Sandbox-by-design: top-down and bottom-up regulatory approaches

Research note by Carlos Muñoz Ferrandis – PhD Researcher at the Max Planck Institute for Innovation and Competition (Munich); member of GIPLaw Research Group (University of Alicante); co-founder of HIGH (High Technology Law Forum).

Regulatory sandboxes are being increasingly adopted by both national legislators and private institutions all over the world. However, what was conceived a while ago as a modern regulatory model with a sector-specific focus, is now also progressively modulated by industry participants to serve competitive needs.

The sandbox theory

The sandbox is a regulatory paradigm based on experimentalism and flexibility, meant to keep with ever faster innovation paces in ICT industries. To do so, regulatory sandboxes set a testing framework where both the regulator and stakeholders engage and interact. The main aim is: (i) to assess a fast-paced adaptation of existing regulations to new market trends; and/or (ii) to suggest modifications of the sandbox participants’ business models to be able to comply with existing regulation. The sandbox articulates a trade-off between calibrated regulatory leniency and consumer safeguards.

On the one hand, regulators are able to constantly assess the suitability of existing legal frameworks with regards ongoing market dynamics. This might me transposed into an increased regulatory quality taking an innovation-friendly approach. Moreover, the data generated from the testbed might save transaction costs to the regulator when drafting/amending a new regulation.

On the other hand, economic actors integrating the sandbox seek to safely test their proposed business models and innovations by benefiting from a waiver of specific regulatory constrains (e.g. financial provisions; data protection; etc). This in turn might translate into a considerable reduction of (regulatory) barriers to enter the market.

Furthermore, depending on the sandbox’ entry requirements, several companies offering substitute product/services will try to enter the sandbox and a few or just one of them will be selected. The selected company will possibly hold an advantage and exclusive position in the market ex-post. This state-run artificial market phenomenon might alter the natural process of competition and risk to generate negative effects on competition. Hence, in some instances, the sandbox might simultaneously generate both positive and negative externalities for the market.

Photo by Free-Photos on Pixabay

A top-down approach to sandbox design

The leading approach to sandbox design is a state-led sector-specific regulatory one focusing on an industry in particular. There are three examples worth to mention: (i) fintech; (ii) artificial intelligence (AI); (iii) green technologies.

The fintech sector has been the one catching all the attention with regards the implementation of regulatory sandboxes. Back in 2015 the UK was the first country to set a fintech sandbox. Since then, several countries have followed this new line of regulatory policy aiming at adapting their legal frameworks to the ubiquity of digital technologies within traditional financial markets (e.g. peer-to-peer payment platforms; asset tokenization; cryptocurrency exchange). From a regulation perspective, the testing focus has targeted financial, securities, corporate and data protection laws.

When it comes to artificial intelligence, the EU is willing to pioneer an AI sandbox. Within its proposal for an AI Act, the European Commission devotes articles 53, 54, and 55 to the implementation of an AI sandbox focusing specifically on personal data protection regulation, benefiting start-ups and SMEs primarily. The main aim from a policy perspective is to foster innovation within the EU by setting a level playing field for European start-ups wherein AI-related innovations can be safely developed. The objectives of the AI sandbox are described in recitals 71 and 72 of the proposed regulation.

More tellingly, the application of regulatory sandboxes to the field of so-called green technologies deserves a closer look. The Hellenic Competition Commission recently published its “Sustainabile development competition law sandbox” project. The initiative seeks to promote practices which make a significant contribution to the public interest by enhancing sustainable development. In words of the initiative: “The aim is to increase legal certainty regarding the application of competition law for undertakings willing to invest in green transformation, to create new green products, to set green standards for the production of products, services, energy, etc., by facilitating their development through this initiative, for instance in order to raise funds from financial markets”.

Henceforth, from a public perspective, current trends towards regulatory sandboxes take a top-down approach by targeting a specific industry and field(s) of law wherein the public interest and consumer safeguards must be enhanced. However, ‘de jure’ sandboxes are not the only type of sandbox, there is another parallel ongoing trend in the sandbox realm led by the industry.

A bottom-up approach to sandbox design

The concept of the sandbox is also being progressively developed by the industry. Companies such as Google or Mastercard offer their own sandboxes. Whereas Google’s sandbox focuses on privacy-related concerns (see here its proposed Federated Learning of Cohorts), Mastercard’s sandbox targets the adoption of digital currencies, and more precisely central bank digital currencies, so-called CBDCs (see more information here and here).

Despite being used for ‘testing’ purposes, de facto sandboxes ran by industry incumbents might also follow strategic competitive aims. For instance, Mastercard invites both central banks and private banks to enter the sandbox to test the suitability of the CBDC in a specific region. Thus, in this case the state is not the one inviting the industry to test their innovations, conversely, it is an industry incumbent gathering public and private institutions around its platform. Although conceptually the same with regards de jure sandboxes, both the nature and aims of de facto sandboxes are different.

All in all, one could perceive sandboxes as a new regulatory market in which no legal standards nor institutions have yet occupied a leading position. Therefore, both public and private spheres are racing to extract the full benefits of this new regulatory model, in order to attract innovation and investment in their respective countries and/or markets. It remains to be further assessed the potential interactions between both de jure and de facto sandbox testing frameworks.