Recent developments in nine countries show that regulators are updating their frameworks for the Internet of Things (IoT) and machine-to-machine (M2M) services. The updates introduce stricter cybersecurity requirements and controls on cross-border numbering, as well as rules for connected devices.

France’s parliament has recommended that any exit from 2G and 3G networks should be done cautiously so as to safeguard essential services such as emergency systems and health devices. Germany’s BNetzA is examining adjustments to the rules governing the use of foreign numbers in M2M deployments, with a particular focus on advance notifications.

Greece has unveiled its first draft national IoT strategy, which proposes actions relating to 5G infrastructure, a device registry and mandatory certification. India’s telecoms regulator has outlined stricter definitions of ”critical” M2M services, as well as new testing and SIM ownership rules.

Qatar is preparing a dedicated IoT licence and introducing tighter limits on permanent roaming. Peru has started enforcing mandatory device registration prior to activation, which has raised concerns among large-scale M2M users.

Meanwhile, the UK is consulting on extending cybersecurity obligations to enterprise IoT systems, while the USA is planning to introduce cybersecurity labelling for connected devices and to open new high-frequency spectrum for industrial IoT applications.

These findings are drawn from Cullen International’s latest Quarterly Regulatory Update on IoT and M2M Services for Q2 2025, which is available to subscribers of Cullen’s IoT service.

For more information and access to the update, click 'Access full content' – or 'Request access' if you are not yet a subscriber to our IoT service.