(A.) Policy and legislation

(A.1) Policy objectives

The Internet of Things (IoT) is a key priority area of the digital single market. The IoT is a cross domain technology that connects more objects to the internet — including industrial processing machines and the items industrially processed (cyber-physical systems), household equipment, wearable electronics, vehicles, and sensors. The number of connected devices are exceeding 20 billions and forecast steadily to grow to 50 billion of devices in use around the world by 2030, creating a massive web of interconnected devices spanning, is expected to generate 79.4 zettabytes (ZB) of data. Besides the innovation potential in many industrial sectors, the IoT also has the potential to help address many societal challenges including climate change, resource and energy efficiency and ageing.

A large number of proprietary or semi-closed solutions to address specific problems have emerged, leading to non-interoperable concepts, based on different architectures and protocols. Consequently, the deployment of truly IoT applications, i.e. where information of connectable “things” can be flexibly aggregated and scaled, has been limited to a set of “intranets of things — or goods”.

In the emerging IoT economy, voluntary global standards can accelerate adoption, drive competition, and enable cost -effective introduction of new technologies. Standardisation facilitates the interoperability, compatibility, reliability, security and efficiency of operations on a global scale among different technical solutions, stimulating industry innovation and providing greater clarity to technology evolution. Interoperability between IoT networks operated by different companies along the value chain opens up opportunities to address EU policy objectivSDOs to continue ongoing work for existing standards (e.g. ISO 13584-1 or IEC 61360/ Common Data Dictionary) on semantics. Concepts for digital twins require additional property types for operational use compared to the purely descriptive properties of an asset. These are states and parameters of the assets as well as their measured and actor values (dynamic data). Commands and entire functions (often called technical functions) must also be described using the same concepts. The concept of properties in today’s standards is to extend such semantics in the data models to be able to represent dynamic values correctly. Models for functions/commands are to be developed or existing ones defined in, e.g. greater resource efficiency for a more circular economy, sustainable and responsible supply chains through transparency and traceability, and others.

Industry is in the best position to develop the technological standards and solutions to address global IoT ecosystem opportunities and challenges. There is a need for a secure solution that is interoperable and scales across a global IoT ecosystem. In this context, the European large-scale pilots (LSP), which were the subject of a call for proposals in 2016, are supporting the deployment of IoT solutions, by enhancing and testing their acceptability and adoption by users and the public, and by fostering new market opportunities for suppliers to the EU.

Large-scale pilots are providing the opportunity to demonstrate actual IoT solutions in real-life settings and should make it possible for providers to test business opportunities. The concept has now been broadened and further extended to more vertical sectors in the context of the ‘Digitising and transforming European industry and services’ focus area for cross-programme integrated activities around major challenges. The final Horizon 2020 calls for proposals resulted in the launch of more large scale projects and pilots to notably address the digital transformation of manufacturing, health and care, rural area, agriculture, and smart energy, paving the way toward the integration of European data spaces and associated platforms.

(A.2) EC perspectiveand progress report

The proposed actions on IoT in previous rolling plans followed the direction as outlined in the EU communication on ICT standardisation priorities which identified Internet of Things as a key priority for Europe.

One of the major achievements over the last years has been the gradual building of cooperation amongst all actors involved in IoT standardisation, the organisation of high level events on strategic IoT standardisation issues and initiatives have been proven to be successful instruments and are now common practice in several sectors.

ETSI TC Smart M2M has developed a mapping of standards for IoT and gap analysis taking into account the most promising business models and use-cases, published in ETSI TS 103 375 and TS 103 376,

IoT standards are notably supporting the emergence of business models unleashing the commercial capabilities of systems and devices integrations. Beyond identifying standards, it is also important to identify reference models of implementation that businesses can share. This approach which was initially followed in the Future Internet PPP (FI-PPP), has now been adopted in other industrial organisations, such as the Alliance for Internet of Things Innovation (AIOTI), and PPPs such as, the Big Data Value Association (BDVA) and Open & Agile Smart Cities (OASC), which are now cooperating on common standardisation subjects. AIOTI is also maintaining the High Level Architecture reference model by incorporating new results from priority topics (e.g. semantic interoperability, security, privacy, ...)

There is need to correctly position IoT standardisation in relation to existing global initiatives such asISO/IEC JTC 1/SC 41 ‘Internet of Things and Digital Twin’, oneM2M, and the ITU Study Group 20. Agreement to cooperate on common topics and take up of European results in global action are very encouraging results.

Semantic interoperability, security, privacy, and 5G/IoT interactions are emerging as priority topics.

With the broadening of the vertical foot-prints of IoT the main challenge is to work in cooperation across partnerships (PPPs and other alliances), and to ensure dissemination and adoption of best practices across domains, by continuing and deepening the cooperation towards common objectives to ensure all standardisation efforts converge. As a concrete first step, a joint working group between the DEI stakeholder governance and MSPhas been created to work on coordination of platform building and piloting activities and synchronisation and acceleration of standardisation efforts.

(A.3) References
  • COM(2020) 66: A European strategy for data
  • COM(216) 176: ICT standardisation priorities for the digital single market
  • COM(2016) 180: Digitising European industry reaping the full benefits of a digital single market
  • SWD(2016) 110/2: Advancing the internet of things in Europe
  • COM(2009)278: “Internet of Things — An action plan for Europe”: Standardisation will play an important role in the uptake of IoT, by lowering entry barriers to newcomers and operating costs for users, by being a prerequisite for interoperability and economies of scale and by allowing industry to better compete at international level. IoT standardisation should aim at rationalising some existing standards or developing new ones where needed.
  • BEREC BoR (16)39 , Report on enabling the Internet of Things

(B.) Requested actions

The Communication on ICT standardisation priorities for the digital single market proposes priority actions in the domain of internet of things. Actions mentioned below reflect some of them.

Action 1 SDOs to complement ongoing gap analysis by analysis of gaps in wireless technologies required byIoT, including URLL (Ultra Reliable Low Latency) technologies required by Industry Automation.

Action 2 SDOs to continue ongoing work in the area of semantic standards for better data interoperability. Special focus should be put on further extending the SAREF ontology both in number of extensions and the content of each extension. The results of European projects (such as the large scale IoT pilots and similar) could be used to achieve this.SDOs should also continue ongoing work for existing standards (e.g. ISO 13584-1 or IEC 61360/ Common Data Dictionary) on semantics. Concepts for digital twins require additional property types for operational use compared to the purely descriptive properties of an asset. These are states and parameters of the assets as well as their measured and actor values (dynamic data). Commands and entire functions (often called technical functions) must also be described using the same concepts. The concept of properties in today’s standards is to extend such semantics in the data models to be able to represent dynamic values correctly. Models for functions/commands are to be developed or existing ones defined in standards.

Action 3 SDOs to provide standards that can be used for compliance for IoT products, systems, applications and processes.

Action 4 Develop a European standard for cyber security compliance of products that is aligned with the current compliance framework of organisations based on the ISO 27000 Information Security Management Standards series and the GDPR regulation. Preferably the standard could be used to harmonise the requirements set out in the NIS directive.

Action 5 Promote the development and foster the adoption of the international Reference Architecture for IoT developed in ISO/IEC JTC 1/SC 41 as well as the OneM2M architecture.

Action 6 SDOs to assess further gaps and develop standards on the safety and cybersecurity of IoT consumer products under the European Cybersecurity Act or sectorial legislation.

Action 7 SDOs should consider further inclusion of and outreach to verticals.

Action 8 SDOs should get involved in the definition of the technical common ground of the Common European Data Spaces to be developed and deployed under the Digital Europe and Horizon Europe programmes and leverage the IoT interoperability standardisation assets for that purpose.

Action 9 SDOs should look in the standardisation needs of the new edge paradigm and investigate the impact on it of the specific use cases of the verticals (such as energy, mobility, agriculture and other)

(C.) Activities and additional information

(C.1) Related standardisation activities

CEN/TC 224 ‘Personal identification and related personal devices’ addresses IoT privacy-related standardisation solutions (e.g. EN 419212-4:2018 on ‘Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Service’).

CEN/TC 225 ‘Automatic Identification and Data Capture (AIDC) technologies’ works in the field of automatic identification and data capture techniques such as 1D and 2D optical data carriers, RFID and RTLS. The Technical Committee develops application-oriented European standards with the aim to promote the use of open and interoperable ways to identify objects, locations and industrial items. These identifiers and data carriers centred standards will serve as a corner stone for the development of interoperable solutions for data sharing in the context of the IoT.

Within CEN and CENELEC, vertical sectors further address sector-specific IoT solutions, for example: CEN/TC 251 ‘Health Informatics’, CEN/TC 278 ‘Intelligent Transport Systems’, CEN/TC 294 ‘Communication systems for meters’, CEN/TC 442 ‘Building Information Modelling (BIM)


CLC/TC 57 ‘Power systems management and associated information exchange’ has notably developed European Standards for data models in power systems (EN IEC 61850-x), Application Program interfaces (EN IEC 61970-x) and Data and Communication security (EN IEC 62351-x).

CLC/TC 205 ‘Home and Building Electronic Systems (HBES)’ has started, in 2018, to develop a European Standard on IoT Semantic Ontology Model Description (prEN 50090-6-2), which will explain the HBES IoT Model structures, semantically expressing the current HBES Open System solutions, with the goal of improving the semantic information HBES IoT gateways or HBES IoT devices provide.


ECMA Technical Committee TC53 is standardising software APIs for embedded systems defining standard APIs for areas that include input/output, sensors, networking, communication, energy management, and displays. These APIs are organized into ECMAScript modules, rather than an operating system. ECMA-419 defines such APIs that support programs executing on embedded systems. See


TC smartM2M:ETSI, with the support of the Commission, has developed the SAREF standard ETSI TS ١٠٣ ٢٦٤, a reference ontology for smart appliances, which is a first ontology standard in the IoT ecosystem and sets a template and a base for development of similar standards for other industries, to unlock the full potential of IoT. SAREF is mapped onto the oneM٢M Base Ontology.The SAREF model is being extended to add semantic models for data associated with smart cities, industry and manufacturing, smart agriculture and the food chain, water, automotive, eHealth/aging well and wearables.SAREF allows appliances, of any type, make or manufacturer, to exchange energy related information, with any energy management system (at home or in the cloud) for energy management and keeping the user informed.

ISG CIM (cross-cutting Context Information Management): is developing Group Specifications (GSs) for applications to publish, discover, update and access context information, initially for a broad range of smart city applications and later for other areas. A particular focus is enabling exchange of linked data and context information, using a simple API, NGSI-LD (ETSI GS CIM 009 V1.2.1) based on JSON-LD, and a high-level data model (ETSI GS 006 V1.1.1) referencing existing (or new) taxonomies and ontologies.

TC DECT (Digital Enhanced Cordless Telecommunications DECT): has developed Ultra-Low Energy (ULE) (ETSI TS ١٠٢ ٩٣٩-١ and TS ١٠٢ ٩٣٩-٢), a low-power wireless technology providing optimal radio coverage in indoor scenarios for data services suitable for many home automation applications. DECT ULE reuses the DECT physical layer, spectrum and channel structure, but with significant differences in the Medium Access Control (MAC) layer, security algorithms and channel selection. Target applications include home automation and energy control, remote switches, the control of smart appliances, smart metering and temperature controls, security, alarms and eHealth.

ETSI TC DECT has published the first release of the new DECT-2020 NR (New Radio) technology (ETSI TS 103 636 parts 1 to 4). The work on additional parts for the set of standards are ongoing with planned publication by end of 2021. The standardisation effort will continue in next years with further releases, additional functionality and Application Specific profiles addressing the needs of multiple vertical industries. DECT-2020 NR is a new radio interface supporting Ultra Reliable Low Latency Communications (URLLC) and massive Machine Type Communications (mMTC) as specified for IMT-2020 usage scenarios. The standards support multiple operating bands and radio channel bandwidths. The new DECT-2020 air interface can co-exist with the existing DECT system.
The production of test specifications has also started with the work on the basic Harmonised Standard (HEN) for access to radio spectrum.
DECT-2020 has been submitted to ITU-R as an IMT-2020 candidate technology. Several vertical applications have been considered for DECT-2020 NR, including home automation, industry automation and smart metering.

MSG TFES has developed Harmonized Standards for LTE-M and NB-IoT equipment (Base Stations and devices) to facilitate and accelerate Machine Type Communication deployments in E-UTRA and NR bands.

TC CYBER: ETSI SandardEN 303 645for «Cyber Security for Consumer Internet of Things» can be used in a certification scheme to be developed under the Cybersecurity Act, and has already led to the development of an accompanying test specification TS ١٠٣ ٧٠١ published in August 2021) and implementation guide as well as cyber security requirements for residential Smart Door Locking Devices within TC CYBER (see Consumer IoT security roadmap).

ETSI SC USER: has developed a set of documents “User-Centric approach in digital ecosystem”, focusing of the roles, expectations and potential solutions for users.

ETSI has a number of other activities related to radio systems for the IoT. These activities include Smart Body Area Networks developed in TC SmartBAN, and standards for ultra-narrowband radio technology in the TC ERM LTN (Low Throughput Networking) working group. These are used in existing commercial LPWAN networks.


IEC SyC Smart Energy has a Joint Working Group, JWG 3, with ISO/IEC JTC 1/SC 42

IEC has the following projects underway on IoT:

Due for publication in 2024, the International Standard, IEC/IEEE 60802 ‘Time-sensitive networking profile for industrial automation’, is a joint project between standards committees IEC/TC 65/SC 65C ‘Industrial Networks’ and IEEE 802 ‘LAN/MAN Standards Committee’. It will allow IoT wide connectivity without disturbing the Industrial Automation critical control traffic.

Due for publication in 2023, the International Standard, IEC 62872-2..., the International Standard, IEC 62872-2 “Internet of Things (IoT) – Application framework for industrial facility demand response energy management’ is a project in IEC/TC 65/JWG 17, a joint working group between IEC/TC 65 and ISO/IEC JTC 1/SC 41, that promotes the development and fosters the adoption of the international Reference Architecture for IoT developed in ISO/IEC JTC 1/SC 41 (see also clause B. Action 5).


IEEE has a number of existing standards (current and under development), activities, and events that are directly related to creating the environment needed for a vibrant IoT, recognising the value of the IoT to industry and the benefits this technology innovation brings to the public. Some key standards activities are:

  • Architectural framework:
  • The focus of IEEE 2413-2019 provides an architectural framework for the IoT, which includes descriptions of various IoT domains, definitions of IoT domain abstractions, and identification of commonalities between different IoT domains. It promotes cross-domain interaction, aids system interoperability and functional compatibility.
  • The focus of IEEE P1931.1, the standard for an architectural framework for Real-time Onsite Operations Facilitation (ROOF) is to define how an end user is able to securely provision, commission and decommission devices.
  • Harmonization and security of IoT: The IEEE 1451-99 is focused on developing a standard for harmonization of IoT devices and systems. This standard defines a method for data sharing, interoperability, and security of messages over a network, where sensors, actuators and other devices can interoperate, regardless of underlying communication technology.

Sensor Performance and Quality: Sensors are fundamental to IoT ecosystem with large volume of different sensors integrated into a complex framework. IEEE 2700 proposes a common framework for sensor performance specification terminology, units, conditions and limits is provided. IEEE P2510 defines quality measures, controls, parameters and definitions for sensor data related to IoT implementations.

Smart Manufacturing and Smart Factories: New standardisation efforts on IEEE P2879 - General Principles for Assessment of a Smart Factory, IEEE P2934 - Standard for Logistics Operation Process in a Smart Factory, IEEE P2806 - System Architecture of Digital Representation for Physical Objects in Factory Environments and IEEE P2806.1 - Standard for Connectivity Requirements of Digital Representation for Physical Objects in Factory Environments.

IEEE, through its LAN/MAN Standards Committee, has initiated a collaborative activity with the IEC SC65C committee on the IEC/IEEE 60802 TSN Profile for Industrial Automation, which will define time-sensitive networking profiles for industrial automation.

IEEE also has focused initiatives on sensor interfaces to cyber-physical systems through its IEEE 2888 family of standards, including the specification of sensor interface for cyber and physical world, standard for actuator interface, orchestration of digital synchronization between cyber and physical world, and architecture for virtual reality disaster response training system with six degrees of freedom (6 DoF).

For a list of these and other IEEE standardisation activities on IoT, please see:


The IETF has a number of Working Groups chartered to develop standards to support the Internet of Things.

The IPv6 Over Low Power WPAN (6LOWPAN) Working Group developed standards to ensure interoperability between smart object networks and defining the necessary security and management protocols and constructs for building such networks.

The IPv6 over Networks of Resource-constrained Nodes (6LO) Working Group develops IPv6 adaptation mechanisms to a wider range of radio technologies including “Bluetooth Low Energy” (RFC 7668), ITU-T G.9959 (as used in Z-Wave, RFC 7428), and the Digital Enhanced Cordless Telecommunications (DECT) Ultra Low Energy (ULE) cordless phone standard and the low-cost wired networking technology Master-Slave / Token-Passing (MS/TP) that is widely used over RS-485 in building automation.

The IPv6 Over Low Power Wide-Area Networks (lpwan) WG focuses on enabling IPv6 connectivity over the following selection of Low-Power Wide-Area networking technologies: SIGFOX, LoRa?, WI-SUN and NB-IOT.

The Light-Weight Implementation Guidance (LWIG) Working Group focuses on helping the implementors of the smallest devices. The goal is to be able to build minimal yet interoperable IP-capable devices for the most constrained environments.

The Routing over Low Power and Lossy Networks (ROLL) Working Group is developing standards to support the routing of communications within low-power and lossy networks.

The Constrained RESTful Environments (CORE) Working Group specifies protocols that allow applications running in resource-constrained environments to interoperate with each other and the rest of the Internet. CORE is one of the most active IoT groups. Its main output centres around the “Constrained Application Protocol” (CoAP, RFC 7252), a radically simplified UDP-based analog to HTTP. Extensions to CoAP enable group communications (RFC 7390) and low-complexity server-push for the observation of resources (RFC 7641). This is complemented by a discovery and self-description mechanism based on a weblink format suitable for constrained devices (RFC 6690). Current WG activities focus on extensions that enable transfer of large resources, use of resource directories for coordinating discovery, reusable interface descriptions, and the transport of CoAP over TCP and TLS. CoRE is also looking at a data format to represent sensor measurements, which will benefit from the “Concise Binary Object Representation” (CBOR) (RFC 7049), a JSON analog optimised for binary data and low-resource implementations.

Security aspects of the IoT are being addressed in the following Working Groups:

The Trusted Execution Environment Provisioning (TEEP) WG is working on standardising protocols for provisioning applications into secure areas of computer processors.

The Software Updates for Internet of Things (SUIT) WG is working on mechanisms for securely updating the firmware in IoT devices.

The Authentication and Authorisation for Constrained Environments (ACE) WG is working on a standardised solution for authentication and authorisation to enable authorised access to resources on a device in constrained environments. In such environments, typical for the IoT, the network nodes are limited in CPU, memory and power. This work was supported by the COSE WG that built simplified CBOR analogs for the JSON object signing and encryption methods that were developed in the JOSE WG.

The DTLS In Constrained Environments (DICE) WG focused on supporting the use of DTLS Transport-Layer Security in these environments. Such constrained environments, including constrained devices (e.g. memory, algorithm choices) and constrained networks (e.g. PDU sizes, packet loss), are typical for the IoT, Smart grids, etc.

The Lightweight Authenticated Key Exchange (LAKE) WG is developing a ‘lightweight’ authenticated key exchange (LAKE) that enables forward security. ‘Lightweight’ refers to:

  • resource consumption, measured by number of round-trips to complete, bytes on the wire, wall-clock time to complete, or power consumption
  • the amount of new code required on end systems which already have an OSCORE stack

but the LAKE must still provide the security properties expected of IETF protocols, e.g., providing confidentiality protection, integrity protection, and authentication with strong work factor.

The A Semantic Definition Format for Data and Interaction of Things (asdf) Working Group is developing Semantic Definition Format (SDF) into a standards-track specification for thing interaction and data modelling. In the process of developing this specification, further functional requirements that emerge in the usage of SDF for model harmonization will be addressed.

The IOT Operations (iotops) Working Group is discussing and documenting operational issues related to IoT devices, in particular related to device onboarding and lifecycle management. This group is also tackling issues related to IoT operational security.

While the IoT-oriented IETF working groups have already produced the first wave of mature standards for IoT, new research questions are emerging based on the use of those standards. The IRTF Thing-to-Thing Research Group (T2TRG) was chartered in 2015 to investigate open research issues in IoT, focusing on issues that exhibit standardisation potential at the IETF.


ISO/IEC JTC 1/SC 41 ‘Internet of Things and Digital Twin’, has published 34 International Standards specific to IoT and continues to develop more. ISO/IEC JTC 1/SC 41 has developed ISO/IEC 30141 (IoT reference architecture) and ISO/IEC 20924 (IoT vocabulary), and ongoing work includes the following:

  • IoT trustworthiness framework (ISO/IEC 30149)
  • Methodology for trustworthiness of IoT system/device (ISO/IEC 30147)
  • Data exchange platform requirements for IoT services (ISO/IEC 30161)
  • Compatibility requirements and model for devices within industrial IOT systems (ISO/IEC 30162)
  • Diverse use-cases covered by IoT
  • Monitoring the ongoing regulatory, market, business and technology IoT requirements
  • Development of IoT standards that build on the foundational standards in relevant ISO/IEC JTC 1 Sub-Committees

The list of ISO/IEC JTC 1/SC 41 projects can be found here:,FSP_LANG_ID:20486,25and ISO - ISO/IEC JTC 1/SC 41 - Internet of things and digital twin

ISO/IEC JTC 1/SC27 ‘Information security, cybersecurity and privacy protection’, deals with a broad set of standards in the areas of security and data protection (“privacy”). Many of the existing standards can be applied to IoT systems, such as the ISO/IEC 27001 standard on information security management. Three standards are currently being developed, that are specifically related to IoT Cybersecurity (ISO/IEC 27400, ISO/IEC 27402 and ISO/IEC 27403)



A variety of radio technologies is used to implement the Internet of Things, extending from short range devices (SRDs) to wide area sensor networks (WASN) and global terrestrial IMT systems as well as satellite systems. The ITU-R Study Groups are developing technical and operational standards to facilitate the deployment of IoT on a global basis, including harmonized frequency spectrum and appropriate regulatory regimes.

Resolution ITU-R 66 invites ITU-R Study Groups to conduct studies on the technical and operational aspects of radio networks and systems and to develop ITU-R Recommendations, Reports and/or Handbooks, as appropriate.

In response to this Resolution, ITU-R Working Party 1A is the main responsible group to carry out studies on Power Line Telecommunication (PLT).

To satisfy the demand of Question ITU-R 221-2/1 that calls for studies of acceptable levels of radiation from telecommunication systems utilizing wired electrical power supply so as not to impair the performance of radiocommunication systems, Reports ITU-R SM.2158 and ITU-R SM.2212 on “Impact of PLT systems on radio systems operating below 80 MHz and in the VHF and UHF bands above 80 MHz” were approved. These Reports illustrate the potential for interference to various radiocommunication services in the presence of emissions/radiation from PLT systems and devices and discuss potential methods for mitigating the interference from PLT emissions.

Resolution ITU-R 54 calls for studies to achieve harmonization for short-range devices (SRDs).

ITU-R WP ١B is responsible for the studies relating to spectrum management methodologies and economic strategies. Among its current studies, WP 1B deals with the harmonization of SRDs.

Report ITU-R SM.2153 on “Technical and operating parameters and spectrum use for short-range radiocommunication devices” provides SRD definitions and short descriptions of different applications using SRDs, e.g.: Telecommand, Telemetry, Voice and video, Detecting avalanche victims, RLANs, Railway applications, among others. This Report also indicates the typical technical characteristics and limitations such as the common frequency ranges or the antenna requirements, and it explains administrative requirements like the mutual agreements between countries and/or regions and the licences requirements.

ITU-R WP 1B has carried out studies with the aim to globally and regionally harmonize the frequency bands used by SRDs. Recommendation ITU-R SM.1896 on “Frequency ranges for global or regional harmonization of short-range devices” and Recommendation ITU-R SM.2103 on “Global harmonization of short-range devices categories” are the reference documents on this matter.

ITU-R WP 5A cover studies on Wide-area Sensor and Actuator Network (WASN) Systems that support machine-to-machine (M2M) communications to a large number of sensors and/or actuators.


ITU-T SG20 “Internet of things (IoT) and smart cities & communities” is responsible for IoT-related studiesincluding smart cities and communities (SC&C).

Definition of IoT can be found in Recommendation ITU-T Y.4000/Y.2060 “Overview of the IoT”

Some of the approved standards by ITU-T SG20 include: “Framework of wireless power transmission application service” (Recommendation ITU-T Y.4202), “Requirements of things description in the Internet of Things” (Recommendation ITU-T Y.4203), “Accessibility requirements for the Internet of things applications and services” (Recommendation ITU-T Y.4204), “Service functionalities of self-quantification over Internet of things” (Recommendation ITU-T Y.4555), “Requirements and functional architecture of smart street light service” (Recommendation ITU-T Y.4458), “Requirements and reference model of IoT-related crowdsourced systems”, (Recommendation ITU-T Y.4205) “Requirements and capabilities of user-centric work space service” (Recommendation ITU-T Y.4206), “Requirements and capability framework of Smart Environmental Monitoring ” (Recommendation ITU-T Y.4207), “Architectural reference model of devices for IoT applications” (Recommendation ITU-T Y.4460), “IoT requirements for support of edge computing” (Recommendation ITU-T Y.4208), “Requirements and use cases for universal communication module of mobile IoT devices” (Recommendation ITU-T Y.4210), “OID-based resolution framework for transaction of distributed ledger assigned to IoT resources” (Recommendation ITU-T Y.4476), and “Framework of IoT based monitoring and management for Lift” (Recommendation ITU-T Y.4420), etc.

The complete list of Recommendations developed by ITU-T SG20 is available at:

The work items under study is available at:

More info:

ITU-T SG20 closely collaborates with oneM2M, LoRa Alliance and TM Forum. ITU-T SG20 also closely collaborates with ISO and IEC in the framework of the Joint IEC-ISO-ITU Smart Cities Task Force (J-SCTF).

The joint coordination activity on IoT and smart cities and Communities (JCA-IoT and SC&C) continues its role of promoting international coordination among SDOs in this area of IoT standardisation. JCA-IoT and SC&C maintains the global online IoT standards roadmap: The IoT and SC&C Standards Roadmap is also available as Supplement ITU-T Y.Suppl.58 “Internet of Things and smart cities and communities standards roadmap”.

ITU-T Focus Group on Data Processing and Management to support IoT and Smart Cities & Communities (FG-DPM) was established in 2017 and completed its activity in 2019. The FG provided a platform to develop deliverables, share views and showcase initiatives, projects, and standards activities linked to data processing and management and establishment of IoT ecosystem solutions for data focused cities.

The deliverables developed under the purview of FG-DPM) can be found here: Some of the FG-DPM deliverables have been transposed as ITU-T Recommendations and Technical Reports.

ITU-T SG11 continues its role in developing testing specifications of IoT, its applications and identification systems. SG11 approved six Recommendations which specify testing requirements for IoT. Among them, there is a new Recommendation ITU-T Q.4068 “Open application program interfaces (APIs) for interoperable testbed federations” which describes a set of open APIs for interoperable testbed federation able to manage not only the interconnection and the interoperability of testbeds in a federation, but also to handle the resources advertisement, allocation and provision. It is designed for different domains including IoT and it contains a technical framework, which provides a common reference for developers to facilitate the implementation and promotion of interoperability of testbeds.

More info:

ITU-T SG13 approved a new Recommendation ITU-T Y.2243 “A service model for risk mitigation service based on networks” (08/2019) dealing with risk mitigation service based on networks (monitors risk events, stores the data in real time and analyses the associated data, provides mitigation services for the identified risks).

More info:

ITU-T SG17 approved Recommendations ITU-T X.1361 “Security framework for the Internet of things based on the gateway model”, ITU-T X.1362 “Simple encryption procedure for Internet of things (IoT) environments”, ITU-T X.1363 “Technical framework of personally identifiable information (PII) handling system in Internet of things (IoT) environment”, ITU-T X.1364 “Security requirements and framework for narrow band Internet of things ”, ITU-T X.1365 “Security methodology for use of identity-based cryptography in support of Internet of Things (IoT) services over telecommunication networks”, ITU-T X.1366 “Aggregate message authentication scheme for IoT environment”, ITU-T X.1367 “Standard format for Internet of things (IoT) error logs for security incident operations”, ITU-T X.1368 “Secure firmware/software update for Internet of things devices”, Supplement to ITU-T X.660 - Guidelines for using object identifiers for IoT and is approving ITU-T X.1369 “Security requirements and framework for IoT service platform” (X.ssp-iot)and working on “Security requirements for IoT devices and gateway ” (X.iotsec-4), “Security risk analysis framework for IoT devices” (X.ra-iot), “Security controls for Internet of Things (IoT) systems” (, and “Security methodology for IoT service platform” (X.ssp-iot) and “Security methodology for zero-touch massive IoT deployment”(X.ztd-iot).

More info:


The OASIS Message Queuing Telemetry Transport (MQTT) TC has produced a standard M2M/IoT connectivity protocol designed to support messaging transport from remote locations/devices involving small code footprints (e.g. 8-bit, 256KB ram controllers), low power, low bandwidth, high-cost connections, high latency, variable availability, and negotiated delivery guarantees. MQTT also has been approved as ISO/IEC 20922:2016. A variant MQTT-SN protocol is being developed for very constrained devices often operating within unstructured sensor networks.

The OASIS Advanced Message Queuing Protocol (AMQP) TC provides a ubiquitous, secure, and reliable internet protocol for high-speed transactional messaging. AMQP also has been approved as ISO/IEC 19464:2014. A major cloud platform uses AMQP to connect to its cloud IoT hub.

The OASIS Open Building Information Exchange (oBIX) TC enables mechanical and electrical control systems in buildings to communicate with enterprise applications, and provides a platform for developing new classes of applications that integrate control systems with other enterprise functions.


3GPP, since Release 13, offers three new Low Power Wide Area Network (LPWAN) radio access technologies for long-range, power efficient, massive machine-type communications:

  • Extended Coverage GSM Internet of Things (EC-GSM-IoT),
  • LTE for Machine-Type Communications (LTE-M) and
  • Narrowband Internet of Things (NB-IoT).

Each has been standardized to ensure that increasingly diverse device and application types are supported by 3GPP networks, around the world. An overview is available here: more details here:

3GPP has been adding IoT-centric features, including capabilities to avoid network congestion, use networks more effectively, enhance security and, crucially, enable IoT devices to manage power resources efficiently, to its specification set in Release 13 and Release 14.

Massive IoT support is one of the key objectives of future 5G systems. This will be a focus of future work in 3GPP, given the already extensive IoT support in 4G.


oneM2M partnership project, launched by several SDOs and industry representatives in 2012 as a global initiative to ensure the most efficient deployment of Machine-to-Machine (M2M) communications systems and the Internet of Things (IoT)
The latest technical specifications can be found on Specifications (

oneM2M opens up the IoT ecosystemby creating an abstraction layer that simplifies the exchange of cross-silo data. It offers a common IoT Service Layer which can be readily embedded within different hardware and software, connecting the numerous devices in the field with IoT application servers worldwide. To do this, oneM2M offers interworking with the most common technologies and protocols used in the IoT today. Additionally, oneM2M supports access control based discovery and communication across deployments (addressing problem statement above that said we have “Intranet of Things”).

oneM2M has published Release 2A in March 2018 and its Release 3 in September 2018. oneM2M Release 4 will be finalized in Q3 2021, work on Release 5 commenced and is ongoing.

oneM2M includes specifications covering requirements, architecture, protocols, security, and management, abstraction and semantics. Release 2 added new functionality, particularly by expanding management, abstraction and semantics, security, and interworking with underlying technologies. oneM2M Release 3 adds seamless interworking with 3GPP network services for IoT, while Release 4 adds, for instance, time management, process management, semantic reasoning, software campaigning, enhanced and new interworking, security enhancements, discovery based operations as well as semantic ontology mapping. Some of the new features under discussion for Release 5 include the topics of AI for Internet of Things (IoT) systems, tools for data licensing and, controls to guarantee adherence to privacy regulation such as GDPR and PIPA (Korea).


OIC works on defining the connectivity requirements for devices including the definition of the specification, certification and branding to deliver reliable interoperability; IP protection; and providing an open source implementation of the standard.


The United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT) has developed a library of clearly defined semantic data elements called the Core Component Library in order to enable clear understanding of electronic information between source and receiver of the information. UNECE would encourage consideration of the UN/CEFACT Core Component Library in trade-related applications of Internet of Things. See:

UN/CEFACT has also developed standards and clear guidance related to Smart Containers. This includes a White Paper to explain the potential use cases and a Business Requirement Specification in order to clearly define the processes and information relevant to each potential use case. See:White Paper (available also in French and Russian):

Further work is continuing on Trade Facilitation applications of Internet of Things. See:


W3C continues to push for the use of Linked data to help manage data streams in IoT and Smart City scenarios. The latest developments were discussed at theSecond W3C Workshop on the Web of Things.

Currently, there are two active Groups:

TheWeb of Things Interest Groupbrings together stakeholders interested in the Web of Things to explore ideas prior to standardisation together with collaboration with external groups, e.g. standards development organizations and industry alliances.

TheWeb of Things Working Grouphas recently advanced two specifications to Candidate Recommendation and aims to advance them to W3C Recommendations. The Web of Things (WoT) Architecture describes the abstract architecture for the W3C Web of Things. The architecture can be mapped onto a variety of concrete deployment scenarios, several example patterns of which are given, including the RAMI reference architecture. The Web of Things (WoT) Thing Description describes a formal model and a common representation for a Web of Things (WoT) Thing Description. A Thing Description describes the metadata and interfaces of Things, where a Thing is an abstraction of a physical or virtual entity that provides interactions to and participates in the Web of Things. Because it is Linked data, things can thus be combined with other semantics, e.g. the GDPR vocabulary from the Data Privacy Community Group.


The Open Geospatial Consortium (OGC) defines and maintains standards for location-based, spatio-temporal data and services. Some of the work is related to IoT, e.g. a modular suite of standards for web services allowing ingestion, extraction, fusion, and (with the web coverage processing service (WCPS) component standard) analytics of massive spatio-temporal data like satellite and climate archives.

ISO/TC 211 ‘Geographic information’ and OGC have a strong relation and cooperation in the development of standards for the geospatial domain, and particularly geospatial data. ISO/TC 211 activities are mirrored at European level by CEN/TC 287 ‘Geographic Information’.

(C.2) Other activities related to standardisation

The Alliance for Internet of Things Innovation (AIOTI) was initially created under the Commission’s auspices in 2015. Its goals are to promote interoperability and convergence between standards, to facilitate policy debates and to prepare a Commission’s initiative for large scale testing and experimentation, tabled for 2016. AIOTI has meanwhile been transformed and set up as a stand-alone organisation. Forging new alliances between IoT sectors, stakeholders, large companies, SMEs and start-ups help Europe get a global lead in this field and will foster a digital single market for IoT.

AIOTI Working group 3 focuses on standardisation.

The Commission published a EUR 51 million call (H2020 ICT-30). The initiative cuts across several technological areas (smart systems integration, cyber-physical systems, smart networks, big data), and targets SME and IoT innovators for to create an open IoT environment.

Among AIOTI’s European largest technical and digital companies are:

  • Alcatel, Bosch, Cisco, Hildebrand, IBM, Intel, Landis+Gyr, Nokia, ON Semiconductor , Orange , OSRAM, Philips, Samsung , Schneider Electric, Siemens, NXP Semiconductors, STMicroelectronics, Telecom Italia, Telefonica, Telit, Vodafone, Volvo, and start-ups (SIGFOX)…
  • Representatives of different industries: nanoelectronics/semiconductor companies, telecom companies, network operators, platform providers (IoT/Cloud), security, service providers, sectors: energy, utilities, automotive, mobility, lighting, buildings, manufacturing, healthcare, supply chains, cities etc.


Several projects funded by the European Commission, integrated in the Internet of Things Research in Europe Cluster (IERC), deal with aspects of standardisation in IoT: CALIPSO, GAMBAS, IOT.EST, OPENIOT, UIOT6, SPRINT and PROBE-IT. In particular:

  • OPENIOT deals with standardisation of open source solution for creating utility/cloud-based environments of internet-connected objects,
  • SPRINT has an active contribution to W3C (web services), OMG (e.g. on exchange formats, APIs) and OASIS (data exchange formats),

PROBE-IT validates standards or pre-standards at European and international level and performs pre-standardisation research work on standardisation requirements.

The Future Internet PPP (FI-PPP) also deals with some issues connected to standardisation for the IoT.


IVA is a subproject of ´ICT for Sweden´, with the objective of supporting the entire value chain, from business benefits to sensors.


The KTN (Knowledge Transfer Network) has an IoT interest group


An IoT cluster supports investment in IoT

LoRa Alliance

Specifications intended for wireless battery-operated things in regional, national or global networks. LoRaWAN targets key requirements of the IoT such as secure bi-directional communication, mobility and localisation services


Works on promoting the uptake of technologies around the industrial internet including:

  • building confidence around new and innovative approaches to security;
  • developing use-cases and test beds;
  • influencing global standards development; and facilitating open forums to share and exchange best practices.

The Nordic IoT center is supported by the Danish Agency for Science and Higher Education, enabling partnerships in the Nordic region, completing the value chain for IoT products and services and documenting compliance to international standards

(C.3) Additional information

There are a number of global activities ongoing in the area of IoT standardisation. In particular there are: the oneM2M partnership project, to which ETSI contributes and of which ITU-T SG20 transposed the oneM2M specifications; relevant standardisation activities in IEC; a focus group in ISO/IEC JTC 1; the standards project on MQTT in OASIS; the IoT reference architecture; and the IoT Interoperability standards at ISO/IEC JTC 1/SC 41.

The IoT requirements of e.g. from retail manufacturing, the automotive, aeronautics, pharmaceutical, and medical equipment industries and the medical sector in general should be taken fully into consideration. Security, privacy, and management of control of the access to and ownership of data are essential for the development of IoT. Without acceptance by commercial users and consumers, the role of IoT would be limited to specific vertical markets. Wide acceptance is essential in commoditising IoT mechanisms and make them accessible e.g. to manufacturing and for manufactured products, or into m/e/Health applications.

IoT requires the interlinking of often disparate standards. These standards are often the product of different SDOs. There is a need to bring these bodies and their standards together to achieve the often small changes needed to allow products and services to interoperate.

Existing standards should be checked to take account of the protection of individuals with regard to personal data processing and the free movement of such data in the light of the proposal for a General Data Protection Regulation. Specific privacy by design standards should be identified and where necessary developed.