There are heartening signs of inputs being taken from domain experts in tech policy formulation
Last year, I wrote about three core considerations that I believe to be essential for good tech sector regulation. In the first place, I pointed out that regulators should identify the real regulatory objectives behind the laws they are rolling out. I then argued that in the context of technology, it is often far more effective to establish regulatory principles rather than trying to write rules that often only apply to a limited implementation of that technology. Finally, I suggested that the government should not be shy to ask for help at the first instance, calling on experts—technologists, economists, policy analysts and other specialists—to assist in the formulation of policies required to govern the sector.
For years, I’ve watched the country pass laws unsuited for the technologies they are supposed to govern. Given the rate at which technology evolves, in most instances, by the time the law comes into force, the technology has moved on, bringing a whole host of new issues that the already-outdated law is incapable of addressing. Since our lawmakers don’t fully seem to understand the technologies they are looking to regulate, their regulations are often designed to obfuscate rather than clarify, with the statutes filled with broad definitions that are intended to apply not just to activities within the immediate contemplation of the regulator but any others that might be applicable in the future. This is why our tech sector is hamstrung by restrictive laws and why tech companies function at the mercy of whatever interpretation regulators chooses to apply on a given day.
Early last week, the Telecom Regulatory Authority of India (TRAI) issued recommendations on the regulation of cloud services in India. It suggested adopting light-touch regulation for cloud service providers and called for the creation of an industry body that would work in close conjunction with the Department of Telecommunications (DoT) and TRAI to come up with an appropriate balance between regulation and the commercial freedom to operate.
Recommendations such as these, which encourage the establishment of self-regulatory organizations (SROs) and give them a meaningful role in the development of regulations for the sector, are welcome. In many ways, this approach checks the boxes on all three points that I argued were essential to the effective regulation of the tech sector. Since the SRO will have an opportunity to work in conjunction with the sector regulator, it will be able to feed into the regulatory process commercial inputs that will help develop better rounded regulatory objectives, appropriately taking into account societal and commercial imperatives.
By requiring light-touch regulation, the SRO will be forced to first evolve principles that can then be translated into use-specific regulations. Finally, the suggestion that an industry body composed of organizations operating in the sector should be involved in the formulation of regulations is indicative of the government’s desire to lean on the expertise that resides within industry to formulate regulations required to govern the space.
I am heartened to see signs of this approach manifest themselves in different parts of the tech sector. Before the TRAI went down this path, the Personal Data Protection Bill had called for SROs to develop Codes of Practice that would translate the privacy principles into sector-appropriate regulations. If more regulators take this co-regulatory approach to the tech sector, I believe that our laws will be able to address the rapidly evolving demands of modern technology in a far more agile and responsive manner.
We shouldn’t stop there, however.
Many of our recent achievements in the digital space owe their success to the proliferation of digital public infrastructure—from India’s payments infrastructure that includes the universal payment interface (UPI) and the account aggregator framework, to the National Digital Health Mission that, once implemented, will bring on-demand data portability to the healthcare sector. It is critically important, in my view, to make sure that this powerful infrastructure is kept current and up-to-date. This calls for actively evolving technical standards for this infrastructure that can account for the pace of technology evolution as well as respond to market demand for new and more innovative digital products.
Our regulators appear singularly ill-equipped to do this. They have neither the technical expertise to develop new versions of existing frameworks, nor the organizational muscle to keep the current frameworks in good shape. Instead, what they need to do is designate appropriate technical standards organisations (TSOs) as being responsible for devising and continuously evolving standards for our public digital infrastructure. These TSOs will need to be appropriately staffed with persons of suitable technical qualification, drawn as required from our many institutions of higher learning. The standards they recommend should be submitted to the regulator for its consideration, and once approved, these could be made applicable to the relevant sector as a whole.
This will ensure that, in much the same way that SROs develop regulatory frameworks specific to a sector, our regulators get the assistance they need in formulating the technical standards that are critically important to the long-term success of the sector in question.
Rahul Matthan is a partner at Trilegal and also has a podcast by the name Ex Machina. His Twitter handle is @matthan