The Internet of Forgotten Things: European Cybersecurity Regulation and IoT Manufacturer Cessation

TL;DR

This paper examines how European cybersecurity laws overlook the issue of IoT manufacturer cessation, which can render devices non-functional and leave consumers with limited legal remedies, proposing legislative solutions based on pre-emptive, manufacturer-independent, collective control measures.

Contribution

It identifies a legal blind spot in European IoT regulation regarding manufacturer cessation and proposes legislative approaches aligned with interoperability and open-source principles.

Findings

Manufacturer cessation leaves IoT devices non-functional without legal remedies.

Proposed legislative measures include pre-emptive, manufacturer-independent, and collective control strategies.

Aligns IoT regulation with interoperability and open-source development processes.

Abstract

Many modern consumer devices rely on network connections and cloud services to perform their core functions. This dependency is especially present in Internet of Things (IoT) devices, which combine hardware and software with network connections (e.g., a 'smart' doorbell with a camera). This paper argues that current European product legislation, which aims to protect consumers of, inter alia, IoT devices, has a blind spot for an increasing problem in the competitive IoT market: manufacturer cessation. Without the manufacturer's cloud servers, many IoT devices cannot perform core functions such as data analysis. If an IoT manufacturer ceases their operations, consumers of the manufacturer's devices are thus often left with a dysfunctional device and, as the paper shows, hardly any legal remedies. This paper therefore investigates three properties that could support legislators in finding a solution for IoT manufacturer cessation: i) pre-emptive measures, aimed at ii) manufacturer-independent iii) collective control. The paper finally shows how these three properties already align with current legislative processes surrounding 'interoperability' and open-source software development.