Internet of Things (IoT)


The US House of Representatives passes SMART IoT ActThe unanimous vote sends the ‘State of Modern Application, Research, and Trends (SMART) of IoT Act’ to be approved by the US Senate. The bill tasks the US Department of Commerce (DoC) with conducting a comprehensive study concerning the status of Internet of things (IoT) in the country. According to the bill, the research should focus on the following aspects: listing US tech companies and public-private partnerships (PPP) that develop and promote the use of IoT; evaluating the status of IoT standards and federal regulations of IoT; and identifying federal government resources for consumers and small businesses to assess connected devices

In the run-up to the 13th annual meeting of the Internet Governance Forum (IGF), the IGF community has wrapped up its work on the Best Practice Forum (BPF) on Internet of Things (IoT), Big Data and Artificial Intelligence (AI). The draft output report was produced through an open and iterative process that included open discussions and online meetings held during the months preceding the IGF 2018 meeting. The document proposes, among others, a series of best practices regarding the use of IoT, big data, and AI, focused on issues such as: multistakeholder collaboration, consideration towards ethics and human rights, watching out for bias and incomplete data sets, making privacy and transparency policy goals and a business practice, ensuring systems are adequately secured before they get to the market, and fostering technologies and business practices that empower small and medium-sized enterprises (SMEs). Interested stakeholders can comment on the draft output, which will be discussed at the IGF meeting in Paris and finalised shortly after. The work will also continue through the IGF 2019 cycle, with a focus on identifying how IoT, big data, and AI can be used to reach the UN sustainable development goals (SDGs), as well as the impact of these technologies on policies and regulations.

The UK department for Digital, Culture, Media and Sport and the National Cyber Security Centre (NCSC), in engagement with industry and consumer associations, and academia, published a Code of Practice for Internet of Things (IoT) security. The aim of the code is to ensure that products are secured by design. As such, it provides guidance mainly to device manufacturers, IoT service providers, mobile application developers, and retailers. The Code of Practice includes 13 outcome-focused guidelines, which are based on good practices in IoT security. The first draft of the code was published as part of the department’s secure by design report  from March 2018

The governor of California signed the first Internet of things (IoT) security law in the USA (SB-327).  According to the law, the manufacturers of connected devices are responsible for equipping their devices ‘with reasonable security measures to protect them from unauthorized access, use, destruction, disclosure, or modification by hackers’. The bill explains that the installed security features should be ‘…appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure..’. The law, which is scheduled to go into effect in January 2020, does not specify means for enforcement, so it will be up to the California attorney general to decide on the matter.

Cybersecurity researchers at F5 Networks and their data partner Loryka reported that cyber-attacks on Finland, which is not typically a top attack destination country, dramatically increased from 12 July until the Trump-Putin summit. The researchers claim that the majority of the attacks were brute force attacks against SSH, a type of attacks commonly used to exploit IoT devices online. According to F5 Networks, ChinaNet was the top network used to launch attacks from, both before the Trump-Putin summit and during the attack spike. However, researchers noted that there is no data to suggest the attacks against Finland were successful.

In May 2018, a family in Portland, USA reported that their Amazon Echo smart speaker had recorded snippets of private conversations and sent them to a random person in their contact list. Amazon explained that the device had subsequently misinterpreted several pieces of the conversation and this is why it ended up behaving as reported. But the incident has sparked controversy over the privacy implications of Echo-like devices and the privacy-related policies of their manufacturers. In light of this case, two members of the US Senate – Jeff Flake and Chris Coons, who serve as chairman and ranking member of the Judiciary Subcommittee on Privacy, Technology and the Law – sent a letter to Amazon CEO Jeff Bezos, asking for clarifications on how the Echo device functions (when and how frequently it sends data to Amazon servers, how long the recordings are stored, and how the recorded data is anonymised) and what actions the company is taking to protect the privacy of their users. The senators also ask Amazon to indicate the number of complaints it has received about Echo misinterpreting commands.

The Internet of Things (IoT) includes a wide range of Internet-connected devices, from highly digitalised cars, home appliances (e.g. fridges), and smart watches, to digitalised clothes that can monitor health. IoT devices are often connected in wide-systems, typically described as 'smart houses' or 'smart cities'. Such devices both generate enormous amount of data and create new contexts in which data are used. IoT triggers a multitude of policy issues, from standardisation to protection of privacy.


When we say that Internet helps us to connect we also implicitly refer to the fact that some of our devices can be connected and transfer data among themselves. Primarily, we are thinking about computers, mobile phones, tablets, e-readers. But what if every device we use on a daily basis, such as transportation vehicles, home appliances, clothes, city infrastructure, medical and healthcare devices, can connect via the global network to a remote center or to other device? This gives the term ‘connected’ a different, broader meaning.

This is the general idea behind the IoT, a network of physical objects or ‘things’ connected via electronics, software, and sensors to exchange data with manufacturers, operators, or other connected device. The main objective is to achieve greater value or service. IoT devices use the present Internet structure, not a separate/different Internet.  

The most common sensors currently used for IoT device communication are radio frequency identifiers, universal product codes, and electronic product codes. In addition, researchers are continuously exploring new modalities for connecting IoT devices, such light emitting diodes (LEDs).

Some of the most developed IoT industries include home automation, health monitoring, and transportation. Other industries where IoT is playing a prominent role important role are energy, infrastructure, agriculture, manufacturing, and consumer applications.

In general terms, the IoT in increasingly seen as having a significant development potential, that can contribute to achieving the sustainable development goals (as underlined in an ITU–Cisco Systems report from 2016, and at various sessions held at the IGF 2016 meeting).

Even if the size of a single piece of data generated by connected Iot devices could be quite small, the final sum is staggering due to the number of devices, estimated to reach between 20 and 100 billion by 2020. According to the International Data Corporation, by 2020 the ‘digital universe’ will reach 44 zettabytes (trillion gigabytes), and 10% of this amount would come from IoT devices.

Public and private initiatives

The business sector is leading major IoT initiatives. While companies such as Intel and Cisco continuously develop their portfolios of IoT services, telecom operators have started to deploy IoT-dedicated networks on large scale, to encourage the use of IoT. Moreover, companies from different sectors are joining forces in alliances aimed at further contributing to developments in the field of IoT. Examples include the Open Connectivity Foundation, whose aim is to contribute to achieving interoperability among IoT devices, and the LoRa Alliance, which works in the field of IoT standardisation.

Governments are also becoming more and more aware of the opportunities brought by the IoT, and they are launching various types of initiatives in this area. The European Union, for example, has initiated the Horizon 2010 Work Programme 2016 -2017: Internet of Things Large Scale Pilots for testing and deployment, a funding programme aimed to encourage the take up of IoT in Europe. In the USA, the Department of Commerce has issued a Green Paper on Fostering the Advancement of the Internet of Things, and is exploring a potential role (and related benefits and challenges) for the government in supporting the evolution of the IoT field. The Chinese government, on the other hand, has created the Chengdu Internet of Things Technology Institute, through which it funds research in various IoT-related areas.

IoT, data protection, and security

The IoT generates massive amounts of data, and this has triggered major concerns related to privacy and data protection. Some IoT devices can collect and transmit data that are of personal nature (e.g. the case of medical IoT devices), and there are concerns about how the devices themselves are protected (ensuring their security), as well as about how the data they collect is processed and analysed. While information transmitted by an IoT device might not cause privacy issues, when sets of data collected from multiple devices are put together, processed, and analysed, this may lead to sensitive information being disclosed.

IoT devices are increasingly used as tools in large cyber-attacks, bringing the security of such devices into sharper focus. One notable example is from October 2016, when a series of distributed denial of service (DDoS) attacks against Dyn Inc., a large Domain Name System hosting and DDoS‐response provider serving top online service providers, rendered many services – including Twitter, PayPal, Reddit, and Spotify – temporarily unavailable, and slowed down Internet traffic across the globe.  In the context of ongoing debates on the responsibility that the private sector should take when it comes to IoT security, companies have started to launch initiatives in this area. In one such example, AT&T, IBM, Nokia, Palo Alto Networks, Symantec, and Trustsonic have formed the IoT Cybersecurity Alliance, with the aim to ‘help customers address IoT cybersecurity challenges, demystify IoT security, and share best practices’. At the same time, standard-setting organisations are more carefully looking into developing IoT security standards. Despite such initiatives, there have been calls for governmental intervention, with security experts arguing that the private sector is not sufficiently motivated to appropriately address IoT security concerns, and that regulations and public policies are needed to cover issues related to security standards, interoperability, and software updates requirements.

IoT, big data, and artificial intelligence

Ongoing developments in the field of automated systems (i.e. self-driving cars, medical robots, etc.) bring into light an increasingly important interplay between IoT, artificial intelligence (AI), and big data. Artificial intelligence, a field that undergoes a very fast development, provides ‘thinking’ for IoT devices, making them ‘smart’. These devices, in turn, generate significant amounts of data – sometimes labeled as big data. This data is then analysed and used for the verification of initial AI algorithms and for the identification of new cognitive patterns that could be integrated into new AI algorithms.

While this interplay presents an enormous business potential, it also brings new challenges in areas such as the labour market, education, safety and security, privacy, ethics and accountability. For example, while AI systems can potentially lead to economic growth, they could also generate significant disruptions to the labour market. As AI systems involve judgements and decision‐making – replacing similar human processes – concerns have also been raised regarding ethics, fairness, justice, transparency, and accountability. The risk of discrimination and bias in decisions made by autonomous technologies is one such concern, very well illustrated in the debate that has surrounded Jigsaw’s Conversation AI tool. While potentially addressing problems related to misuse of the Internet public space, the software also raises a major ethical issue: How can machines determine what is and what is not appropriate language?

Such challenges have determined both governments and the private sector to take several steps. The US National Science and Technology Council outlined its strategy for promoting AI research and development, while the White House made recommendations on how to prepare the workforce for an AI‐driven economy. The UK Parliamentary Committee on Science and Technology asked the UK government to take proactive measures. In the European Parliament, the Committee on Legal Affairs proposed the adoption of an EU ‘legislative instrument’ to tackle legal questions related to the development of robotics and AI, as well as the introduction of ‘civil law rules on robotics’. In the private sector sphere, major Internet companies (IBM, Facebook, Google, Microsoft, Amazon, and DeepMind) have launched the Partnership on Artificial Intelligence initiative, aimed at addressing the privacy, security, and ethical challenges of AI, and initiating a broader societal dialogue on the ethical aspects of new digital developments.




In line with its objective of supporting the development of the IoT ecosystem in Europe, the Alliance mostly f


In line with its objective of supporting the development of the IoT ecosystem in Europe, the Alliance mostly focuses on developing policy recommendations on issues of relevance for the IoT, and facilitating the adoption of such recommendations across its members. The various working groups created within the organisation have produced reports and recommendations focusing on issues such as smart manufacturing, wearable technologies, smart mobility, smart cities, food safety IoT applications, and smart living environments. In November 2016, the Alliance issued a set of policy recommendations on the Digitisation of European industry, addressing IoT-related policy issues, including trust, numbering and addressing, the free flow of data, and liability.


The Alliance focuses its work on standardising and promoting the deployment of Low Power Wide Area Networks (L


The Alliance focuses its work on standardising and promoting the deployment of Low Power Wide Area Networks (LPWAN) as a key enabler of IoT applications. It has developed the LoRa protocol (LoRaWAN), aimed at facilitating interoperability among IoT devices. In addition, it has launched the LoRa Alliance Certified programme, designed as a mark of recognition that IoT products meet national frequency regulations, and ensure LoRaWAN interoperability and compliance of network infrastructure. Members of the Alliance collaborate and share knowledge and experience to guarantee interoperability among their products. The organisation has produced several white papers on issues such as the market potential of LPWA technologies and LoRaWAN security.


The Foundation dedicates most of its work to creating specifications for seamless interoperability among IoT c


The Foundation dedicates most of its work to creating specifications for seamless interoperability among IoT connected devices. The developed OIC specification tackles issues such as the core architecture, interfaces, and services, security, and smart home devices, among others. Additional specifications are under ongoing development and review. The Foundation also sponsors the IoTivity project, aimed to deliver an open source reference implementation of the IoT interoperability specifications it is developing. In addition, it runs certification programmes aimed to provide real world testing to help developers ensure that their IoT products work.


More and more standards and guidelines developed by ISO cover issues related to data and information security,


More and more standards and guidelines developed by ISO cover issues related to data and information security, and cybersecurity. One example is the 27000 family of standards, which cover aspects related to information security management systems and are used by organisations to keep information assets (e.g. financial data, intellectual property, employees’ information) secure. Standards 27031 and 27035, for example, are specifically designed to help organisations to effectively respond, diffuse and recover from cyber-attacks. Cybersecurity is also tackled in the framework of standards on technologies such as the Internet of Things, smart community infrastructures, medical devices, localisation and tracking systems, and future networks.


The ITU Telecommunication Standardization Sector (ITU-T) develops international standards (called recommendations) covering information and communications technologies. Standards are developed on a consensus-based approach, by study groups composed of representatives of ITU members (both member states and companies). These groups focus on a wide range of topics: operational issues, economic and policy issues, broadband networks, Internet protocol based networks, future networks and cloud computing, multimedia, security, the Internet of Things and smart cities, and performance and quality of service. The World Telecommunication Standardization Assembly (WTSA), held every four years, defines the next period of study for the ITU-T.


The IEC carries our standardisation and conformity assessment activities covering a


The IEC carries our standardisation and conformity assessment activities covering a vast array of technologies. These range from smart cities, smart grids, and smart energies, to electromagnetic compatibility between devices, digital system interfaces and protocols, and fibre optics and cables. Other areas covered by the Commission through its work include cable networks, multimedia home systems and applications for end-user network, multimedia e-publishing and e-book technologies, safety of information technology and communication technology, wearable electronic devices and technologies, cards and personal identification, programming languages, IT for learning, education, and training, cloud computing and distributed platforms, and the Internet of Things.



Recommendation ITU-T Y.2060 ‘Overview of the Internet of things’ (2012)

Other Instruments


IoT – Economic Opportunities and Security Challenges (2018)


An Insider’s Handbook for IoT Startups (2016)
2016 Data Threat Report (2016)


Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)


The Internet of Things (IoT): An Overview - Understanding the Issues and Challenges of a More Connected World (2015)


Technology, Media and Telecommunications Predictions 2017 (2017)
One Internet (2016)
State of the Market: Internet of Things 2016 (2016)
Smart Homes and the Internet of Things (2016)
Automotive IoT Security: Countering the Most Common Forms of Attack (2016)
Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2015–2020 (2016)
Harnessing the Internet of Things for Global Development (2016)
Measuring the Information Society 2015 (2015)
Recommendations for future collaborative work in the context of the Internet of Things Focus Area in Horizon 2020 (2015)
OECD Digital Economy Outlook 2015 (2015)
The Internet of Things: Mapping the Value Beyond the Hype (2015)
The Impacts of the Internet of Things - The Connected Home (2015)
Security: The Vital Element of The Internet of Things (2015)
Industrial Internet of Things: Unleashing the Potential of Connected Products and Services (2015)

GIP event reports

Disruptive Technology II: What does automation mean for human rights (2018)
Session 3: Policy and regulation perspective – Privacy and beyond (2018)
StaTact, data and monitoring for resilient societies (2018)
Roundtable Discussion: AI for Development (2018)
Leadership Debate: Emerging Technologies for Digital Transformation (2018)
Opening Session and Session 1: AI and Cybersecurity – The State of Play (2018)
Session 4 – Ways forward and closing (2018)
Session 2: AI and IoT – Exploit the potential for building confidence and security in the use of ICTs (2018)
Looking Ahead: What to Expect in the Cyber Realm (2017)
Geneva Digital Talks: What can Geneva offer in Global Digital Governance? (2017)
Report for Symposium on The Future Networked Car (2017)
Report for World Economic Forum Annual Meeting 2017 (2017)

Other resources

Internet of Things and the Smart Home Survey (2016)
The CEO's Guide to Securing the Internet of Things - Exploring IoT Security (2016)
GSMA IoT Security Guidelines (2016)
Cyber Security Guidelines for Smart City Technology Adoption (2015)
Security Guidance for Early Adopters of the Internet of Things (2015)


Click on the ( + ) sign to expand each day.

13th IGF 2018


WSIS Forum 2018

12th IGF 2017

WTO Public Forum 2017

WSIS Forum 2017

IGF 2016


IGF 2015

IGF 2016 Report


Many sessions at IGF 2016 addressed challenges and opportunities associated with the Internet of Things. The IoT can contribute to achieving the SDGs (Harnessing IoT to Realize the SDGs: What’s Required? - WS35), through applications in areas such as smart cities (ICTs for Smart and Sustainable City - WS69), agriculture, and autonomous devices (Internet of Things for Sustainable Growth - WS157). But multistakeholder efforts are needed to address challenges related to security of devices, privacy and data protection, interoperability and standardisation (The Network of Networked Things: Finding the Internet in IoT - WS170), and ethical and societal implications (Dynamic Coalition on the Internet of Things).


The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top