1. WHAT IS IoT?
As per the Draft Internet of Things (IoT) Policy of India, 2015, the Internet of Things refers to a seamlessly connected network of embedded devices or objects having unique identifiers that are capable of communicating with each other without human intervention through standardized and interoperable communication protocols.
In simple terms, IoT is a vast network of interconnected devices that collect, transmit, store and process information obtained from their surroundings, user preferences, locations and various sensors.
The collected information is generally stored on a common platform and can subsequently be accessed, analyzed and utilized by other interconnected devices based on their operational requirements.
A single IoT-enabled device may:
- Collect data.
- Store information.
- Analyze data.
- Take automated actions based on the collected information.
IoT therefore enables everyday objects to become intelligent systems capable of communicating and responding without direct human involvement.
Example
A smart refrigerator may use sensors and a touchscreen interface to track food expiration dates and automatically notify users when products are nearing expiry.
2. DOES DEPLOYMENT OF IoT ELIMINATE THE LIABILITY OF THE DEPLOYER?
No. Deployment of IoT does not eliminate or reduce the liability of the deployer.
IoT systems operate through a highly complex ecosystem comprising interconnected devices, sensors, software applications, communication networks and cloud-based platforms.
Since multiple devices rely upon information generated and shared by other devices within the network, a failure at any point in the chain may affect the entire system and potentially cause significant damage or loss.
Consequently, the responsibilities and liabilities of manufacturers, software developers, service providers, distributors and deployers become more significant due to the technological complexity involved.
Example
If software embedded within a smart thermostat malfunctions and records incorrect temperature data, the thermostat may automatically regulate temperatures incorrectly.
Other connected devices relying on that data may also function improperly, potentially causing operational disruptions, financial losses or safety concerns.
Liability may therefore arise from various causes, including:
- Device malfunction.
- Cyber-attacks.
- Data theft.
- Software defects.
- Communication network failures.
3. WHO IS LIABLE IN CASE OF MALFUNCTION OF AN IoT PRODUCT?
Determining liability for malfunctioning IoT products can be challenging because multiple parties are often involved in the creation and operation of a single IoT ecosystem.
For example:
- The hardware device may be manufactured by one entity.
- The operating software may be developed by another entity.
- The communication network may be operated by a third party.
- The data may be processed or utilized by another service provider.
As a result, identifying the exact source of failure becomes a complex exercise.
Malfunctions may arise due to:
- Manufacturing defects.
- Software failures.
- Sensor inaccuracies.
- Network interruptions.
- Data processing errors.
- Cybersecurity breaches.
Strict Liability Principle
Many common law jurisdictions apply the principle of strict liability in product liability cases.
Under this principle, manufacturers may be held liable for damages caused by defective products regardless of whether negligence can be established.
The rationale behind strict liability is that manufacturers owe a duty of care to consumers and are responsible for ensuring that products placed into the market are reasonably safe.
Consequently, IoT device manufacturers should implement effective risk allocation mechanisms to determine responsibilities among all parties involved in the IoT ecosystem.
Such allocation of risk can be achieved through carefully negotiated contracts between:
- Manufacturers.
- Software developers.
- Distributors.
- Service providers.
- Network operators.
4. IS INSURANCE AVAILABLE FOR LIABILITIES ARISING FROM IoT DEPLOYMENT?
Yes. Insurance can play a significant role in managing liabilities associated with IoT deployment.
Given the complexity of IoT systems and the challenges associated with identifying fault, manufacturers and other stakeholders should carefully evaluate their insurance requirements.
In many situations, manufacturers, sellers and distributors may be the first parties against whom claims are brought when losses arise from malfunctioning IoT systems.
Consequently, insurance planning should form an integral part of the overall business and risk management strategy.
Need for Customized Insurance Solutions
Traditional insurance products may not adequately address the unique risks associated with IoT deployments.
IoT stakeholders should proactively identify risks and evaluate specialized insurance products tailored to their specific operational requirements.
Customized insurance solutions may provide protection against:
- Product liability claims.
- Cybersecurity incidents.
- Data breaches.
- Business interruption losses.
- Software failures.
- Network outages.
Appropriate insurance coverage can significantly reduce financial exposure arising from deployment and operation of IoT-enabled systems.
CONCLUSION
The Internet of Things has transformed the way devices interact, communicate and make decisions by enabling automated data collection and analysis.
However, increased connectivity also introduces significant legal, operational and cybersecurity risks.
Manufacturers, developers, deployers and other stakeholders must carefully address liability allocation, contractual risk management and insurance protection to effectively manage the risks associated with IoT deployment.
As IoT ecosystems continue to evolve, robust contractual frameworks, clear risk allocation mechanisms and tailored insurance solutions will become essential for managing liabilities arising from interconnected technologies.



