Back

/ 5 min read

NOWIP: The Fragile Foundation of UK Telecare

Last Updated:

The uncomfortable truth about the UK telecare industry and NOW-IP BSI 8521-2

If you work anywhere near the UK telecare sector, you’ve probably heard of BSI 8521-2 — the so-called “IP standard” underpinning the country’s transition from analogue alarm systems to digital networks.

It was meant to be the future: a modern, IP-based replacement for the DTMF tones that have carried social alarms for decades. Instead, it’s a textbook case of how not to design a protocol.

When you dig beneath the industry marketing veneer, you discover something alarming: the entire standard depends on a non-conformant implementation of SIP (RFC 3261) — the same signalling protocol used for VoIP calls worldwide.

In other words, the UK’s critical alarm infrastructure rests on a brittle, bespoke, and fundamentally broken interpretation of a global standard.

SIP done wrong

SIP — the Session Initiation Protocol — has been around since the early 2000s. It defines exactly how endpoints should initiate, negotiate, and terminate sessions (like phone calls or video chats). It’s predictable, stateful, and carefully structured.

BSI 8521-2, however, rewrites the rulebook.

Its call flow diagrams show “100 Trying” messages being sent before an INVITE, and alarm messages (ATMs) transmitted before a media session is even established — directly violating the SIP state machine defined in RFC 3261.

The result?

Standards-compliant devices like Cisco, Sangoma, or Asterisk IP-PBXs reject these malformed messages. To make the system work, many UK vendors have resorted to modifying SIP stacks in the form of custom rolled software based PBX e.g. Asterisk, FreePBX — a dangerous precedent that introduces incompatibility and fragility into every layer of the telecare ecosystem.

Why this breaks basic network tenets

From a network theory standpoint, the protocol’s failure is predictable.

Three key principles have been ignored:

  1. End-to-end transparency — A signalling protocol must behave consistently across any compliant network path. By altering SIP call sequencing, BS 8521-2 breaks the chain of transparency. Any intermediate proxy or SBC that follows RFC 3261 could drop, reject or misinterpret messages, severing the alarm flow.

  2. Layer separation — Each layer in the OSI model should only do its job. BS 8521-2 blurs boundaries by embedding application-specific semantics (alarms, acknowledgements, device commands) directly inside SIP signalling, turning what should be a session layer protocol into a fragile application transport hack.

  3. Two Generals Problem - The Two Generals’ Problem illustrates the impossibility of achieving guaranteed coordination over an unreliable communication channel. No matter how many acknowledgements are exchanged, there’s always uncertainty about whether the final message has been received.

This is precisely where NOWIP falls apart. Its Alarm Receiving Endpoint expects clients to acknowledge the closure of alarms after the SIP session has already been torn down — effectively asking one general to confirm a message using a line of communication that no longer exists. Once the SIP dialogue ends, there’s no guaranteed delivery path, meaning that final acknowledgement could be lost in transit.

In practical terms, this creates an unresolvable coordination gap: neither side can be sure whether the other successfully received the last message. It’s a textbook example of the Two Generals’ Problem, embedded at the heart of a national protocol.

To conclude - NOWIP effectively hijacks SIP’s Layer 7, embedding its own message semantics into a signalling protocol that was never intended to carry application data — a textbook violation of protocol layering.

A better path: WebRTC, SIP + MQTT

If the intent was to modernise telecare while remaining open and interoperable, a hybrid protocol would have been a better design.

SIP should have been used purely for what it’s good at — establishing sessions, maintaining media channels, and providing authentication and routing.
The actual alarm payloads (ATMs, acknowledgements, sensor states) should have been transmitted over a lightweight, message-oriented protocol like MQTT — purpose-built for IoT telemetry, guaranteed delivery, and publish/subscribe topologies.

This model would have offered:

  • Transport independence — MQTT handles unreliable or low-bandwidth links elegantly.
  • Scalability — brokers can manage thousands of concurrent clients securely.
  • State awareness — perfect for device fleets, sensors, and alarm units.
  • Protocol purity — SIP stays within its layer; MQTT handles application data.
  • Stateful - State machines at Device / Server would have separation of concern from the state machine of call setup and tear down.

Instead, by forcing SIP to carry alarm messages, the standard has turned a stable telephony workhorse into a fragile single point of failure.

Why this matters

The UK telecare network supports millions of vulnerable people. As the analogue switch-off accelerates, more and more of these connections are being migrated onto IP. Every alarm raised, every health emergency acknowledged, depends on the reliability of this signalling.

Yet today, many providers are running bespoke SIP stacks patched to tolerate BS 8521-2’s invalid call flows. It works — until it doesn’t. And when it doesn’t, someone’s emergency call might never reach its destination.

Despite these shortcomings, the telecare industry and its “expert” bodies continue to recycle the same analog-to-digital talking points, when the fundamentals of the standards and the devices / alarm receiving centres that adopt them are technically flawed.

The way forward

BSI 8521-2 needs urgent revision, not patchwork fixes. The industry should:

  • Adopt formal SIP conformance testing against ETSI TS 102 027.
  • Refactor alarm signalling onto a separate, message-oriented layer (MQTT, AMQP, or similar).
  • Encourage open, verifiable interoperability rather than vendor-specific “interpretations” of a fundamentally broken protocol.
  • Adopt readily available 3GPP, IoT standards that are commonplace in robust sectors

The future of telecare shouldn’t depend on bending SIP until it breaks.
It’s time to rebuild on solid foundations — with transparency, modularity, and genuine interoperability at the core.