The Internet of Things is leading to a shift from a business based on products to a business of services, triggering new legal issues to which companies might not be prepared.

The title of a famous article of 2011 from Marc Andreessen is

Why software is eating the world?

At that time he was commenting about the digitization of businesses, mentioning, among others, that the world’s largest bookseller, Amazon, does not own any book shop. This example might be accompanied by more recent examples referring for instance to Uber, the world’s largest taxi company, which owns no taxis or Airbnb, the world largest accommodation provider, that owns no real estate.

But what’s happening now with the Internet of Things?

Marc Andreessen certainly has a very deep understanding of the dynamics of the technology sector. And indeed, after 5 years, the Internet of Things is fastening such technological revolution with a major shift from a business based on products/hardware to a business of services i.e. value added services that can be provided through software.

A great example of this shift is happening in the tire market where Pirelli and Michelin are embedding their tires with sensors able to collect data about vehicle performance and road conditions that is then conveyed to the driver as well as to the car’s electronics helping improve safety and efficiency. This change is coupled with a change in their business model since tires are no longer paid through a one-off payment as happened so far, but as part of a service on a kilometers-driven basis. This means that tires become part of a more structured service where customers not only receive tires, but a number of value added services that are aimed at

1. reducing fuel consumption,
2. increasing safety,
3. providing maintenance services when – based on the information collected from the tires combined with big data – a malfunctioning is likely to happen shortly and consequently
4. reducing the period in which a vehicle cannot be used since the maintenance activity can be planned before a malfunctioning takes place.

What are the legal consequences of the new business model?

The new business model turns a supplier/customer relationship that was up until now one-off to a continuous relationship which also creates a much higher level of loyalty on the customers’ side. However, such “loyalty” creates also new legal issues. Indeed,

1. Companies that did not collect so far almost any information about their products and customers will start gathering data not only about the performance of their products, but also personal data about their customers. Privacy issues for the first time will become a problem for a number of companies!

And this is happening when the new EU Privacy Regulation is about to be approved with its massive fines. Privacy by design and security by design are the most effective tool to protect companies against potential liabilities. And their usage – already requested by data protection authorities – will become compulsory with the new EU Privacy Regulation.

2. Customers will rely on sensors. This means that in case of their malfunctioning new potential liabilities might arise. When it comes for instance to connected cars, statutory provisions oblige only vehicle owners to ensure the vehicle. But what happens if an accident is caused by the malfunctioning of an IoT components such as a sensor that did not detect an obstacle? The liability might be passed to the car manufacturer and in turn to its supplier.

3. 48.8 million of cyber attacks occurred in 2014 causing damages in the range of $ 445 bn. Sensors and Internet of Things devices will exponentially become potential targets for cyber attacks. Again, a privacy by design and a security by design approach might mitigate such risks, but also cyber risk insurance policies are becoming a useful resource.