IoT regulation needs to overcome a number of obstacles, starting with the lack of a commonly accepted definition of the IoT. Therefore, Chapter 1 will depart from a legal ontology of the IoT, including an account of the differences to related concepts, such as cyber-physical systems and Industry 4.0. It will then critically analyse the reasons that it is difficult to understand how existing laws apply to the IoT and to identify the best way to regulate this sociotechnological phenomenon. These difficulties relate to the impossibility to agree on one IoT taxonomy, the complexity of the relevant supply chain, and its intrinsically transnational nature. I pay particular attention to some attempts to deal with the IoT’s global character, from the GDPR’s jurisdictional overreach to more moderate solutions falling under the Digital Single Market strategy, including the regulations on the cross-border portability of online content services, geoblocking, and free flow of nonpersonal data. I will proceed by analysing some regulatory options with a focus on the EU strategy on the IoT and shedding light on the regulatory spectrum having self-regulation and soft laws at one end, and top-down regulation and hard laws at the other end. I will conclude by discussing some proposals on how to regulate the IoT in the future and advocating for an integrated non-binary approach to the matter.