Digitalisation | Five legal and regulatory predictions for 2022

Lawmakers as digital eco-warriors 

Expect new tech-specific environmental legislation.

Climate change has become a major business issue, and it is not just environmental activists driving the agenda. Increasingly, lawmakers are forcing the pace and we expect growing legislative focus internationally on the environmental impact of technology (notwithstanding that technology can also support decarbonisation).

France recently passed new green laws focused specifically on digital technology – requiring consumer disclosures on environmental impact, penalising planned obsolescence and setting mandatory rules on eco-design and product updates. We predict similar initiatives in other territories.

Digital regulation as a team sport 

Expect ever-greater co-operation between authorities to regulate digital business models.

Digital regulation is no longer just about tech companies. Digitalisation in all areas of business has led to a growing body of "digital regulation" enforcement that is building digital expertise not just among data protection, consumer and communications authorities, but also in financial, energy, transport and other sectoral regulators – and cross-sector regulators including competition and advertising authorities.

Initiatives such as the UK's Digital Regulation Co-operation Forum evidence a growing sense that authorities need to work together to regulate the digital world more effectively, learn from and leverage each other's experiences and avoid silos of expertise and skills. 

We predict higher levels of co-operation between regulators handling digital issues, and policymakers increasingly supporting this with statutory information-sharing mechanisms and duties to consult. 

DigReg explosion  

Expect new regulation of digital activity to snowball.

The pace of new digital regulation will increase: over the next few years it will come thick and fast, and from many angles. This increase in volume is compounded by the increase in its scope of application as traditional sectors digitalise. 

We expect various regulatory proposals for artificial intelligence (AI) from around the world to start crystallising this year. Data regulation will also be a growth area, with a broadening scope covering not just personal data privacy issues, but also supporting "smart data" and "open data" initiatives to open up both public sector and privately held data, and help enable innovative new products and services.

Consumer protection is also high on the agenda, as seen in the UK's Online Safety Bill and the EU's Digital Services Act and "New Deal for Consumers". 

Further sector-specific digital regulation also seems likely, not least in areas such as non-fungible tokens (NFTs), decentralised finance (DeFi) and cryptocurrency. And linked to our first prediction, carbon-intensive technologies like blockchain, and the businesses that make money from them, can expect particular scrutiny going forward.

The emergence of 'Metaverse Law' 

Expect a growing debate on how best to build new frameworks for a nascent world.

Investment in building the Metaverse will continue to grow – and just as we saw with the birth of the internet, and with AI more recently, we predict a growing debate about governance, ethics and rights.

Questions need to be addressed around how interoperability standards are set and can evolve and about the regulation of activities – and ownership (and misuse) of virtual property – in the brave new world of collective virtual shared spaces. Property and people will need to be protected, law and contracts enforced, and remedies and recompense available where harm is done. 

We may not see the answers to these questions in 2022, but we expect to see academics, businesses and lawmakers starting to discuss them in earnest.

The quantum menace 

Expect businesses to start to act on the quantum cyber threat.

Quantum computers will be able to break current public key encryption, meaning that huge volumes of currently secure data could become accessible to anyone using the right quantum technology.  Whether that is in less than five years or more like 15 years remains unclear, and to date the business community generally has not seemed too concerned – perhaps assuming that quantum attacks can just be countered with new quantum encryption. But data often has a long shelf life. 

Businesses are increasingly taking note that it is not just tomorrow's data that is at risk but anything stored or transmitted today – or before today – using current encryption techniques. This issue will start to appear in risk registers, and will need to be worked into supply chain and M&A due diligence. It may begin to feed into business value calculations. 

We predict 2022 will be the year that a wave starts to build of businesses deploying operational, technical and contractual measures to address and mitigate the quantum cyber threat.

If you'd like to discuss any of these predictions, or any wider legal and regulatory issues around digitalisation, please contact the author or your usual Osborne Clarke contact.