One of our 2026 IoT Transition Topics, that we expect to define the IoT market in the coming year, is ‘The increasing requirement for localisation’.
We describe it as: “Several factors, including regulation (e.g. permanent roaming, data sovereignty or know-your-customer rules) and optimisation of service delivery, are driving the need for solutions to be localised in various ways, whether that be in terms of local hosting of network infrastructure, cellular connectivity localisation, or compliance with local regulations (such as know-your-customer). We will look at how those issues might be addressed.”
In this blog post we explore the forms that localisation will take, the drivers of it, and the implications for how IoT is delivered. The blog post touches on a number of topics that will be the subjects of reports forthcoming in 2026.
Regulatory compliance has always been an inherent part of deploying connected devices. Every country enforces its own rules governing radio spectrum usage, frequency bands, transmission power, and device certification, amongst other things. These requirements are not new, and IoT stakeholders have long adapted products and services to comply with national laws.
What has changed is the scope and depth of regulation affecting IoT deployments. Permanent roaming remains a key issue. Many IoT solutions still rely on roaming to achieve international coverage, and in many jurisdictions this continues to be tolerated, including for deployments using eSIM profiles. However, permanent roaming has never been universally accepted, and enforcement varies significantly by country. As regulators become more assertive, and focus shifts to eSIM profiles, uncertainty around long-term viability remains.
Know Your Customer (KYC) requirements introduce further ambiguity. These rules, originally designed for consumer telecommunications, are often poorly defined for IoT use cases. It is frequently unclear who constitutes the customer, how identity verification should be implemented at scale, or how compliance responsibilities are distributed across complex IoT value chains. This lack of clarity increases operational and regulatory risk for connectivity providers and solution integrators. Further detail on this topic is available in our recent report on KYC regulations. Even when permanent roaming is allowed, related regulations may add friction to the deployment of such connections. For instance, various countries around the world have requirements to establish a local operating company, to register with a dispute resolution agency, or to procure licences to offer IoT services, and more.
Cybersecurity regulation is another growing area. New national rules governing device security, software updates, vulnerability disclosure, and incident response are increasingly applied to connected devices. While these may appear novel, they largely represent extensions of existing national regulatory authority, with a few notable exceptions such as the EU’s Cyber Resilience Act . Regulation related to artificial intelligence follows a similar trajectory, with countries developing national frameworks that affect how AI-enabled IoT systems can be deployed and operated.
Data governance regulations represent a more structural shift. Frameworks governing how data is stored, processed, and transferred across borders have direct implications for IoT architectures. Regulations such as the EU Data Act or the CLOUD Act affect where data can reside and how it may be accessed, influencing decisions around cloud usage and network design. Unlike spectrum regulation, these rules directly impact cross-border data flows, making compliance a central architectural consideration.
National resilience requirements add another layer of complexity. Governments are increasingly focused on the resilience of critical national infrastructure, including energy, transport, utilities, and public services. IoT systems are now deeply embedded in these sectors, leading to greater scrutiny of deployment architectures, supplier dependencies, and operational continuity. These considerations increasingly influence vendor selection and system design, particularly for deployments supporting critical services.
All of this necessitates that vendors supporting multi-country IoT deployments are providing compliant solutions and can help their customers with challenges of compliance.
Further analysis of the regulatory environment and discussion of all the various regulations referenced above, can be found in a summary report and within the Transforma Insights regulatory database.
Alongside regulatory pressures, the growing requirements for high bandwidth, low latency data are also necessitating a shift to local. Historically, supporting connections outside a provider’s domestic footprint almost always meant roaming, except where regulation explicitly prohibited it. For low-bandwidth applications, this model was generally viable.
As data volumes increase, roaming becomes less attractive. Higher usage drives up costs and can introduce performance limitations, encouraging a shift towards localisation. This typically involves anchoring connections on local networks and managing data breakout locally, rather than routing traffic back to a distant home network.
Latency requirements are also becoming more stringent. Applications such as industrial automation, video analytics, and real-time monitoring depend on rapid data transmission and response times. The integration of AI into IoT solutions amplifies this requirement, as real-time analytics and decision-making often rely on low-latency data paths and proximity between devices, networks, and compute resources.
The evolution of 5G further accelerates the shift away from roaming-centric models. Advanced 5G capabilities such as network slicing and quality of service differentiation are inherently network-specific. These features are as yet typically not available, or are significantly constrained, for roaming connections.
As standalone 5G networks are activated, roaming connections increasingly risk being treated as secondary, with limited access to advanced functionality. For IoT deployments that depend on predictable performance characteristics, this creates a strong incentive to use local network connections. Without standalone 5G enabled, all users may experience limited functionality, but once enabled, the gap between local and roaming connections becomes more pronounced.
More detail on the implications of 5G for IoT is available in our report 'Monetisation of public 5G networks through IoT' as well as a forthcoming report on 5G roaming.
The adoption of eSIM and remote SIM provisioning technologies is reinforcing the trend towards localisation. The introduction of the SGP.32 standard enables more scalable and flexible remote provisioning for IoT devices. This allows connectivity profiles to be downloaded and managed dynamically, supporting local network attachment even for globally deployed devices.
What might previously have been delivered using roaming SIMs can now be implemented through locally hosted SIM profiles, provisioned remotely as devices are deployed or moved. This approach combines the operational benefits of global management with the performance and compliance advantages of local connectivity.
At the same time, new management platforms are reducing complexity. Single pane of glass (SPOG) platforms enable enterprises and service providers to manage connections across multiple networks and connectivity management platforms through a unified interface. This makes multi-operator and local-first strategies more practical at scale.
Discussion of communications service provider approaches to SGP.32 and related developments can be found in the recent Communications Service Provider (CSP) IoT Peer Benchmarking report.
Technology availability remains uneven across markets. While 5G coverage is expanding, it is far from universal, with much existing 5G coverage supported by legacy 4G core networks (i.e. 5G Non-Standalone), and many regions continue to rely heavily on 4G. The ongoing shutdown of 2G and 3G networks creates additional fragmentation, particularly for legacy devices and long-lived IoT deployments. Even 4G may face eventual switch-off in some markets.
IoT-optimised cellular technologies such as NB-IoT and LTE-M are not consistently available worldwide. Support for features such as power saving modes and extended discontinuous reception also varies, affecting battery life and device performance.
Beyond cellular, licence-exempt technologies such as public LoRaWAN networks add further diversity. These technologies are subject to national rules governing spectrum availability, transmission power, and duty cycle limitations. Such variations influence device design and network planning, making global standardisation challenging.
To address regulatory, latency, and data volume requirements, connectivity providers are increasingly deploying distributed core network infrastructure. This often focuses on packet gateways (PGWs) located closer to end users, enabling local data breakout and compliance with national data governance rules, but can extend to the local deployment of a full core capability.
These capabilities can be delivered through self-deployed infrastructure sourced from core network vendors, or through hosted services provided by specialised platforms. Both approaches aim to provide local network functionality in a more cost-effective way.
For more on this topic, see our recent webinar 'Virtual Packet Gateways and why you should care about them'.
Commercial, technical and regulatory pressures are influencing a change in strategic direction for mobile network operators. Global IoT connectivity has become highly competitive, with limited differentiation and pressure on margins. In contrast, domestic markets offer greater opportunities to differentiate through local services, established brands, field support, and sales channels.
As a result, many operators are refocusing on their home markets. This includes renewed investment in full-stack propositions that combine connectivity with managed gateways, sensor portfolios, and application-layer services such as video analytics. These offerings are typically better suited to domestic deployment, where operators have stronger distribution and customer relationships. The increasing prevalence of such products was another key theme identified in the CSP IoT Peer Benchmarking Report.
At the same time, operators are increasingly relying on partnerships to address out-of-footprint requirements. Collaborations between operators, or between operators and virtual operators, allow providers to offer broader coverage without directly managing global infrastructure. This reflects a growing tendency for operators to concentrate on domestic strengths while working with partners for international reach.
Collectively, these trends point to a fundamental shift in how IoT connectivity is delivered. The assumption that global reach can be achieved primarily through roaming is increasingly challenged by regulatory complexity, performance requirements, and economic realities. Localisation, supported by eSIM technology, distributed core infrastructure, and multi-operator management platforms, is becoming a central design principle.
For enterprises and service providers, this environment demands more sophisticated strategies. Successful IoT deployments increasingly require careful alignment between regulatory compliance, network capabilities, data architecture, and commercial models. Hybrid approaches that combine global coordination with local execution are becoming the norm, reflecting the evolving intersection of regulation, technology, and market dynamics that now defines the IoT landscape.
All of the topics, and the implications for the evolution of connectivity provider portfolios, discussed above will be further addressed by Transforma Insights during 2026.
