GSR-26 Best Practice Guidelines
15.05.2026Regulatory governance essentials: The new core kit regulators need to make digital markets deliver
We, the regulators participating in the 25th Global Symposium for Regulators, have collectively contributed to and endorsed these Best Practice Guidelines to support digital markets and ecosystems in delivering public-interest outcomes in an inclusive, trusted, and sustainable manner.
Building on the series of GSR Best Practice Guidelines developed since 2003, this edition does not revisit established principles that remain valid. Instead, they focus on the priority regulatory capabilities, institutional arrangements, and practical tools regulators now need to navigate increasingly complex digital ecosystems with coherence, adaptability, and evidence-based decision-making.
At its core, effective regulation aims to ensure that digital markets deliver public-interest outcomes consistently, credibly and at scale. This requires more than a broad set of instruments; it calls for a coherent governance architecture built around a defined set of foundational capabilities. These Guidelines therefore highlight the essential regulatory design elements that enable regulators to define outcomes clearly, allocate responsibilities, generate evidence, adapt to change, intervene proportionately, and maintain coherence across institutions and borders.
I. CORE REGULATORY GOVERNANCE KIT
The seven essential components set out below are intended as that minimum core toolkit to make digital markets deliver in practice. They are selective rather than exhaustive. Together, they define the baseline governance architecture that regulators should establish first.
ESSENTIAL 1. PUBLIC-INTEREST OUTCOMES AND STRATEGIC FOCUS
Regulators should begin by defining a limited set of outcomes that digital markets are expected to deliver and use them to discipline regulatory action.
The first task is to make explicit what governance is for. A modern framework should not try to optimize for everything at once. It should identify a small number of public-interest outcomes that are sufficiently stable and material to anchor decision-making across sectors and over time. In practice, these are likely to include meaningful connectivity, affordability, accessibility, reliability and resilience, consumer protection, and market contestability. The point is not to create a long catalogue of objectives, but to establish a clear strategic focus against which regulatory choices can be tested and regulatory performance can be assessed.
ESSENTIAL 2. RISK-BASED AND PROPORTIONATE CALIBRATION OF OBLIGATIONS
Where warranted, regulators should consider differentiating obligations -for market actors according to function, market position, and risk, so that responsibility sits where it is most relevant and regulatory action remains proportionate to likely harm.
Digital markets are highly heterogeneous, making uniform obligations inefficient. In this context, effective governance requires a clear and transparent basis to determine when obligations may be appropriate, together with a well-defined approach to tailoring them. Regulators should consider differentiating obligations according to the functions performed, the market actor’s position in the value chain, or the risks associated with the activity or service. This approach can support lighter obligations where risks are limited while allowing for more robust oversight where justified.
ESSENTIAL 3. OBSERVABILITY AND CREDIBLE EVIDENCE
Regulators should ensure that public-interest outcomes in digital markets can be measured, observed, and verified through a proportionate observability model that supports effective oversight without excessive burden.
Governance requires a minimum evidence architecture that allows regulators to see whether declared outcomes are actually being delivered. This means moving beyond fragmented, procedural reporting toward a more structured observability model: one that combines clear indicators, consistent reporting formats, proportionate data collection, and targeted verification where justified. Regulators should focus on a core set of decision-relevant indicators, especially in contexts where regulatory data capabilities are still developing. These indicators should generate evidence that is sufficiently credible, comparable, and timely to support intervention, review, accountability, and public transparency.
Observability should be strong enough to give regulators a clear view of performance and risk, while remaining proportionate to the burdens it creates and avoiding the creation of reporting requirements that do not directly inform regulatory decision-making.
ESSENTIAL 4. INCENTIVE-BASED MARKET SHAPING
Regulators should use incentive levers and enabling measures to steer behaviour toward public-interest outcomes before relying on more directive intervention.
Incentive-based governance is often more effective at improving market outcomes. Alongside formal obligations where needed, regulators must actively create enabling conditions in which markets invest, innovate, comply, and extend services. The minimum toolkit should therefore include incentive levers and enabling measures that align business decisions and market behaviour with public-interest outcomes, whether through adaptive licensing, infrastructure-sharing arrangements, temporary adjustments to regulatory requirements, or targeted deployment incentives. Used well, regulatory incentives make desired conduct more likely from the outset and reduce the need for later corrective action.
ESSENTIAL 5. GRADUATED SUPERVISION, DUE PROCESS, AND DE-ESCALATION
Regulators should put in place a predictable supervisory pathway that moves from guidance and corrective action to stronger intervention where justified, and that includes clear conditions for scaling measures back.
The credibility of governance depends not only on the powers available to the regulator under its mandate, but on how those powers are exercised in practice. A modern regulatory framework should therefore establish a graduated pathway for intervention, beginning with preventive engagement and targeted remediation, and escalating to more directive or restrictive measures only where risks persist, harms materialize, or non-compliance becomes serious or systemic. This pathway should be transparent, evidence-based, and supported by clear procedural safeguards. Just as importantly, it should not be one-way. Clear criteria for de-escalation are essential if supervision is to remain proportionate, predictable, and genuinely corrective rather than punitive.
ESSENTIAL 6. ADAPTIVE REGULATION AND STRUCTURED LEARNING
Regulators should treat the capacity to test, learn, review, and adjust as a core requirement, using evidence, experience and structured engagement with market actors, consumers, technical experts, and other public authorities so that governance can evolve with technologies, markets, and patterns of harm.
Effective governance requires a structured capacity and practical mechanisms that allow learning to be incorporated into regulation as a regular discipline, not an exceptional exercise. Regulators should therefore have access to the institutional capacity, technical expertise, and tools needed to support structured learning, such as sandboxes, pilot authorizations, phased implementation, feedback loops, review triggers, and ex post assessment mechanisms. These instruments should include clear objectives, application criteria, monitoring indicators, evaluation mechanisms and conditions for scaling, adjusting or closing the adopted measures. Designed and used with clear purpose, these adaptive tools and mechanisms help keep regulation workable under uncertainty and allow frameworks to improve as evidence accumulates.
ESSENTIAL 7. DOMESTIC AND CROSS-BORDER REGULATORY COHERENCE
Regulators should ensure that governance remains coherent across mandates, sectors, and jurisdictions, and over time, so that digital services are not hampered by institutional fragmentation.
Digital services cut across administrative boundaries. Even a well-designed domestic governance framework will underperform if it is fragmented across agencies or inconsistent across borders. Institutional and regulatory coherence, both domestically and internationally, is therefore part of the core requirements, not an additional layer to be considered later. Domestically, it requires practical coordination among relevant authorities, clear allocation of roles, routine information-sharing, and structured cooperation on supervision and remedies based on shared goals. Internationally, cross-border cooperation is recommended to share experience and knowledge in emerging areas to address common challenges and to mitigate the risk of unwarranted divergences in regulatory approach. In both cases, the aim is not uniformity for its own sake, but a more joined-up form of governance that reduces duplication, closes gaps, and improves the effectiveness of oversight in increasingly interconnected digital ecosystems.
II. PRACTICAL IMPLEMENTATION PATHWAYS FOR THE CORE GOVERNANCE TOOLKIT
The following translates the seven essential components of the regulatory governance architecture into a practical checklist of priority actions that regulators can introduce, review, measure and track over time to put the core toolkit into operation, with implementation sequenced and scaled according to institutional capacity, technical and resource constraints, and market maturity. It can also be used as a structured self-assessment tool to identify strengths, gaps and priorities, support internal coordination, and guide the sequencing and implementation of institutional and regulatory improvements.
1. PUBLIC-INTEREST OUTCOMES AND STRATEGIC FOCUS
Start by narrowing the field.
- Adopt and publish a short set of priority outcomes for digital markets prioritizing technology-neutral goals such as meaningful connectivity, accessibility, transparency, network resilience, and sustainability.
- Use the same outcomes across strategy, licensing, oversight, and review.
- Periodically review whether existing instruments still serve those outcomes.
- Identify and drop requirements that no longer do so; strive to eliminate duplication and reduce unnecessary burdens.
- Ensure new instruments are aligned and prioritizing the outcomes.
2. RISK-BASED AND PROPORTIONATE CALIBRATION OF OBLIGATIONS
Make responsibility explicit from the outset.
- Map the main actors in the value chain broadly across the entire digital market, along with the functions they perform.
- Assign obligations by the actor’s role, not by the legacy regulatory category alone.
- When warranted, consider differentiating obligations according to the functions performed or the market actor’s position in the value chain.
- Simplify requirements and concentrate stronger obligations when there is evidence of market failure and incentive-based market shaping fail to produce desired outcomes.
3. OBSERVABILITY AND CREDIBLE EVIDENCE
Build a lightweight evidence system that regulators can use on a daily basis.
- Create or reinforce an internal monitoring and evaluation function to manage core market, service and public-interest indicators, review reporting quality, generate routine analysis, and ensure that evidence is used consistently in regulatory decision-making.
- Define a limited set of regulatory indicators linked directly to the priority outcomes, and specify for each indicator who must report it, from what data source, using what methodology, and on what timetable.
- Require operators, platforms, and other relevant market actors to submit data in standardized formats and at regular intervals, with more intensive reporting reserved for actors whose scale, market position, or risk profile justifies it.
- Use targeted verification to check the accuracy of key indicators, the soundness of reporting methodologies, and, where necessary, the underlying records or systems on which the data is based.
- Build a basic dashboard for internal regulatory use that consolidates the core indicators, supports routine monitoring, and highlights emerging risks; publish a public-facing, proportionate subset where transparency would strengthen accountability.
4. INCENTIVE-BASED MARKET SHAPING
Use regulation to improve market conditions so that they deliver public-interest outcomes consistently and sustainably, not only to correct failures after the fact.
- Review licensing, market entry, spectrum assignment, and infrastructure deployment procedures, along with associated fees, to remove avoidable barriers that slow market entry, network rollout, and service expansion.
- Put in place targeted economic and regulatory incentives such as time-limited fee reductions, performance-based spectrum obligations, infrastructure-sharing incentives, or regulatory fast-tracking for qualifying investments, and regulatory safe harbours for lower-risk compliance approaches, to support infrastructure rollout, sharing, or service improvement where public-interest outcomes are lagging.
- Use time-bound flexibilities where they can support investment, innovation, or extension of service without undermining accountability.
- Periodically review whether incentive measures are producing the intended outcomes, analyse gaps, and adjust incentives where needed.
5. GRADUATED SUPERVISION, DUE PROCESS, AND DE-ESCALATION
Make the supervisory path visible and operational.
- Define a clear sequence of regulatory intervention, from guidance and remediation to heightened supervision and stronger corrective measures.
- Publish or formalize the criteria for moving from one stage to the next, so that escalation is predictable, proportionate, and evidence-based.
- Ensure that regulated parties have transparent and accessible information, procedural safeguards, notice procedures, an opportunity to respond, and a clear route to compliance.
- Define the conditions for scaling measures back once performance improves or risks recede.
- Publish case studies of successful de-escalation to build trust with market actors.
6. ADAPTIVE REGULATION AND STRUCTURED LEARNING
Embed routine learning and continuous adjustment into regulatory practice.
- Establish at least one mechanism for controlled testing, such as a sandbox, pilot, or phased implementation process, on a priority regulatory issue and aligned with priority outcomes.
- Build review points into major interventions at the design stage, specifying when they will be assessed, what evidence will be used, and what may trigger revision.
- Use public consultations and structured engagement with operators, platforms, consumers, experts, and peer authorities to gather evidence on what is working and what is not. Provide incentives for industry participation and ensure it is early, inclusive, informed and traceable, with clear records of the inputs received and how they inform regulatory decisions.
- Feed the lessons back into regulatory design, not only into consultation records.
- Use AI and other digital and emerging technologies to supplement human decision-making and oversight for specific regulatory functions, including evidence gathering, market monitoring, risk detection, compliance analysis, and stakeholder engagement, to improve operational efficiency and support more timely regulatory adjustment.
7. DOMESTIC AND CROSS-BORDER REGULATORY COHERENCE
Promote coherence where fragmentation creates the greatest risk.
- Establish whole-of-government, regular coordination mechanisms among the public authorities whose mandates now overlap in digital markets.
- Set out clear responsibility allocations, coordination points, and escalation pathways for issues that cut across mandates; where appropriate, create multi-agency or multi-stakeholder platforms for rapid incident response.
- Identify jointly the main cross-border issues that might require sustained cooperation rather than case-by-case contact.
- Put in place routine information-sharing, coordinated supervisory processes, and compatible remedies to reduce duplication, strengthen consistency, and close gaps in oversight and enforcement.
- Align the main regulatory terms, reporting metrics, and evidentiary standards used across overlapping mandates – especially for shared concepts such as market power, consumer harm, service quality, and systemic risk, so that authorities assess similar issues on a comparable basis.
