The Internet of Forgotten Things: European cybersecurity regulation and the cessation of Internet of Things manufacturers

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review Pub Date : 2025-05-30 DOI:10.1016/j.clsr.2025.106152

Mattis van ‘t Schip

{"title":"The Internet of Forgotten Things: European cybersecurity regulation and the cessation of Internet of Things manufacturers","authors":"Mattis van ‘t Schip","doi":"10.1016/j.clsr.2025.106152","DOIUrl":null,"url":null,"abstract":"<div><div>Many modern consumer devices rely on network connections and cloud services to perform their core functions. This dependency is especially present in Internet of Things (IoT) devices, which combine hardware and software with network connections (e.g., a ‘smart’ doorbell with a camera). This paper argues that current European product legislation, which aims to protect consumers of, inter alia, IoT devices, has a blind spot for an increasing problem in the competitive IoT market: manufacturer cessation. Without the manufacturer’s cloud servers, many IoT devices cannot perform core functions such as data analysis. If an IoT manufacturer ceases their operations, consumers of the manufacturer’s devices are thus often left with an obsolete device and, as the paper shows, hardly any legal remedies. This paper therefore investigates three properties that could support legislators in finding a solution for IoT manufacturer cessation: i) pre-emptive measures, aimed at ii) manufacturer-independent iii) collective control. The paper finally shows how these three properties already align with current legislative processes surrounding data portability, interoperability and open-source software development and analyses whether these processes can provide an adequate remedy for consumers.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"57 ","pages":"Article 106152"},"PeriodicalIF":3.2000,"publicationDate":"2025-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Law & Security Review","FirstCategoryId":"90","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2212473X25000252","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}

引用次数: 0

Abstract

Many modern consumer devices rely on network connections and cloud services to perform their core functions. This dependency is especially present in Internet of Things (IoT) devices, which combine hardware and software with network connections (e.g., a ‘smart’ doorbell with a camera). This paper argues that current European product legislation, which aims to protect consumers of, inter alia, IoT devices, has a blind spot for an increasing problem in the competitive IoT market: manufacturer cessation. Without the manufacturer’s cloud servers, many IoT devices cannot perform core functions such as data analysis. If an IoT manufacturer ceases their operations, consumers of the manufacturer’s devices are thus often left with an obsolete device and, as the paper shows, hardly any legal remedies. This paper therefore investigates three properties that could support legislators in finding a solution for IoT manufacturer cessation: i) pre-emptive measures, aimed at ii) manufacturer-independent iii) collective control. The paper finally shows how these three properties already align with current legislative processes surrounding data portability, interoperability and open-source software development and analyses whether these processes can provide an adequate remedy for consumers.

查看原文本刊更多论文

被遗忘的物联网：欧洲网络安全监管和物联网制造商的停止

许多现代消费设备依赖网络连接和云服务来执行其核心功能。这种依赖性尤其存在于物联网（IoT）设备中，这些设备将硬件和软件与网络连接结合在一起（例如，带有摄像头的“智能”门铃）。本文认为，目前旨在保护物联网设备消费者的欧洲产品立法，在竞争激烈的物联网市场中存在一个日益严重的问题：制造商停止生产。如果没有制造商的云服务器，许多物联网设备无法执行数据分析等核心功能。如果物联网制造商停止运营，那么制造商设备的消费者通常会留下一个过时的设备，并且正如论文所示，几乎没有任何法律补救措施。因此，本文研究了可以支持立法者找到物联网制造商停止解决方案的三个属性：i)先发制人的措施，旨在ii)制造商独立iii)集体控制。本文最后展示了这三个属性如何与当前围绕数据可移植性、互操作性和开源软件开发的立法程序保持一致，并分析了这些过程是否可以为消费者提供足够的补救措施。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Law & Security Review LAW-

CiteScore

5.60

自引率

10.30%

发文量

审稿时长

67 days

期刊介绍： CLSR publishes refereed academic and practitioner papers on topics such as Web 2.0, IT security, Identity management, ID cards, RFID, interference with privacy, Internet law, telecoms regulation, online broadcasting, intellectual property, software law, e-commerce, outsourcing, data protection, EU policy, freedom of information, computer security and many other topics. In addition it provides a regular update on European Union developments, national news from more than 20 jurisdictions in both Europe and the Pacific Rim. It is looking for papers within the subject area that display good quality legal analysis and new lines of legal thought or policy development that go beyond mere description of the subject area, however accurate that may be.