Blog / IoT Fundamentals
IoT Fundamentals IoT standardsMatterThread

IoT Standards and Consortia: Matter, Thread, OCF, and Who's Setting the Rules

Navigate the complex IoT standards landscape — Matter, Thread, OCF, oneM2M, W3C WoT, and more — and understand who's shaping the future of connected devices.

UABit Team
· · 9 min read
IoT Standards and Consortia: Matter, Thread, OCF, and Who's Setting the Rules

The IoT industry has a standards problem — or more precisely, it has too many standards. Dozens of consortia, alliances, working groups, and standards bodies have produced overlapping specifications covering device communication, security, data modeling, and device management. For product teams, this fragmentation creates real engineering and business decisions: which standards to implement, which certification programs to pursue, and which industry bodies to engage with. This guide maps the key players and standards in the IoT landscape and explains what each one actually means for your product.

Why IoT Standards Matter

Before diving into specific standards, it’s worth being explicit about why this matters for product teams:

Interoperability is the most immediate benefit. A device that implements a widely-adopted standard can work with infrastructure, controllers, and other devices from other vendors without custom integration work. For consumers, this means products that “just work” together. For enterprises, it means avoiding vendor lock-in.

Certification and regulatory requirements are increasingly tied to standards compliance. Some markets require specific certifications before products can be sold. The EU’s Radio Equipment Directive, for example, mandates cybersecurity requirements for connected devices that align with existing standards.

Ecosystem access often depends on standards compliance. Amazon’s Alexa, Apple’s HomeKit, and Google Home each had proprietary requirements before Matter. Now, Matter compliance unlocks access to all three ecosystems simultaneously.

Engineering efficiency — implementing a published standard is typically faster and cheaper than inventing a custom protocol, and the interoperability testing that comes with certification catches bugs that might otherwise reach customers.

Matter: The Smart Home’s Long-Awaited Unified Standard

Matter is the most significant IoT standard development of the past decade. Finalized in November 2022 (v1.0) and now at v1.3, Matter represents an unprecedented coalition of smart home competitors agreeing on a common application-layer protocol.

The backstory: Before Matter, the smart home market was fragmented into proprietary silos. Amazon Alexa, Google Home, Apple HomeKit, and Samsung SmartThings each required separate certification programs and separate firmware implementation — sometimes different protocol stacks entirely. A manufacturer wanting to reach all users had to build for all four ecosystems separately. This was expensive, and consumers were frustrated by incompatible products.

The Connectivity Standards Alliance (CSA), formerly the Zigbee Alliance, brought together Amazon, Apple, Google, Samsung, and over 500 other companies to create Matter — a unified application layer standard.

Matter technical architecture:

  • Application layer: Matter defines device types (light, lock, thermostat, sensor, etc.), their mandatory and optional attributes, and the commands they support. All Matter devices of the same device type are functionally equivalent from the controller’s perspective.
  • Transport options: Matter devices can use Thread (for battery-powered mesh devices), Wi-Fi (for high-bandwidth or mains-powered devices), or Ethernet.
  • Security: Matter mandates device attestation using a unique certificate chain during commissioning, TLS 1.3 for session security, and CASE (Certificate Authenticated Session Establishment) for secure communication.
  • Commissioning: The process of adding a device to a network is standardized — scan a QR code or enter a numeric passcode, and the Matter controller handles the rest regardless of which ecosystem you’re using.

Matter v1.3 expanded device types include energy management (smart EV chargers, solar inverters, battery storage systems), water controls, and enhanced camera specifications.

The CSA’s Matter GitHub repository is entirely open-source, which is another major advantage over previous proprietary approaches.

Impact for product teams: If you’re building consumer smart home devices and want access to the Apple, Google, Amazon, and Samsung ecosystems, Matter is now essentially mandatory. The certification program through the CSA includes a test harness and an accredited test lab process.

Thread: The IPv6 Mesh Behind Matter

Thread is the network layer that Matter’s battery-powered devices use. Developed by the Thread Group (a separate consortium from the CSA, though with significant membership overlap), Thread is an IPv6-based mesh networking protocol built on IEEE 802.15.4.

Thread key characteristics:

  • IPv6 native: Every Thread device has an IPv6 address. This eliminates the need for protocol translation gateways — Thread devices are directly addressable on the IP network.
  • Mesh networking: Thread devices with mains power serve as routers, extending the network’s range and resilience. Battery-powered devices are end nodes.
  • Border Router: A Thread Border Router (often a smart speaker or hub) bridges Thread devices to the home IP network (Wi-Fi/Ethernet).
  • Self-healing: If a router device is removed or fails, the mesh automatically recomputes routes around it.
  • Security: Thread uses DTLS for link layer security, and the mesh key is provisioned during network setup.

Thread is the successor to Zigbee at the network layer (it uses the same 802.15.4 PHY) but replaces Zigbee’s proprietary network and application protocols with standard IP protocols. This is a fundamental architectural improvement that enables seamless internet connectivity without gateways.

The Thread Group manages the specification and certification program. Thread 1.3 adds enhanced security features and support for larger networks.

IoT standards landscape showing Matter, Thread, OCF, and their relationships

OCF: Open Connectivity Foundation

The Open Connectivity Foundation (OCF) developed a broader IoT framework not limited to smart home applications. OCF’s scope covers industrial, healthcare, and commercial IoT alongside consumer devices.

OCF’s core specifications:

  • OCF Core — defines the fundamental resource model, discovery mechanisms, and communication protocols (CoAP over UDP, with security via DTLS)
  • OCF Security Specification — device onboarding, access control, and credential management
  • OCF Device Specifications — device type definitions for lights, switches, HVAC, and many other categories

OCF uses a RESTful resource model where every device capability is represented as a resource (similar to a web URL) that can be read, observed, and manipulated. This model is familiar to web developers and enables straightforward integration with web services.

Intel and Samsung have been particularly active OCF contributors. The open-source IoTivity project implements the OCF specification.

oneM2M: The Telecom Industry’s IoT Framework

oneM2M was developed by a consortium of telecommunications standards bodies (ETSI, ARIB, TIA, and others) and focuses on creating a common service layer for IoT that can work across different access networks and device types.

OneM2M’s architecture is built around a Common Service Layer (CSL) that sits between application-specific code and network infrastructure. It provides:

  • Device registration and management
  • Data storage and subscriptions
  • Security and access control
  • Interworking with heterogeneous networks

OneM2M is particularly relevant for industrial and smart city IoT applications where multi-vendor, multi-network interoperability is critical. It has found significant adoption in smart utility metering, connected vehicles, and industrial M2M applications in Europe and Asia.

W3C Web of Things (WoT)

The W3C Web of Things (WoT) working group has developed standards that describe IoT devices using web technologies, making devices discoverable and usable by web-based systems.

Thing Description (TD): A JSON-LD document that describes a device’s properties, actions, and events — its capabilities and how to interact with them. A TD is like a machine-readable datasheet for an IoT device.

WoT Architecture: Defines how devices can be integrated into web-based systems, enabling the web ecosystem (APIs, hypermedia, linked data) to interact with physical devices.

WoT is particularly valuable in scenarios where IoT devices need to be integrated into web applications or where discoverability and semantic interoperability are important. W3C’s WoT specification is freely available.

Industrial IoT Standards: IEC 62443, ISA-95, OPC-UA

Industrial IoT has its own standards ecosystem, distinct from consumer IoT:

OPC-UA (OPC Unified Architecture) is the de facto standard for industrial device communication and data modeling. It provides a platform-independent, service-oriented architecture for data exchange in industrial systems. OPC-UA over TSN (Time Sensitive Networking) is emerging as the foundation for Industry 4.0 factory networks.

IEC 62443 is the comprehensive cybersecurity standard for Industrial Automation and Control Systems (IACS). It addresses security from device level through control system through enterprise system — essential reading for anyone deploying industrial IoT in manufacturing, energy, or critical infrastructure.

ISA-95 defines the interface between enterprise and control systems — the framework for integrating factory floor IoT data with ERP and MES systems.

MQTT Sparkplug — an industrial extension of MQTT that adds a standardized payload format for industrial equipment data, supporting state management, device birth/death certificates, and historical data.

IoT Security Standards: The Baseline Requirements

Multiple organizations are working to establish minimum security baselines for IoT devices:

ETSI EN 303 645 — the first globally applicable consumer IoT security standard. Mandates: no default universal passwords, implementing vulnerability disclosure policies, keeping software updated, securely storing credentials, encrypted communication, minimized attack surface, and more. Now referenced in UK’s PSTI Act and forthcoming EU requirements.

NIST IR 8259 — NIST’s baseline activities for manufacturers of IoT devices, influential in US federal procurement.

IoT Security Foundation (IoTSF) Best Practice Guidelinespractical, detailed guidance covering 13 security provisions, widely used as a design checklist.

PSA Certified — ARM’s Platform Security Architecture certification program for silicon vendors and device manufacturers, providing a framework for implementing device security from the silicon up.

With so many standards and bodies, how should a product team prioritize?

Start with your target market and use case:

  • Consumer smart home → Matter (and Thread for battery devices) is now the clear answer
  • Industrial IoT → OPC-UA for device communication; IEC 62443 for security; ISA-95 for enterprise integration
  • Utility metering → DLMS/COSEM; oneM2M for service layer
  • Cross-industry commercial IoT → OCF or proprietary with WoT TD for discoverability

Address security compliance early:

  • Target EU market? ETSI EN 303 645 should be a design requirement from day one
  • US federal or critical infrastructure? NIST IR 8259 and IEC 62443 apply
  • IoTSF guidelines are valuable for any market

Evaluate certification costs and timelines:

  • Matter certification involves test lab fees and can take weeks to months
  • Thread certification is relatively streamlined for devices using Thread-certified silicon
  • Multiple certifications can be pursued in parallel to save calendar time

Monitor the landscape for evolution: Matter v1.4 and beyond will add more device types. Thread 1.4 is in development. The OCF and WoT communities are active. Standards work takes years — design for flexibility so you can adapt as requirements evolve.

UABit’s IoT consulting team helps clients navigate standards compliance requirements and plan certification strategies for their specific target markets.

Conclusion

The IoT standards landscape is complex but increasingly converging. Matter has resolved the most painful smart home fragmentation. Industrial IoT has strong standards leadership with OPC-UA and IEC 62443. Security requirements are crystallizing into mandatory baselines in major markets.

For product teams, the practical implication is clear: standards compliance is no longer optional. Build standards support into your architecture from day one rather than bolting it on later. Understand which standards apply to your target markets and device categories, and budget certification time and cost into your product roadmap.

Further reading:

IoT & AIoT Weekly

Get the best IoT development content delivered weekly. No noise, just signal.

IoT standardsMatterThreadOCFinteroperabilitysmart home