Re: ThIrd party support by law
"If IoT software breaks (or a vulnerability becomes known) then I can only go to the manufacturer"
Which is one big reason why, although my home is heavily automated, I have never, and will never, use a commercial IoT "solution". The biggest reason, though, is that commercial "solutions" invariably require talking to a cloud server somewhere. The next big reason is that there is no way commercial solutions can be considered anything close to secure.