September 2018 - Internet Governance | Self-regulation

Does Self-Regulation Empower Industry?

Michael Rotert explores the variety of measures for governing the global Internet – and how laws can’t keep up with technological development

© STILLFX | istockphoto.com

Good old regulation and its limits

When it comes to the question of whether self-regulation empowers industry, it is important to know “the pro’s and the con’s” of the other types of regulatory mechanisms. If markets do not work e.g. due to existing or former monopolists, governments usually regulate in order to make the market more homogenous. In some countries, there are more or less independent regulatory authorities tasked with uncovering market distortion and taking action. 

To give an example, if the last mile of a communication line (to a consumer or company) is owned by a single entity, the regulator can ensure that this entity has to offer the usage of the line to competitors for a fixed price, and any price changes have to be rubberstamped by the regulator. Competition should thus be enabled to offer products, calculate the pricing, and not suffer from unpleasant surprises like price increases by the owner, without having the opportunity to switch to another provider. You will find a similar kind of regulation in many other industries and markets, like energy, gas, fuel, etc.

When it comes to the Internet, it is hard to regulate this global medium within a single country. Making laws instead of regulation directives does not help, as those laws are neither flexible enough to follow the technical development nor are they enforceable – or technology changes too fast, so that laws can no longer be applied. 

Laws are neither flexible enough to follow the technical development nor are they enforceable – or technology changes too fast for laws to be applied.

Additionally, new technologies are emerging faster than laws can be established. Maybe that is why you will find very large, dominant players in the Internet market – mainly based in the US or China –which are impossible to regulate from a small country.

But talking about regulation, it is not only the market which may need regulation; regulation is also used to protect end-users/consumers and to support law enforcement authorities. This has to be taken 
into consideration when we talk about regulation within the area of the Internet. Very often, regulatory measures once introduced may have dual use capacity – useful for authorities and for criminals/hackers.

Self-regulation as a tool for governmental success?

Much easier for authorities would be self-regulation. This means that industries are to develop mechanisms to regulate themselves. This could be guidelines on how to handle complaints, or a code of conduct on how to deal with human rights aspects when delivering products or services to end-users. Whenever law enforcement authorities want to track criminals via the Internet, they tend to request self-regulatory measures from industry, due to the high speed of technological development. 

But self-regulation definitely has its limits. For instance, if Internet providers have to get rid of unwanted or even illegal content before it appears on the net, they have to monitor all the communication and besides that, to justify whether given content is illegal or just unwanted. It is not only against the law to monitor content – it might also be called censorship if the industry has to decide what is “unwanted content”. Another example may come up with ongoing digitalization, for instance in the area of large rental apartment blocks. Think about data from locks, central WiFi, elevators, video surveillance, etc.: Self-regulation would be on the owner’s basis, and may vary from owner to owner.

Is co-regulation an alternative?

Self-regulation and co-regulation in many cases requires a liability regime, rather than just putting additional burden on companies to undertake governmental tasks.

Whenever regulation or self-regulation could not be applied or did not work, authorities have tried instead to cooperate with industry in terms of “voluntary self-control”. Such cooperation could be called “co-regulation”. But there is no exact definition of what co-regulation really means and what it does or does not involve. Within the European Union, co-regulation is understood as a third measure beneath jurisdiction and self-control of the industry. To put it in a nutshell, co-regulation is government-requested and controlled self-regulation, put in place in order to avoid the processes and failures of new laws, or simply because they cannot deal with the problem on their own. The fast development of Internet technologies was one driver for co-regulation, but as it needs the cooperation between industry (many companies) and authorities, it is not easy to handle. Therefore, there has in the past instead been a tendency by the authorities to pressure industry into more self-regulation. Industry replied that self-regulation and co-regulation in many cases requires a liability regime, rather than just putting additional burden on companies to undertake governmental tasks.

Which model empowers the industry?

This was the status in the past – which in principle has not changed for the regulation of markets. Co-regulation in a European Union sense was not a great success, as the Internet industry was constantly requesting a liability regime or refusing to cooperate at all.

It can clearly be stated that so long as there are no technology-independent guidelines which limit the scope of self-regulation and give the industry the certainty of a liability framework, self-regulation is not something that would empower industry!

Is the multi-stakeholder model the answer for empowerment?

Fortunately, there is a new mechanism which has recently appeared on the scene for some industry participants, which is called the “multi-stakeholder” model. It started on the Internet a while ago within the name/domain industry, and it has spread out ever since into Internet governance. What it ultimately means in the world of co- and self-regulation is that in this model there is no longer top down decision-making by either the government only, or a cooperation between government and industry. Instead, it is a bottom-up model involving a group of different market participants e.g. the civil society, the private sector, the technical community, and academia, who discuss on an equal footing not only the “pro’s and con’s” of future technologies, but also, for example, guidelines or frameworks for self-regulation.

This model has meanwhile gained the support of the UN and become established in more and more countries. Instead of making laws only for the Internet, the multi-stakeholder model has also replaced the top-down procedures from the past for other industries. As decisions within this model are consensus-based, this model has the potential to empower all participants more than any top-down procedure, no matter who is on the top.


Michael Rotert is a pioneer and veteran of the Internet industry – and was the first person on German soil to receive an email. Amongst other posts, his stellar career spans Technical Head of the Data Center of the Informatics Department at the University of Karlsruhe, Founder and Managing Director of the ISP Xlink (later KPNQwest), and managing directorships of various service providers. After stepping down from his long-standing service as Chair of eco – Association of the Internet Industry in 2017, he became Honorary President of the eco Association in the same year. Rotert is also a founding member of the Internet Society, DE-NIC, and other Internet bodies, and contributes his industry expertise through membership of numerous committees and advisory councils.