Should you still use LoRaWAN in a connected device in 2026?

People still ask us for LoRaWAN in every shape and form. Especially large municipalities that have invested in their private networks and want to keep feeding them. That's understandable.

But honestly? At Codium, we consider LoRaWAN to be an outdated technology for most new projects. Here is why.

LoRa — we know it inside out

Codium's founders cut their teeth designing a large number of LoRa connected devices. A lot. Water meters, parking sensors, presence detectors, tank monitoring systems, fixed asset trackers… We learned CSS modulation from the ground up, debugged DR (Data Rate) issues, and optimised frames down to the last byte.

And we fully understand why LoRa was a revolution. In the 2010s, it was objectively a brilliant technology. It ticked every box for low-cost, long-range connected devices:

2012

Semtech acquires Cycleo LoRa modulation exists. Exceptional range, low power consumption, contained cost, free frequencies (868 MHz in Europe). Nothing else like it existed. No serious competitor — neither on unlicensed frequencies, nor on licensed ones (Sigfox is too proprietary and too niche).

2015–16

Orange and Bouygues deploy their LoRaWAN networks in France The hype begins. Meanwhile, 3GPP finalises the LTE-M standard — but few operators have deployed it yet. LoRa has no competition.

2016–2019

The era of experimentation and first deployments Local authorities test, pilot, and validate. Companies commercialise their first devices. The ability to run your own network on an unlicensed frequency with €200 gateways is a compelling argument. Independence from operators is attractive.

2020–2022

Cities scale up Pilots are validated, mass deployments begin. Tens of thousands of devices on the same 868 MHz spectrum. And the first problems appear.

2023–2026

The CRA, spectrum saturation, and field reality The band is saturated in dense areas. The Cyber Resilience Act arrives. And it becomes clear that LoRaWAN is architecturally incompatible with modern security requirements.

The first problem: unlicensed spectrum saturation

LoRa operates in the 868 MHz band in Europe. This band is unlicensed — that is its historical advantage. It is also its Achilles' heel: it is shared with every other device transmitting in the vicinity.

In the 2010s, when there were a few thousand devices in a city, it worked very well. Today, in a metropolitan area that has deployed its network of meters, parking sensors, water network monitoring, and street lighting — all on LoRa — the spectrum is saturated.

30–40%

That is the LoRa frame loss rate observed in dense urban areas today.
LoRa was not designed to handle massive load increases in a single area. When thousands of devices transmit in the same spectral space, frame collisions explode.

For simple meter reading — where a measurement is sent once a day and losing a message here and there has no consequence — it still holds up. But as soon as you go beyond that use case, it becomes problematic.

What we're increasingly being asked to do — and can no longer do in LoRa

Active security functions: gate locking, intrusion detection, site monitoring, technical alarms. With the connectivity constraint of: the municipality's brand-new private LoRaWAN network. And that's a no. The principle is simple: when you lose 30 to 40% of frames, you can no longer do security or monitoring. It makes no sense.

The killing blow: LoRaWAN is incompatible with the CRA

The Cyber Resilience Act mandates — among other things — that every connected product must be able to receive security updates (OTA). This is non-negotiable. It is one of the cornerstones of the CRA.

And LoRaWAN, architecturally, cannot do it. Not really.

Why OTA firmware updates over LoRa at fleet scale are an illusion

Purists will say that LoRaWAN supports downlinks (Class B, Class C, receive windows). Technically true. In practice, on a real fleet in an urban area:

Gateway duty cycle
limited to 1%

Downlink throughput
a few kb/s

Downlink frame loss
30–40%

Firmware fragmentation
hundreds of chunks

Updating a fleet of 1,000 devices: weeks. Months. If it ever finishes.

😅 OK, maybe in 100 years, or by accepting draining the batteries of every device being updated, it's possible. Meanwhile, the CRA applies from 2027.

This is not an opinion: the inability to perform reliable large-scale firmware updates architecturally disqualifies LoRaWAN from new regulatory obligations. This is not a matter of will or effort — it is a physical and protocol constraint.

LTE-M and NB-IoT: managed radio, not hoped-for radio

Yes, LTE-M and NB-IoT operate on licensed frequencies. Yes, we depend on operators. That is the point that rankles — and we understand why.

But you need to understand what it gives you in return. The fundamental difference from LoRa is that cellular radio is orchestrated to the microsecond.

The YouTube video being streamed from a smartphone on the same network, the water meter data sent once a day, and the urgent alarm message arriving in an emergency — all of these are interleaved with priority rules, throughput, and energy management specific to each type of device. Every frame arrives. You know it arrives. That is fundamentally different from an unlicensed spectrum where devices transmit more or less when they want, hoping there will be no collision.

✅

Real quality of service

The frame reaches its destination. That is guaranteed. Not a statistical average, not "usually". Every message.

🔋

Comparable ultra low-power

PSM (Power Saving Mode) + eDRX: standby current < 1 µA. Battery life of around 10 years, on a par with LoRa.

📡

Reliable downlink communication

You can wake a device, send it a command, do downlink — and it actually works. This opens up use cases that LoRa simply cannot address.

🔐

Secure OTA — CRA compliant

Remote firmware update, encrypted, with delivery confirmation. Across a fleet of thousands of devices, it is achievable in a few hours.

🚨

New security use cases

Electric strikes, intrusion detection, technical alarms, remote locking — functions impossible in LoRa with a 30–40% frame loss rate.

🌍

Global coverage, low costs

Specialised IoT MVNOs offer subscriptions for a few euros per year with coverage in 170+ countries. The cost argument collapses.

The truth about the LoRa "private network"

The idea of operating your own device network independently, without relying on an operator, remains appealing on paper. We understand why it has motivated significant investment from local authorities.

But in the field, we observe something interesting: the local authorities that deployed their private LoRa networks are now outsourcing maintenance to third-party private companies. The gateway on the town hall roof, network firmware issues, LoRaWAN server updates, coverage monitoring…

The much-vaunted independence is, in practice, quite relative. And I am not convinced that the cost per byte is genuinely lower than what an IoT MVNO can offer today.

Criterion	LoRaWAN	LTE-M / NB-IoT
Reception reliability (urban area)	60–70% (30–40% frame loss)	> 99%
Downlink communication	Theoretical / unreliable	Reliable, bidirectional
OTA firmware at fleet scale	Practically impossible	Standard, encrypted
CRA compliance (2027)	Incompatible	Compliant
Active security use cases	Impossible	Native
Saturation in dense areas	Real problem	Managed by operator
Power consumption / battery life	Excellent	Equivalent (PSM)
Module cost	€3–6	€5–10
Annual network cost per device	~€0 (private network)	€1–5 (IoT MVNO)
Infrastructure to deploy	Gateway + server + maintenance	Zero — operator network
Global coverage	Variable (gateway-dependent)	176 countries
Device mobility	Not supported	Native (LTE-M)

Our conclusion — clear-cut

Codium's position in 2026

For any new connected device project, we advise against LoRaWAN. Spectrum saturation, the practical impossibility of reliable OTA firmware updates, and incompatibility with the CRA make it a short-term regulatory and technical dead end. LTE-M or NB-IoT are now our default recommendations.

Are there still cases where LoRa is relevant? For simple, stationary meter reading, in a low-density area, with no active security requirement, for a client who controls their own network and has no CRA constraints — yes, it can still hold up. But it is a shrinking niche.

For everything else — and in particular for all the things local authorities now want to do with their device networks: monitoring, security, alerts, remote control — LoRa cannot deliver. This is not a question of effort or investment. It is an architectural limitation.

Bonus — The next technology

DECT NR+ with Nordic Semiconductor: the best of both worlds?

In certain contexts, the need to operate your own device network economically and independently remains important and legitimate. That is why at Codium, we are currently working with Nordic Semiconductor on a technology that we find very promising: DECT NR+.

The idea is simple and elegant: running 5G-derived radio technologies on unlicensed bands (1.9 GHz in Europe). The result is potentially the best of both worlds — operator independence and full control of your own network as with LoRa, combined with the protocol robustness, quality of service, and intelligent traffic management that characterise modern cellular networks.

We are convinced this is a technology with a future. We are actively contributing to it alongside other partners with the aim of making it available to our clients as soon as possible.

→ Learn more about our work on DECT NR+

A connected device project to design?

We help you choose the right radio technology for your use case — LoRa, LTE-M, NB-IoT, DECT NR+ — and we design the electronics end to end.

Our LTE-M expertise Contact us