Cellular networks are widely adopted in IoT as the most scalable and accessible connectivity solution, especially for deployments in multiple countries. However, local connectivity regulations may become a serious challenge. Many countries have already enacted legislation on permanent roaming, data sovereignty, and data localization, and more are about to follow this path. That might impact any cross-border IoT deployment that relies on cellular connectivity – now or in the future.
Regulations & Restrictions
Roaming is very useful for IoT devices – not only because they may be deployed or moved anywhere, but also because a roaming device can use more than one network, which ensures better connectivity and coverage. Yet the contracted duration time for roaming creates challenges. Most roaming agreements allow roaming for a short time, after which the device is considered permanently roaming.
In some countries, permanent roaming is prohibited. Others effectively ban it by requiring the connectivity to be provided by a locally registered operator. Some governments permit permanent roaming, but IoT regulations are always subject to change. Even if permanent roaming is not officially banned by the government, local mobile operators may block it.
Governments may also enforce restrictions on how and where data is stored. Today, 71 percent of countries have data privacy laws and another 9 percent have legislation pending. Data sovereignty and data localization rules define how data should be collected and processed. These regulatory statutes can cause significant problems for IoT devices, especially when it comes to cross-border data requests.
How Connectivity Regulations Become a Problem
Roaming restrictions potentially affect any enterprise that uses cellular networks to connect its IoT devices in multiple countries. Even though only 2 percent of IoT devices with cellular connection roam regularly, while 48 percent never move to other countries (ATMs, elevators, or smart meters) and 50 percent potentially can roam but have a certain home market (like connected cars or smart watches), up to 50 percent of cellular IoT connections might be connected using roaming as it is the simplest way to get global coverage. This is because mobile network operators frequently use roaming to connect devices on other operator networks.
Unless an enterprise complies with local regulations, its roaming IoT devices may be disconnected after a certain period without warning. If, for example, a device deployed to the Middle East from Europe is supposed to receive important updates on its functionality over a cellular network, blocked connectivity might significantly impact their business. Moreover, there will be additional charges and the hassle of reconnection, which may even require replacing SIMs.
Four Types of Requirements
Depending on regulations there are four main types of requirements for IoT deployments that use cellular connectivity
#1: IP Localization
This type of localization requires a local data center for internet breakout. A packet gateway that sends and receives data to/from IoT devices also needs to be deployed locally to avoid traffic being controlled and signaling traffic being transmitted from a foreign country.
#2: Soft Localization
This type of localization demands that a device has an International Mobile Subscriber Identity (IMSI) from a local carrier to be able to use cellular services permanently. An IMSI is a unique number used by an operator to identify the subscriber on its mobile network. This local IMSI may come from a global provider that has a roaming agreement with a local operator, and it can be managed on a foreign core network.
#3: Full Localization
This type of localization requires a local SIM profile, and the connectivity services should be provided and managed by a local carrier. Technically, this means that an enterprise should have an agreement with at least one local operator in each country it plans to deploy IoT devices to or even several local network operators to make sure that coverage is sufficient. There also may be an issue with the management of connected IoT devices.
This type of regulation is specific to the automotive industry. e-Call is an automatic call generated from a sensor inside the vehicle in case of a serious road accident. The call is made to the nearest emergency-response network, and it includes the data on the coordinates and time of the accident to help the rescue services. Depending on the location it may require a local profile on a foreign eSIM.
There are also other challenges that enterprises may face when deploying IoT devices globally and they too need to be considered within the context of regulation compliance.
OEMs usually ship the same products to various countries. But the restrictions on connectivity might force them to have multiple production lines to make different versions of the same product utilizing different carrier SIMs, which increases the cost of manufacturing, supply, and logistics.
Regulations are always subject to change, which might affect businesses in the future. Back in 2020, when Turkish Information Technologies and Communication Authority required localization of data storage and eSIMs, major automotive OEMs could not import cars that already had foreign eSIMs and had to shut down e-call services so they would not fall under noncompliance with the regulation.
When devices are roaming, a foreign network typically sends the data to its home network. If data has to be transported across multiple countries to a home operator data center before it goes further to its destination, the latency increases significantly, which can create complications and even safety issues in certain industries such as automotive and healthcare.
Another complexity is managing the SIMs that allow IoT devices to connect to the cellular network. This may be especially difficult when the devices fleet amounts to thousands of units and it’s virtually impossible to manage the SIMs individually.
Looking for a solution that helps tackle all these problems might be challenging in itself. It should be eSIM-based and allow for remote provisioning and profile swapping to address profile localization and multiple SKU problems. But on top of that, there are several important things the solution should include:
- A roaming network is able to provide continuous coverage in any region where the devices are deployed. Since every carrier’s network may have its weaker spots, it’s necessary to find a solution provider with strong strategic partnerships that can provide you with stable connectivity anywhere without the hassle of contracting local carriers and has an economy of scale to ensure optimized price per device without compromising on quality.
- A distributed network infrastructure. This is a major criterion for two reasons. First, it’ll be crucial for low latency, which some IoT deployments are very sensitive to – the closer any IoT device is to the data center, the lower the latency. Second, it allows us to easily comply with data localization regulations like IP localization requirements.
- A centralized way to manage SIMs, allowing to set rules for automatic profile swapping, which would enable devices to change the carrier independently in case of location change or connectivity loss. It also needs to be transparent, providing profile and data usage visibility across all devices.
- In light of the publication of GSMA SGP.32 IoT eSIM specification, the architecture of the solution should align with the new standard, so there will be no problems with compatibility in the future. This is no minor thing, as the lifecycle of IoT devices can span 20 years, and the new GSMA IoT standard will likely become ubiquitous.
Keep Track of Changes
Due to their evolving and ever-changing nature, connectivity regulations stand out from other challenges that enterprises may face with their IoT deployments. Just because you don’t have compliance issues in certain regions now, that doesn’t mean they won’t emerge in the next few years, nor that already deployed devices won’t need updates to meet new requirements in the future.
However, even in this era of emerging legislation on data and connectivity, there’s a good chance you’ll find a future-ready connectivity solution – and to do that you need to keep track not only of changes in regulations but of technology innovations.