Digital Regulation Platform

Decision-making and enforcement in a multistakeholder environment


Independence and accountability of the regulator

An effective, stable, and credible regulatory framework starts with balancing the independence and accountability of the regulator. An independent regulator can propose, adopt, and implement decisions free from undue political influence, whether from the government or market players. The basic components of an independent regulator – structural, financial, and procedural independence – are crucial to preventing regulatory capture.

Elements of an independent regulator

A screenshot of a cell phone

Description automatically generated

Independence does not mean that regulators are above or outside the regulatory framework. Instead, independent regulators play an essential role in the interaction among all stakeholders by acting as objective arbiters that consider all relevant viewpoints. Similarly, an independent regulator does not operate according to its own inclinations, but remains accountable under a clear set of rules and procedures to help safeguard non-discriminatory decisions and ensure proper mechanisms for appeal.

Currently, an independent ICT regulator is the global norm. According to 2019 data from the International Telecommunication Union (ITU), over 80 per cent of surveyed countries reported that their ICT regulatory authorities are independent from the sectoral ministry in terms of financing, structure, and decision-making. Financing particularly influences autonomy with funding sources acting as a major factor in terms of the regulator’s effectiveness.

There are three main ways to finance the regulator, with countries often adopting more than one mechanism to fund the regulator. Generally, direct financing mechanisms are considered to better promote an independent regulator because they do not rely on disbursements from ministries or other agencies that may introduce opportunities for political influence.

Three main mechanisms to fund the regulator

A screenshot of a cell phone

Description automatically generated

In addition to independence, regulators should be accountable and transparent in their processes. For example, regulators should publish all laws, rules, guidelines, and other legal texts – both in draft and final form. In the digital environment, stakeholders from an array of sectors are likely to participate, making online publication the main mechanism for promoting inclusion and collaborative decision making. Publishing detailed annual reports also promotes regulatory accountability. The latest ITU data show that almost all countries identified some type (or combination) of reporting requirement imposed on the ICT regulator, with regulators most often submitting reports to the sector ministry and/or through a publicly available annual report.

ICT regulators’ reporting requirements around the world

A picture containing screenshot

Description automatically generated

Source: ITU.

In traditional, converged, and digital regulatory environments, an independent regulator is crucial to adopting objective, well-reasoned, and predictable decisions. In the digital era, an independent regulator is particularly important for effective collaboration with other cross-sector agencies, as well as in conducting open and fair consultations. Establishing the regulator’s autonomy in a digital environment should move beyond simply ensuring that the regulator is independent from political interference and incumbent influence. Autonomy in the digital era also means building the regulator’s technical capabilities to keep pace with technological advancements. For example, experienced database engineers are needed to handle increased reliance on online portals for licensing, regulatory compliance, and participation in consultations, in addition to staff dedicated to reviewing and processing the information. This requires regulators to introduce mechanisms to keep up-to-date on sector developments, both domestically and globally, in order to understand the financial, legal, social, and technical settings in which they operate.

Evidence-based decision-making

Effective regulators ensure that their decisions are sound and reached as objectively as possible to promote regulatory certainty while minimizing legal challenges. Stakeholder confidence in regulatory decisions may be instilled through various key components, including the use of evidence-based decision making, regulatory impact analyses (RIAs), public consultations, and a commitment to transparency and non-discrimination (OECD 2020).

Basic elements of the RIA process

A screenshot of a cell phone

Description automatically generated

Source: World Bank 2018.

Together, these practices are founded on data collection and analysis, which afford regulators substantial, high-quality information from a wide range of interested parties so they can base their decisions on solid policy rationales. In contrast, decisions made hastily or through closed-door proceedings can undermine the regulator’s credibility and create a perception of undue influence. Many countries, including Brazil, Kenya, Qatar, and Singapore, have adopted effective processes to provide evidence-based decisions.

Examples of evidence-based decision-making processes in Brazil, Kenya, Qatar, and Singapore

A screenshot of a cell phone

Description automatically generated

Source: ANATEL 2013, Kenya 2013, MINTIC 2004, IMDA 2019.

Engaging the full range of stakeholders through open consultations is particularly important when adopting digital regulation because impacted parties extend beyond traditional telecommunication providers. Stakeholders in this setting include consumers, digital platforms, commercial players in other sectors, such as finance, transportation, and health, as well as other government agencies with overlapping interests and jurisdictions. By increasing the number and variety of stakeholders, regulators can gather the necessary data to conduct effective RIAs and adopt sound, evidence-based rules.

Regulator perspective: managing internal procedures and monitoring

Regulators should include plans for monitoring, and enforcement in the consultation process when developing proposed rules in order to seek stakeholder input on how the rules would be implemented. Gaining feedback on implementation helps to ensure that regulatory and policy decisions will be reasonably executed, as well as enables the regulator to gauge how it will manage the internal procedures for assessing compliance. Monitoring may be accomplished, for example, through regular reporting requirements or other inquiries. Regulators should also monitor the progress of implementation. This includes monitoring regulated entities to ensure that they are complying with the rules and covers periodic review of the rules to determine whether they are effective and serving the intended purpose.

Monitoring can challenge many countries, particularly where the regulator has a limited budget, staff, or other necessary resources. These challenges are compounded in a digital environment where multiple stakeholders must be managed and monitored. Thus, capacity building is a crucial element of an effective regulator.

Many countries specify periodic reviews of their regulatory frameworks – generally between three and five years – in which ministries or regulators must assess the efficacy of existing rules. Governments then maintain, adjust, or streamline the rules to keep pace with market realities and ensure that they are aligned with policy goals. For example, the European Union’s net neutrality rules require the European Commission to review the open Internet access rules every four years and submit a report to the European Parliament and Council of the European Union with any appropriate proposals to amend the regulation.

Provider perspectives: managing regulatory compliance

From the providers’ perspective, managing regulatory compliance can be a struggle, especially for newcomers unaccustomed to the highly regulated telecommunication sector. Expanded definitions of telecommunication services add to these challenges as market players outside of the traditionally regulated sector must consider whether they fall under the new framework. This challenge is compounded in cases where definitions are ambiguous or do not accurately reflect the technical and functional aspects of new technologies.

In addition to expanding the definition of regulated activities, current and new regulated entities must comply with a host of compliance requirements. Although obtaining relevant information, such as revenues, subscriber data, and network deployment data, is an important role of the regulator in order to understand market developments, regulators should be aware of the costs that unnecessary reporting requirements impose on providers. Thus, reporting requirements should be streamlined and based on a reasoned, well-articulated need for information, as well as fit-for-purpose and targeted to the appropriate entities.

For example, in the United Kingdom, all providers of public telecommunication services must follow basic customer invoicing requirements to ensure accurate billing, but only those providers with annual revenues of GBP 55 million or more must comply with more stringent obligations, including obtaining approval of the provider’s billing system. This type of targeted regulation prevents imposing overly restrictive obligations on entities that may not have the financial resources or expansive customer base to comply with onerous requirements. Likewise, certain regulatory obligations may be warranted to protect mass-market retail users and small- and medium-sized businesses, but may unnecessarily limit the legitimate business-to-business (B2B) activities of enterprise customers that are better-positioned to negotiate contract terms with telecommunication providers.

Pursuant to regular reviews, reporting and other compliance obligations should be phased out or eliminated where the regulator determines that they are no longer necessary, as the U.S. Federal Communications Commission (FCC) recently did.

U.S. regulator eliminates onerous reporting requirements

In 2017, the FCC eliminated an onerous annual reporting obligation requiring international telecommunication service providers to submit revenue and traffic data. The FCC had used this data for decades to monitor competition among international carriers. The FCC reasoned that collection of this information from every international carrier was “no longer necessary as the costs of this data collection now exceed its benefits.” Instead, the FCC now relies on commercially available data and makes targeted data collection requests to specific providers, if needed.

Source: FCC 2017.

New stakeholders in the digital regulatory environment must also manage compliance on a potentially global basis. Unlike traditional telecommunication providers that build networks in countries where they have a local presence, digital players often make their services available through the Internet, enabling anyone with an Internet connection anywhere in the world to access the services. The challenge is that digital providers may become subject to domestic law if a country determines that making an online service available to users in the country is sufficient. These new players face the additional challenge of navigating patchworks of regulations where various jurisdictions adopt different, or even contradictory, rules. This underscores the importance of intergovernmental cooperation and collaboration to ensure consistency and predictability for the private sector.

Enforcement and sanctions in the digital landscape

Regulators should approach enforcement similarly to the rulemaking process. That is, regulators should adopt processes that are systematic, objective, and clearly identify the reasons for their decisions only after a thorough investigation. Any sanctions should be proportional to the violation and sanctioned parties should have access to timely review and appeals processes to help hold regulators accountable. These principles also apply to dispute resolution mechanisms overseen by the regulator.

Policy-makers play an important role in enforcement, even if they are not directly engaged in issuing penalties. This entails ensuring that regulators have sufficient enforcement authority to conduct necessary investigations to find wrongdoing, as well as powers to effectively remedy contraventions. Both policy-makers and regulators may need to clarify procedures with other regulatory agencies, and sometimes courts, where there is sectoral overlap, such as data privacy, cybersecurity, law enforcement, finance, transportation, or competition authorities. This cross-sectoral cooperation can help to safeguard against conflicting outcomes among regulators.

The Netherlands: cross-sectoral cooperation in enforcement

The Dutch ICT regulator, the Authority for Consumers and Markets (ACM), and the Authority for Data Protection (DPA) have a long-standing collaborative arrangement for enforcement of data privacy matters. Under the EU e-Privacy Directive, the ACM is tasked with enforcing “cookies” rules. The DPA is responsible for enforcing the non-telecommunication portions of the e-Privacy Directive, as well as the data protection law. In 2017, the ACM and DPA coordinated an investigation into a website administrator regarding the use of cookies. While no penalties were assessed, the ACM used its enforcement authority to order the website administrator to stop using cookies unless the administrator obtained the user’s consent. Because the website administrator also processed non-telecommunication data, the DPA ordered that this data may only be processed for advertising purposes with the user’s explicit consent.

Source: DPA 2017.


OECD. 2020. Regulatory Impact Assessment. OECD Best Practice Principles for Regulatory Policy. Paris: OECD.

World Bank. 2018. Global Indicators of Regulatory Governance: Worldwide Practices of Regulatory Impact Assessments. Washington, DC: World Bank.

Last updated on: 19.01.2022
Share this article to: