THE PURPOSE OF REGULATION
Most regulatory authorities and regulatory structures exist to give effect to government policy objectives, but regulation is not an end in itself. Regulation is the action that encourages (or enforces) compliance with a law, rule, or other directive prescribed by authority to regulate conduct. This is necessary to create order and protect citizens; sometimes it exists to promote fair competition.
THE REGULATION OF ICT
The Information, Communications and Technology or ICT sector – also known as telecoms and broadcasting, or audiovisual services and electronic communications – is a critical part of the economy. It literally provides connectivity between citizens, citizens and government, and between governments. The regulation of this sector is becoming more challenging because there are fewer boundaries between types of services and technologies, and it is more difficult to recognize and regulate types of behaviour according to categories of licence or other authorization, or type of equipment and service.
Having focused on types of service and types of technology for decades, regulation is changing. The only constant is perhaps whether or not a service or a platform requires access to a scarce resource such as numbers, land, or radio frequency spectrum, as these resources continue to be held and allocated by the State or its regulatory representatives. One of the most obvious trends in regulation in developed countries is the trend towards deregulation and increase in reliance on codes of conduct or self-regulation, except where consumer interests are concerned.
Content is far more important than it ever was because the number of ways in which different types of content can be made available is increasing, and the type of platform over which content is distributed is no longer as relevant. This is because most platforms conform to recognized and approved international standards – they must do so to be able to be interoperable, interconnected, and indistinguishable to users whose interests are primarily in what they can access, rather than how they access it.
REGULATION IN 2021 AND BEYOND
Some of the changes that are taking place in ICT that regulation must consider and address are:
The virtualization of networks: next-generation networks or NGNs in mobile now consist in ‘open’ and ‘virtualized’ radio access networks; ‘open’ because software platforms are more important than equipment traditionally sold by network vendors, allowing for more choice of supplier. Traditional regulators don’t regulate ‘virtual’ or computerized systems. Interconnection is not necessarily a physical activity any longer, and software suppliers self-regulate their programmes to focus on speed of delivery of communications over multi-purpose processors.
Increase in cloud services: remote working and Big Data have increased the need for remote storage like the cloud. The ‘cloud’ has been managed to a large extent by practical considerations, the location of a data centre, redundancy, disaster management, and security. Cybercrime and data protection issues are front of mind more often than practical considerations of network-sharing (although these still exist and continue to be important for various reasons). However, the number of companies that own and provide cloud storage and could be said to control access to and the flow of information are more concerning from a competition point of view, than regulation of type approval.
Data protection and privacy: it’s a natural consequence of the increase in cloud activity that privacy issues would be front of mind. Wearables enable the collection of intimate data and its use by a variety of third parties, but does the person wearing it really know what the data is being used for? Algorithms are being developed to push content to users based on previous choices they made in selecting a Netflix movie, or a book on Amazon, or even buying a basket of groceries online from a supermarket. Who can collect, process and disclose information about companies and individuals (and even governments and their activities) is now at least as important as who supplied the fibre to the data centre and whether they allow others to connect to that fibre.
The rise of IoT, AI and OTT: regulation of ‘the internet’ has been mostly about access, speeds, security, peering exchanges, and price. The rise of social media has increased regulatory vigilance in relation to communications that incite violence or civil unrest or constitute hate speech, the need to protect children from harmful content, and hacking, fraud and dealing with the consequences. However, using the internet and interconnected platforms to deliver information generated by machines instead of humans or allowing humans to generate their own content and make it generally available to anyone in the world, has created intellectual and practical challenges for regulators. How do you identify the creator of and stop unacceptable social media posts, or AI bots used for hacking, and is it a good or bad thing that human interaction with systems has become more limited, and reliance on system-generated information so much more accepted?
THE NEW REGULATORY TOOLKIT
The traditional regulatory toolkit has consisted in the power to make regulations and to enforce them through oversight, monitoring and reporting. In the case of a breach, after a notice period, defaulters can be fined, their licences suspended or revoked, and additional (more onerous) conditions applied to them. Dispute resolution by the regulator has been useful, and of course, market inquiries and ex-post analysis have been vital to promote and sustain competition.
Regulation of the ICT landscape of the next decade will continue to draw on these same concepts, but regulators must also recognise that other skills are necessary to deal with developments in the market, as for example, ‘monitoring’ will be largely useless. Notice and take-down powers; strength in economics, research and technical expertise; and a firm grasp on the power and reach of technology as well as content are critical. Old-fashioned processes, layers of management, and traditional form-filling and board meetings are simply not going to work. This means new blood and new structures within existing regulatory bodies must be provided for and put in place without delay.