At the same time, policymakers have become increasingly concerned – both at the increased prevalence of ‘online harms’ affecting internet users, and at the perceived influence of platforms acting as ‘gatekeepers’ to other businesses.
This consensus is triggering a new wave of internet regulations that will profoundly shape the practices of tech and digital companies over the next decade.
We can expect to see regulatory change driven by US, EU, and national governments simultaneously with a small number of new regulations that will be extraordinary in their scope and impact, like the Europe Commission’s AI Act, Digital Services Act (DSA) and Digital Markets Act (DMA), and the UK Government’s Online Safety Bill.
Three overarching themes underpin these regulatory efforts:
Regulatory change creates new demands, some of which will be incremental to current voluntary actions and some of which will be potentially disruptive. Each change also comes with a set of public expectations to manage. Here are two examples.
Transparency and scrutiny: One major impact will be increased transparency and mandatory disclosure of business activity.
A significant feature of the Digital Markets Act, for example, is more transparency and accountability around how ‘gatekeeper’ platforms work. Such as requirements to share data externally, and increased powers for EU authorities, including explicit potential for regulators to request data and algorithms or carry out inspections. These formal requirements for more disclosures will likely be accompanied by expanding informal expectations that platforms proactively investigate and disclose problems and respond reactively to requests. For communications teams, these obligations may ultimately need to be managed like financial reporting with detailed planning and messaging around performance.
Readiness for systemic risk: Judging by the direction of some emerging regulation, we expect companies will need to have robustly tested crisis response plans for systemic risks and major incidents e.g., Christchurch or US Capitol attacks, in the same way banks do.
The Digital Services Act requires the largest platforms to assess significant systemic risks on an annual basis, and to be subject to independent audit of their regulatory compliance. TMT companies will need to invest in their institutional capacity – horizon-scanning, risk scenario modelling, decision-making systems, and mitigation plans – to be responsive and resilient to such systemic risks. This will naturally take time to build towards.
We advocate early planning and thinking to agree on an engagement strategy, and this should be a priority, as regulations move from concept to statute. There is a finite window for organisations to decide how to engage and set strategic choices around the tenor and structure of that engagement. Our recommendation is to set government affairs and public policy objectives early and build narratives and proof points in support of those.
We believe it makes sense for companies to be more than spectators as regulators prefer collaboration and active engagement. While the current political scrutiny and regulatory environment for tech companies may feel hostile, a strategy of minimum en gagement and watching from the side-lines is unlikely to lead to regulation which will serve society, or the internet companies, effectively.
On the upside, as the regulation settles down, reputations can be strengthened through earning the broader approval of users and civil society. How? Because organisations can credibly and demonstrably say that they are adhering rigorously to the rules, something that isn’t possible when no rules exist. In fact, when digital platforms come under attack yet communicate well, it may strengthen their relationship with consumers.
Whatever the chosen strategy, a constructive tone should be set from the top. Recognise that there is a new societal consensus on regulation, try and agree on principles, resist defensiveness and be transparent about what you can and cannot do, also show leadership on these hugely important issues.
The other certainty in all of this is that as both technology advances and social expectations evolve at pace, the need to openly engage with regulators and broader society on how technology impacts our lives won’t stop.
Learn more about how Deloitte can help by visiting our service page.
Author: Mark Hutcheon