The 2025 State of Industrial IoT Device Lifecycle Management highlights top challenges OEMs must overcome to succeed in a software-first world.
California-based Northern.tech, specializing in device lifecycle management, released its inaugural State of Industrial IoT Device Lifecycle Management report, uncovering how original equipment manufacturers (OEMs) are navigating the shift to a software-centric economy—and the operational, cultural, and compliance challenges that come with it.
As IoT adoption accelerates, OEMs’ ability to securely and efficiently manage smart products across the lifecycle is emerging as a key differentiator. The report, based on insights from over 500 embedded professionals across industries, details how organizations are progressing and where gaps remain.
Key findings include:
- Security and time-to-market are ranked equally as top business priorities—but most organizations struggle to balance both.
- Only one-fifth of OEMs are implementing a compliance plan for the EU Cyber Resilience Act, despite penalties being 20 months away.
- Nearly half of product launch delays stem from software issues like bugs, deployment problems, and new security patches.
- Device lifecycle management (DLM) remains immature across the market, with over a third citing prioritization as the top roadblock to establishing an explicit DLM process.
OEMs Struggle to Adopt a Digital Mindset
Physical-product-based strategies are no longer sustainable in an era where software and AI dictate innovation and customer retention, according to the report. As software becomes central to product value, managing connected devices across their lifecycle becomes increasingly complex. From improvements and vulnerability patching to compliance and support, OEMs must rethink their approach to embedded systems, product development, maintenance and long-term customer relationships.
“The shift to software-defined products requires more than acknowledgement,” says Eystein Stenberg, co-founder and chief technology officer of Northern.tech, in a release. “It demands mature, secure, and scalable infrastructure to support real-world complexity, whether you’re managing a fleet of industrial robots or millions of connected medical devices.”
OEMs must adopt software-first approaches to product design, development, and management while adapting revenue models to support ongoing requirements of software-based products. At the same time, OEMs must refine their strategies to avoid software development pitfalls causing launch delays and fully capitalize on software-driven growth.
Bridging the Compliance and Cybersecurity Gap
While awareness around cybersecurity and regulatory mandates is high, execution remains a challenge. “Security and compliance can’t be afterthoughts,” adds Stenberg. “They need to be baked into the full product lifecycle—from design to deployment and beyond.”
The report outlines a significant maturity gap in IoT security strategies. While more than half of respondents claim to comply or plan to comply with cybersecurity regulations, nearly one-fifth admit they have no compliance plan, and another fifth are unsure of which regulations or standards apply. Regarding vulnerability remediation, under one-quarter of OEMs can deploy a security update within weeks, highlighting a disconnect between perceived readiness and actual incident response capabilities.
Supporting the IoT Ecosystem with Actionable Insights
As IoT and connected devices grow in impact, OEMs are slowly recognizing the strategic need to adapt, according to the report. The acceleration toward a software-centric economy requires OEMs to navigate new technical, operational, cultural, and strategic hurdles to remain competitive and generate value.
The report aims to help OEMs benchmark their progress, understand emerging risks, and explore the strategies leading teams are using to compete in a software-first economy.
ID 180968454 © Oleg Chumakov | Dreamstime.com
