Good Practice Regulatory Change: Regulatory change in the UK

The current regulatory landscape

Regulation has a variety of purposes, but is primarily concerned with protecting people, businesses and the environment, and to support further economic growth (NAO 2021). The National Audit Office (NAO) reported in the year 2020-2021 there were around 90 regulators operating in the UK (NAO, 2022). A previous NAO report from 2017 suggested the annual expenditure of these regulators was £4bn (NAO, 2017). The UK has relatively low levels of regulation compared to other members of the Organisation for Economic Co-operation and Development (OECD), with less use of command and control approaches (NAO, 2017). A command and control approach is one where regulation is led by legislation, and there are clear boundaries between illegal or non-compliant activity and compliant activity. This approach is overseen by regulators with responsibility for enforcement (Gunningham and Sinclair, 2017).

In the UK, there has been an emphasis on reducing the burden of regulation on businesses and cutting ‘red tape’ (NAO, 2017). The government set targets to reduce regulatory costs to businesses over the period 2015-2020 by £10bn a year, a reduction from an estimated total of £100bn a year. Measures likely to have a significant impact on business, civil society, the public sector or individuals are expected to complete a full Impact Assessment and be submitted to the Regulatory Policy Committee (2019) for scrutiny. The impact on business is a key focus of the committee’s guidance (Regulatory Policy Committee, 2014). This has led the OECD (2021) to suggest that the UK may benefit from extending this focus to other elements important for sustainable and inclusive growth.    

In recent years, there has been a rise in change programmes related to digital transformation and new technologies. In 2019, the government published a White Paper (BEIS, 2019) setting out policies for reforming the regulatory system to support innovation, recognising the need to keep pace with technological change. More recently, a number of new regulatory powers have been established relating to the internet and online harms. This includes proposing Ofcom as the regulator for a new online safety regime as set out in the Online Safety Bill, and the Digital Markets Unit within the Competition and Markets Authority (CMA) as overseeing digital competition (CMA and Ofcom, 2022). 

Different regulatory approaches

The most traditional form of regulation is command and control, with decisions about the scope and approach taken by central decision-makers. This was seen as a key feature of regulation in the United Kingdom, especially within healthcare, before Margaret Thatcher’s deregulatory reforms in the late 1980s (Ham, 1999). The 2005 Hampton report (Hampton 2005) was commissioned by the government to understand Britain’s regulatory landscape and considered the work of 63 national regulators. It has been argued that this report provided a shift in the regulatory landscape and the role of regulators by creating a consensus that regulatory agencies should prioritise advice and guidance, over methods of inspection (Vickers, 2008). 

The literature identifies a number of different regulatory approaches that have come into prominence since the move away from traditional inspection-led, command and control regulation. This includes co-regulation, with a greater involvement of industry or third parties in the regulatory process (Martinez, Verbruggen and Fearne, 2013), and more flexible approaches as seen in descriptions of smart regulation. The concept of smart regulation (Gunningham and Sinclair, 2017) was first developed in 1998. Gunningham and Sinclair (2017) define smart regulation as: 

“A form of regulatory pluralism that embraces flexible, imaginative, and innovative forms of social control. In doing so, it harnesses governments as well as business and third parties.” 

This differs from co-regulation, in so far as Gunningham and Sinclair (2017) suggest that smart regulation involves the use of different policy instruments, with some combinations complementing each other better than others. This includes wider types of regulation such as command and control and co-regulation, where a regulator will work alongside third-parties to enforce regulation in an industry, as well as others such as self-regulation and voluntarism. Self-regulation refers to where an industry or organisation will regulate itself without external interference, while voluntarism is an approach where organisations regulate their own affairs. Gunningham and Sinclair (2017) suggest that voluntarism, when it is genuine, will complement most forms of command and control regulation. De Bruca and Scott (2006) propose a similar concept titled New Governance. They define this as:

“A shift in emphasis away from command and control in favour of regulatory approaches which are less rigid, less prescriptive, less committed to uniform outcomes, and less hierarchical in nature.”

Risk-based regulation has also grown in prominence as an approach. By taking a risk-based approach, regulators rely less on inspections and instead prioritise their resources towards organisations or sectors which are seen as posing the highest risks. It is important that those who adopt risk-based regulatory approaches have strong relationships and high levels of trust with the bodies they are regulating. They cannot rely on inspections to identify incidents and risks (Gunningham and Sinclair, 2017). This makes building trusting relationships between regulators and regulated organisations especially important so that individuals working in industry feel comfortable raising possible challenges or areas of non-compliance. 

Risk-based regulation is a fluid term that has evolved since its rise to prominence after the Hampton report (2005). It has been defined as the idea that regulators cannot, and indeed should not, try to prevent all possible harms (Beaussier et al., 2016). Instead, regulatory interventions should focus on controlling the greatest potential threats to achieving regulatory objectives, as determined through assessments and forecasts of their probability and consequences. Prioritising regulatory activities in this way promises to make regulation more effective and proportionate (Rothstein et al., 2016). 

This is closely linked to the concept of self-regulation or self-reporting. Etienne (2015) conducted a study of industrial risks in France and suggested that inspections were “a rather weak and inefficient tool for detecting incidents.” He argued that inspection-based regulation would not be effective as incidents may be resolved or irrelevant by the time physical inspectors came to investigate. Instead, approaches relying on self-regulation may be more effective. The NAO (2017) describes how this can take the form of enforced self-regulation, through tools such as a mandatory code of practice, or voluntary self-regulation through voluntary codes or membership bodies. Although included in the literature review, self-regulation was out of scope for the remainder of this project.