Rethinking IoT uptime

IoT12 Jun 2025

Iain Davidson at Wireless Logic explores the regulatory and operational reasons why business leaders must now rethink uptime resilience

Until recently, the uptime and resilience of the Internet of Things (IoT) was an operational metric. Which is curious, because even a few seconds’ outage can have a big impact on customers and profitability, not just operations. But now, uptime is a regulated expectation. Businesses must make their ICT systems and digital services resilient, and be able to prove they can recover fast from an outage, or they could face compliance action.

Downtime has always been expensive. According to one report, the hourly cost of computing/network outages is over $300,000 for 90% of companies. Siemens suggest that every lost hour costs automotive manufacturers $2.3 million. These are eye-watering costs, but they are not the only risk, downtime also jeopardises reputational damage, and that alone is reason enough to make resilience a priority.

In addition, downtime now risks regulatory penalties. To avoid falling foul of minimum standards, companies must formulate proactive resilience strategies and adopt the tools and approaches they need.

IoT downtime risks regulatory penalties

Consider where the IoT fits into everyday businesses and lives. It connects machines, smart chips, sensors, management systems and more. It supports critical applications in healthcare, security and energy including remote patient monitoring, real-time intrusion detection and energy smart grids. Handheld scanners for real-time in-store stock management and electronic point of sale terminals call on the IoT. Retailers need these things to keep stock moving and tills ringing.

When the IoT goes down, people and businesses feel it. Which is why rule makers impose regulations and standards that say, if you’re not resilient, you might not be compliant.

There are many rules to understand. The Digital Operations Resilience Act (DORA) and other resilience mandates cover risk management, supply chains and application and device security. Then there is the EU’s Cyber Resilience Act, China’s Cyber Security Law and the Telecom Security Acts in the USA and UK.

The recently published EN 18031 is another one and it is of particular importance for businesses who sell or supply IoT devices in the EU. It applies to all connected radio devices from 1 August 2025 and is a cyber security add-on to the EU Radio Equipment Directive (RED) required to receive a CE mark. Non-compliant devices will be deemed unsafe and cannot be legally sold in the European Economic Area (EEA) without the CE mark.

The regulations and standards out there all add up to demand service levels that call for high availability and rapid, automated recovery from outages. Companies that don’t measure up risk regulatory penalties, as well as all the other bad stuff that comes from an outage including disrupted operations, the cost of fixes and reputational damage.

Proactive IoT network resilience

Fortunately, there is guidance to help companies strengthen their IoT resilience. Standards bodies including the International Organization for Standardization (ISO), the European Telecommunications Standards Institute (ETSI), the National Institute of Standards and Technology (NIST) and the International Electrotechnical Commission (IEC) provide frameworks for best practice.

Companies should use these frameworks to understand what they must do, and then act to make it happen. As part of this, they must demand high-availability solutions from their IoT partners, such as device manufacturers and connectivity providers.

It is critical to get ahead of the problem because proactive resilience outperforms reactive service level agreements every time. It is better to defend than repair, and to detect anomalies before they become full-blown incidents.

Reactions are still important, though. Companies must know what to do if a problem arises. When they are not prepared, they spend too much time organising themselves and formulating a plan. This should be in place before it is needed, and rehearsed to keep it relevant, realistic and familiar.

Requirements for compliant resilience

Resilience can seem daunting because IoT solutions are multi-dimensional. They are made up of devices, networks, cloud solutions and operational processes.

Also, downtime can result from many things - a network or power outage, inadequate maintenance, the dreaded cyberattack, even an environmental or natural disaster. Devices can be damaged by the very environments they operate in, resulting in mechanical failure.

These risks test IoT resilience every day and many of them are outside the control of the responsible company. Nevertheless, companies must maximise uptime and the only way is to build resilience in at the device, network, cloud and operational level.

What does that look like? There are a range of measures; and they always come down to design. They include:

Building redundancy into networks and systems; auto-scaling in line with demand fluctuations and ensuring automated failover
Security throughout the solution including identity and access management, multi-factor authentication, encrypted data, endpoint protection and patch management
Optimising service performance; considering edge computing, content delivery networks and rate-limiting and undertaking capacity planning on a regular basis
Real-time monitoring of infrastructure, applications and devices, along with predictive analytics
Automated provisioning, software updates and self-healing systems
Disaster recovery planning
Change control procedures, version control for configurations and audits carried out against regulatory standards.

There are more, even than these, but companies should take heart from the fact there are measures they can take. Designers, engineers, solutions architects and enterprises should engage an IoT solution provider to discuss maximising uptime at the earliest opportunity to ensure everything is covered.

The consequences of not doing so almost don’t bear thinking about. Security, resilience and uptime can be the difference between competing, keeping customers and being compliant.

Future success with the IoT will belong to those who take the right approach, and use the right tools, to maximise uptime and keep data flowing securely and robustly between their IoT devices, operating systems and cloud environments.

Iain Davidson is senior product marketing manager at Wireless Logic

Main image courtesy of iStockPhoto.com and Traitov