Explaining the Legal Regulations on Hardware and Software Aspects to be Aware of in IoT Business
In recent years, the rapid advancement of IoT (Internet of Things) technology has enabled devices to collaborate in various industrial fields, making efficient operation possible. As a result, companies are actively promoting the introduction of IoT technology, and innovations in business and products are expected.
On the other hand, legal regulations and security issues related to IoT are emerging one after another, and companies are required to respond appropriately.
In this article, we will explain in detail the legal regulations and points to be complied with regarding IoT.
IoT: Internet-Connected Household Appliances
IoT, short for “Internet of Things,” translates directly to “Internet of Things.” In other words, it refers to systems and services designed to make life more convenient by connecting everyday objects to the internet and enabling remote control, automatic recognition, and automatic control functions.
Typical IoT devices include smart home appliances. Examples include robot vacuum cleaners that can be operated from a smartphone while you’re away, and refrigerators that can manage food ingredients in conjunction with an app. There are also IoT devices with AI assistant functions, like Amazon Echo and Google Assistant, that can provide information and control home appliances just by calling out to them.
These are all convenient devices that make life more comfortable. However, IoT devices carry both the risk of hardware that can directly affect the human body, like electrical appliances, and the risk of software that can collect important personal information, including consumer lifestyle information.
Therefore, when starting a business with IoT devices, it is necessary to consider regulations on both the hardware and software aspects.
Regulations on the Hardware Aspect of IoT Device Provision
In the business of providing IoT devices, measures are required for both software and hardware aspects. Particularly, the hardware aspect, which can directly affect the user’s body, is subject to strict legal regulations.
Here, we will first explain the regulations on IoT devices as “home appliances”.
Electrical Appliance and Material Safety Act (Japanese Electrical Appliance and Material Safety Act)
Firstly, as long as IoT devices are household appliances, they are subject to the regulations of the “Electrical Appliance and Material Safety Act”. The Electrical Appliance and Material Safety Act provides the following three regulations:
- Notification system
- Conformity inspection to technical standards
- Safety certification of remote control functions
Manufacturers or importers of electrical appliances, including IoT devices, must notify the Minister of Economy, Trade and Industry within 30 days of starting their business (Article 3 of the Electrical Appliance and Material Safety Act[ja]). There is also an obligation to notify if there are changes in the notification content or if the business is discontinued.
The devices to be manufactured must comply with the technical standards stipulated in each ministerial ordinance. In addition, an inspection must be conducted for this conformity, and the “PSE mark”, which is a certification of conformity, must be displayed. Since the sale and display of products without the PSE mark is illegal, the display of the mark is virtually mandatory.
Furthermore, the existence of IoT devices with remote control functions, such as turning on switches using smartphones from outside, is indispensable for realizing smart homes. However, in order to manufacture and sell such devices, it is necessary to receive a judgment that “there is no risk of danger” through an investigation by a third-party organization, etc., due to regulations by the technical standards ministerial ordinance.
Consumer Product Safety Act (Japanese Consumer Product Safety Act)
The “Consumer Product Safety Act[ja]” specifies products used by general consumers in their daily lives that are prone to danger, and obliges measures to prevent recurrence and reporting and disclosure of accidents for these products.
In particular, many IoT devices used in smart homes fall under consumer products and are subject to the following regulations:
- Obligation to report serious product accidents
- Collection of accident information and disclosure of causes, and voluntary recall measures for products depending on the case
- Introduction of the PSC mark system
In the event of a serious product accident, there is an obligation to report to the Prime Minister within 10 days, and also an obligation to investigate and disclose the cause of the accident. Depending on the cause of the accident, measures such as voluntary recall of the product are stipulated as an obligation to make efforts.
Also, for consumer products that are particularly difficult for consumers to maintain and may cause serious accidents due to aging, the PSC mark[ja] is required to be displayed to urge consumers to take special care.
Household Goods Quality Labeling Act (Japanese Household Goods Quality Labeling Act)
For goods that are significantly difficult for general consumers to judge their quality, display standards are set for each product to make it easier to compare and consider.
For example, in the case of air conditioners, it has become easier for consumers to compare and consider by determining categories to be displayed, such as cooling and heating capacity, division name, power consumption, and annual energy consumption efficiency (Air Conditioner | Consumer Affairs Agency[ja]).
Some devices for smart homes are subject to the regulations of the Household Goods Quality Labeling Act, and if they do not comply with this display obligation, they may receive instructions from the government and their business name may be disclosed.
Reference: Household Goods Quality Labeling Act | Consumer Affairs Agency[ja]
Regulations on the Software Aspects of IoT Communication Networks
For IoT devices, it is essential to build a communication network that connects home appliances and the internet. Therefore, in addition to regulations as electronic products, they must also comply with regulations concerning IoT communication networks.
When using the internet for wireless communication with IoT devices, they are subject to the regulations of the Japanese Radio Law and the Japanese Telecommunications Business Law.
Japanese Radio Law
Normally, to establish a radio station, a license or registration from the Minister of Internal Affairs and Communications is required. However, low-power radio stations, small power radio stations, and specified small power radio stations are exempted, and no license or registration is needed.
In smart home appliances, “specified small power radio stations,” which do not require a license or registration, are widely used.
However, wireless equipment that does not require a license or registration must obtain a conformity certification in advance and acquire a technical conformity mark defined by the Ministry of Internal Affairs and Communications. Specified small power radio stations, which are frequently used in smart home services, must also be wireless equipment with a technical conformity mark.
Japanese Telecommunications Business Law
The “Japanese Telecommunications Business Law[ja]” is a law enacted to promote the healthy development of telecommunications businesses while maintaining the convenience of communication users and the protection of communication secrecy.
Under the “Japanese Telecommunications Business Law,” it is stipulated that if you are conducting an IoT business using an internet line, you must report or register in advance to the Minister of Internal Affairs and Communications (Article 9 of the Japanese Telecommunications Business Law[ja]).
Even IoT devices using radio stations that do not require a license or registration under the Radio Law may require registration or notification under the Telecommunications Business Law. Whether the service mediates others’ communication and is provided for others can be a criterion for determining the need for registration or notification.
For example, a monitoring camera requires registration or notification because it provides images from the camera to the user’s smartphone or other devices by mediating the user’s communication. On the other hand, a congestion detection system does not require registration or notification because it does not obtain information by mediating user communication.
The necessity of registration or notification needs to be determined individually depending on the business provided. Refer to resources such as the “Ministry of Internal Affairs and Communications ‘Telecommunications Business Entry Manual'[ja]” and confirm with the General Communications Bureau as necessary.
Regulations on Personal Information Collected through IoT
IoT devices are tied to users’ lives and collect private life data, making privacy issues unavoidable.
- From the time an air conditioner is turned on, one can determine when someone is at home
- From the TV programs watched, one can understand a person’s preferences and interests
- High-functioning scales can provide detailed body data such as weight, body fat percentage, and muscle mass
To protect such collected personal information, the “Japanese Personal Information Protection Law” was revised in April 2022 (Gregorian calendar year). The revision strengthens the protection of individual rights, adds responsibilities for businesses, and promotes the utilization of data.
Consult a Lawyer Well-Versed in Both Software and Hardware for IoT Businesses with Numerous Regulations
When starting an IoT business, it is crucial to be aware of not only the laws regulating devices as electronic products and software-related regulations concerning communication networks, but also the Japanese Personal Information Protection Law.
If you start an IoT business without understanding these regulations, you may face penalties. Moreover, it could lead to significant issues such as product accidents or information leaks.
There are many regulations in the IoT business. Before starting your own service, consult a lawyer with a broad range of knowledge to understand what laws are involved.
Measures Provided by Our Firm
Monolith Law Office is a legal office with extensive experience in both IT, particularly the internet, and law. In recent years, IoT businesses have been attracting attention, and the need for legal checks is increasing more and more. Our firm provides solutions related to IoT businesses.
Areas of practice at Monolith Law Office: Corporate Legal Affairs for IT and Ventures[ja]
Category: IT
Tag: ITTerms of Use