We are already seeing governments essentially outsource their roles as regulators, leaving matters to self-regulation on an increasing scale. European governments, for example, after creating the right to be forgotten on search engines that pre-dated GDPR, left the task of enforcing this right to search engines themselves. The reason? Governments lacked the technological competence, resources, and political coherence to do so themselves.
A regulatory market is a new solution to the problem of the limited capacity of traditional regulatory agencies, invented for the nation-state manufacturing age, to keep up with the global digital age.
It combines the incentives that markets create to invent more effective and less burdensome ways to provide a service with hard government oversight to ensure that whatever the regulatory market produces, it satisfies the goals and targets set by democratic governments.
So, instead of governments writing detailed rules, governments instead set the goals: What accident rates are acceptable in self-driving cars? What amount of leakage from a confidential data set is too much? What factors must be excluded from an algorithmic decision?
Then, instead of tech companies deciding for themselves how they will meet those goals, the job is taken on by independent companies that move into the regulatory space, incentivized to invent streamlined ways to achieve government-set goals.
This might involve doing big data analysis to identify the real risk factors for accidents in self-driving cars, using machine learning to detect money laundering transactions more effectively than current methods, or building apps that detect when another app is violating its own privacy policies.
Independent private regulators would compete to provide the regulatory services tech companies are required by government to purchase.
How does this not become a race to the bottom, with private regulators trying to outbid each other to be as lenient as possible, the way that continued self-regulation might?
The answer is for governments to shift their oversight to regulating the regulators. A private regulator would require a license to compete, and could only get and maintain that license if it continues to demonstrate it is achieving the required goals.
The wisdom of the approach rests on this hard government oversight; private regulators have to fear losing their license if they cheat, get hijacked by the tech companies they regulate, or simply do a bad job.
The failure of government oversight is, of course, the challenge that got us here in the first place, as in the case of Boeing self-regulating safety standards on the ill-fated 737 Max.
But the government oversight challenge in a regulatory market will often be easier to solve than in the traditional setting by having fewer regulators than tech companies, an incentive for regulators to maintain their license, and industry-wide data.
And because regulators could operate on a global scale, seeking licenses from multiple governments, they would be less likely to respond to the interests of a handful of domestic companies when they are at risk of losing their ability to operate around the world.
This approach may not solve every regulatory challenge or be appropriate in every context. But it could transform AI regulation into a more manageable and transparent problem.