• Share this on:

Entering the European market for (Industrial) Internet of Things integrated with big data services

Takes 40 minutes to read

The European market for (I)IoT is a very promising market for offshore/nearshore service providers. It is characterised by innovation. Besides software development, opportunities in the (I)IoT market also involve hardware development and design. The (I)IoT market has opportunities not only in offering software development services, but also in developing and selling highly innovative products. Developing software for (I)IoT is similar to general software development, but you need additional knowledge, about platforms, frameworks, protocols and hardware, as well as relevant experience and skills. The (I)IoT also provides good opportunities for companies to innovate and develop new products.

1. What requirements must (I)IoT services comply with to be allowed on the European market?

There are many different markets and segments within the (I)IoT market that each have very different requirements. Requirements vary per industry, per segment and even per country. Different standards, rules and regulations exist for the automotive industry, education and healthcare. New legislation is always in the making. This makes it impossible to list (or to know about) all possible requirements. This is also confirmed by a study conducted by Hogan Lovell. You can regularly check the website of Or-Hof Technology & IP Law; they have a page that lists all current and new legislation regarding the IoT.

In this chapter, we explain the most general requirements and specify the most popular and/or promising product/market combinations. We advise each company to research their own (target) market.

What are mandatory requirements?

Mandatory outsourcing requirements for the European (I)IoT market can be divided into legal and non-legal mandatory requirements. Although non-legal requirements are not obligatory by law, they are considered minimum requirements to enter the European market.

Legal mandatory requirements

Legal mandatory requirements are requirements that are both legal and mandatory for companies entering the European (I)IoT outsourcing market. Legal requirements include legislation about copyright, personal data protection, the General Data Protection Regulation and the ePrivacy Directive.


Copyright refers to the legal protection of computer programs. The European Union has established specific rules to protect computer programs by means of copyright. According to the Directive on the legal protection of computer programs, you have to make sure not to breach any copyright when placing your computer program on the market. At the same time, your products are also protected against unauthorised reproduction under this directive (law).


  • Read more about the legal protection of computer programs on the website of the European Commission.
  • Check the exact regulations in your European target market. All European Union Member States have implemented the European Directive into national legislation. Although they are generally the same, there could be minor differences. Digital Europe regularly provides updates on IoT security and certification schemes.
  • Pay attention to copyright and infringement (the act of breaking or disobeying the contract) clauses in the contracts you sign with European buyers.

General Data Protection Regulation

The new General Data Protection Regulation (GDPR) came into effect on 25 may 2018. This regulation was designed to protect individuals in Europe from privacy and data breaches. It has since then also been incorporated into the European Economic Area (EEA) Agreement, which brings three of the European Free Trade Association (EFTA) states into the European single market. This means the new GDPR is also enforced in Iceland, Liechtenstein and Norway.

These new rules were introduced to give people more control over their personal data and let businesses benefit from a level playing field where the laws and regulations are the same in every country. The GDPR applies to all companies processing the personal data of individuals in Europe, regardless of the company’s location. This means it also applies to you directly.

Under the old directive, the protection of any data by which an individual can be identified was the sole responsibility of the data controller (owner). However, under the GDPR, any company or individual that processes data is also responsible for its protection. Examples of personal data that are protected by this regulation are names, email addresses, bank details, social media content, photos and IP addresses.

Some key consumer rights you must comply with include, but are not limited to:

Consent – consumers must explicitly consent by opting in, consent must be easy to withdraw and requests must be specific and in plain language.

Right to access consumers are entitled to know whether companies process their personal data, where they do so and for what purpose.

Right to be forgotten consumers are entitled to have their personal data erased and have processing and further dissemination halted.

Privacy by design – data protection should be included from the onset of designing systems. Data should be minimised and access limited.

The General Data Protection Regulation is very important in the (I)IoT industry, as (I)IoT use cases are always about data. In some cases, the GDPR requires the appointment of a Data Protection Officer, specifically if a company’s “core activities involve processing of sensitive data on a large scale or involve large-scale, regular and systematic monitoring of individuals”. The main tasks of a Data Protection Officer include informing their company of its obligations under data protection legislation and monitoring compliance.

You can use IDC’s GDPR Readiness Assessment to determine how compliant you are and what you may need to improve. Audit your current data to determine whether they are GDPR compliant. What data do you have, where and why? Did you or your client obtain explicit consent to use the data for this specific purpose?


  • Make sure you comply with the GDPR if you process data of European citizens (or sensitive information of any kind). Read this article about specific (I)IoT-related GDPR information. Study the GDPR’s new European data protection rules and principles if you are dealing with personal data. This will give you a good understanding of what is allowed and what is not.
  • Set up clear consent request forms and privacy policies that inform your and your client’s customers of how you process their personal data. For more information, see the GDPR consent guidance from the United Kingdom’s Information Commissioner’s Office and Econsultancy’s GDPR: How to create best practice privacy notices (with examples). Also, keep records of your obtained consent. See the advice from the Information Commissioner’s Office (ICO) on how to record consent.
  • Check the ePing website for an overview of country-specific measures that affect trade and differ from the international standards as well as for the contact persons per country that the World Trade Organisation (WTO) has appointed. You can also subscribe to receive alerts (called ePing alerts) that might be relevant for your product or service.

Personal data protection

Privacy is highly protected in Europe. The European Union has several directives in place for this purpose. Providers that do not respect these directives may be subject to enforcement actions and/or possible claims – even if they are located outside Europe. Personal data protection legislation is becoming increasingly important as the personal data aspect in (I)IoT is expected to grow very fast in the upcoming years.

ePrivacy regulation is important in most outsourcing industries, but particularly in the (I)IoT industry. The ePrivacy Directive (2002/58/EC), commonly known as the ”cookie law”, contains specific regulations for data protection in the electric communications sector. For example, sending unsolicited electronic messages (“spam”) is now controlled by the ePrivacy Directive and is no longer allowed. There are strict rules on the use of cookies and contact details may only be published with the subject’s consent.

A new ePrivacy Regulation was originally scheduled to enter into force along with the GDPR, but its implementation has since been delayed. The latest draft dates from February 2019 and was expected to enter into force at the end of 2019, but it is still waiting for approval at the beginning of 2020. The regulation is intended to safeguard the confidentiality of electronic communications through stronger privacy rules. Unlike the current directive, it includes Internet-based voice and messaging technologies such as Skype, WhatsApp and Facebook Messenger.

The ePrivacy regulation also clearly mentions the Internet of Things. It says: “the principle of confidentiality should apply to current and future means of communication”. This includes the Internet of Things. Moreover, the draft text says that specific safeguards must be in place in machine-to-machine communications.

Be aware of what data you store and where, to be able to comply with potential consumer requests. Note that the legislation on data protection is only relevant if your services involve personal data. Also, make sure your staff are aware of your policy, so they do not unintentionally violate GDPR regulations.


  • Read more about digital privacy on the website of the European Commission, where you can keep up to date on the reforms of the European ePrivacy rules.
  • Keep yourself informed about new rules and requirements in European countries that are relevant to your business. Contact Open Trade Gate Sweden if you have specific questions regarding rules and requirements in Sweden. Check the website of the government of the United Kingdom. They are working on new laws regarding Internet-connected devices. The laws are made to ensure that millions of household items that are connected to the Internet are better protected against cyber attacks.
  • Keep tracking the latest legal requirements drawn up by the European Commission. They have dedicated a section of their website to their policy on the market for the Internet of Things. Topics to keep an eye on are the EU Connected Communities Initiative, Network and Information Security and Cybercrime.

Non-legal mandatory requirements

There are also non-legal requirements that are considered mandatory by many European buyers of outsourcing services. Although these non-legal requirements are not obligatory by law, they are minimum requirements to enter the European market. Without fulfilling these requirements, your services will likely not be considered by European buyers.


Data security is one of the main challenges for IT outsourcing service providers. This includes both data protection and recovery systems. Many European buyers expect you to implement an information security and management system, especially in industries in which security is essential, such as finance and banking, healthcare or mobile applications. The ISO 27000-series contains common standards and guidelines for information security.

The ISO 27001 standard is an internationally recognised standard that provides requirements for an information security management system. Companies can become ISO 27001 certified if they comply with the standard. ISO 27002 is a supporting document to ISO 27001 that gives guidance and advice on the implementation of information security controls. Other supporting guideline documents in the ISO 27000-family are ISO 27003 and ISO 27004. ISO/IEC 27701:2019 is a certifiable privacy extension of ISO 27001, supporting the GDPR.

ETSI TS 103 645 is an important standard for consumer security in the Internet of Things. A number of organisations have developed security guidelines for the IoT. It is important to keep an eye out for other standards that are being developed and might increase in importance in the upcoming years. Examples of organisations that have developed security guidelines for the IoT can be found on the NCIPHER website, the GSMA website and the SENKI website.


  • Make sure you have effective security processes and systems in place, from business continuity and disaster recovery to virus protection. Consider obtaining the ISO/IEC 27701:2019 certification. To do so, you will need to either have an existing ISO 27001 certification or implement ISO 27001 and ISO 27701 together as a single implementation audit.
  • Ask your buyer to what extent they require you to implement a security management system like the ISO 27001 standard.
  • Regularly check the latest information on IoT security standards. This website gives an overview of such standards, and also mentions best practices. Also, look at initiatives at the country level. Finland has implemented a cybersecurity label for the IoT. Germany is working on a similar label, as are other European countries. Check your target market legislation for other country-specific IoT requirements.

What additional requirements do buyers often have?

European buyers of (I)IoT services often have additional requirements that are important to them when choosing an outsourcing provider. These refer to quality, privacy, security and corporate social responsibility (CSR). There has always been a debate within the sector on whether quality certification is important. If anything, it can show your commitment to your product or service and proves that you are a serious service provider focusing on your clients’ needs, quality and continuous improvements.

Quality management

Many European buyers only do business with companies that have a quality management system in place. Such a system shows that you are well organised and able to deliver the required service quality. They include, for example, backup and recovery schemes, network and infrastructure security, communication plans and relocation options. Acknowledged and common quality management systems are ISO 9001:2015 and the Capability Maturity Model Integration.

ISO 9001:2015

One of the best-known quality management standards is ISO 9001:2015. If you comply with ISO 9001:2015, you can obtain certification, but this is not a requirement.

Achieving ISO 9001:2015 certification or complying with it means that an organisation (or part of it) has demonstrated the following:

  • It follows the guidelines of the ISO 9001 standard.
  • It fulfils its own requirements.
  • It consistently meets customer requirements and statutory and regulatory requirements.
  • It maintains documentation.


  • Look at ISO/IEC/IEEE 90003:2018. This is a guideline (checklist) on how to apply ISO 9001:2005 for (I)IoT-related software development.

Capability Maturity Model Integration

Another option is the Capability Maturity Model Integration (CMMI), which has been adopted worldwide. You can achieve a rating (ranging from 1 to 5) based on your level of maturity. This rating indicates your improvement in multiple process areas. CMMI Services helps you to improve your capability to provide your customers with quality services.


  • Show that you are a professional company, by having good references, obtaining relevant industry certification, responding quickly, communicating regularly, offering constant quality, complying with contractual agreements and having a good and stable management team to lead the outsourcing project.
  • Invest in implementing (and using) a quality management system in your company. Even though quality management systems do not automatically guarantee "good-quality (I)IoT solutions", having one implemented and used consistently really helps to produce good-quality solutions.

Corporate Social Responsibility

Corporate Social Responsibility (CSR) refers to companies taking responsibility for their impact on the world. Not only in the products or services they offer, but also concerning consumer rights, education and training of staff, human rights, health, innovation, the environment and working conditions. For the IT and IT-related services outsourcing industry, its importance is debated, as its impact from small companies is often marginal.

CSR is becoming especially important to large companies and governments in Northern and Western Europe. Many European companies involve their suppliers in their CSR policies. In the future, CSR may well become a direct selection criterion. Having a well-documented CSR policy may therefore give you a competitive advantage over companies without one.

The ISO 26000 standard provides guidance on CSR. For small (I)IoT outsourcing companies, labour practices, fair operating practices and community involvement are the most relevant aspects of the ISO 26000 standard.

There are some new trends and initiatives to extend CSR into small IT businesses. Fairtrade software is an example of such an initiative. It means software that is developed for better prices, under decent working conditions, supporting local sustainability and with fair terms of trade.

Impact sourcing is another example. Impact sourcing is described as the integration of disadvantaged workers from low-employment areas into the processes of businesses from more economically advanced countries, either through outsourcing or by setting up remote or virtual teams using digital technology.

This makes impact sourcing fit perfectly in the (I)IoT services outsourcing market from developing countries. Impact sourcing has good potential for companies that wish to make their business more socially responsible.


  • Look at examples of small software companies engaging in CSR. For example, TELIT has a Modern Slavery Statement at the bottom of their website, which means that you can see it on every page. Read more about CSR in practice on the website of the European Commission.
  • Clearly communicate your commitment to CSR in your marketing activities. Also, show that you care about your impact on society and the environment by implementing your own CSR policy. It can be a unique selling point (USP) when your buyer has to select a provider.
  • Consult the ITC Sustainability Map for a full overview of certification schemes addressing sustainability in the IT outsourcing sector.

Knowledge about specific IoT technologies, platforms, frameworks and innovation

As an (I)IoT service provider, you continually have to stay on top of the developments in the market. European buyers expect you to be able to offer them the possibility to work with the latest technology. It is therefore very important to stay informed about specific IoT technologies, platforms, frameworks and innovation.


  • When you are considering a particular quality certification, ask yourself three questions before working out the details: is it good for my company? Is it good for my clients? Does it have marketing value? If you specialise or aim to specialise in offering (I)IoT services for particular sectors, find out which certifications are relevant.
  • Check if resources are available that might provide your company with financial support to achieve quality certification. Contact your national IT association (for example, TAG Georgia or BPESA from South Africa) or one of the business support organisations in your country responsible for (IT) export promotion. If you are an African (I)IoT service provider, take a look at the #FastTrackTech Africa Initiative by Intracen.
  • (I)IoT standards are evolving. Keep up with the latest developments by following the Industrial Internet Consortium, the Object Management Group, the Internet of Things Global Standards Initiative and the oneM2M websites.

What are the requirements for niche markets?

European buyers often require you to comply with a sector-specific and/or industry-specific standard or code of practice (if available). There are also many technologies, technical standards, protocols and frameworks related to (I)IoT. They are developed and maintained by a large number of organisations and they can differ significantly between niche markets.

In healthcare, for instance, Health Level 7 (HL7) and the Health Insurance Portability and Accountability Act (HIPAA) are important. In the automotive industry, MISRA and AUTOSAR are the two main coding standards used, but ISO 26262 and ISO 15504 are also applicable.

Below, we list some of the most important niche market requirements and requirements that affect the largest end markets for (I)IoT-related services.

Basel Committee Standards

The Basel Accords are a set of recommendations for regulations in the banking industry, developed by the Basel Committee on Banking Supervision. Basel I is the minimum requirement, often not accepted by European clients. Aim to get the Basel II and/or Basel III standard.

Other main European industries (in addition to financial services) to which sector-specific buyer requirements apply in relation to IT outsourcing are subject to sector-specific regulations that may include requirements related to outsourcing. Check the relevant country and industry-specific regulator for applicable regulations. Examples of sector/service-specific buyer requirements include COPC certification or ISO 18295-1:2017 for Contact centres and HL7 and HIPAA for Health and social care.

Cloud service providers

The Cloud Industry Forum has released a Code of Practice for Cloud Service Providers. They updated their Code in 2017 to incorporate key components of the General Data Protection Regulation. Following this code of practice is recommended for cloud service providers aiming for the EU/EFTA market.

Keep in mind that we only mention examples. Requirements for niche markets vary greatly because the (I)IoT market is very diverse. There is an immense amount of technology, and companies often focus on horizontal and/or vertical markets. So you have to research your own situation, market and requirements yourself.


2. Through what channels can you get (I)IoT Services on the European market?

How is the end market segmented?

The easiest way to segment the market for (I)IoT services is by vertical market (type of industry) or by horizontal market (type of service). In this chapter, we show you these two ways and the implications for your company.


Figure 1 shows the global IoT market share by subsector as it was in 2017. Most subsectors have become a commodity in the meantime. Some are still considered trending, as the top IoT trends in 2019 were ”welcoming 5G”, consumer convenience products, smart enterprises, cloud-to-edge computing and legal and ethical concerns. In all abovementioned subsectors, more than one-third of all projects take place in Europe. A little less than half take place in the Americas (North and South America combined) and less than one fifth take place in the Asia-Pacific (APAC) region.

In Europe, both consumer and industrial IoT are widely used. Opportunities for these services can be found in many different vertical industries. Consumer devices account for 63% of all (I)IoT devices and industrial devices account for the rest.

Figure 2 shows the predicted market size for IoT solutions in the European Union for 2025. This is the horizontal market. McKinsey predicts that the global IoT market will be worth €525 billion for IT-based spending alone. McKinsey also predicts a compound annual growth rate (CAGR) between 7 and 15% between 2018 and 2020.

On the service provider side, there are generalists and specialists. Generalists are (I)IoT service providers without any specific and considerable focus on or experience in a particular vertical or horizontal market segment. Specialists in the (I)IoT services market do have a focus on or a lot of experience in a particular vertical or horizontal market.

It is difficult to say which segment provides the best opportunities for you. Currently, the largest segments are smart cities, connected industry and manufacturing, smart buildings, smart energy, smart homes and connected health. For smaller (I)IoT providers, experts predict that the best chances on the Internet of Things market lie within smart manufacturing, connected health and wearables, retail and smart homes. This market segmentation applies to all countries in the European Union, although there are significant differences between the countries. We have added additional data for the most promising European markets for (I)IoT outsourcing services. For more information about these countries, please also read our Market Analysis study.


Germany was among the biggest spenders on the Internet of Things in 2019. Germany was responsible for 5% of all global IoT spending in 2019. This puts the country in fourth place, just behind Japan (9%) and before Korea (4%). Improving business processes is a very important driver for IoT deployment in Germany, and 18% Of German companies say that is their main goal.


France was among the biggest spenders on the Internet of Things in 2019. France was responsible for 3% of all global IoT spending in 2019. This puts the country in sixth place, just behind Korea (4%) and just before the United Kingdom. Of all reviewed companies in France, 16% say their main goal of IoT deployment is cost reduction. This makes France one of the top four countries that find cost reduction the most important driver. The other three countries are the United States of America (19%), the United Kingdom (18%) and Australia (15%).

United Kingdom

The United Kingdom was among the biggest spenders on the Internet of Things in 2019. The United Kingdom was responsible for 3% of all global IoT spending in 2019. This puts the country in seventh place, just behind France. Of all reviewed companies in the United Kingdom, 18% say their main goal of IoT deployment is cost reduction. Improving business processes is also a very important driver for companies from the United Kingdom that want to start using IoT, and 18% of the companies say that is their main goal.


The market value of the Internet of Things in Italy grew from 2 billion euros in 2015 to 5 billion euros in 2018. Smart meters and smart cars were the main drivers behind this growth. The growth is expected to continue to increase in the coming years. Of all reviewed Italian companies, 20% say “increasing competitiveness” is one of their main goals when deploying IoT.


The Spanish IoT market is segmented into three basic segments: infrastructure, vertical industries (type of industry) and application development. The biggest vertical industries for IoT solutions in Spain are healthcare, energy, public services, transportation, retail, individuals and manufacturing. The biggest players in the Spanish IoT industry include Dell EMC, AT&T Inc. and Apple Inc. Of all reviewed Spanish companies, 18% give “improving customer or citizen experience” as one of their main goals when deploying IoT.


  • When choosing an outsourcing destination, research the market for your services in that country. Find out what the most important drivers and obstacles are that companies from that country are dealing with. Look at this document by Forbes for more information on which IoT segment is the largest in various parts of the world.
  • Monitor market developments within the European (I)IoT market that are relevant for your company, by conducting Google searches that combine your product with a particular niche market.
  • If your (I)IoT service is a relative commodity, entering the European market can still be interesting. In that case, see if you can combine your service with a niche market focus, especially if you can find a niche market that is underserved with your type of solution.

Through what channels do (I)IoT services end up on the end market?

As a service provider in a developing country, you can use several trade channels to enter the European market. Figure 3 provides an overview of the trade structure for outsourcing. This structure is more or less the same in every European country.

How is the end market segmented?

Figure 3: Trade structure for outsourcing (I)IoT services in the European market
Trade structure for outsourcing IIoT

What is the most interesting channel for you?

The most common and most promising market entry channel for companies from developing countries that provide (I)IoT services is to find and work together with a European service provider. Other channels are working with a consultant/matchmaker, a sales/marketing representative, a local sales office or direct sales (possibly through online platforms).

Selecting a channel depends on your type of company, the nature of your product or service, your target market and the available resources for market entry. You must understand that, regardless of the channel you choose, marketing and promotion is a vital part of your market entry strategy. And you are responsible for your own marketing and promotion strategy.

European service provider

(I)IoT service providers from developing countries find a European service provider either directly or by working together with a matchmaker and/or a sales representative. According to industry experts, subcontracting for European service providers is the most realistic market entry channel. You can try to find a suitable partner on your own or work with an intermediary. Because many European companies prefer to deal with a local contact person, an intermediary is a good option.

A European service provider that is similar to your IT company would be your most suitable subcontractor. Ideally, this IT company should design, develop, market, sell and maintain (I)IoT solutions that are similar to yours.


  • Approaching European service providers directly is only recommended if you have experience in the target market. Otherwise, you should consider working with a consultant/matchmaker.


Consultants/matchmakers (just like sales and marketing representatives) usually work based on a retainer + success fee basis. This has a number of consequences related to marketing and contracting issues. A matchmaker is a person or a company with existing, relevant and ideally a large number of contacts in a specific market segment or industry.

A good consultant/matchmaker is therefore a “door opener” and not an agent to make cold calls or send cold emails. Matchmakers make appointments with prospects for you. However, the presentation and sales process remains in your own hands. This means that a consultant or matchmaker is a good option for you if you feel comfortable taking care of the presentation and sales process yourself.

It is also very important to consider the exit strategy in the contract. It is in the absolute interest of the service providers to clearly define a (shorter) period after which the contract can be terminated without any further consequences. This period is usually not longer than three or four months (after which the contract will be evaluated and can be terminated – for non-delivery for instance – or prolonged for another period). For this period, there should be clearly-defined delivery expectations and targets (for example, the number of relevant meetings and projects brought in). Negotiating a trial period can also be in the interest of the service provider.


  • When signing a contract with a consultant/matchmaker, ensure the remuneration is very clear for all parties. The retainer and the success fee together must provide a strong motivation for the matchmakers/sales representatives to deliver (the retainer should be high enough to cover some of the costs, but low enough to encourage delivery).
  • Make sure your contract does not limit the marketing coverage and activities of the service providers in any way or form.
  • Think about who would be a good sales representative for your company. Hint: your uncle who is living in Germany might not be the best choice.

Sales/marketing representative

A sales representative also does the sales and is sometimes also involved in the high-level management of the projects. Marketing and sales representatives (just like consultants and matchmakers) often work based on a retainer + success fee basis. The retainer must be paid even if there is no delivery by the matchmaker or sales representative. The success fee depends on what the matchmaker/sales representative has delivered. When working with intermediaries, aim for a retainer + success fee type of payment scheme. This combination should provide motivation for the intermediary to deliver.

A properly drafted contract, by a lawyer, is a must! In the contracting process, determining the exact level of the retainer as well as the success fee is very important. In case of sales representatives, determining the success fee is usually easier, because it is often a certain % of the projects they bring in. In IT outsourcing, there are no “off-the-shelf” sales representatives.

Involve a good lawyer who knows the applicable law of the country where the sales/marketing representative resides and has previous experience with this type of contracting. Pay special attention to exit clauses (how and when the contract can be ended), success criteria, deliverables and payments.


  • Check the size and value (quality) of your potential sales/marketing representative’s existing network. A good sales/marketing representative does not make cold calls in order to provide services for you. A good sales/marketing representative has a large, existing contact base. Your expenses will rise by having to pay a sales/marketing representative, but you will be free to concentrate on your service or product and search for other markets yourself.
  • Make sure you properly inform them about your company. For example, consultants speak with many potential customers and are often involved in creating long lists of potential outsourcing providers. The more information they have on your company and the better they understand your capabilities, the more they can spread the word about you.
  • Limit your risk by defining a trial period of a few months with concrete goals and deliverables. The sales/marketing representative should come up with a certain number of leads within the trial period. If this objective is not met, the contract can be ended. Be especially cautious if an intermediary works only based on a retainer or success fee, if an intermediary wants to work for you part-time besides their regular job or if they do not have an existing network of professional contacts.

Local sales office

Ideally, you should establish a local sales office in your European target market. A local presence makes it easier to build up long-term relationships with customers through personal contact. It also increases your credibility and builds trust. However, this is very difficult in practice, as it requires a lot of experience and large investments. Most companies in developing countries are simply too small and do not have the financial strength for this.


  • Establishing a local sales office is only recommended if you have experience in the target market and have built a steady clientele and reputation in the European market.
  • Be aware that establishing a local sales office will be very costly and you will need to have a strong financial position.

Direct sales (possibly through online market places)

You can also try to sell your (I)IoT services directly (even to European end users). Many European companies are looking for cost reduction and delivery capacity, which developing countries can often provide. This is one of your unique selling points.

The existence of electronic marketplaces may make direct sales easier. These marketplaces are a cheap marketing tool. They are expected to lead to lower transaction costs for searching, evaluating, integrating and monitoring (I)IoT services. Although they mainly contain smaller projects for freelancers, they could lead to pilot projects for companies. However, you would need excellent end-market knowledge.

For most suppliers from developing countries, it is very challenging to sell (I)IoT services directly. Sometimes, suppliers from developing countries team up with other service providers to make an offer for direct sales to European customers. Having one or more customers in Europe will help you find a suitable European customer, as references are a must when you want to enter this market through direct sales.

The main characteristics of direct sales to end users are as follows:

  • There must be a direct relationship between the service provider and the end customer.
  • You must have a lot of exporting experience.

Direct sales to end users can be interesting if you:

  • have experience in the European market;
  • are a large company;
  • want to target large European end users;
  • focus on a small, underserviced niche market.


  • Look for potential leads in the field of (I)IoT services on online outsourcing marketplaces. For example, UpWork and Freelancer are both very interesting for freelancers or really small companies. The platform LinkedIn can be very useful for making initial contacts and for conducting market research.
  • Have a professional, high-quality company website. This lets you present full, accurate and up-to-date details of your product/service offering at low cost. Make it compatible with mobile devices such as smartphones and tablets, as these are increasingly popular in Europe. Also, invest in Search Engine Marketing and Search Engine Optimisation, so potential customers can find you online.
  • Combine offline and online promotion channels to develop as many contacts as possible. This maximises your chances of finding suitable partners/customers. You can use social media as a marketing tool to reach potential customers, especially professional platforms like LinkedIn.

3. What competition do you face on the European (I)IoT services outsourcing market?

Which countries are you competing with?

For developing services in the fields of (I)IoT and big data, we have selected six countries that can be considered your strongest competition. It is important to note that, in general, European companies prefer to outsource services to providers within the same country (homesourcing). When they do outsource to companies abroad, they generally prefer nearshore locations, because of proximity, language, cultural similarities and the minimal time difference. For more information on nearshoring versus offshoring, please read our Market Analysis study.

Global Services Location Index

The competitiveness of an outsourcing destination can be measured by various factors: financial attractiveness, people skills and availability, business environment and digital resonance. Together, they form the Global Services Location Index (GSLI). In this chapter, we connected the country scores in the GSLI with the most competitive countries for (I)IoT service providers.

Table 1: Global Services Location Index

Financial attractiveness (35%)

People skills and availability (25%)

Business environment (25%)

Digital resonance (15%)

Compensation costs

ITO/BPO experience and skills

Country environment

Digital skills

Infrastructure costs

Labour force availability

Country infrastructure

Legal and cybersecurity

Tax and regulatory costs

Educational skills

Cultural adaptability

Corporate activity


Language skills

Security of IP


Source: Kearney analysis

India continues to lead the Global Services Location Index. This leading position is mainly due to the country’s unique combination of low-cost services and excellent English language skills. This attractive profile makes India a particularly strong contender on the IT outsourcing market. To stay ahead, the country needs to prepare for the shift from lower-skilled jobs that may be replaced by robots to more creative and highly-skilled work. This applies to other low-cost countries as well.

China, the Index’s runner-up, is catching up with India. The country has significantly increased its business environment score between 2017 and 2019 and performs well on digital resonance. In April 2019, Microsoft announced plans to open the world’s largest IoT and artificial intelligence laboratory in Shanghai. However, if the trade conflict between the United States of America and China and its technology companies continues, this may deter global investors from doing business with the country.

Egypt ranks 14th in the Index. Its considerable investments in infrastructure and cybersecurity are boosting the country’s business environment performance. The New Administrative Capital is designed as a Smart City using the Internet of Things and big data analytics, and is meant to create an Egyptian Silicon Valley.

Bulgaria, Poland and Czechia. The Index rankings of traditionally strong performers in Central and Eastern Europe are declining. Bulgaria now holds the 17th position (coming from 15th in 2017), due to decreases in compensation costs and ITO/BPO experience and skills. Poland used to be the highest-ranking Central and Eastern European country. Now, it has slipped to 24th, after ranking 12th in 2017. Czechia has dropped 17 places, to the 33rd position. In future, jobs demanding a higher degree of creativity and skills offer opportunities for these nearshore countries.

Russia and Ukraine. As relatively less established players from Eastern Europe, Russia and Ukraine are performing well. Russia has moved up 5 places in the Index, reaching 18th place. The country has considerably increased its country environment and country infrastructure scores. Similarly, Ukraine has climbed from number 24 to number 20 by boosting its scores on infrastructure costs and business environment. Although both countries showed declining people skills and availability scores, their improvements in other areas more than made up for this.


Which companies are you competing with?

There are many (I)IoT service providers in the world. It is impossible to mention all relevant companies from all the most competitive source countries, because the market is so diverse. Examples of (I)IoT service providers from the most competitive countries are:

Viron IT – a software development company based in Belarus. They specialise in IoT development, AR/VR applications and custom software solutions. They have carried out over 500 projects for over 300 high-profile companies in eHealth, sports, banking, retail, marketing, gaming and other industries. Their website is of very good quality. They clearly list their services, projects and awards.

OSDB – a Ukraine-based company that helps other companies with their IoT prototypes to develop software infrastructure, connect their devices to the world and get the utmost from the data they receive. They focus on manual processes automation, workflow optimisation and new ways of user engagement.

Click and Grow – this is not an example of an (I)IoT company from a developing country. Click and Grow is based in the United Kingdom. It is, however, an interesting example, because it is very different from typical (I)IoT companies. It offers IoT solutions for homes and gardening.

Their system of garden capsules and pads is IoT-based, as it involves automatic watering, nutrients injection, special lighting and oxygen supply. Such “zero-effort” home gardening for plants and flowers includes tools and elements like plant capsules and kits, soil nanomaterials, timers, low energy consumption, self-watering tanks, biodomes, various indicators and more.


  • Visit leading European trade fairs regularly to meet competitors and potential customers. Do your homework and select the events very carefully. Only attend events that fit your profile well. Many trade events directories are available online, such as 10Times, Expo Database and UK Exhibitions. Create a list of relevant events and update this list regularly.
  • Use the services of your national export promotion agency and actively participate in the creation of export strategies. Search company databases to find more competing companies. These databases can be free, like company.info, or paid, via chambers of commerce (for example, the Kamer van Koophandel in the Netherlands) or commercial databases like Bold Data. Identify which databases will benefit your search and use them to create a list of potential customers to target.
  • Find out how your country gets ranked on the various lists of (I)IoT service providers that are present on the Internet. There are many sources on the Internet that make lists like that. An example from January 2020 is this list by The Manifest: top 100 Internet of Things companies.

Which products are you competing with?

In the (I)IoT sector, the product is the service. This means that the real question here is: what makes one service provider different from another? The answer is: technical knowledge, available capacity, references, domain knowledge, flexibility, reliability, communication and language capabilities, quality management, security infrastructure, vertical and/or horizontal market focus and niche market orientation, among other things. The location (country) of the service provider is also an important factor.

For Internet of Things service providers, combining your offer with big data services gives you a great competitive advantage, as these two often go hand in hand. There are good opportunities for suppliers from developing countries to enter the European market, as the European market is not yet matured (Internet of Things combined with big data services is not yet a commodity). There are good opportunities for software (and hardware) development services and product development for the European market.


  • Invest in country branding. Look at our Doing Business study [KJ1] for more information on this topic.
  • Find out how you can get a competitive advantage. Think about cost, quality, technology or product characteristics. Look at this website by HackerRank, which presents their Developer Skills Report every year. You can find, among other things, the most popular programming languages, the most popular frameworks, the kind of frameworks hiring managers want versus the frameworks developers know (so you can see where there is more demand than supply) and much more.
  • Keep an eye on the innovation initiatives for the Internet of Things. One particularly good source is the Alliance of Internet of Things Innovations.

4. What are the prices for (I)IoT services outsourcing?

When trying to make a sale in Europe, it is very important to offer the right price. For (I)IoT services outsourcing, price is often not the most important selection criterion, but the price has to be right and competitive. The price of (I)IoT-related services is influenced by factors such as technology requirements, skill levels, complexity of the projects, length of the contract and other SLA requirements.

Unfortunately, it is not possible to make an exact price breakdown. First of all, (I)IoT projects are so diverse that it is impossible to make one price breakdown that suits all (or even most) projects. Secondly, it requires so much estimating and unforeseen elements that even the process itself is an estimation, and definitely not an exact, scientific process. Also, if the project makes use of Agile methodologies, there is no pre-determined specification, which makes estimation a big challenge.

So how do you determine the price of a project in (I)IoT outsourcing services?

Determining the price of an (I)IoT project starts with determining the work that has to be done, the time it will probably take, the skills needed, the people who will do the work and their salaries. With this information, you can make a planned, detailed schedule (including milestones and a delivery schedule), so you know how many people will spend how many hours on the project. You can calculate the salary of the people working on the project by working with the links in the tips section. Do not forget the costs of overhead, unforeseen costs and other costs, and of course your profit expectations. These are all estimations.

Based on this process, you can calculate the total price, the hourly price as well as the average price for the project. This hourly price is the one you communicate to your prospects. In any case, talking with your prospects is the best way to make sure that your prices are competitive. And if they are not, what is the justification (one that the prospects will accept!) for that?

You must choose a price model for your product or service. For (I)IoT, it is most common to work with all-inclusive offers, also known as a fixed-price contract. Other (I)IoT outsourcing models are time and material model, dedicated development teams or resources and offshore development centre.

When you make your prospect an offer, include the price. Be transparent about the number of hours you expect to work on the project and the hourly tariffs. Break down your tariffs by stating the price for each person working on the project (for example: junior developer, senior developer, designer or tester). For more information on pricing models in outsourcing, please read this document. Also, go beyond setting the right price. You should work out your pricing strategy, including your and your clients’ preferred pricing model, payment terms/expectations, how and when you provide discounts and so on.


  • Average prices can be more easily determined by country or by region, or by people’s position. To study those average prices, please have a look at the blogs of Aria, IEEE Xplore or Pricing Solutions.
  • Develop your pricing strategy. Research the average salaries in your European target country, for example via Payscale, a global database for salary profiles. Collect pricing information about your competitors. Then analyse your costs and profit (margin) expectations to calculate your price and find the right price for your service.
  • Create the “ideal” client persona. This will help you tailor your offer. An example of a buyer persona: “a technology provider with fewer than 200 staff in the Rhineland area, specialised in Internet of Things and big data services”.

This study has been carried out on behalf of CBI by Globally Cool.

Please review our market information disclaimer.

  • Share this on:

Download this research

The Market Entry

Download this research

Updated on

Do you have questions about this research?

Ask your question