Cybersecurity and patent abuse hold back industrial IoT’s true potential (Reader Forum)
Between device hijacking, data breaches, and intellectual property theft, there are many known risks associated with a cybersecurity compromise in internet of things (IoT) applications. At the same time, many are excited about the potential IoT offers across enterprise use cases – and for good reason. During the COVID-19 pandemic, we once again saw how important connectivity is for creating new efficiencies in enterprise and for our economy as a whole.
A worldwide from May 2020 showed that 84 percent of the companies beginning to adopt industrial IoT technologies saw a positive impact on their ability to function during the COVID-19 pandemic. In the same survey 87 percent of businesses said the use of industrial IoT is critical for their future success. Therefore, it’s no surprise that the European IoT market as a whole is growing by annually. The integration of new connectivity capabilities into industrial production processes is now essential.
The rise of IoT in enterprise brings new challenges with it as well. Some of the risks are well-known. For example, most are aware that cybersecurity risks are dynamically evolving. Because industrial applications of IoT connect many new endpoints, they present increased potential of device hijacking and data breaches. A breach could result in a leak of confidential client information and even cause a complete shutdown of production.
Security issues are not the only challenge for industrial IoT technology developers. Equally important but less discussed is how patent abuse holds back the true potential of industrial IoT innovation in the UK. Recent court cases, in particular, the UK court decision in Unwired Planet v Huawei, have enabled abusive patent holders to target companies, including SMEs, that use standardised technologies like Wi–Fi, 4G, and 5G to extract exorbitant licensing terms and fees – just for using those standards.
Companies that make connected products often use standardised technologies to connect to the internet and to enable them to interact with other machines or software. Standardised technologies are everywhere and, for example, include things like Bluetooth, 4G, 5G and Wi-Fi. These technologies help to make the device interoperate with other devices, and a single standardised technology may consist of hundreds, or even thousands, of patented parts.
A patented technology typically becomes part of a standard when the patent holder participates in a standard-setting process and volunteers its patent as a solution that is so critical to the standard that the patent must be used to comply with a technical standard. Once the contributing patent holder declares its patent to be essential, the patent becomes unavoidable for the implementation of a standardised technology and is then considered a standard-essential patent (SEP).
By voluntarily contributing to an industry standard, SEP holders commit to providing licenses to their SEP on fair, reasonable, and non-discriminatory (FRAND) terms. The SEP holder, in return for this commitment to FRAND terms, gains access to the broad base of licensees that need to use the standard as it becomes more widely adopted.
While it is clear that the benefits that industrial IoT technologies bring to productivity, customer experience, and sustainability outweigh the risks, businesses should see the acute need to manage industrial IoT risks. Much like proactive steps can greatly help address the problems caused by vulnerable, outdated or insufficiently secure cyber systems, the same applies to patent issues. It’s important for small businesses to understand how patent abuses can cause serious issues that can quickly become complicated, and to make their voices heard.
Because SEP licenses are essential to the use of industrial IoT technologies at large, their availability urgently needs the attention of policymakers. Currently, a decision by just one SEP holder (of potentially thousands) to disregard their FRAND promise can prevent a company from using the whole standardised technology. Standardised technologies are meant to be used by manufacturers and well-documented abusive practices by some SEP licensors hinder them from doing so fairly.
The FRAND commitment intends to be a mechanism that makes it easier and more affordable for businesses to use the patented technologies in standards they need in their (I)IoT connected products. Because of imbalances in power between SEP licensors and licensees and the existing legal and policy landscape in the UK, manufacturers are typically left with only a few choices: to accept the abusive SEP holder’s unfair and prohibitive licensing demands, fight the case in court, or get out of the business entirely.
SME manufacturers that do not have the expertise or budget for years-long and expensive legal proceedings are often forced to simply accept the abusive terms proposed to them. For example, SEP holders typically try to force licensees into agreeing to license an entire portfolio of patents in order to license the SEPs they need, even when the rest of that portfolio may include invalid and non-essential patents with respect to the product the licensee is making.
Another example is that due to a UK Supreme Court decision (Unwired Planet v Huawei), SEP holders can now be assured that they can force a UK licensee to take a global license for a standard when the manufacturer only needs a license in the UK. SMEs would in this case be forced to pay licencing fees for jurisdictions in which they don’t even operate, or face a court order to stop selling their product in the UK market.
SME manufacturers can take steps today to understand and manage their SEP licensing risks, no matter where they reside in a supply chain. For example, a company could evaluate what is reasonably expected from a licensee and a licensor, as set out in the that the App Association led in developing to help SMEs of all sizes understand the licensing process.
However, the recent precedent set by the court means that manufacturers using (I)IoT technology in their factories and products, are putting a product on the market with an often unknown – potentially large or even prohibitive – liability attached.
The situation, unless course–corrected soon, could dissuade SMEs from investing in and developing connected devices or setting up shop in the UK at all. This situation could significantly limit the UK’s ambition to be a hub for innovation-driven growth, and policymakers should take action to address ongoing SEP licensing abuses as soon as possible.
About the author
Stephen Tulip is the App Association’s UK membership & engagement manager. With several years of experience in the UK membership and manufacturing sectors, Stephen connects our members, app developers, and device manufacturers with the policy issues affecting their business. Regularly joining events, he’s always happy to connect and promote the UK’s device manufacturing sector.
About the App Association
ACT | The App Association represents app makers and connected device companies in the mobile economy. Organisation members leverage the connectivity of smart devices to create innovative solutions that make our lives better. ACT | The App Association is the leading industry resource on market strategy, regulated industries, privacy, and security. To stay up to date with the latest SEP news, visit .