REGULATION OF INTERNET OF THINGS SECURITY ISSUES IN THE FRAMEWORKS OF THE EUROPEAN UNION, THE UNITED KINGDOM, AND THE USA

Abstract

In the context of rapid technological progress and the global expansion of the Internet of Things (IoT), ensuring the cybersecurity of IoT systems has become a crucial challenge for protecting critical infrastructure, safeguarding user privacy, and maintaining operational continuity. This article provides a comprehensive analysis of international standards, frameworks, and legislative acts aimed at enhancing IoT security. Specifically, it examines the core provisions, structures, and objectives of documents such as NISTIR 8259, the IoT Cybersecurity Improvement Act of 2020, ETSI EN 303 645, the UK’s Secure by Design Code of Practice, the CSA IoT Security Controls Framework, and the IoT Security Foundation Compliance Framework. The article highlights the key requirements for IoT cybersecurity, including device identification, privacy protection, secure update management, access control, event monitoring, incident response, and the mitigation of vulnerabilities within diverse IoT environments. The analysis emphasizes the importance of aligning technical security measures with enterprise risk management. In addition, the article discusses practical tools and techniques relevant to modern IoT defense strategies: unified asset discovery tools that support real-time detection of managed and unmanaged devices, intrusion detection systems (IDS) adapted for industrial and embedded IoT contexts, and the role of virtual patching as a mitigation technique for legacy or unpatchable devices using network-level controls.

The findings conclude that a holistic combination of regulatory compliance, technical innovation, and risk-based governance is essential for building a resilient IoT security architecture. At the same time, the article outlines persistent challenges such as standard fragmentation, varying policy maturity across jurisdictions, and the limited capabilities of low-resource IoT devices.