A growing number of signals from the IoT market point to a structural mismatch. Companies are no longer developing isolated connected devices. They are building connected systems: machines linked to sensors, software and cloud platforms; products linked to data flows and service models; digital twins linked to predictive analytics; industrial assets linked to cybersecurity, interoperability and regulatory access rights. Yet much IP advice is still publicly framed as if the central question were only whether a device, a software function or a technical feature can be protected.

This article is not about whether IP matters in IoT. That debate has largely passed. It is about a gap.

On one side, IoT companies are facing a layered innovation environment in which patents, software, data, trade secrets, technology standards, cybersecurity, contracts, digital platforms, digital twins and digital service models increasingly interact. On the other side, much visible IP communication still separates these questions into individual legal categories: patentability, FTO, data rights, trade secrets, licensing, contracts, technology standards or IP enforcement. Each category matters. But connected-product companies often need something more integrated.

The core thesis is this: IoT is becoming one strategic control environment, and IP is moving from a narrow protection function into a decision system for control, collaboration, market access, risk management and competitive positioning.

The demand side: what IoT companies increasingly need

Many IoT companies are not primarily asking whether they can obtain “a patent” for “a device”. They are facing more complex operational questions. A smart manufacturing company may connect machines, sensors, edge devices, cloud systems and analytics tools. A medical device company may combine hardware, software, patient data, connectivity and regulatory compliance. A smart mobility company may depend on vehicle data, communication standards, AI-based prediction and platform access. An industrial equipment supplier may shift from selling machines to offering predictive maintenance, performance optimization or usage-based services.

The strategic question is therefore not only: what can we protect? The better question is: what must we control in order to scale, collaborate, access data, maintain security, attract investment and keep room to act?

This is where IoT differs from many classical product categories. Value often appears at interfaces. It may sit between a sensor and a data model, between a physical machine and a digital twin, between an algorithm and a technical effect, between a communication protocol and interoperability, between a customer contract and access to generated machine data, or between a software update process and cybersecurity compliance.

A company may therefore need to decide which elements should be patented, which algorithms should remain secret, which data flows create bargaining power, which interfaces must remain open, which technology standards create dependency, and which contractual structures preserve control over future improvements. This need often arises before the filing decision. It concerns system architecture, portfolio design, data governance, collaboration strategy, regulatory exposure and business model design.

The supply side: what IP communication still often emphasizes

When one looks at how IoT IP expertise is often publicly presented, another picture becomes visible. The dominant public signals are often technical competence and legal categorization. Communication may focus on patent protection for connected devices, computer-implemented inventions, FTO for electronics, licensing of communication standards, data access rights, cybersecurity compliance or contracts for platform collaborations. All of these topics are relevant. But they can remain fragmented if they are not connected to the company’s strategic control problem.

The message is often: we can protect IoT inventions. Much less often, the message becomes: we can help you understand where control, dependency and defensibility arise in a connected technical system. This distinction matters.

In IoT, protectability is necessary, but not sufficient. A patentable sensor arrangement may not protect the commercially decisive data layer. A strong algorithm may be difficult to enforce if it is hidden in cloud infrastructure. A digital twin may create strong differentiation but raise ownership questions around operational data and customer-generated improvements. An open interface may accelerate adoption but weaken exclusivity. A proprietary platform may create control but slow ecosystem growth. A standard may enable market access but create licensing and FTO risks. Protection choices are becoming architecture choices.

Where the mismatch becomes visible

The gap becomes clearest when comparing the situations IoT companies face with the way IP expertise is often segmented. An IoT company does not experience its risk in separate legal boxes. It experiences the system as one decision environment. The technology logic asks whether the connected system works. The data logic asks who can access, use and monetize generated data. The patent logic asks what technical contribution can be claimed. The software patent logic asks whether the computer-implemented functionality produces a technical effect. The cybersecurity logic asks whether the product can be securely maintained across its lifecycle. The technology standard logic asks which interfaces enable market access and which dependencies they create. The business logic asks where differentiation, lock-in effects and bargaining power will come from. When these logics are treated separately, the company may receive correct advice and still remain strategically exposed.

It may patent the device but miss the service model. It may protect the software function but overlook data access. It may develop a digital twin but fail to define ownership of customer-generated improvements. It may collect valuable machine data but face regulatory access obligations. It may build a technically advanced product but become dependent on third-party platforms, cloud providers, communication standards or customer-controlled data environments.

This is why IoT patent landscapes are becoming more than filing statistics. They are maps of system control. They show where competition is concentrating, where technology standards may create dependencies, where software layers become patent-relevant, where data positions shape bargaining power, and where white spots may still exist.

The data and cybersecurity layer

There is another reason why fragmented IP advice is becoming insufficient: connected products are increasingly regulated as data-generating and security-relevant systems. The EU Data Act applies from 12 September 2025 and strengthens access and usage rights around data generated by connected products and related services. For IoT companies, this means that machine data, product usage data and operational data can no longer be treated as a purely internal resource by default. This changes the IP context.

Companies must decide which data they can control exclusively, which data users may access, which data supports service revenues, which data should be protected as trade secrets, and which data sharing obligations must be reflected in product design, contracts and business models.

Cybersecurity is becoming similarly strategic. The EU Cyber Resilience Act addresses software and hardware products with digital elements and responds to concerns about insufficient cybersecurity and missing timely security updates. For IoT companies, cybersecurity is therefore not only a compliance issue.

It influences product architecture, update obligations, supplier contracts, customer trust and market access. A connected product that cannot be securely maintained may become commercially fragile even if the underlying technical invention is strong.

A gap in translation

What appears visible, then, is not primarily a gap in legal quality. It is a gap in translation. Companies increasingly experience IoT through questions of control, dependency, scalability, data access, interoperability, cybersecurity, service models and technology standards. Publicly visible IP expertise often still frames the subject through separate legal categories: patents, software, trade secrets, data, contracts, licensing, technology standards and enforcement.

Those categories are necessary. But they are not the same as the company’s strategic problems. The opportunity for IP experts is therefore not only to offer more technical expertise. It is to make existing expertise legible as decision support.

Companies need to understand where the defensible control point lies. In one case, it may be a sensor arrangement. In another, a control method. In another, an edge computing architecture. In another, a digital twin simulation method. In another, a cybersecurity update mechanism. In another, the strategic value may lie in combining patents, trade secrets, data access rights and platform governance. The next step is to translate this complexity into management choices.

The strategic opportunity

The market opportunity is not simply to tell IoT companies that IP is important. They already know that. The opportunity is to show them that IP can function as a decision system for connected-product strategy. It can help management decide what to protect, what to disclose, what to keep secret, what to license, what to standardize, what to monitor, what to open to the ecosystem, what to contractually control and where technical architecture creates future bargaining power. That is where the next stage of differentiation in IoT IP advice may begin.

The companies that understand this early gain room to act. They can shape their portfolios around system control points instead of individual assets alone. They can align patent filings with software architecture, data strategy, cybersecurity requirements, collaboration and service models. They can use IP not only to protect what has been invented, but to clarify how the connected business should compete.

Companies that treat IP reactively face a different risk. They may become technically advanced but strategically dependent. Connected but not in control. Data-rich but unable to use the data. Patent-active but commercially exposed. Collaborative but weak in negotiation. Innovative but dependent on platforms, technology standards, customers or infrastructure they do not control.

The IoT gap is therefore not a gap between connectivity and IP. It is a gap between connected technical systems and fragmented advisory narratives. Closing that gap means translating IP expertise into the language of strategic control.