Recent developments in nine countries show that regulators are updating their frameworks for the Internet of Things (IoT) and machine-to-machine (M2M) services. The updates introduce stricter cybersecurity requirements and controls on cross-border numbering, as well as rules for connected devices.
France’s parliament has recommended that any exit from 2G and 3G networks should be done cautiously so as to safeguard essential services such as emergency systems and health devices. Germany’s BNetzA is examining adjustments to the rules governing the use of foreign numbers in M2M deployments, with a particular focus on advance notifications.
Greece has unveiled its first draft national IoT strategy, which proposes actions relating to 5G infrastructure, a device registry and mandatory certification. India’s telecoms regulator has outlined stricter definitions of ”critical” M2M services, as well as new testing and SIM ownership rules.
Qatar is preparing a dedicated IoT licence and introducing tighter limits on permanent roaming. Peru has started enforcing mandatory device registration prior to activation, which has raised concerns among large-scale M2M users.
Meanwhile, the UK is consulting on extending cybersecurity obligations to enterprise IoT systems, while the USA is planning to introduce cybersecurity labelling for connected devices and to open new high-frequency spectrum for industrial IoT applications.
These findings are drawn from Cullen International’s latest Quarterly Regulatory Update on IoT and M2M Services for Q2 2025, which is available to subscribers of Cullen’s IoT service.
For more information and access to the update, click 'Access full content' – or 'Request access' if you are not yet a subscriber to our IoT service.
more news
08 July 25
Copper decommissioning emerges as critical challenge in global transition to gigabit networks
Our latest Global Trends report examines how 15 major markets are approaching the transition from legacy copper infrastructure to future-proof gigabit networks.
04 July 25
Online intermediaries in the Americas are protected against liability for third-party copyright infringements
Cullen International’s latest benchmark shows that most countries in the Americas limit the liability of online intermediaries for third-party copyright infringements, reflecting digital-era updates to copyright laws. The research also examines liability rules for defamation and other IP violations, as well as varying takedown obligations across jurisdictions. Some countries have introduced specific measures to address the unconsented sharing of intimate content.
30 June 25
LTE and 5G in the 410–430 MHz and 450–470 MHz bands in Europe
Our latest European benchmark shows the countries where the 410–430 MHz or 450–470 MHz bands can be used for LTE or 5G.