OPC UA in Practice: When It's Right, When It's Overkill
OPC UA for industrial IoT — what it does well, where it's overkill, integration with MQTT Sparkplug, and the practical patterns we deploy on real plants.
OPC UA is the default for serious industrial automation in 2026. It is also genuinely complex — too complex for many smaller projects, and that complexity is often the reason teams reach for something simpler. Here is when it earns its place and when something else does.
What OPC UA actually is
OPC UA (Unified Architecture) is a service-oriented protocol for industrial machine-to-machine communication. Three parts that matter:
-
Information modelling — every device exposes a structured tree of nodes, each with a strongly-typed value, metadata, and optional methods. Standard models for major equipment classes (motors, drives, robots) are published as Companion Specifications.
-
Transport flexibility — runs over TCP (binary, the default) or HTTPS (web-friendly). PubSub variants run over MQTT or UDP. The same data model can be served over multiple transports.
-
Security primitives — built-in mutual authentication via X.509 certs, encryption, signing. Considerably more mature than older industrial protocols.
That combination is why OPC UA wins in serious industrial deployments. The information modelling is what no other industrial protocol does as well.
Pick OPC UA when
- You need to integrate with modern PLCs (Siemens S7-1500, Beckhoff TwinCAT, Rockwell Logix 5000) that already speak OPC UA natively
- The integration target is a MES or ERP system that consumes OPC UA (SAP MII, Apriso, Opcenter)
- You need strongly-typed data models that survive equipment rotation (replace a motor with a different vendor’s motor; the OPC UA model is the same)
- The system has to be auditable — OPC UA’s security model is easier to defend than Modbus + a VPN
- Companion Specifications exist for your equipment class (machine tools, robots, packaging, weighing — all have published OPC UA Companion Specs)
Skip OPC UA when
- Equipment is older — mostly Modbus, BACnet, or proprietary serial — and the integration target is a small system. The OPC UA stack overhead is real.
- You’re building a smart-home product. OPC UA is industrial; consumer-IoT alternatives are right there.
- The team has no industrial-protocol experience and the project timeline is tight. The learning curve is months, not weeks.
- The data is simple time-series telemetry that fits naturally into MQTT. OPC UA’s information modelling is overkill for “send sensor reading X.”
OPC UA + MQTT (Sparkplug B)
The most common modern pattern in IIoT.
OPC UA at the edge speaks to PLCs and devices in the OPC UA dialect. A gateway converts OPC UA into MQTT messages following the Sparkplug B specification. Sparkplug B is, effectively, OPC UA’s information model serialised into a Protobuf-encoded MQTT payload.
Why this combination works:
- OPC UA at the edge gives you the type-safe, well-modelled industrial data
- MQTT in the cloud gives you the cheap, scalable pub/sub delivery
- Sparkplug B preserves the typed model across the boundary
- Both are open specs; no vendor lock-in
This pattern is the foundation of products from Cirrus Link, Inductive Automation (Ignition), and increasingly bundled into AWS IoT and Azure IoT solutions.
The boundary between OPC UA and MQTT
A few rules that hold up:
- OPC UA inside the plant, where machines need to talk to each other and to local SCADA/HMI
- Sparkplug B + MQTT for cloud egress, where the data leaves the plant for analytics and ERP integration
- Don’t run pure OPC UA over the internet. The protocol is firewall-hostile and the certificate management at scale is painful. Sparkplug B over MQTT is the right egress.
For broader platform context see our IIoT predictive maintenance post.
Implementation realities
Pick a real OPC UA stack
The protocol is complex enough that you want a tested stack, not a hand-rolled implementation. Options:
- open62541 — open source, C-based, embedded-friendly, mature
- eclipse Milo — open source, Java, server-side common
- node-opcua — open source, Node.js
- Vendor-specific — Siemens OPC UA SDK, Unified Automation toolkits — commercial-grade
For embedded IoT gateways, open62541 is the default. For cloud-side OPC UA clients consuming from edge gateways, node-opcua or eclipse Milo are common.
Certificate management
OPC UA mutual auth via X.509. At plant scale, the certificate lifecycle (issuance, rotation, revocation) is real engineering. Plan for it.
A common pattern:
- A plant-local CA issues device certificates
- Devices auto-enrol at first power-on
- Annual rotation triggered by a maintenance job
- Revocation list distributed via OPC UA’s GDS (Global Discovery Server) or a custom mechanism
This adds operational complexity. It’s also what makes the system actually secure.
Companion Specifications
Before designing your own information model, check if a Companion Specification exists. The big ones:
- OPC UA for Machinery (FDT, Umati) — generic machine tools and equipment
- OPC UA for Robotics — robot arms and cobots
- OPC UA for IO-Link — sensor and actuator level data
- OPC UA Companion for Building Information — facility data
Using a Companion Spec means your data model interoperates with everything else following the same spec. Inventing your own ties you into custom work forever.
What we typically deploy
For a plant-floor IIoT engagement in 2026:
- Edge gateway: Linux gateway running open62541 OPC UA client + Sparkplug B publisher to MQTT
- OPC UA targets: modern PLCs (Siemens S7-1500, Beckhoff) speaking OPC UA natively; legacy devices via Modbus-to-OPC UA wrappers
- Cloud broker: EMQX or AWS IoT Core configured for Sparkplug B
- Cloud consumers: stream processors that decode Sparkplug B and write to time-series + warehouse
- Information model: OPC UA Companion Spec where available; custom OPC UA model where not, documented and version-controlled
- Certificate management: plant-local CA with automated rotation
This stack is increasingly the right answer for serious industrial IoT projects. Less serious deployments (small commercial buildings, light manufacturing) often work well with just MQTT + Sparkplug B at the edge, skipping OPC UA entirely.
What we hand over
For an OPC UA engagement we ship:
- The information model documented as an OPC UA NodeSet XML
- Edge gateway containers with the OPC UA stack and Sparkplug B publisher
- Cloud-side decoder and storage pipeline
- Certificate management runbook
- Companion Spec compliance report (where applicable)
If you are weighing OPC UA or running a deployment that has hit the scaling cliff, we have shipped industrial protocol stacks across multiple plants.
Keep reading
-
Protocols
HL7 FHIR for Healthcare IoT: Practical Integration Guide
How to integrate connected medical devices with HL7 FHIR — the resource model, transport choices, conformance, and the patterns that survive an IT review.
Read -
Protocols
Modbus to MQTT Bridges: Three Patterns From Quick Win to Refactor
How to bridge legacy Modbus equipment into modern MQTT-based IoT platforms — three patterns from drop-in adapters to gateway-based refactors, with trade-offs.
Read -
Protocols
MQTT 5 Features Worth Adopting in 2026
The MQTT 5 features that earn their keep on real IoT products — flow control, message expiry, shared subscriptions, reason codes, and the upgrade story from 3.1.1.
Read