Recent developments in nine countries show that regulators are updating their frameworks for the Internet of Things (IoT) and machine-to-machine (M2M) services. The updates introduce stricter cybersecurity requirements and controls on cross-border numbering, as well as rules for connected devices.
France’s parliament has recommended that any exit from 2G and 3G networks should be done cautiously so as to safeguard essential services such as emergency systems and health devices. Germany’s BNetzA is examining adjustments to the rules governing the use of foreign numbers in M2M deployments, with a particular focus on advance notifications.
Greece has unveiled its first draft national IoT strategy, which proposes actions relating to 5G infrastructure, a device registry and mandatory certification. India’s telecoms regulator has outlined stricter definitions of ”critical” M2M services, as well as new testing and SIM ownership rules.
Qatar is preparing a dedicated IoT licence and introducing tighter limits on permanent roaming. Peru has started enforcing mandatory device registration prior to activation, which has raised concerns among large-scale M2M users.
Meanwhile, the UK is consulting on extending cybersecurity obligations to enterprise IoT systems, while the USA is planning to introduce cybersecurity labelling for connected devices and to open new high-frequency spectrum for industrial IoT applications.
These findings are drawn from Cullen International’s latest Quarterly Regulatory Update on IoT and M2M Services for Q2 2025, which is available to subscribers of Cullen’s IoT service.
For more information and access to the update, click 'Access full content' – or 'Request access' if you are not yet a subscriber to our IoT service.
more news
29 July 25
New benchmark on provisioning timers and SLAs for wholesale local access over fibre in Europe
Our new benchmark covers service level agreements (SLAs) for the provisioning of wholesale local access (WLA) over fibre unbundling and virtual unbundling (VULA) across 18 European countries.
28 July 25
Privacy in the digital age
This Global Trends benchmark compares key aspects of data protection laws across 14 jurisdictions: Australia, Brazil, Canada, China, the EU, India, Indonesia, Japan, Kenya, Korea, Singapore, South Africa, the UK and the US.
25 July 25
Few EU countries have yet designated authorities to enforce new EU rules on data and AI
Our new benchmark maps the authorities designated to enforce the Data Governance Act, the Data Act and the Artificial Intelligence Act across all the 27 EU member states.