Data sovereignty and data privacy are on one side of the regulatory coin; national security is on the other. It will always be difficult to reconcile the two, particularly as digital infrastructure and services are seen as weaponisable resources by rogue governments or groups as well as criminals. The desire to protect security must be balanced with a need to ensure user privacy but, as governments have the ultimate say in how digital infrastructures are run in their jurisdictions, we expect the security aspect will always take precedence.
Although we can see a need for multi-agency regulation of the IoT, we believe that different interpretations of rules will arise, putting agencies in conflict with one another. Ideally, there should be a supra-regulator tasked with overseeing the IoT market, but this is impracticable and unlikely to emerge while cultural differences between one market and another exist. Therefore, we expect much of the regulation to be done at the national level, with international or industry-level oversight restricted to broad policy and standard-setting.