What is anticipatory regulation?

A judges gavel on a circuit board.
Gavel on circuit board

Technology moves fast these days – and it’s going to move even faster in the future. The process of drawing up regulation to address these new technologies, by contrast, is slow and bureaucratic, and often runs far behind the development curve. This disparity can be a major problem, as regulations are needed to protect our freedoms and rights, particularly in respect of our data and how it’s used. But regulation that’s not fit for purpose can hamper development of beneficial new products and services, or inadvertently create issues that affect competition and service operation.

Anticipatory regulation, a new model for developing regulatory frameworks, is designed to overcome these problems. It is forward looking and aims to allow technological development while also ensuring the creation and implementation of effective regulation.

Keeping a few paces ahead

The concept behind anticipatory regulation is it allows lawmakers and regulators to see the direction of travel of technology development, which helps them develop forward looking regulation. “It gives policymakers and regulators an insight into emerging technologies,” explains Tiernan Kenny, public policy manager at tech public policy firm Access Partnership. “This means that they are less likely to be forced into reactive rushed regulatory responses when a new technology emerges on to the market and upsets the status quo or causes harm.”

It can also provide useful guidance to developers, helping to ensure they don’t take a route which might lead to difficulties complying with regulation when trying to bring products to market. One way of doing this is through sandboxing. Samantha Walsh, a regulation and transformation expert at PA Consulting, says: “A number of progressive regulators use sandboxes to support tech firms to experiment in a safe environment. For example, after the ICO found that the Royal Free NHS Foundation Trust failed to comply with the Data Protection Act in sharing patient data with Google DeepMind, they set up a regulatory sandbox to help firms innovate using data within DPA boundaries and build public trust in innovation.”

One of the areas where anticipatory regulation has been particularly well used is in financial services. Explaining the reason for this, Tim Mackey, principal security strategist for the Synopsys Cybersecurity Research Centre, says: “Anticipatory regulation is most successful when there are a strong set of goals with existing regulatory frameworks. This is why it has seen success within financial services. Everyone can agree on what negative outcomes are to be avoided and thus can invest in understanding how a technology benefits society.”

The healthcare sector is another prime candidate, and there is a particularly pertinent aspect to this at the moment. “With COVID-19 lockdowns creating demand for tele-medicine solutions and health management apps, concerns around the protection of patient data, both at rest within a provider and as it is processed by those within both the provider network and the digital supply chain of applications, present opportunities for healthcare regulators to better define what the public should expect from large scale tele-medicine and tele-health solutions,” says Mackey.

It’s also possible to identify not only individual sectors that could be particularly attuned to anticipatory regulation, but also certain technologies. The thorny issue of artificial intelligence (AI) stands out in particular. James Moar, lead analyst at Juniper Research, says it could, “clarify several questions around responsibility for data processing, blame, and ownership of the products of AI, before it becomes burdened with a body of case law and precedent from laws that were not created with AI in mind”.

Mind the gap

In setting up an anticipatory legislation framework it’s important for regulators to be mindful of potential issues. Moar points out that the regulation doesn’t have to be specific to the tech sector to create issues within it. One example, he says, is “the way that digital platforms like Facebook have been able to avoid responsibility for content on their platforms by citing Section 230 of the Communications Decency Act, which is widely credited with creating the free and open internet today”.

Importantly, once in place it’s hard to roll legislation back, which can create difficulties in bringing about meaningful legislative change in some industries; so it’s important to get the regulation right first time around. Mackey adds another note of caution, saying: “Regulators aren’t innovators and shouldn’t attempt to define implementation details for any new technology. Instead they should focus their attention on areas of concern and collaborate with innovators in defining methods to measure compliance.”


The IT Pro Podcast: Happy birthday GDPR

As GDPR turns two, we look back on its impact and how it’s changed data protection - if at all


While enabling frameworks like sandboxes can be very helpful, Kenny notes there is always a risk they are too restrictive, meaning companies aren’t sufficiently incentivised to use them and regulators don’t gather enough data or insights into how business models perform under different regulatory frameworks.

All in all, anticipatory regulation has benefits for both regulators and developers, providing it’s implemented carefully and sensitively, with a hand that is firm but not too firm, supportive of innovation but not too lax, and, above all, with its eye firmly on the future.

Sandra Vogel
Freelance journalist

Sandra Vogel is a freelance journalist with decades of experience in long-form and explainer content, research papers, case studies, white papers, blogs, books, and hardware reviews. She has contributed to ZDNet, national newspapers and many of the best known technology web sites.

At ITPro, Sandra has contributed articles on artificial intelligence (AI), measures that can be taken to cope with inflation, the telecoms industry, risk management, and C-suite strategies. In the past, Sandra also contributed handset reviews for ITPro and has written for the brand for more than 13 years in total.