Publications

The paper examines the contradictions of public utilities, with the local public services and electronic communications as paradigmatic examples. Although they originate in opposite market-based contexts and regulatory approaches, these services are characterised by a discrepancy between performance and users’ rights with regard to the quality of local public services and the universality of broadband internet access. The analysis also reveals structural inadequacies in the monitoring and evaluation of local public services (despite their centrality in the 2022 reform), as well as shortcomings in the financial planning and in the implementation of infrastructure for electronic communications services.

​

​

​

​

Calls to regulate artificial intelligence (AI) have sought to establish “guardrails” to protect the public against AI going awry. Although physical guardrails can lower risks on roadways by serving as fixed, immovable protective barriers, the regulatory equivalent in the digital age of AI is unrealistic and even unwise. AI is too heterogeneous and dynamic to circumscribe fixed paths along which it must operate—and, in any event, the benefits of the technology proceeding along novel pathways would be limited if rigid, prescriptive regulatory barriers were imposed. But this does not mean that AI should be left unregulated, as the harms from irresponsible and ill-managed development and use of AI can be serious. Instead of “guardrails,” though, policymakers should impose “leashes.” Regulatory leashes imposed on digital technologies are flexible and adaptable—just as physical leashes used when walking a dog through a neighborhood allow for a range of movement and exploration. But just as a physical leash only protects others when a human retains a firm grip on the handle, the kind of leashes that should be deployed for AI will also demand human oversight. In the regulatory context, a flexible regulatory strategy known in other contexts as management-based regulation will be an appropriate model for AI risk governance. In this article, we explain why regulating AI by management-based regulation—a “leash” approach—will work better than a prescriptive or “guardrail” regulatory approach. We discuss how some early regulatory efforts are including management-based elements. We also elucidate some of the questions that lie ahead in implementing a management-based approach to AI risk regulation. Our aim is to facilitate future research and decision-making that can improve the efficacy of AI regulation by leashes, not guardrails.

The EU AI Act seeks to balance the need for societal protection against the potential risks of AI systems, with the goal of fostering innovation. However, the Act’s ex-ante risk-based approach might lead to regulatory obsolescence (already materialised in 2021 with the spread of LLMs and the consequent reopening of the regulatory process), as well as to over or under-inclusion of AI applications in risks’ categories. The paper deals with the latter outcome by exploring how AI uses in law and rulemaking hide risks not covered by the EU AI Act. It is then analysed as to how the Act lacks flexibility on amending its provisions, and the way forward. The latter is tackled without utopian and not really feasible proposals for a new act and risk-based approach, but focusing on codes of conduct and national interventions on AI uses by public authorities.

Foundation models and generative artificial intelligence (AI) exacerbate a core regulatory challenge associated with AI: its heterogeneity. By their very nature, foundation models and generative AI can perform multiple functions for their users, thus presenting a vast array of different risks. This multifunctionality means that prescriptive, one-size-fits-all regulation will not be a viable option. Even performance standards and ex post liability— regulatory approaches that usually afford flexibility—are unlikely to be strong candidates for responding to multifunctional AI’s risks, given challenges in monitoring and enforcement. Regulators will do well instead to promote proactive risk management on the part of developers and users by using management-based regulation, an approach that has proven effective in other contexts of heterogeneity. Regulators will also need to maintain ongoing vigilance and agility. More than in other contexts, regulators of multifunctional AI will need sufficient resources, top human talent and leadership, and organizational cultures committed to regulatory excellence.

​

Over the last twenty-five years, the Member States of the EU and the UK have introduced freedom of information acts, various types of Ombudsman, impact assessment of legislative proposals, and stakeholders consultation procedures. The aim of regulatory reform is both to improve on substantive regulatory quality and to impact on final governance outcomes. This book explains when and how the design of regulatory procedures has effects on the quality of the business environment, perception of corruption, and environmental performance. The findings shatter predominant views on policy change in Europe, and offer a varied, detailed, granular account of the efficacy of regulatory design.