Rules-based versus principles-based regulation – is there a clear front-runner?
By Tania Van den Brande, Economics Director at Ofcom.
The growth of the internet offers many benefits, by improving existing services and enabling the development of new ones. But some of its features have the potential to cause harms. These can include exposure to harmful content or conduct, loss of privacy, as well as harms from a lack of competition, unfair business practices and security breaches.
Policymakers around the world are now considering whether and how to update existing regulations and introduce new ones to limit these negative effects, while at the same time preserving the many benefits we gain from going online.
Promoting competition online has been a particular focus area for recent legislative proposals across a range of jurisdictions. These proposals look to address the effects of substantial and entrenched market power of the largest online services, by setting expectations on how they should behave to prevent harm from occurring. They also aim to promote competition by lowering barriers to entry and by addressing the features that facilitate the creation of such positions of power.
The UK Government has proposed in its recent consultation on ‘A new pro-competition regime for digital markets‘ that this regulation should apply to firms that have substantial and entrenched market power in a digital activity, the effects of which may be particularly widespread or significant (known as ‘Strategic Market Status’). The EU proposals for a ‘Digital Markets Act‘ focus on large online platforms that enjoy an entrenched position as an ‘important gateway’ for businesses to reach end users. They also propose to capture cases where a firm is expected to achieve such a position ‘in the near future’. The US proposals for ’A Stronger Online Economy: Opportunity, Innovation, Choice‘ look to bring in scope online platforms whose size exceeds a range of thresholds, and who act as a ‘critical trading partner’ for business users.
These proposals remain subject to further change as they progress through their respective legislative processes, and it is likely that the current policy debate will further shape the ultimate approach in each of these jurisdictions.
Proposals to promote competition in digital markets vary in their focus on rules or principles
While the objectives of these proposals are broadly aligned, there are notable differences in how they seek to achieve them. One key difference between these proposals is how prescriptive they are about the requirements they place on firms that are in scope.
The UK Government has consulted on an approach which codifies the objectives of regulation in legislation, complemented with legally binding principles that firms in scope should adhere to. In contrast, the US and EU proposals are more akin to a set of legislative rules which describe what online platforms in scope should or should not do, with a regulator that enforces these rules in court or through an administrative approach respectively.
The choice between rules and principles is not unique to the debate on how to regulate digital markets. To the contrary, it is a key factor that defines any regulatory approach. A recent panel discussion at the International Institution of Communications titled ‘From rules-setting to principles-based regulation: what are the challenges and opportunities’ explored a range of factors that can shape this choice. This discussion reads across to the different proposals on how to regulate powerful online platforms and maintain competitive markets online.
Factors to consider when choosing a rules-based or principles-based regulatory approach
Rules impose standards and delineate undesirable conduct in a prescriptive way. This creates clarity for firms on what they are required to do, in turn allowing for greater certainty on how they should act to stay within their legal duties. Legally binding rules can also facilitate enforcement, by focusing efforts on establishing whether actions have infringed a set of prescriptive obligations.
This approach is well-suited where a certain type of conduct can reasonably be considered to lead to harm, independently of the context across markets, regulated firms, and time. When this is the case, a prescriptive rule poses a limited risk of undermining desirable actions. For example, European competition provisions prohibit price-fixing between competing firms, apart from very specific exceptions prescribed in law. This is because such conduct creates a clear risk of restricting competition without having obvious reasons on how this could benefit consumers. There is thus no need for relevant authorities to show the effects of such conduct as part of an enforcement case.
However, rules are at a greater risk of leading to undesirable effects if a given conduct can be harmful, neutral or beneficial depending on the circumstances of the market or the characteristics of the firm they apply to. For example, only some mergers pose a risk to consumers by reducing competition, while others may allow firms to save costs which can benefit consumers through lower prices. The ultimate effect will depend on the market context, which makes it impossible to write an exact rule that prescribes which mergers should be prohibited.
Rules can also become outdated in highly dynamic markets. Changes in market context can create scope for new harmful conduct that is not captured by existing rules, or developments in business practices can (sometimes intentionally) allow firms to circumvent these rules. For example, if the type of data required to compete in a market changes over time due to technological progress, then prescriptive rules on which data an incumbent with substantial and entrenched market power should share with challengers may not remain effective at promoting competition over time.
Writing specific rules on how firms should behave in dynamic markets also carries a greater risk of unintended consequences. Market dynamics can make it more challenging to predict the impact of rules, especially if such impacts are not immediate. For example, if a large platform is uniquely well-suited to enter a market with a powerful incumbent, then blanket rules that limit the ability of the platform to enter new markets may weaken competition faced by that incumbent.
In these cases, it can be beneficial to require that firms adhere to broadly stated principles that describe the objective of regulation as opposed to specifying prescriptive rules that they should follow. Such a ‘principles-based’ approach also allows companies greater flexibility on how to behave to achieve these stated objectives. This can be particularly attractive where firms are better placed to identify the best approach to achieve desired outcomes, or where their actions are only harmful in some circumstances.
However, non-prescriptive and broadly stated principles may leave firms with less certainty on what conduct would or would not comply with these principles. As a result, principles can be less effective where companies interpret requirements in a lax way, unless the regulator is able to course correct by effective enforcement or by relying on reputational pressures. The opposite can also occur, if a principles-based approach discourages positive actions because firms lack certainty on whether they satisfy the stated principles.
Principles can also require that relevant authorities need to address a wider set of questions to make the case that observed harmful conduct falls foul of such principles. This may, for example, entail evidence that the conduct leads to undesirable effects given the context of the specific market or firm in scope. While such analysis can lead to a lengthier process and imply a greater effort and cost for the regulator, it can also be valuable, particularly if it helps target interventions.
The choice between rules and principles is not absolute and can partly accommodate nuance
In practice the choice between a rules-based and principles-based approach is often nuanced. For example, it is rarely the case that real-life conduct can be codified by a specific rule that applies in all circumstances and is entirely free of any potential unintended consequences.
This requires that policymakers tradeoff the benefits of each approach. For example, they might be willing to bear some unintended consequences of writing rules to speed-up action against the most harmful conduct. That said, the choice between prescriptive rules and broadly stated principles is not absolute in practice, which can limit the extent to which such trade-offs need to be made.
There is a spectrum that ranges from high-level principles to detailed rules, and legislation can be tailored along this spectrum according to the regulatory objectives. Policymakers can write principles that are broadly defined, or they can tailor their principles further to capture specific dimensions of conduct that harms. In contrast, rules can be more or less prescriptive depending on the need to allow for some flexibility according to the market context or the circumstances of the firms in scope.
Moreover, policy objectives can sometimes be achieved by combining more detailed and prescriptive rules with a more general and principles-based description of the effects that must be present for regulation to limit the actions of firms in scope.
Policymakers across jurisdictions can ultimately arrive at different legislative approaches if they put a different emphasis on the benefits and challenges of options along this spectrum. This is illustrated with reference to the current proposals on how to regulate digital markets in the UK and the EU.
In abstract terms, the EU’s legislative proposals are closer to a rules-based approach, which describes the actions that platforms in scope must take. The purpose of this approach is to limit the scope of regulation to conduct which experience shows can ‘have a particularly negative direct impact on the business users and end users’. In other words, the need for intervention is considered significant enough to justify legislative action imposing specific regulatory obligations, where the regulator can enforce these rules if the actions of a firm in scope infringe one of these obligations.
That said, some of the obligations are drafted using relatively broad terms, which could allow for some tailoring according to the context. More generally, the EU proposals also allow for some of the obligations to be open to a regulatory dialogue, so that their implementation can be tailored according to the firms in scope.
In contrast, the UK proposals start from an approach where legislation includes the objectives of the regime, which are supplemented by high-level principles. Amongst the options it has consulted on, the UK Government currently favours an approach where these high-level principles are set in legislation, with an option for the Digital Markets Unit (‘DMU’) to develop additional legally binding requirements that address one of these legislative principles.
These legal requirements could allow the DMU to tailor the principles to the activities in scope where appropriate. This could provide additional detail that increases clarity for firms on how the regulatory principles would apply to them in practice.
While the principles-based approach leaves greater flexibility for the regulator to determine which types of conduct can fall foul of the intended objectives of the regime, this entails additional steps for the regulator to implement the regime. For example, the UK Government’s consultation has proposed that the DMU would need to show that its legal requirements are effective and proportionate in achieving one of the legislative principles, it would have to consult on them, and its decisions would be subject to appeal in front of an independent court.
Policymakers can use a range of tools to mitigate some of the challenges with either approach
The UK and EU proposals on how to regulate digital markets also illustrate the way in which policymakers can mitigate some of the challenges that can come with their choice of approach.
The UK proposals include a range of ways in which the DMU could seek to increase the regulatory clarity of the proposed principles-based approach. In addition to the scope for the DMU to create activity-specific legally binding requirements as described above, the Government also proposes that the DMU should publish additional guidance.
Such guidance can give a non-exhaustive list of conduct that would be considered in conflict with the principles, or it could describe how the DMU would assess whether a firm’s actions conflict with its legal requirements. In addition, the proposals point to the importance of a digital regulator which takes a participative approach, and looks to engage with stakeholders to address concerns through informal engagement.
In contrast, the EU proposals seek to create scope for flexibility in their approach by allowing some of the obligations in their proposed legislation to disapply, or adjust, in exceptional circumstances. Some of these are specific to individual obligations. For example, in one of the obligations it is explicitly stated that the firm in scope will not be prevented from taking proportionate measures to safeguard the integrity of the hardware or the operating system it supplies.
Articles 8 and 9 of the EU proposals also include a general exemption for overriding reasons of public interest, and they provide scope for a suspension in the exceptional case where an obligation would threaten the economic viability of a firm in scope.
There is also a proposal to limit the obligations that should apply to those online platforms which are in scope because they are foreseen to enjoy an entrenched and durable position ‘in the near future’. That said, the EU’s approach is less clear on whether the regulatory dialogue would allow other firms in scope to disapply some of the rules where their actions do not generate harm. If this is not the case, then these proposals create a greater risk of unintended effects.
Finally, the EU proposals also include scope for the European Commission to review the obligations on firms in scope to ensure their legislative rules remain relevant in the context of the dynamic nature of the digital sector. Such changes could be made based on market investigations that can identify new obligations for firms in scope as they change their activities or face new market conditions. Of course, introducing such changes can take time and harmful conduct which does not infringe existing rules cannot be prohibited until such changes are made.
Policymakers across jurisdictions may weigh the costs and benefits of either approach differently
Overall, the proposed regulatory approaches across the EU and UK strike a different balance between rules and principles, which imply a different emphasis on the benefits and costs of either approach.
The UK approach puts more emphasis on the fact that principles allow the regulator to capture new harmful conduct in dynamic digital markets, and to tailor its approach to the specifics of the context and firms in scope. While this approach may generate fewer unintended consequences and has a lower risk of outdated rules, this would entail additional steps as the regulator develops and justifies any activity-specific legally binding requirements.
In contrast, the EU proposals put a greater emphasis on more detailed prescriptive rules, which limit regulatory action to practices that infringe the specific obligations listed in legislation. While this approach can create greater regulatory clarity, it can increase the risk of unintended consequences if firms in scope are unable to disapply rules where their conduct does not create harm. It may also leave certain novel harms unaddressed for longer if rules are slow to update.
This distinction may change as both proposals are refined ahead of final legislation. Moreover, the extent to which the approaches across the EU and UK jurisdictions vary will depend on how they are implemented in practice. For example, the market investigation regime of the EU may allow for rules to be updated sufficiently swiftly to deal with novel harms, and proper tailoring of obligations via a regulatory dialogue may limit the risk of unintended consequences. In contrast, the DMU may conclude that in some cases there is value in making activity-specific legal requirements more detailed to create more clarity for firms in scope.
Disclaimer: The analyses, opinions and findings in this article represent the views of the authors and should not be interpreted as an official position of Ofcom. Economics Insights articles are informal think-pieces by Ofcom economists. They are written as points of interest. They are not intended to be an official statement of Ofcom's policy or thinking.
 See paragraph 33 of the EU’s proposed ‘Digital Markets Act’.
 For example, search engines in scope are required to provide click and query data to certain third parties. Rather than prescribe the exact way in which this access is provided, the legislation only requires companies to do so at conditions which are fair, reasonable and non-discriminatory. See Article 6, paragraph (1)(j) of the EU’s proposed ‘Digital Markets Act’.
 See paragraph 29 of the EU’s proposed ‘Digital Markets Act’.
 The other alternative options where: (i) the DMU would enforce the high-level principles set out in legislation; or (ii) the DMU would design, apply and update the principles based on the legislative objectives.
 See paragraphs 90, 95 and 145 of the UK Government’s proposals for ‘A new pro-competition regime for digital markets’.
 See paragraph 125 of the UK Government’s proposals for ‘A new pro-competition regime for digital markets’.
 See Article 6, paragraph 1(c) of the EU’s proposed ‘Digital Markets Act’.
 See Article 15 of the EU’s proposed ‘Digital Markets Act’.
 See Article 17 of the EU’s proposed ‘Digital Markets Act’.