Category: Cyber-physical risk · Reviewed by Jake Leat, Associate Director · Last reviewed 2026-06-10
Connected home insurance is residential property insurance integrating consumer IoT devices — typically leak detectors, smart smoke alarms, thermostats and security sensors — for risk monitoring, pre-loss intervention and premium incentives.
Connected home propositions have been offered in the UK by Aviva, Direct Line, Hiscox and others since the mid-2010s. The product remains a conventional contract of home insurance governed by ICOBS and the Consumer Duty; the IoT layer is a value-added component of the customer journey.
Definition
A connected home insurance product typically includes one or more of:
Leak detection — sensors installed under sinks, behind appliances and at stop-cocks (e.g., LeakBot, Ondo, Grohe Sense);
Smart smoke and CO alarms — Hive, Google Nest Protect, Honeywell devices;
Thermostats and climate control — Nest, Hive, Tado, Honeywell Evohome;
Connected door locks and security cameras — Yale, Ring (Amazon), Hive View, Eufy;
Aggregation hubs — controlling and surfacing alerts from multiple devices.
The insurance product typically offers a premium discount for installation and continued connectivity, and provides for monitoring with consented data sharing to the insurer or its service partner.
Legal / Regulatory basis
The relevant UK frameworks are:
Financial Services and Markets Act 2000 and ICOBS — for the underlying home insurance contract.
FCA Handbook PROD 4 — for product oversight and governance.
FCA PS22/9 — Consumer Duty; particular attention to whether premium incentives offer fair value, especially in light of the cost of devices and the value of telemetry data.
FCA PS21/5 — General Insurance Pricing Practices; ensuring no renewal price discrimination by reason of telemetry use.
UK GDPR and the Data Protection Act 2018:
Article 5 — data minimisation and storage limitation;
Article 9 — special category data implications where devices collect health-indicative information;
Article 22 — restrictions on solely automated decisions producing legal or similarly significant effects, including for premium-setting;
Article 25 — data protection by design and by default;
Article 35 — DPIA where high-risk processing is involved.
Product Security and Telecommunications Infrastructure Act 2022 and SI 2023/1007 — minimum security requirements for relevant connectable products supplied to UK consumers, in force from 29 April 2024.
ICO, Internet of Things guidance and Smart home guidance.
How it works in practice
A typical connected home journey runs as follows:
Quote stage — the insurer indicates a premium discount of 5–15% for installation of a specified device suite. The customer is given the data privacy notice and a consent form.
Device supply — devices are supplied free or at subsidised cost; installation may be self-service or via a partner engineer.
Connection and onboarding — the customer installs an app and connects the devices to their home Wi-Fi. The insurer’s platform receives event data only (e.g., leak detected; smoke alarm triggered), not continuous video or audio.
Monitoring — alerts are processed by the insurer’s claims partner; on a confirmed leak, the partner contacts the customer and arranges a plumber.
Renewal — discount continues subject to continued connectivity.
Care is taken in the design of automated discount changes so that any solely automated decision producing legal or similarly significant effects is avoided, or appropriate safeguards are put in place under UK GDPR Article 22.
Common variations / Subsequent developments
LeakBot bundles — Hiscox and Direct Line have run LeakBot programmes; Aviva has trialled Ondo.
Hive-led propositions — Centrica’s Hive brand has had insurer partnerships including Direct Line.
Hub-agnostic products — recognising any smoke alarm or leak detector model meeting a specification (rather than tying to a single OEM).
Tenant cover — devices supplied to tenants by landlords, with insurance benefit to the landlord; raises consent design questions.
The PSTI Act 2022 regime is a material factor since 29 April 2024: insurers should require manufacturer compliance with the PSTI Regulations 2023.
Example
A UK homeowner buys household insurance with a £350 annual premium. The insurer offers a 10% discount conditional on installation of a leak detector and smart smoke alarm provided free of charge. The customer installs both and connects them via Wi-Fi. Six months later, the leak detector identifies high humidity behind a washing machine; the insurer’s partner contacts the customer and arranges a plumber within four hours. A pipe replacement averts an escape of water that would have caused approximately £6,000 of damage. No claim is made; the discount continues at renewal. The customer’s data is processed under a UK GDPR-compliant privacy notice; a DPIA was completed before launch.
Data Protection Act 2018; UK GDPR Articles 5, 6, 9, 22, 25, 35.
ICO, Internet of Things guidance; Smart home guidance, ico.org.uk.
Product Security and Telecommunications Infrastructure Act 2022 and SI 2023/1007.
IAIS, Application Paper on Cyber Risk Underwriting (2020).
This entry is part of the Apex Insurance Wiki. Last reviewed by Matt Bartlett on 2026-06-10. Next review: 2026-12-10.
Apex Insurance Brokers Limited. Authorised and regulated by the Financial Conduct Authority, FRN 724952. Registered in England and Wales, Companies House 07014570. This entry provides general information about UK insurance concepts and is not regulated advice. Consult your insurance broker on your specific position.
Our service promise. We acknowledge every quote request the same working day. For straightforward risks, indicative terms typically follow within five working days. Complex risks — higher-risk buildings, cladding, mid-term proposals requiring fresh underwriting — may take longer; we’ll send you a progress note by the end of the fifth working day in those cases.