THE NEXT GENERATION -IoT. Turning Challenges into Opportunities.

In an IoT world interconnected smart machines in a blockchain overlay network, transact among each other huge volumes of micro-transactions, provide services, verify authentication and payment along a dynamic supply chain. All these tasks would be carried out automatically. 

1. Internet of Things (IoT)

1.1. Defining IoT and Application in Trade Finance 

The Internet of things (IoT) refers to the intelligent interconnection via the Internet of devices and sensors embedded or attached to ordinary objects enabling them to read, sent and receive leveraged data . Internet of Things has already begun to bring significant benefits relating to productivity and savings on everything from appliances and automobiles to smart plants and turbines. Connectivity and autonomy unsurprisingly will not stay there. 

 The last 2 years new potential application in the realm of trade finance proved to be quite promising by predicting potential system failures, reducing transaction costs, adding security and real- time data integrity, eliminating illegal activities such as illegal trafficking, while at the same time simplify complex commercial arrangements associated with costs and delays and ensure authenticity of the traded goods particularly those of high value.  

According to technology experts, by 2025 over 50 billion devices will be able to intelligently be interconnected via Internet , highlighting the commencement of a new era marked under the title ‘Internet of things’ or more potentially ‘Blockchain of things’, within tremendous opportunities will be revealed, leading for what GSMA called as ‘Connected life’.  

 Implementing IoT in the supply chain finance as the CEO of Taulia, Cedric Blur explains, could be considered as the 'perfect’ data mobility' , by providing the appropriate tool enabling interconnectivity of different in nature systems between buyers, suppliers and financial intermediaries, which otherwise would be incompatible. Common data terminology would inevitably lead to a fully-integrated commercial regime, capable of identify, appraise, isolate, manage and subsequently eliminate potential legal, operational, commercial, financial and even systemic risks.  

1.2. Blockchain and IoT-New Applications and Capabilities

Blockchain technology can coordinate not only people with machines and external devices, but also machines to machines making it possible for interconnected devices to interact or transact with one another on a distributed basis without engaging intermediaries. 

Blockchain technology by utilizing smart contracts can provide a substantial number of new applications and capabilities in the realm of Internet of Things , by reducing even more business associated costs, securing transactions, enabling transparency of trade asset movement and payment digitalization and at the same time advanced trade asset tokenization structures can verify contract compliance through real time updates of the overlay network. 

Compatibility and operability are even more enhanced, since within this hybrid combined structure, smarts contracts that are implemented upon different blockchain protocols can effectively match and run on any related blockchain platform. More Specifically, once data gathered from IoT sensors or external devices is encoded and converted into transactions on a distributed ledger it is assumed that can effectively be shared and run to 

Today, connected devices must repeatedly interface with central administrators to exchange information or data from the outside world. Especially in the field of International trade finance, where human intervention has already been proved quite costly and slow responsive, disintermediation can provide sufficient ground for effective market reshape.  

Furthermore, existing centralized platforms cannot effectively engage in economic transactions, while the associated administering and working capital costs in sophisticated commercial transactions are extremely high. The most prominent benefit associated with this combination refers to the improvement of the overall security environment of the IoT, by introducing an additional immutable layer that a potential hacker have to deal with.  

2. Regulating IoT and Challenges 

Continuing expansion of IoT and their subsequent utilization based on Artificial Intelligence married with blockchain overlay networks, makes it a tempting avenue for regulators since several risks and tensions within existing legal regimes have already emerged. Especially in the realm of Trade finance, where certainty and predictability remain the cornerstone of trade, a harmonized legal framework should be carefully structured to balance effectively market stability and the benefits associated with these developments on the one side, and allocation of liability, security and data protection vulnerabilities on the other side. 

The Internet of Things already poses serious concerns in the sensitive area of personal identity, confidentiality and privacy. Governments have already started to enact domestic legal frameworks to deal with such challenges however limited expertise in the respective field as well as the inherent complexity of Big data management techniques so far, could only lead to inadequate regulatory sandboxes.  

2.1. UK in the Role of Leader

Despite the unique challenges raised within the IoT field, UK government in 2014 at the CeBIT consortium manifest its ambition to be the world leader in the development, utilization as well as integration of the specific sector, by collaborating with experts, industry, regulators and academia to develop a “roadmap” consisted of adaptable standards to achieve maximum interoperability for both static and mobile devices , increase security against cybercrime as well as facilitating market openness especially for SMEs. 

IoT law related issues were examined thoroughly by the Bank of England in 2015 in its “Fair and Effective Market review”, in which it was highlighted the need for coordinated processes not only by the governments but among the Financial institutions themselves in a transnational level. Law and regulation proved to be quite sensitive to these changes and slow to respond. However, the emergence of the so called ‘TechReg’ could be utilized as a powerful tool capable to develop data driven regulation and compliance. The Centre for Protection of National Infrastructure (CPNI) in collaboration with the Communications and Electronics Security Group (CESG) should align with core industrial players, international partners and Financial Institutions to assent best- practice security principles based on “security by default”. 

The UK Minister for Digital and Creative Industries, Margot James, under the auspices of the UK Digital department recently published a report for IoT devices, establishing a Draft “Code of Practice”, shifting the burden away from consumers, targeting the manufacturers of IoT devices and at the same time she made a “wake up” call for global collaboration especially after the emergence of blockchain technology. 

3. EU and US -Security and Privacy as a Shared Responsibility

In 2016, as part of a broader experiment, IoT devices based on different parts of the world were tested for their resilient under DDoS attacks against two different Domain servers, OVH and DYN. Due to the inadequate security specifications upon which they were structured by the manufacturers to save costs, they were proved to be easily accessible and hackable.   

The answer to such vulnerabilities within EU and USA regime respectively, even though display divergences is based on the same models. Given the wide spectrum of applicability as well as the differing nature of the respective privacy and cybersecurity standards in conjunction with their ‘light touch’ approach to IoT, strict compliance and sufficient degree of security could hardly be warranted.  

3.1. EU attempts to Achieve Harmonisation

The most relevant data regulation which has been set in force since May 2018, is the GDPR (2016/679), establishing “data protection by design and by default” as compulsory requirements. User consent in every case should be given before any action related to data processing can take place. However, due to the decentralized and automated nature of the IoT systems, it is particularly difficult to define precisely the relevant parts where consent should be given. It is questioned as to whether the enacted policy toolbox can effectively respond to the evolving security and privacy challenges posed by the Blockchain technology. Additional supplementary enactments should be carefully drawn to better access exposure and model cybersecurity risks. 

The Directive (2016/1148) on Security of Network and Information systems (NIS), which was adopted by the European Parliament will affect significant aspects of the IoT current legal landscape, even though not in a direct way. Its prominent aim is to enhance the overall cybersecurity within EU Member States by setting up a corporation group as well as a CSIRT Network to exchange and share effectively information regarding potential cyber errors and security risks.  

3.2. US Regulatory Approaches

In the US, existing approaches indicate that the “light approach” will persist, as far as the enacted standards can expand to cover a wide array of emerging technological advancements. In 2015, The Federal Trade Commission (FTC) enacted a set of non-binding guidelines for immediate adoption by businesses to ensure security and better consumer privacy by regulating a substantive number of security layers under the auspices of “security by design” principle.  

The introduction of Internet of Things Improvement Act of 2017 in the US as a correlative legal tool is expected to provide an indirect protective impact in the creation of a dynamic legal framework by imposing the compulsory incorporation of contract clauses clarifying the appropriate security features for any IoT devices acquired by the U.S government in case vulnerabilities were not discovered during the design phase. The “NIST standards” focus on a more systemic approach as part of a wider management of cybersecurity risk within the existing IoT infrastructure. 

Author: Gkikas Panagiotis-Lawyer

E-mail:[email protected]

Date: 5.10.2018