In what is being labelled by the World Economic Forum as the Fourth Industrial Revolution, 2020 sees the continuing emergence and rapid development of countless different technologies, amongst them artificial intelligence, distributed ledger technology, robotics, nanotechnology, and augmented reality (to name some of the most well-known).

These technologies are affecting nearly every industry and facet of society, on a global level, and often in unpredictable ways.  For example, few could have predicted in 2010, just ten years ago, that the technology underpinning bitcoin would be developed and used not only in the financial services market, but to revolutionise the energy, real estate, food and retail sectors amongst others.

With great potential so often comes the potential for great harm.  The rise of distributed computing and artificial intelligence poses new and novel threats to the public – again, few could have predicted in 2010 that the Home Office might be judicially reviewed (hyperlink: on grounds of algorithmic bias in determining visa applications, for example.

Regulators around the world are wrestling with the question: how best to regulate emerging technologies, such that the public can be protected from harms while not hindering innovation and investment?  It’s a good question and the answer varies between jurisdictions based on existing laws and regulations, and local political and cultural nuances.

Regulator 1.0 to Regulator 2.0

The global financial crisis of 2008 represented a watershed moment for regulators around the world.

The financial services industry had for a long period operated with minimal regulatory oversight.  The economy appeared to boom, fuelled in part by financial products that were increasingly opaque and complex.  The consequence of this complexity for reactive regulators globally was that they were often ill equipped to properly scrutinise market behaviours and manage them accordingly. In addition, the regulatory framework in place was fragmented, process-driven and outdated, relying on 'tick box' compliance that sought to protect against the historic market behaviours that had driven the previous financial crisis.  When the worst market failure since the Great Depression began, regulators were unable to act as quickly and decisively as they would have liked.

Since 2008, regulators have changed their approach, role and function. As an example, the FCA created its Innovate program, resulting in the creation of the world's first 'regulatory sandbox' in 2016.  The FCA's Sandbox, used by start-ups and established financial services firms alike, provides a 'safe space' for businesses to work with the regulator to develop and test new financial products and business models, allowing for both innovation and ground-up consumer protection and regulatory certainty in a way that had never before been done.  The key benefit to the FCA is that, by working closely with some of the most innovative participants within its regulatory perimeter, it can keep abreast of the latest development, trends and, consequently, harms they might consider regulating to mitigate.

A journey through the FCA regulatory sandbox (Source:

The FCA's approach, in particular it's Sandbox, has been universally praised.  Financial regulators around the world have looked to replicate its success, notably including Abu Dhabi Global Market, and continue to see innovation and regulation as going hand-in-hand. Regulators from a variety of other sectors have adopted the proactive regulatory approach demonstrated by the financial regulators post-2008.  In the betting and gaming sector for example, the Malta Gaming Authority Regulatory Sandbox Framework facilitates discussions between the regulator and operators of advanced and cutting-edge games.  Corporates have also recognised and embraced the positive disruption that entrepreneurs and new technology can bring – Mishcon de Reya was the first major law firm to establish a legaltech accelerator, MDR Labs, offering strategic, legal and commercial advice and mentoring to early stage business.

If Regulator 1.0 was reactive and a responder to market failure, Regulator 2.0 aspires to be proactive and an enabler of a properly functioning market.

Regulator 2.0 – beyond the Sandbox

Sandbox environments, if implemented correctly, are fantastic enablers of innovation.  How though can Regulator 2.0 go further?  How can regulators capture Sandbox and other innovation learnings to enact better, more effective, more flexible regulation?  In our experience, the best approach can be divided into two broad themes: (1) organisational; and (2) legal and regulatory.


It is crucial that innovation initiatives within organisations such as regulators receive the highest-level of endorsement and sponsorship, to best integrate them into the organisations operations and grant them legitimacy in the eyes of other stakeholders.

Innovation should form the heart of a regulator's mission, rather than a side project that 'distracts' from the ordinary day-to-day operations of the regulator.  Take Digital Street for example, HM Land Registry's dedicated research and development business unit. Digital Street was borne of a comprehensive, board sponsored review of HM Land Registry's functions, and "a space [for HM Land Registry] to break away from the constraints and current ways of thinking about the home buying process as it stands today."  Digital Street is a central part of HM Land Registry's strategy to "be the world's leading land registry for speed, simplicity and an open approach to data."  We worked with Digital Street in 2019 to complete the UK's first end-to-end digital transfer of residential real estate using the distributed ledger (similar to blockchain) platform, Corda – we will publish a whitepaper providing an overview of this work in June 2020.

Seconding employees to the innovation function, facilitating open dialogue between the innovators and the 'ordinary course' practitioners, and incentivising participation in the innovation function's activities all combine to ensure the value of the innovation function is properly captured and enjoyed by the regulator.  A great example of this is Abu Dhabi Global Market, under the stewardship of (ex-FCA) Barry West as Head of Emerging Technology.  There, the organisation's innovation function helps to facilitate a permissive, dynamic and engaged Regulator 2.0.

Legal and regulatory

Drafting effective regulation in a rapidly evolving technology market is hard.  Draftsmen need to profoundly understand the operation and architecture of new and disruptive technologies, while also avoiding the trap of being to narrow and prescriptive in their regulatory provision.

Let us take blockchain as an example.  Drafting regulation that is bespoke to blockchain technology might be helpful in the short term, but as alternative distributed ledger technologies emerge – some very similar (such as Corda), some very different (such as directed acyclic graphs) – such prescription may quickly date the regulation, and prove a waste of the time and money required to draft it in the first place.  Instead, the specialist lawyer will look to the common features across all distributed ledger technologies, for example:

1.     the replication of data across a distributed ledger (and the data protection issues associated with it);

2.     community validation and consensus (and the system governance issues associated with it);

3.     the tokenisation of digital and physical assets (and the financial regulatory issues associated with it); and

4.     the value creation of cryptoassets (and the taxation issues associated with it).

Bringing the requisite legal and technical expertise together in a coherent fashion is a specialist activity, and one that regulators and other organisations are increasingly exploring as they seek to future proof their regulatory provision and the attractiveness of their jurisdiction in the global commercial marketplace.

Regulator 3.0 – the next step?

What next?  New technologies are enabling the sharing of data in ways hitherto though commercially unacceptable. Organisational decision-making is increasingly driven by data modelling.  The exponential growth of the Internet of Things captures data few had dreamed of a few short years ago.  How does a regulator maintain its relevance in this environment?

If we indulge in some crystal ball-gazing, it is perhaps reasonable to predict that regulators will in the future provide the infrastructure upon which their market operates, in effect making the entire regulatory perimeter their sandbox environment.  Maintenance of the environment might be distributed, channels formed and zero knowledge proofs used to preserve commercially and personally sensitive data, IoT devices used to collect behavioural data, artificial intelligence used to identify compliance in near-real time, and machine learning used to refine risk profiles.  Such an environment would do away with costly and often ineffective audit exercises, and fundamentally change the function of a regulator.

Needless to say, any regulated environment will need to retain some traditional oversight for those actors seeking to operate 'off-grid', and will need to be underpinned by effective, well-thought through and flexible regulation.  Whether the future painted above becomes a reality remains to be seen.  Nevertheless, the COVID-19 pandemic represents an opportunity for regulators around the world to pause, take stock, and consider what their role will be in the fabled post-COVID world.  We're excited to see and work with our clients to see what happens.

Author: Tom Grogan

Co-Author: Sian Harding

Tom Grogan is a Corporate Lawyer who leads on emerging technologies at Mischon De Reya. He is currently ranked #1 Most Innovative Junior Lawyer by The Legal Technologist magazine in 2020 and has been shortlisted for Junior Lawyer of the Year by The Law Society of England & Wales in 2019. He completed is law degree at Lancaster University before taking the LPC and completing his training contract at Allen & Overy LLP. He also went on secondment to Vue Cinemas! Since then, he joined Mishcon de Reya LLP in October 2017.

Tom Grogan

Sian Harding is a Trainee solicitor, currently sitting in Mishcon de Reya's Corporate department. She complered her Law with Hispanic Law degree at University College London and then went on to study the LPC. She started training contract at Mishcon de Reya LLP in August 2018 (qualifying in September 2020).

Sian Harding