The Internet of Things stands at a pivotal inflection point. As we approach 2026, the convergence of Edge AI, advanced connectivity standards, and evolving regulatory frameworks is reshaping the IoT ecosystem in fundamental ways.
Professor Muthu Ramachandran, Cybersecurity, AI, and Blockchain Technology & Research Consultant at Forti5 Technologies, and Visiting Professor Extraordinarius at University of South Africa (UniSA), examines the technological advances, market dynamics, and regulatory developments that will define the next phase of IoT evolution.
The numbers that matter
The IoT market continues its remarkable expansion trajectory. Industry analysts project the market to reach approximately $1.3 trillion by 2026, with strong growth across industrial, consumer, and enterprise segments. The smart cities segment demonstrates particularly robust growth, with the global market projected to reach $312 billion by 2026 at a compound annual growth rate of 19%. This expansion reflects increasing urbanization and the imperative for data-driven urban management.
Technology trends reshaping IoT:
- Edge AI: the intelligence migration
2026 marks the inflection point when IoT manufacturers will scale from early Edge AI pilots to broad portfolio refreshes. This shift accelerates the transition from basic telemetry devices to endpoints supporting local inference and on-device decision-making.
- Semiconductor transformation: RISC-V and chiplets
Rising cost pressures and the need for flexible architectures are driving significant changes in IoT semiconductor design. Two trends dominate: the adoption of modular chiplet designs replacing monolithic SoCs, and the expansion of RISC-V adoption across IoT segments.
RISC-V, the open instruction set architecture, is gaining substantial traction in low-power IoT edge devices, Edge AI processors, and automotive subsystems. Growth is strongest in markets prioritizing supply-chain sovereignty and deeper architectural control for specialized edge workloads.
- Connectivity evolution: 5G and beyond
By 2026, forecasts predict nearly five billion 5G subscriptions worldwide. This expansion enables new IoT use cases previously impossible due to latency, bandwidth, or reliability constraints. Private 5G networks are emerging as a critical trend, providing enhanced control, security, and customization for business-critical industrial applications.
5G networks introduce five transformative capabilities that enable the next generation of IoT applications. The first is ultra-low latency, achieving response times under 1 millisecond, which is essential for autonomous vehicles and robotics where even tiny delays could cause accidents — at 100km/h, a 1ms delay means 2.7cm of uncontrolled travel.
The second capability is high bandwidth, supporting speeds up to 20 Gbps, which enables data-intensive applications like real-time HD video analytics and immersive augmented or virtual reality experiences that require massive continuous data streams.
Third, massive connectivity allows up to one million devices per square kilometre to connect simultaneously, making smart city deployments possible where millions of sensors monitor traffic, pollution, parking, and infrastructure all at once.
Fourth, network slicing creates virtual dedicated networks within the shared infrastructure, ensuring that mission-critical IoT applications like hospital systems or factory automation receive guaranteed, isolated bandwidth without competing with regular consumer traffic.
Finally, energy efficiency improvements of up to 90% compared to previous generations mean that battery-powered IoT sensors can operate for years without replacement, making large-scale sensor deployments economically viable. Together, these five capabilities transform 5G from simply a faster phone network into the foundational infrastructure for autonomous systems, smart cities, and industrial automation.
Industrial IoT: the manufacturing revolution
Industrial IoT represents the fastest-growing segment of the connected device ecosystem. By 2026, IIoT is expected to account for a significant portion of IoT market growth, with industries adopting connected sensors and AI-driven analytics to optimize production lines and supply chains.
Predictive maintenance: from theory to practice
The IoT predictive maintenance market has grown from $1.5 billion to $6.5 billion since 2016 and is projected to reach $28 billion by 2026. Leading implementations demonstrate tangible results: maintenance cost reductions of 25-30%, asset life extensions of 20-25%, and downtime reductions of up to 50%.
Digital twin maturation
Digital twin technology is evolving from concept to essential operational tool. By 2026, drones equipped with IoT sensors and high-resolution imaging will emerge as standard tools for building and maintaining accurate, up-to-date digital replicas of physical assets across real estate, manufacturing, and construction.
Smart cities: urban intelligence at scale
The concept of smart cities continues evolving with IoT playing a central role in traffic management, public safety enhancement, and efficient resource consumption. The global smart city IoT market is set to grow from $130.6 billion in 2021 to $312.2 billion by 2026.
IoT-enabled smart city solutions span multiple urban domains, creating interconnected systems for enhanced urban living.
Smart cities leverage IoT technologies across six interconnected domains to create urban intelligence. Mobility encompasses traffic management systems that optimise vehicle flow, smart parking solutions that guide drivers to available spaces, and electric vehicle charging infrastructure that balances grid demand.
Energy applications include smart grids that dynamically balance supply and demand, distributed energy resources that integrate solar panels and battery storage, and adaptive street lighting that adjusts brightness based on pedestrian activity and time of day. Safety systems deploy emergency response coordination, AI-powered surveillance for crime prevention, and disaster resilience networks that detect and respond to floods, earthquakes, or fires in real time.
Environment monitoring tracks air quality to identify pollution hotspots, manages water distribution to minimise waste and detect leaks, and optimises waste collection routes based on bin fill levels.
Services connect citizens to healthcare through remote patient monitoring, enable digital government interactions that reduce bureaucracy, and create smart buildings that automatically adjust heating, cooling, and lighting for occupant comfort and efficiency.
Finally, Infrastructure management uses predictive maintenance to repair roads and bridges before failures occur, creates digital twins that simulate urban systems for planning purposes, and tracks municipal assets from vehicles to equipment in real time. Together, these six domains represent a comprehensive smart city ecosystem projected to reach $312 billion in market value by 2026.
Regulatory developments: a new era of compliance
2026 represents a watershed moment for IoT regulation, with multiple major frameworks coming into force simultaneously. Organizations must prepare for dramatically increased compliance obligations across cybersecurity, sustainability reporting, and product safety.
EU Cyber Resilience Act: the compliance imperative
The European Union’s Cyber Resilience Act (CRA) introduces sweeping cybersecurity obligations for all products with digital elements. Key dates that IoT manufacturers and vendors must note: the CRA requires manufacturers to report actively exploited vulnerabilities to EU authorities within 24 hours, with detailed vulnerability notifications within 72 hours and final reports within 14 days. Non-compliance carries penalties up to EUR 15 million or 2.5% of worldwide annual turnover.
The European Union’s Cyber Resilience Act establishes a phased compliance calendar that IoT manufacturers must carefully follow. The regulation officially enters into force on December 10, 2024, marking the beginning of the transition period during which organisations should begin preparing their compliance strategies.
By June 11, 2026, EU member states must have appointed conformity assessment bodies responsible for certifying that products meet the new security requirements. Shortly after, on September 11, 2026, incident reporting obligations take effect, requiring manufacturers to notify authorities of actively exploited vulnerabilities within 24 hours of discovery — a significant operational change for many organisations.
The final and most critical deadline arrives on December 11, 2027, when full compliance becomes mandatory for all products with digital elements sold in the European market, meaning devices must incorporate security by design, provide vulnerability management throughout their lifecycle, and include comprehensive documentation.
Manufacturers who fail to meet these deadlines face substantial penalties, making it essential for organisations to begin their compliance journey well in advance of each milestone.
Sustainability Requirements
Carbon tracking is increasingly treated as a core design constraint in IoT semiconductors, now discussed alongside power, performance, area, and cost metrics. Regulations such as the EU’s Corporate Sustainability Reporting Directive make carbon transparency unavoidable for vendors operating in European markets.
Major chipmakers are responding proactively. TSMC has committed to Science Based Targets and now provides node-level carbon footprint data. Infineon has expanded Product Carbon Footprint disclosures across MCUs and connectivity parts. By 2026, standardized, auditable carbon disclosures from major foundries and IoT chip vendors will become the norm.
Security: building resilience by design
As IoT networks grow, they become increasingly vulnerable to cyber threats. With the cost of cybercrime predicted to exceed $20 trillion by 2026—representing 150% growth from 2022—security is no longer optional but existential.
Comprehensive IoT security requires a multi-layered defence strategy spanning four interconnected domains. The Device Layer forms the foundation, incorporating hardware security modules that protect cryptographic keys, secure boot processes that verify firmware authenticity before execution, device authentication mechanisms that prevent unauthorised access, and firmware integrity checks that detect tampering or corruption.
The Network Layer protects data in transit through end-to-end encryption that secures communications from device to cloud, zero trust architecture that verifies every connection regardless of source, network segmentation that isolates IoT devices from critical systems, and intrusion detection systems that identify malicious traffic patterns. The Application Layer safeguards software interactions via secure API gateways that validate and filter requests, data encryption at rest that protects stored information, granular access control that enforces least-privilege principles, and continuous security monitoring that detects anomalous behaviour.
Finally, the Governance Layer ensures ongoing security posture through systematic vulnerability management that identifies and remediates weaknesses, incident response plans that enable rapid reaction to breaches, compliance frameworks that align with regulatory requirements like the EU Cyber Resilience Act, and over-the-air update capabilities that allow security patches to be deployed remotely throughout the device lifecycle. Together, these four layers create a defence-in-depth approach essential for robust IoT security in 2026 and beyond.
AIoT: The Convergence of Intelligence and Connectivity
The fusion of Artificial Intelligence and IoT—termed AIoT—enables smarter, autonomous systems that transform raw sensor data into actionable insights. The AIoT market is estimated to reach $102.2 billion by 2026, reflecting the growing recognition that AI and IoT together deliver exponentially more value than either technology alone.
Conclusion: embracing the connected future
The IoT landscape of 2026 and beyond will be defined by intelligence at the Edge, robust security by design, and regulatory compliance as a competitive differentiator. Organizations that proactively adapt to these shifts will find themselves well-positioned to harness the transformative potential of connected technologies.
As we approach this pivotal year, the convergence of AI, advanced connectivity, and regulatory maturation creates both unprecedented opportunities and new imperatives. The organisations that succeed will be those viewing these developments not as obstacles but as catalysts for innovation and sustainable growth.
The future of IoT is not merely about more connections—it is about smarter, more secure, and more sustainable connections that deliver genuine value for businesses, communities, and society at large.
Author biography:
Professor Muthu Ramachandran is Cybersecurity, AI, and Blockchain Technology & Research Consultant at Forti5 Technologies, and Visiting Professor Extraordinarius at University of South Africa (UniSA).
