enables government, licensed commercial users, and unlicensed users to cooperatively make use of a large amount of spectrum77.The U.S. Federal Communications Commission’s (FCC’s) expert IoT working group predicts that IoT will add a significant capacity load to existing Wi-Fi and 4G mobile networks. Regulators will need to give continuing attention to the availability of spectrum for short-range IoT communications and the capacity of backhaul networks that connect IoT gateways to the Internet. They will also need to encourage the roll-out of small-cell network technology such as 5G. If these conditions are met, the working group does not expect that new spectrum will need to be explicitly allocated to IoT communications78. The FCC also is reviewing the use of spectrum above 25 GHz for 5G networks, and possibly the IoT79. The Korean government plans to secure up to 1 GHz of additional spectrum by 2023, and it will ensure that 5G is commercialised by 2020 to cope with the “exponential growth” it expects in IoT traffic80. Studies for the European Commission have suggested that a licence-exempt model is most effective for IoT development, since it avoids the need for contractual negotiations before devices are manufactured and used, allowing the production of large numbers of cheap devices81. A Korean government review found an increasing demand for unlicensed, low-power, long-distance communications to connect devices in remote areas82.3.5.2 Switching and roaming Firms operating large networks of M2M devices via mobile telephony networks, with a fixed SIM in each device, may not find it easy to switch networks at the end of a contract. The same Trends in Telecommunication Reform 2016 85 Chapter 3 Table 3.3: Overview of policy and regulatory measures (end)What?Why?What is done today/best practice Privacy and security • Security vulnerabilities in IoT sys-tems let attackers access private data and cause physical harm in cases such as medical devices and connected vehicles.• Many IoT companies have little Internet security expertise.• IoT device resource and connec-tivity constraints make security and vulnerability patching more dificult.• Smart city vulnerabilities can be hard to fix and present signifi-cant safety issues (e.g. in traffic lights).• Innocuous sensor data can be linked together to create detailed individual profiles and used to infer sensitive personal information, such as medical disorders. This may lead to discrimination in employment, financial and healthcare services.• Ensuring security and privacy from outset of IoT system design process.• Development of co-regulation by all stakeholders to protect secu-rity and privacy.• Further development of privacy and consumer protection rules to ensure security testing of IoT systems that process sensitive personal data.