I don’t know about your IoT product, but many such IoT products are never updated after they have been deployed, and fixing bugs in those might be problematic. If it turns out that your NTP implementation has a bug (for example if it starts sending requests endlessly when it encounters a leap second), having a vendor zone would help in controlling the damage. I would heartily recommend getting a vendor zone.
If this is not an option for you, you could always run your own NTP servers and point the devices to those.
Theoretically you could also use the NTP servers specified by the clients’ ISP but unfortunately very few ISPs provide that information. One can hope that this will change some day.