecurity policies and procedures, including regular monitoring, review, and updates to ensure ongoing compliance.

3. Ensure that IoT devices and systems meet applicable product liability, safety, telecommunications, and spectrum regulations.

4. Protect and manage intellectual property rights, including obtaining necessary licences and permissions, and considering strategies to protect proprietary IoT-related innovations.

5. Engage with industry stakeholders, standards bodies, and regulators to stay informed about emerging IoT standards, protocols, and regulations, and to contribute to the development of a harmonised and interoperable IoT ecosystem.

If your business is looking to unlock the potential of IoT solutions without all the regulatory and legal risks that come along with it, our team at Conexus GC can help you to traverse that. We've got decades of experience guiding innovative companies in the built environment and technology sectors on how to answer the exact questions we've covered in this article (and more). From enabling clients to protect their intellectual property, to advising on how they can become compliant with regulation and get state organisations to adopt their technology.

Falling on the wrong side of law and regulation is preventable. Contact us here to find out what that means for your business.