Regulatory approaches to cross-border IoT and M2M connectivity are becoming increasingly complex across the Asia-Pacific region, particularly in relation to permanent roaming, authorisation regimes and SIM registration obligations.

Global IoT connectivity continues to rely heavily on SIM-based architectures, often using cross-border roaming to connect devices deployed at scale. Cullen International’s latest research examines how regulatory frameworks across seven APAC markets affect these connectivity models, while also reflecting broader implications for deployments using local SIM profiles or hybrid architectures.

The research covers Australia, China, India, Japan, New Zealand, Singapore and South Korea. It reveals a fragmented regulatory landscape, in which national authorities take divergent approaches to permanent roaming, telecommunications authorisation and subscriber identity requirements, often depending on whether services are consumer-facing or limited to M2M communications.

Key takeaways

Permanent roaming for IoT and M2M services remains highly fragmented across APAC. While Australia, Japan, New Zealand and South Korea permit roaming-based models under certain conditions, China and India prohibit permanent roaming, and Singapore applies administrative requirements that make such models difficult to sustain in practice. Regulatory treatment also differs depending on whether services provide closed M2M connectivity or resemble public internet access.

Authorisation and notification requirements vary significantly depending on service design and market entry strategy. Some jurisdictions allow cross-border connectivity without formal licensing where providers do not operate local infrastructure or otherwise fall outside the domestic telecommunications framework. However, others impose structured licensing regimes, including value-added telecommunications services licences, M2M service provider registrations or service-based licensing models. Providers offering services in APAC countries should assess whether the applicable licensing regime gives rise to local presence requirements, such as the need for a local entity, branch, representative or local partner.

SIM registration frameworks apply in most APAC markets but their scope and implementation differ considerably. While some jurisdictions limit obligations to consumer-facing services, others apply broader real-name registration regimes, including enterprise and downstream user verification requirements. Regulatory approaches also diverge in relation to identity verification methods, and data collection and retention obligations.

Regulatory developments in 2025 and 2026

Regulatory developments across APAC in 2025 and 2026 indicate a clear trend towards increased oversight across the three key areas shaping IoT connectivity.

In the area of permanent roaming, several jurisdictions have clarified or reinforced their position on the permissibility of roaming-based IoT models. This includes continued restrictions in markets such as China and India, as well as administrative approaches in other jurisdictions that limit the long-term use of foreign SIM profiles or require closer alignment with domestic regulatory frameworks.

For authorisation, regulators have further developed or refined licensing and registration frameworks applicable to IoT and M2M services. This includes more explicit categorisation of IoT services within existing telecommunications regimes and clearer articulation of when providers fall within the scope of national licensing obligations.

In the area of SIM registration, authorities have continued to strengthen identity verification frameworks, including the adoption of more robust digital and biometric verification methods, as well as the extension or clarification of obligations for enterprise and IoT-related use cases.

Taken together, these developments point to a broader regulatory trend towards aligning IoT connectivity more closely with traditional telecommunications oversight.

Why it matters

For global IoT providers, regulatory compliance in APAC depends on navigating the interaction between roaming models, telecommunications authorisation regimes and SIM registration requirements.

A connectivity model that is viable in one market may not be permissible in another. Roaming-based deployments accepted in some jurisdictions may not be viable in others, where local licensing frameworks or registration requirements impose stricter conditions.

Providers must therefore assess carefully how their service design affects regulatory qualification and whether this triggers licensing obligations, which may in turn require local establishment or partnership structures, depending on the jurisdiction.

As a result, regulatory compliance is becoming a central design parameter for global IoT connectivity strategies.

Scope

Region: Asia-Pacific
Countries covered: 7
Policy area: Internet of Things
Last updated: April 2026

For more information and to access the research, please click 'Access full content' - or 'Request access' if you are not a subscriber to our IoT service.

Interested in other regions? Check these out:

• Africa   
• Americas
• Middle East