- Mindsailors
- Blog
- industrialdesign
- IoT Product Design: Why Connected Products Are So Hard to Get Right

Connected products - devices that combine hardware, firmware, wireless connectivity, and cloud dependency into a single system - are commonly referred to as IoT (Internet of Things) products. They take longer to build, fail at higher rates, and cost more to change than teams anticipate. Not because individual disciplines are poorly executed - but because they are poorly coordinated.
According to IoT Analytics, the average IoT product takes about 41 months to reach its first paying customer - nearly 80% longer than in 2020, when the comparable figure was approximately 23 months. This figure comes from a survey of 100 OEMs conducted as part of IoT Analytics' IoT Commercialization & Business Model Adoption Report, based on 2023 market data.
Although the survey focused primarily on industrial and OEM environments, several of the underlying engineering constraints - RF integration, OTA reliability, certification burden, and lifecycle security - are not inherently sector-specific and may apply broadly across consumer connected products as well. That extrapolation goes beyond the study's scope, but it is a reasonable hypothesis given the shared technical foundations.
The most widely cited figures on IoT initiative failure rates date from the mid-2010s and should be treated with caution. Cisco's 2017 survey of 1,845 IT and business decision-makers found that only 26% of companies reported complete IoT success - a blended figure that masked a sharper gap: IT respondents reported success at roughly 35%, while business decision-makers reported it at around 15%. Meanwhile, 60% of initiatives stalled at proof of concept. More recent data exists in proprietary research and analyst reports, but comparable public studies at that scale are not available. The structural conditions that produced those numbers - organizational misalignment, underestimated integration complexity, and unclear ownership - remain widely reported in practitioner literature.
Together, the extended time-to-market data and the historically low success rates point to a structural constraint, not a temporary slowdown - one rooted in how the disciplines of connected product development constrain one another.
IoT Is a Coupled System
This has direct consequences for how users experience connected products - not as interfaces, but as systems whose failure modes they cannot easily locate or explain. In conventional product development, disciplines often operate with meaningful sequential separation - hardware can be finalized before firmware is deeply constrained, and UX can be designed against a reasonably stable platform. In connected products, those boundaries disappear quickly. The disciplines themselves are familiar - the problem is that wireless communication, power constraints, regulatory compliance, and cloud dependency create physical and logical dependencies that cut across all of them simultaneously.
Antenna placement changes enclosure design. Power strategy affects PCB area and thermal behavior. Firmware architecture determines whether secure updates remain viable after launch. Compliance requirements shape both hardware and software long before the product looks finished.
This coupling is a primary driver of the extended time-to-market described at the outset. The more common failure pattern is not a single discipline breaking - it is a decision in one area quietly foreclosing options in every other, which is what the time-to-market data reflects.
Security and Compliance Cannot Be Added Late
A 2024 benchmark study by Memfault and VDC Research, drawing on a survey of more than 775 IoT development professionals, found that one-third of respondents do not believe their organization adequately tests the cybersecurity of its products. This reflects a deeper issue: security is still treated as a review-stage activity rather than an architectural constraint.
The Cyber Resilience Act introduces vulnerability reporting obligations from 11 September 2026. Manufacturers must report actively exploited vulnerabilities within 24 hours of becoming aware of them - initially to a national CSIRT (Computer Security Incident Response Team), with ENISA receiving the notification simultaneously as part of that routing - with additional notifications required within defined timelines. The main product obligations - covering secure design, lifecycle support, and documentation requirements - apply from 11 December 2027. Readers should verify these dates against the current Official Journal version, as implementation timelines have historically shifted. Meeting those obligations in practice requires systems capable of detecting and surfacing exploitation signals in real time - not just documentation processes. In regulated markets such as the EU, cybersecurity is increasingly becoming a market-access requirement.
Key security capabilities depend on early design decisions: secure boot depends on platform selection; OTA update reliability depends on memory layout and rollback strategy; and long-term vulnerability handling depends on lifecycle design choices made before the first prototype.
For consumer-facing connected products in Europe, ETSI EN 303 645 defines the security baseline, covering updates, credentials, vulnerability disclosure, and lifecycle support. Industrial and healthcare products fall under separate frameworks, but the underlying design principles - secure-by-default, lifecycle-aware architecture - apply across both contexts. In connected products, security is not a feature - it is part of the product definition.
Hardware Is Where Coupling Becomes Physical
First-pass EMC failure is widely regarded in the industry as common. Rohde & Schwarz states that over 50% of all products fail during first-pass EMC testing - a figure consistent with estimates from compliance consultancies across product categories. Rates vary by design maturity, with IoT-specific estimates running considerably higher. The rate is high enough that a first-pass failure should factor into schedule and budget planning from the outset.
The enclosure is never neutral in wireless products. Material choices, spacing, antenna placement, and internal geometry all affect RF performance. A design that works in CAD can fail once it is placed in its actual mechanical environment.
Certification turns this into a business constraint. For simpler products or those using pre-certified modules, FCC certification alone can run $1,000 to $10,000 according to published estimates from certification testing providers and compliance consultancies - for custom RF designs, and especially cellular products, costs can reach $50,000 to $200,000 or more.
Based on publicly available distributor pricing at time of writing, basic BLE and Wi-Fi modules commonly run $1–$10 at volume, while mid-range multi-protocol modules and cellular options such as LTE-M and NB-IoT can reach $10–$50 or more per unit depending on vendor and volume tier - though these figures shift with market conditions and should be verified against current distributor data. Failed submissions introduce redesign work, retesting, and schedule delays.
Pre-certified radio modules reduce certification risk but increase per-unit cost. Custom RF implementations can be more cost-effective at scale but require deeper expertise and carry higher upfront risk. The more consequential question is not which module to select, but when that decision was made.
Late RF architecture changes are a pattern embedded teams consistently identify as a major source of schedule and cost overruns - a view consistent with documented EMI failure patterns and broader embedded project data, though not yet established by a single traceable study.
.png)
Interoperability Is Where the Value Lives
McKinsey's 2015 IoT research identified interoperability as one of the strongest determinants of realized IoT value - a finding consistent with practitioner experience, even if the precise distribution varies by use case and market maturity. That research is over a decade old, and the interoperability landscape has changed materially since - particularly with the emergence of standards such as Matter and Thread, which did not exist at the time. The directional finding holds up in practice: siloed, non-interoperable deployments consistently leave substantial potential value unrealized.
Every layer of the stack fragments the problem. Teams must choose among Wi-Fi, Bluetooth, Zigbee, Thread, LoRa, LTE-M, and NB-IoT. Each choice cascades into protocol design, provisioning flows, cloud dependencies, identity models, and integration complexity. A decision that seems minor early in development often becomes a long-term constraint.
Standards such as Matter help reduce fragmentation, but they do not remove architectural complexity - they shift it earlier into hardware selection, firmware architecture, and connectivity strategy. Matter 1.5 (released November 2025) extended the specification to new product categories - cameras, closures, a new electrical energy tariff device type supporting real-time pricing and tariff data exchange (per CSA release notes), and full TCP support for high-bandwidth data transfer - and each new category increases the certification and architecture burden. The Matter ecosystem has grown substantially since its launch, though real-world interoperability challenges continue to surface across platforms.
The same principle applies to edge and cloud architectures. Latency-sensitive systems cannot always rely on centralized processing for real-time control - a constraint reflected in 3GPP TS 22.261, a 3GPP standard defining end-to-end latency requirements by service and use-case class for 5G networks - which illustrates the kind of architectural discipline real-time systems demand. When real-time behavior matters, architecture must reflect those constraints from the beginning. Latency constraints are not abstract engineering preferences - they determine whether the product behaves reliably under real-world conditions.
That fragmentation doesn't stop at the architecture layer - it surfaces directly in how users experience the product. When connectivity standards multiply, protocol boundaries blur, and cloud dependencies stack, the failure modes users encounter become harder to locate, harder to explain, and harder to recover from.
UX Is System Behavior, Not Interface Design
Connected-product UX cannot be fully understood through traditional interface-centric frameworks because IoT systems behave as distributed networks rather than isolated applications. When something fails, users rarely know where the problem originates - hardware, network, cloud infrastructure, account state, or automation logic. That ambiguity fundamentally changes how users experience reliability and trust in connected systems.
In practice, IoT UX failures tend to cluster around four interconnected dimensions that reflect the distributed nature of these systems: state visibility (users need to know what the system is currently doing), trust (behavior must be consistent enough to rely on over time), predictability (automations and schedules must behave as expected), and recovery (users need clear paths when something fails).
These dimensions are grounded in distributed systems UX research and align with established feedback and system-state principles in human-factors literature - most notably the requirement for continuous system status visibility and error recovery paths identified in foundational usability frameworks. These are not interface-design concerns - they are system-behavior concerns, shaped by the underlying architecture.
These dimensions matter because users interact with connected systems through multiple layers simultaneously: physical controls, mobile apps, cloud services, voice assistants, schedules, and third-party automations. Failures often emerge from the interaction between those layers rather than from a single interface.
A thermostat changing due to a hidden automation breaks predictability. A sensor going offline without notice breaks state visibility. A lock that works locally but fails remotely breaks trust. In each case, the failure is architectural before it is experiential - which is why recovery paths and system state need to be designed in, not discovered during user testing.
The Cost of Getting It Wrong Rises Fast
Late-stage changes in connected products are expensive because they propagate across disciplines. A board revision is not a simple iteration - it typically requires additional engineering work, retesting, new fixtures, sourcing delays, and downstream schedule impact. In practice, a single late-stage RF redesign can absorb weeks of engineering time, delay certification by months, and require new tooling - costs that compound across supply chain lead times and contractual delivery obligations.
NIST IR 8259, Foundational Cybersecurity Activities for IoT Product Manufacturers - under active revision as of 2026; readers should verify the current draft status at nist.gov - emphasizes lifecycle thinking, including maintenance, support, and end-of-life planning. The same logic applies to both security architecture and certification: neither can be treated as a final gate. Teams that defer both pay for it in redesign cycles, schedule overruns, and cascading constraints across every dependent discipline - which is why EMC compliance must be addressed earlier through enclosure design, antenna strategy, shielding, and pre-compliance testing.
Emerging connectivity standards raise the stakes further. Technologies such as Wi-Fi 6E and Wi-Fi 7, private 5G, and improved LTE-M coverage reduce some deployment friction, but they also tend to raise user and system expectations for reliability, seamless handoff, and low-latency performance. A product team designing a device with Wi-Fi 7 multi-link operation, for example, must decide early whether the firmware and radio stack can leverage simultaneous band operation - a decision that touches antenna layout, PCB design, and battery budget before a single line of application code is written. Teams that have already internalized parallel, constraint-aware design are better positioned to absorb that acceleration than those still treating disciplines as sequential.
Parallel Design Is the Structural Response
The extended time-to-market for IoT products reflects not only technical complexity but, in many cases, organizational misalignment - specifically the failure to surface coupled design decisions early enough for teams to act on them.
The teams that tend to ship well design in parallel. Antenna placement, enclosure geometry, and PCB layout are considered together. Compliance engineers participate in architecture decisions from the beginning. Firmware teams understand OTA and memory constraints before hardware decisions are finalized.
The challenge is often less about inventing a new methodology than about aligning disciplines early enough for coupled decisions to remain visible - and acting on that alignment before the cost of change becomes prohibitive. That alignment, more than any individual tool or process, is what determines whether coupled constraints surface early or late.
IoT Product Design: Why Connected Products Are So Hard to Get Right
Schedule an initial talk and get to know us better! You already have a basic brief? Send it over so we can have a more productive first meeting!
a meeting



