10. Support for producing regulation
There are various sources to learn good practices for developing regulations which countries can draw from. The Organization for Economic Cooperation and Development (OECD) has produced over twenty years of guidance on the features of good regulation. It encourages countries to have their principles for good regulation, which many do and should be a reference point for those developing national cybersecurity regulations.
Researchers assessing the quality of regulation in the Digital Markets Act produced a framework of principles of good regulation – drawing on OECD and WEF guidance – that could be helpful to officials in a cybersecurity context. (Bauer et al. 2022, 6) The headline principles are:
- Clear policy objectives based on solving a factual well-identified issue with proven intervention mechanisms
- Clarity of compliance regulations
- Proportionality and adaptability
Sources of cybersecurity-specific guidance and support for regulation development include:
- Capacity building training and advisory projects on regulations (e.g. Commonwealth Secretariat; ITU; Cyber4Dev).
- Some capacity building programs, especially the World Bank’s, include support for sectoral regulation alongside investments in infrastructure (e.g. the Bank’s Digital Malawi project).
Regional workshops are held to discuss the harmonisation of regulation, such as the 2015 UNCTAD-ECOWAS West African seminar as part of E-Commerce Week.