Tech regulation – The UK and EU run a split A/B test; Guest Blog - Linklaters
Following Brexit, the UK and the EU are now on different paths when it comes to regulation. The EU has chosen to introduce a comprehensive package of digital regulation that will have a significant effect on everyone in the sector. In contrast, the UK has chosen to take a much lighter touch, eschewing regulation altogether in some cases.
Who will come out on top of this regulatory split A/B test remains to be seen and depends largely on how you define success. The UK can, however, point to some early wins such as the fact it will host the first major global summit on AI safety later on this year. We dig into the detail of these different offerings below.
EU – A comprehensive Digital Package
For many years, the EU’s digital regulatory framework focused on cybersecurity and the protection of personal data. However, this changed with the arrival of the new European Commission under the leadership of Ursula von der Leyen who has unleashed a range of new initiatives to:
- Ensure technology works for the people.
- Enable a fair and competitive digital economy.
- Achieve an open, democratic and sustainable society.
These objectives have been translated into practice through a broad range of instruments, some of which have already been adopted. Broadly speaking, those laws relate to:
- Ensuring the safe use of AI. The AI Act will create an entirely new regulatory framework for artificial intelligence and will be supported by the AI Liability Directive.
- Ratcheting up cyber security obligations. In particular, the Network and Information Systems Directive (NISD) will be replaced by NISD2 and the financial sector will face strict new digital operational resilience rules under DORA. Further obligations apply to electronic hardware and software under the Cyber Resilience Act.
- Protecting against online harms. The main instrument is the Digital Services Act, which will transform the approach to intermediary liability, but this is flanked by a range of other proposed new laws such as the European Media Freedom Act.
- Creating a data driven economy. Relevant instruments creating a framework for the safe exploitation of data include the Data Governance Act, the Data Act and the Health Data Spaces Regulation.
- Creating fair and contestable digital markets and platforms. This will be achieved through the Digital Markets Act and the Platform Workers Directive.
That new package is summarised in our handbook, here.
UK – Agile regulation
In contrast, the UK is taking a much more selective approach to regulation, with an emphasis on acting more quickly and agilely in response to rapidly changing technology developments.
This nimble approach is most evident in relation to AI. The UK Government issued a white paper in March: A pro-innovation approach to AI regulation that rejected specific regulation of AI and, in its place, recommended that relevant regulators simply apply five general principles to their regulation of AI. However, reacting to the recent sudden advances in AI, the Government is now considering specific legislation on AI and is working to coordinate global efforts to develop a shared approach to mitigate these risks
The light touch approach is evident in relation to data. The UK has decided not to mimic the EU’s data market regulation (such as under the EU Data Act and Health Data Spaces Regulation). It is instead relying on policy initiatives (such as the NHS “Data saves lives” initiative) and a set of relatively lightweight data access provisions in the new Data Protection and Digital Information Bill (No2).
However, the UK has also not held back all cases. In the online harms space, the UK Government is introducing its flagship Online Safety Bill that replicates some aspects of the EU Digital Services Act. It has also introduced the Digital Markets, Competition and Consumers Bill which is similar in purpose (if not detail) with the EU Digital Markets Acts.
The split A/B test
Which approach is best? The answer partly depends on how you define success given the slightly different emphasis between EU and UK.
The EU is very much focused on the protection of citizen rights and so its new package is designed to ensure technology works for the people and supports an open, democratic and sustainable society. In contrast, while the UK is determined to maintain high standards, it is also determined to reap the benefits of Brexit by driving innovation in expertise in order to “become a science and technology superpower by 2030”.
Even focused on the narrow priority of promoting innovation it will still be interesting to see how the different approaches play out and whether the UK or the EU are more successful in fostering an innovative tech ecosystem.
Regulating emerging technology risks smothering it and/or applying inappropriate obligations – but regulation can also encourage innovation by helping to provide certainty and building trust amongst consumers.
Another important factor is the overall size of the market being regulated. Whilst the EU’s new digital package undoubtedly imposes significant new regulatory burdens, it sets a common framework unlocking access to a single market of 440 million consumers. Any UK business operating in the EU will need to comply with those laws, so the creation of parallel but different laws in the UK is a potential disincentive to investment into the UK given the additional overhead this entails.
The UK Government has had some early successes with its more agile approach, both in terms of hosting the first major global summit on AI safety later on this year and Palantir’s very recent decision to put its European base for AI in the UK because of its favourable regulatory environment. However, it would be wise to take heed of the thought provoking conversations around innovation, diversity and transformation taking place during London Tech Week to ensure it is a global leader in regulation that supports sustainable innovation.