I. Introduction
The intersection of law and technology has been the site of momentous legal theoretical discussions for some time. The far-reaching implications of technology-driven regulatory trends guarantee its growing significance. It is now among the most important fields of contemporary academic legal theory. So far, we have not found a settled terminological framework (or even analytical focus) for the theoretical challenges in play. They can be captured in terms of a new type of law (like Joel Reidenberg’s “Lex Informatica”Footnote 1 or Roger Brownsword’s “Law 3.0”Footnote 2 ), a new regulatory model (Lawrence Lessig’s “West Coast regulation” and “regulation by architecture/code”Footnote 3 ) or a distinctive mode of behavioural control (Brownsword’s “technological management”Footnote 4 or Mireille Hildebrandt’s “technological normativity”Footnote 5 ). Some are already convinced that a particular facet of modern technology, “code” (i.e. computer algorithms), is about to become the most important behavioural control tool – supplementing (or even replacing) the law as we know it. We may be witnessing a comprehensive realignment of the social profile of the law: an overhaul of legislative processes, implementation mechanisms, legal education and social attitudes towards law. Recently, William Lucy went as far as making a blunt claim about the “death of law”.Footnote 6 When a field of research produces such eye-catching claims, it is well worth subjecting it to deeper analysis.
The present article was admittedly prompted by Lucy’s contribution, but it is not a response to his “death of law” thesis. Nor is it a comprehensive overview of the sprawling literature on technology-driven regulatory trends. Instead, we focus on specific aspects of the theoretical contribution of three legal scholars: Brownsword, Hildebrandt and Lucy. Their ideas are interconnected: Brownsword is heavily reliant on some of Hildebrandt’s arguments and Lucy explicitly builds on both Brownsword’s and Hildebrandt’s insights. The affinity between Brownsword and Lucy is particularly strong: Brownsword even has his own (softer) version of the “death of law” thesis: he sees a scenario under which technological disruption may be a “game-ender” for the law.Footnote 7
We argue that those three scholars represent varieties of a single theoretical perspective that, for ease of reference, we term the “legal theory of code”. We agree with them that the law is changing in consequential ways and we mean to facilitate the further articulation of the legal theory of code. However, we also caution against exaggerating the conceptual novelty in the ongoing transformation of the law.
We cannot deal with all aspects of the legal theory of code here. Helpfully, Brownsword distinguishes three ways in which technological solutions interact with the law: (1) rule-based governance by humans assisted by technology, (2) governance by machines (i.e. the automation of rule-based decision-making) and (3) technological management.Footnote 8 The third “way” is our specific focus. We deal with one important modality of “technological regulation”: measures that rule out violations (or make them unfeasibly difficult).Footnote 9 We term it “behavioural control by code” (inspired by Lessig and Hildebrandt) or “technological management” (inspired by Brownsword). (We use the two terms interchangeably.)
We note that, over time, an entire theoretical discourse has emerged around the second option on Brownsword’s list: the impact of predictive technologies on legal decision-making.Footnote 10 Although advocates of the legal theory of code are influential in that field,Footnote 11 we set aside the theoretical challenges associated with it. What we deal with is nicely captured by invoking Hildebrandt’s useful distinction between “data-driven law” (prediction of legal judgments) and “code-driven law” (norms and policies articulated in computer code).Footnote 12 The former category underlies inquiries into predictive technologies, while the latter is in line with what we mean by technological management. That is, we ask how code-driven regulation shapes the normative environment – and modern state law in particular.
With respect to behavioural control by code, the legal theory of code raises four clusters of important questions. The first concerns the very character of technological management and its implications for the conceptual building blocks of the law. The second relates to the social and technological trends setting the terms for the spread of behavioural control by code. The third focuses on the transformation of the law in the process. Finally, the fourth cluster of issues revolves around the risks brought about by the increasing reliance on technological management. Our article covers themes from the first three clusters. Brownsword and Hildebrandt engage extensively with legitimate worries about the transformation of the law.Footnote 13 We, however, mainly seek to help with the framing of those worries. We argue that putting future research into the fourth cluster of issues on a more stable footing calls for small (but important) adjustments to the underlying account of normativity, as well as broader and deeper engagement with second- and third-cluster problems.
The discussion will proceed as follows. In Section II, we review the key claims of the legal theory of code relevant here. Section III turns to the first cluster of issues to relate behavioural control by code to the idea of “normative guidance” and assess its place in modern state law. These are the conceptual foundations for a competent assessment of how the ongoing transformation of the law alters the terms of behavioural control. Hopefully, this leads to a more nuanced understanding of the contrast between “traditional law” and behavioural control by code.
With respect to second-cluster issues, we outline a broader explanatory framework for the transformation of the law in Section IV. The advocates of the legal theory of code have taken steps in that direction, but more work needs to be done to locate the growing prominence of behavioural control by code in the context of broader social and institutional trends. We need to mobilise concepts that are usually beyond the remit of legal theory, like the “administrative state”, “control society” and “platform society”. In some ways, we seek to add more social theoretical depth to the legal theory of code. With those analytical tools at hand, in Section V, we can look at third-cluster issues about the ongoing transformation of the law. We highlight momentous developments like the enhanced role of the “compliance paradigm”, the emergence of “bespoke law” and the “private legal systems” of Internet platforms.
II. The Legal Theory of Code
Academic engagement with the interaction of law and technology, especially in sociology and social theory, goes back as far as the works of Karl Marx, Max Weber or Georg Simmel.Footnote 14 However, it gained new momentum and heightened significance when the emergence of the Internet made scholars realise that technology can become a behavioural control tool, potentially switching off human agency and making much of the existing law obsolete. In the 1990s, ReidenbergFootnote 15 and LessigFootnote 16 already published pioneering research on technological management. Lessig’s seminal works are of particular significance:Footnote 17 they inspired an exponentially growing body of academic literature.
The legal theory or code emerged as a school of thought against this background. Unsurprisingly, it has become more fragmented over time, but its shared themes and characteristic theoretical assumptions have also become more conspicuous – making it possible to assess its significance for academic legal theory. In this section, we outline its main themes relevant for assessing the conceptual significance of behavioural control by code.
A. Technology as a Behavioural Control Tool
The core idea is that computer codes (or algorithms) are effective behavioural control tools. Due to their capacity to guide and constrain human behaviour, at least in some regulatory contexts, they can supplement and even replace “traditional law”. The advocates of the legal theory of code articulate the aspects and implications of the central idea in a variety of ways, but we can still identify recurrent themes.
The first theme is that “algorithmic regulation”Footnote 18 forces agents to choose between pre-determined options – often leaving open just one possible course of action. With respect to cyberspace (the Internet) or “networks”, the idea already featured in Reidenberg’sFootnote 19 and Lessig’s works. As Lessig put it, “[t]he software and hardware that make cyberspace what it is constitute a set of constraints on how you can behave”.Footnote 20 Crucially, Lessig framed code as the “architecture” of cyberspace – drawing a parallel with how physical architecture constrains behaviour in the offline world. Later, Brownsword extended the underlying insight into the entire technological landscape of social interaction. He explored how code-based control mechanisms may become embedded in the physical and social environment. Instructive examples include GPS-controlled golf carts that cannot deviate from a designated path.Footnote 21 Brownsword and Lucy use the term “technological management” to capture this mode of behavioural control.
When exploring the interface of algorithms and physical technology, Hildebrandt has argued that we witness the emergence of “technological normativity”.Footnote 22 Her point is underlain by an original take on the well-established distinction between “regulative” and “constitutive” rules.Footnote 23 Often, the impact of technological solutions is merely regulative: they “nudge” agents in certain directions without taking away freedom of action. However, when those agents’ choices are systematically excluded (ruling out non-compliance), the technology becomes constitutive of their behaviour.Footnote 24 This is technological normativity – as opposed to legal normativity.Footnote 25 It pertains to constraints that do not even need to be deliberately issued: they operate through the capacity of technological devices or infrastructure to invite or enforce, inhibit or prohibit certain types of behaviour.Footnote 26 Notably, Hildebrandt’s theoretical framing is not widely accepted. For Brownsword, when code “designs out” choices, instead of constituting a different kind of normativity, the regulatory signal is better understood as no longer normative.Footnote 27 Instead of (normative) prescription, we encounter only (non-normative) possibility and impossibility.
One of Hildebrandt’s key contributions is the realisation that technological management has the potential to reshape the agency manifested in behavioural control. When non-compliance is made impossible, we do not simply deal with loss of agency: we face the emergence of autonomous agents (including artificial intelligence). Hildebrandt’s particular focus being the emergence of “mindless” or “data-driven” agency.Footnote 28 (The idea exerted notable influence on Lucy’s account.Footnote 29 ) This way, the legal theory of code gained the capacity to capture how behavioural control can be the combined effect of particular features of the physical environment, computer software, as well as devices controlled by software and data (such as autonomous vehicles or smart meters).
As indicated in the introduction, the advocates of the legal theory of code have serious concerns about the risks inherent to the growing prominence of behavioural control by code and especially its consequences for human freedom and autonomy. E.g. Hildebrandt actively looks for institutional design solutions (“legal protection by design”Footnote 30 and building contestation into “cyberphysical architectures”Footnote 31 ) that address those challenges. However, we set aside such (fourth-cluster) issues. Our inquiry is primarily focused on the theoretical groundwork needed to frame them adequately.
B. The Relationship with Traditional Law
A second common theme is drawing marked contrast between technological management and traditional law. That leads to questioning the very conceptual framing of law in academic legal theory. In a sense, the idea was already present in Lessig’s characterisation of the regulatory impact of “architecture” as an alternative to other social norms – legal ones among them.Footnote 32 Subsequent theoretical accounts, however, are significantly more sophisticated. Brownsword anchors the contrast in the specifics of modern state law by pitching technological management against the “Westphalian view” of the law. The underlying concept of law is markedly Fullerian: “the aim of the legal enterprise is to subject human conduct to the governance of rules.”Footnote 33 Brownsword’s contention is that the traditional “view” of the law (that dictates the jurist’s “standard assumption”) is incapable of capturing technological management. This is due to its two inherent limitations: (1) it isolates (state) law from other kinds of normative ordering (as an island in an “ocean of normativity”)Footnote 34 and (2) it disables jurists “from assessing the significance of non-normative instruments such as technological management”.Footnote 35 The changing reality forces us to redraw the domain of jurisprudence.Footnote 36
Lucy delved even deeper. He insightfully characterises traditional law in terms of its approach to its addressees. He calls this the “law’s abstract judgment” (LAJ) and he breaks it down to three characteristics.Footnote 37 First, “modern law usually sees its addressees not in all their particularity, but as identical abstract beings” (“presumptive identity”). Second, “the law judges its addressees by reference to general and objective standards equally applicable to all” (“uniformity”). And third, in modern legal systems, the application of legal standards “is generally mitigated only by a limited number and range of exculpatory claims” (“limited avoidability”). Crucially, these features are all missing from technological management. As technological management rises, the traditional law designed around LAJ “is destined for the ‘dustbin of history’”.Footnote 38
Hildebrandt has added further nuance by pointing to how “modern law centers around [written] text and printed matter”.Footnote 39 As a result, the law gets entangled in social processes of giving meaning, creating space for conflicting interpretations and making it impossible for the law to function without some doctrinal ordering in place.Footnote 40 By contrast, behavioural control by code breaks the dependence on interpretation and giving meaning. More recently, Hildebrandt proposed a broader framing that characterises law as both information and effective force. The law has performative power: it is not merely information about consequences, but also an “agent capable of transforming our reality”.Footnote 41 This framing brings into sharp focus that computer codes represent a different (and in some ways more efficient) regulatory model that circumvents processes of interpretation and giving meaning. This model builds on a different grammar: “its building blocks are information and behaviour, not meaning and action.”Footnote 42
III. The Normative Character of Behavioural Control by Code
The concept of “normativity” is a key battleground in academic legal theory and the legal theory of code offers insights that cut to the heart of that signature challenge. Behavioural control by code indeed differs from other modes of normative ordering and accounting for it reveals a few blind spots (or at least weaknesses) in mainstream legal theory. The theoretical implications concern not just the character of normativity but state law as well. Our analysis needs to match the legal theory of code on both levels.Footnote 43
A. Normativity, Legal Normativity and State Law
We believe that, when it comes to accounting for the basic conceptual features of normativity, the advocates of the legal theory of code are on the right track. In that regard, we mainly offer terminological refinements. But they lay the groundwork for further theoretical adjustments. Our account of normativity is not pitched as the only feasible one. Alternative explanations (with at least some plausibility and different upsides and downsides) are eminently possible. Some are better at capturing the underlying practical reasons, others are better at reflecting the institutional features of legal normativity. Our account has an institutional focus and it has been customised for a particular methodological framework: interpretivism.Footnote 44 We find those specifications fitting for the legal theory of code.
In our account, normativity is tied up with “human action”. It is about specifying what social agents are to do, as well as setting standards of evaluation for their conduct.Footnote 45 This chimes with Brownsword’s account.Footnote 46 The conceptual core is the idea of “normative action guidance”: making a difference to the addressees’ behaviour by subjecting it to “expectations” (formulated as normative demands).Footnote 47 Those expectations are attributable to specific cohorts of social agents and reflect (contingent) preferences meant to affect the addressees’ own choices. (This assumes that the expectations of others are sources of practical reasons.Footnote 48 )
Crucially, action guidance is only normative when made effective specifically through complianceFootnote 49 – when non-compliance remains a practicable option. Normative guidance is experienced by its addressees as pressure (of varying intensity) to conform to what specific others expect of them. As they still have alternative courses of action open to them in the face of such (often dynamically shifting) constraints,Footnote 50 the addressees’ conduct remains “voluntary”Footnote 51 – a matter of conditioned choices.Footnote 52 In effect, normative guidance ties together two conceptual points: (1) normative demands change what qualifies as justifiable conduct in the eyes of relevant others and (2) they generate compliance.Footnote 53 Without the latter, those demands would not guide and without the former, they would not be normative.
Of course, not all normative mechanisms are legal in character. Distinctively “legal” practices all tie (albeit to a varying extent) normative guidance to the functioning of “formal institutions”. Legal normativity is “institutional normativity”:Footnote 54 social power is invested in formal institutions to make normative guidance effective. Normative functioning is (at least partly) sustained by “officials” taking on specific “jobs” related to generating and implementing practice-specific rules, monitoring compliance, settling disputes around their application, etc. This way, in institutional settings, accountability mechanisms end up tied to explicit obligationsFootnote 55 (as opposed to implied duties that one can “read off” the guided conduct of participants in social practices).
Legal practices come in wide conceptual varieties best captured in terms of characteristic institutional arrangements with respect to the formation and manifestation of both the underlying (reason-giving) expectations and the power exercised over the addressees. For us, “modern state law”Footnote 56 is the relevant “construct of legality”,Footnote 57 but our analysis also encompasses transnational law (like European law) when it becomes effective primarily through state regulation. (In fact, many of the examples analysed in Section V are taken from European law.) This way of calibrating the scope for our discussion is dictated by the problem horizon of the legal theory of code.Footnote 58 In our account, modern state law (in terms of its structural features and processes of legitimationFootnote 59 ) is defined by three core features. (1) The normative (“authoritative”) competences of legal institutions become aspects of exercising “state sovereignty”. (2) Normative force is tied to criteria of formal validity. Valid law collapses into “positive law” invariably “authored” by clearly defined (albeit typically collective) actors.Footnote 60 (3) Legal processes are comprehensively professionalised.Footnote 61 Members of a specifically legal profession take control of a wide range of institutional positions (most characteristically in the judiciary) as officials and they also offer services to mediate between legal institutions and lay participants.
In modern state law (just like in other varieties of law), normative functioning implies the division of responsibilities among a range of different stakeholders – both officials and “laypeople”. This becomes more obvious if we focus on entire legal processes, as opposed to “individuated” legal provisions. Normative guidance is not just about the relationship between its “authors” and its addressees. Positive legal norms may be (and often need to be) internalised by a broader set of stakeholders. A range of officials may need to be involved. Compliance requires a collective effort in collective entities (companies, educational or healthcare organisations, etc.). A whole series of legal norms could not even function without getting embedded in ordinary social interactions. (One can think of how widespread popular resistance would create impossible challenges of enforcement for, say, traffic rules.)
A few implications of this point will be important below. First, when normative functioning gets entangled with formal institutions, norm-setting itself becomes a rule-governed activity – constrained by higher-level norms and subject to legal disputes. (In modern state law, this is characteristically manifested in formal norm hierarchy and constitutional review.) The terms of normative guidance are not just about affecting the ultimate addressees’ conduct: the patterns of norm-following are replicated among legislators and regulators (as they fit their decisions into the fabric of existing law). Among others, this “layering” of normative guidance enables courts to affect legal development (mainly through the subtle manipulation of the terms of imposing legal liability).
Second, broad stakeholder involvement spreads the social impact of normative guidance widely. As behavioural patterns arising from acting on legal obligations comprehensively shape the social environment, compliance with legal norms has extensive “spillover effects” on others. If effective legal obligations make masses of agents act in certain ways (like compel children to attend school from an early age), that will affect (and typically constrain) the choices of others (like their parents) in predicable ways. Crucially, such spillover effects may be the intended regulatory effects – as is typical of behavioural control by code. Sometimes, setting norms for one group of stakeholders is the efficient way of affecting the conduct of other stakeholders. As the focus of normative guidance keeps shifting between categories of stakeholders (elevating or relegating their respective social roles), it becomes a strategic choice of regulatory “technique” whether a specific target group is regulated directly or indirectly.
Third, broad stakeholder involvement (coupled with the wide social impact of compliance) implies that the power manifested through normative demands is not necessarily (and not even typically) a simple matter of a vertical projection of coercion from authorities to addressees. The social power sustaining legal mechanisms is diffused among a wide range of agents – not just institutional ones but “fellow addressees” or “fellow citizens” as well. Different iterations of stakeholder power may even pull addressees in conflicting directions.Footnote 62 Managing the distribution of the social power flowing through normative mechanisms becomes a key aspect of any model of legal regulation.
B. The Contrast with Traditional Law
As indicated above, we do not expect our account of normativity to conflict dramatically with the legal theory of code. However, there is still some room for disagreement. Taking a closer look at the contrast between traditional law and behavioural control by code helps make this more explicit.
Advocates of the theory excel at capturing the key features of traditional law – understood here as a mode of normative ordering prevalent in core doctrinal fields like criminal law, torts, property and contract.Footnote 63 These are all branches of law with hundreds of years of history and entrenched doctrinal structures. They underlie points about traditional law we have reviewed in Section II: Lucy’s on “law’s abstract judgement”, Brownsword’s on how the law engages practical reason and Hildebrandt’s on the central significance of interpretation.
Indeed, the image of traditional law is central to how mainstream legal theory understands normative guidance (and it is also deeply embedded in legal education). It becomes particularly explicit in Lon Fuller’s take on what it means “to subject human conduct to the governance of rules”.Footnote 64 Traditional law confers a distinctive kind of agency on addressees. It engages their practical reason in characteristic ways by setting predominantly “side-constraints” (rather than objectives) for their conduct.Footnote 65 Addressees typically enjoy extensive freedom to determine the exact mode of compliance. The normative pressure the law brings to bear centres around the prospect of being held accountable for unwanted consequences (e.g. harm resulting from breach of duty) and addressees are given fair opportunity to fend off allegations of law-breaking in front of officials (most characteristically judges). Legal disputes leave ample room for contestation around legal norms – leading to incremental interpretive adjustments that dynamically shape the terms of liability.
Brownsword rightly criticises limiting legal theory to this image of law.Footnote 66 Clearly, traditional law manifests the constitutive features of normative guidance, but it is still just one mode of normative ordering. Its construction of agency and the central role it attributes to legal disputesFootnote 67 have a lot to do with a (rather orthodox) conception of the rule of law. (Mainstream legal theory is closely associated with that orthodox conception – paradigmatically manifested in Fuller’s eight principles of legality.Footnote 68 ) On closer analysis, the image of traditional law does not even represent modern state law adequately – where it coexists with related but markedly different modes of normative ordering. Modern state law brings about the dramatic expansion of “technical” or “compliance” regulations (like qualification requirements for professionals or safety standards for buildings, vehicles, industrial processes). Those normative demands typically imply much tighter control over the terms of compliance (a kind of “ex ante” programming), as opposed to ex post correction of norm violations. (This point is explored in more detail below, in Sections IV(A) and V(A).) Also, modern state law calls for a more complex articulation of the interactions between authoritative institutions on different levels of governance (like government departments, regulatory bodies, local authorities) and divide areas of competence between them – generating layers of interconnected (public law) norms. That implies more of a cooperative relationship (including shared regulatory responsibilities), it tends to revolve more around setting objectives (not just side-constraints) and it leaves more limited space for legal disputes to shape the terms of normative guidance.
Once we realise that modern state law is a combination of different modes of normative ordering, the conceptual significance of the contrast between traditional law and behavioural control by code looks more limited. The two indeed reflect divergent assumptions about agency, as well as strikingly different approaches to disputes and enforcement. (Apparently, technological regulation seeks to eliminate enforcement.Footnote 69 ) However, behavioural control by code may show more affinity to other modes of normative ordering (and compliance regulations in particular) that are just as integral to modern state law. They make it look less obvious that the emergence of technological management is bound to subvert the basic character of modern state law.
In Lucy’s framing of LAJ and Brownsword’s reflections on the “Westphalian view”, this point may be partly obscured by occasional signs of conflating traditional law and modern state law. The legal theory of code could be made more robust by anchoring it in a more nuanced understanding of state law as a combination of various modes of normative ordering (some of which are also found in other varieties of law and even private regulation). Modern state law develops through shifting the balance between modes of normative ordering within the parameters of its three core features. Also, as advocates of the theory are well aware,Footnote 70 state law coexists and co-evolves with other normative mechanisms (including social conventions and other legal systems). Behavioural control by code “lands” in this web of relations. Aspects of it are integrated into state law, others are subjected to state regulation and further others remain unregulated by state institutions. That is, most practices of technological management remain crucially reliant on the institutional infrastructure of modern state law.
Some of these insights clearly inspire Brownsword’s more recent tendency to rely on three modalities of law: Law 1.0, Law 2.0 and Law 3.0.Footnote 71 (Technological management exemplifies Law 3.0.) However, that novel framing is at risk of obscuring the character of traditional law by drawing a suspect contrast between a “coherentist” Law 1.0 (revolving around the application of general principles) and a “regulatory-instrumentalist” Law 2.0 (revolving around the effectiveness of regulatory intervention). The distinction is inspired by Edward Rubin’s searing criticism of the coherentist mindset of most legal scholars.Footnote 72 However, Rubin seriously underappreciates the viability of both instrumental and non-instrumental perspectives on all incarnations of the law.Footnote 73 Framing positive law as instrumental to implementing public policy and articulating it in terms of principles (“rational reconstruction”Footnote 74 ) complement each other across all doctrinal fields in modern state law. The problem with Brownsword’s framing is manifested in the fact that, even though he starts from a stark conceptual contrast between the coherentist Law 1.0 and the instrumentalist Law 2.0 and 3.0, he cannot avoid bringing back doctrinal ordering for Law 3.0 in the guise of a “new coherentism”.Footnote 75 The conceptual framing we propose may serve as a reminder that we need more subtle analytical tools to capture how different modes of normative ordering are constituted.Footnote 76
C. The Conceptual Significance of Behavioural Control by Code
Hopefully, these insights can underlie a more complete account of behavioural control by code as a mode of normative ordering that already exerts profound influence over the evolution of modern state law. As to the conceptual basics, the key point is that technological management remains reflective of exercising aspects of human (albeit often collective) agency. Its regulatory impact is underlain by technologies owned by governments and corporations (occasionally even individuals), it is embedded in commercial practices of providing services, it is associated with governance (including the implementation of safety or security measures), etc. It is inextricably linked with the conduct and interests of a range of stakeholders: owners, managers, legislators, regulators, consumers, etc.Footnote 77 Technological management implies the division of normative competences among a range of stakeholders and its regulatory impact manifests the expectations of relevant others. Behavioural control by code does have addressees and they experience the power of others (regulators, owners, managers, etc.) through its regulatory effects.Footnote 78 The conceptual basics are not subverted until we reach the point where no social agents bear responsibility for how technological management affects other human agents.
If behavioural control by code remains a mode of normative guidance, its distinctive character (compared to traditional law in particular) hinges primarily on the possibility of shifting the focus of normative guidance between groups of stakeholders. When technological management makes it impossible (or implausibly difficult) for swathes of agents to act on their own choices,Footnote 79 that indeed switches off normative guidance with respect to them. As Brownsword correctly observes, the addressees’ practical reason is no longer engaged – making their critical and reflective attitude to the regulations irrelevant.Footnote 80 But it also means refocusing normative guidance on other stakeholders – agents who design the given technological facilities, introduce them, control them (including administrative oversight), draw (monetary or other) benefits from them, etc.Footnote 81 The shift is indeed momentous – and almost always profoundly transformative in practical terms. Of course, the regulatory effectsFootnote 82 of this refocusing of normative guidance are still acutely felt by broader categories of social agents. Moreover, in the case of behavioural control by code, such spillover effects are very much intended effects. Typically, we deal with indirectly constraining the conduct of many in carefully designed ways by directly regulating the conduct of a few. That is indeed markedly different to the typical patterns of traditional law.
The critical edge of these observations is worth highlighting. As we have seen, Brownsword (despite working from a highly plausible conceptualisation of normative guidance) argues that the instruments of technological management are “non-normative”.Footnote 83 Our analysis suggests that regulation (or a “regulatory environment”Footnote 84 ) is always normative for some stakeholders and non-normative for others. Declaring any of its modalities as categorically non-normative is misleading at best. Hildebrandt’s alternative strategy assumes a generic concept of normativity from which a conceptual contrast between “legal” and “technological” normativity can be derived.Footnote 85 We resist her theoretical strategy, too. Behavioural control by code is a mode of normative ordering that often (but not always) takes the form of “authored” state law. Leaving open the conceptual possibility of norms that “induce or enforce, inhibit or rule out” forms of behaviour without being “deliberately issued”Footnote 86 only looks plausible if the (legally relevant) intentions and normative positions of designers are set aside.Footnote 87 That move looks unwarranted and it runs the risk of considerable conceptual confusion.
Importantly, reflecting on behavioural control by code also exposes some characteristic weaknesses in mainstream legal theory. First, legal theory needs a broad and layered understanding of agency. Focusing exclusively on the relationship between legal authorities (legislators, regulators, courts) and their direct addressees (right holders and duty-bearers) paints a misleading picture – particularly outside the context of traditional law. The spillover effects on other stakeholders (especially when they are intended) need to be taken more seriously. The conceptual significance of the fact that the focus of normative guidance may shift between categories of stakeholders (elevating the agency of some and marginalising the agency of others) is currently pretty much a blind spot for mainstream legal theory. The legal theory of code has the tendency to focus on more striking manifestations of changing agency in law (e.g. “mindless agency” or “data-driven agency”).Footnote 88 There is room for a more systematic treatment of the underlying conceptual challenges. Perhaps a good first step is following Brownsword’s lead and making “regulation” a focal concept in mainstream legal theory.Footnote 89
The ways in which the “architectural” features of physical and social environments interact with the terms of normative guidance is another blind spot for mainstream legal theory. The pioneering insights underlying the legal theory of code remind us that normative guidance always relies on “architectural” or “infrastructural” features.Footnote 90 (After all, there is no need to prohibit conduct that physical barriers make unfeasible anyway.) As rules are not the exclusive keys to social ordering,Footnote 91 regulatory environments need to be characterised both in terms of their normative and non-normative aspects.Footnote 92 This is a dynamic relationship: a regulatory environment may become more reliant on architectural solutions and less reliant on imposing explicit normative demands (and vice versa). Depending on what technologies are used to manipulate architectural features (signs, walls, guard posts, locked doors, key cards, access codes, etc.), we may end up with different modes of normative ordering. Of course, the point is not premised on a crude conceptual contrast between normative ordering and architectural solutions. Architectural solutions are subject to normative constraints (e.g. their designers have normative responsibilities) and legal obligations for some addressees alter the architectural features of the social environment for others. Once again, systematic treatment of the underlying conceptual challenges should be on the agenda of mainstream legal theory.
Finally, mainstream legal theory tends to overemphasise the conceptual significance of legal disputes. With respect to traditional law, it is a reasonable assumption that, in the end, all theoretical challenges are manifested in problems of legal reasoning in court. That generates a sort of “court-centric” bias at the expense of paying adequate attention to legislators or regulators (who dominate the administrative processes central to the life of modern legal systems). There have been complaints about this bias (most notably from Jeremy WaldronFootnote 93 ) for a long while. Now, we have more pressing incentives to listen. When we need to reckon with several modes of normative ordering, we cannot frame the practical difference legal normativity makes simply in terms of the rights and obligations of the addressees (and then calibrate its institutional implications by focusing predominantly on processes of imposing liability). Observations on the decline of legal disputesFootnote 94 and the prospect of eliminating the need for enforcementFootnote 95 (at least in some contexts) remind us of this vital point. Once again, mainstream legal theory is in need of a more adequate conceptual framing.
In sum, legal theory needs to appreciate more the variability of modes of normative guidance – and their multifaceted effects on the relative social positions of stakeholders. But not all challenges are of a conceptual nature here. We also need to address how modern state law shifts in response to social and institutional trends. That means paying more attention to patterns of exercising regulatory powers, models of governance and the social and technological context of the development of modern states more generally. The next section is dedicated to those broader issues – beyond the standard agenda of academic legal theory.
IV. Social and Technological Trends Shaping the Development of Law
If behavioural control by code does not subvert the basic conceptual parameters of normative guidance, its transformative impact needs to be explained in terms of the shifting balance between different modes of normative ordering driven by specific (and historically situated) social, political and institutional trends. Indeed, the law (like other social practices) is increasingly intertwined with technology: there are ever more norms regulating technology (regulation of technology) and ever more technological solutions deployed to channel and control human behaviour or to enforce norms (regulation by technology).Footnote 96 We need a better understanding of the forces (tied up in social and technological processes) that comprehensively shape legal development by pushing regulatory practices towards increasing reliance on technological solutions.
We believe that, in this respect, the legal theory of code has room for broadening its agenda. Hildebrandt and Brownsword touch on underlying social and institutional trends only sporadically.Footnote 97 Perhaps unwittingly, that creates the impression that technological progress itself drives the transformation of the law – and not its interaction with the social and institutional environment. (Brownsword tends to address how “more technologies bear the weight of governance” without exploring the internal dynamics of practices of governance.Footnote 98 ) This makes Lucy’s attempt to anchor his account in a broader social theoretical context (by invoking Foucauldian concepts like “governmentality” and “biopolitics”) particularly important. We agree that this is where the legal theory of code needs to go. But the straightforward application of a few ideas from Michel Foucault seems simplifying.
In this section, we look at three ways of broadening the problem horizon of the legal theory of code. Our analysis relies on a narrative about the development of the “information society”. It is admittedly a partial narrative, but it seems a good fit in the current context. We seek to demonstrate that the forces in play fall into three categories. (1) Some are more permanent features of modern governance that generate continuous pressure to utilise whatever technological solutions are available. This is the point of our reflections on the “administrative state”. (2) Other forces act through redirecting and reconfiguring long-term trends of social organisation. That is the focus of the subsection on “control society”. (3) And finally, certain new technologies create social spaces and modes of interaction that force adjustments in regulatory practices. This is what we address with observations on “platform society”.
Once those forces and trends are factored in, the insights of the legal theory of code are revealed as pieces of a bigger picture. We see a complex interaction of facilitating and countervailing factors that are unlikely to drive the law towards all-encompassing technological management.
A. The Administrative State
The challenge of understanding contemporary legal developments brings the “state” into sharper theoretical focus. We have argued that legal theory needs to understand better the dynamics of public regulation and much of that is clearly the exercise of “state sovereignty”. But our claim is more specific: modern state law has “co-evolved” with a particular model of state formation, the “administrative state”. The internal dynamics of governance under the administrative state are bound to remain key drivers of the transformation of the law.
The hallmark of the administrative stateFootnote 99 is assuming responsibility for regulating broad areas of social life and building an extensive institutional (“bureaucratic”) apparatus for that purpose. This involves registering, assessing, channelling and (to some extent) dictating social change. Forming, implementing and reviewing policies become integral to all aspects of governance. Crucially, this implies making much of the positive law instrumental to policy objectives.Footnote 100 The administrative state brings about a massive expansion of both the scope and volume of regulatory interventions.Footnote 101 In modern state law, positive law is mostly created through the exercise of regulatory functions by state institutions (i.e. as “administrative law”). The “bending” of the law to the functions of the administrative state inevitably alters the profile of the law. (A clear manifestation being the shift towards compliance regulations – mentioned in Section III(B) and further discussed in Section V(A) below.)
This paradigm of state formation has crucial implications for the key (fourth-cluster) challenge of reconciling behavioural control by code with constitutional democracy.Footnote 102 Not all administrative states are democracies, but the way democratic political morality reconstitutes the relationship between government and citizens (i.e. turns “serving citizens” into the very rationale of the stateFootnote 103 ) makes constitutional democracies crucially dependent on the institutional infrastructure of the administrative state. Expanding regulatory demands (including the regulation of private producers and service providers) is a feature of the democratic political process,Footnote 104 and it generates vast amounts of public policy (with profound implications for the doctrinal development of positive law). Citizenship is reconstituted as “social citizenship”.Footnote 105 Democratic governments commit to providing a range of public services (including direct benefits) – forcing them to lean on large public institutions (in education, healthcare, etc.).Footnote 106
Under these circumstances, the administrative state is bound to undertake to mitigate “risks” with a combination of regulatory intervention and direct action (like disaster relief). This is not a reactive posture: governments build institutional capacities to get proactively ahead of crises, disasters, accidents, epidemics, diseases, etc. Prevention and protection become closely intertwined. (Even the focus of healthcare provision shifts towards “prevention”.) Of course, the risk assessment underlying regulatory intervention is not guaranteed to be consistently reliable: the political process may generate legal protection from imagined or exaggerated dangers.Footnote 107
In historical terms, the first characteristic manifestation of such preventive and protective legislation was labour protection in the nineteenth centuryFootnote 108 – reflecting parallel concerns with power imbalance (the employers’ arbitrary control over employees) and physical hazards to health and well-being.Footnote 109 Slightly different concerns drive investment regulations in the 1930s: apart from protecting small investors, they also address market dysfunctions and failures.Footnote 110 Then, we witness the unfolding of consumer protectionFootnote 111 and environmental protection.Footnote 112 Most recently, user protectionFootnote 113 emerges at the intersection of technological management and the “protective law” of the administrative state.Footnote 114
Lucy is right that much of this historical development can be captured in terms of Foucauldian concepts like “biopolitics” and “governmentality”.Footnote 115 Indeed, modern governmental power operates through the management and regulation of a population’s bodies and lives. But overreliance on this framing would still be constraining and Lucy is certainly aware of weighty objections.Footnote 116 Our concern is that the Foucauldian framing is not well-equipped to account for the dynamic balance between exercising paternalistic control (through managing risks) and facilitating (individual and collective) autonomy in the practices of the (democratised) administrative state. Without further articulation and a broadening of its explanatory scope, it fails to account for the concrete transformation of the law adequately. Admittedly, Lucy recognises that projecting Foucault’s “governmentality” on technological management is not straightforward.Footnote 117 (E.g. governmentality clearly prevails through human agency and that is at odds with Lucy’s own account of technological management.) He ponders options for suitable theoretical adjustments,Footnote 118 but he runs the risk of circumventing some of Foucault’s core insights, rather than utilising them.
We advocate a less abstract framing that revolves around the historical evolution of regulatory practices. It focuses on the long-term trend of “bending” the law to the functional demands of the administrative state. That generated a distinctive dynamic for the development of modern state law well before the emergence of behavioural control by code. Now, however, it facilitates resorting to technological solutions in regulatory practices in at least three conspicuous ways. The first arises from a built-in tension in the democratic political process. Reconstituting the administrative state as constitutional democracy keeps the demand for public regulation consistently high.Footnote 119 Specific public regulations are often contested and there are always political forces pushing for deregulation. However, in constitutional democracies, effectively all groups of stakeholders are invested in a range of public regulations. The combined effect is a continuous barrage of policy initiatives. The policy landscape changes dynamically, but the alignment of institutional and political forces guarantees that a dense web of public regulations continues to be maintained. At the same time, it also becomes difficult to allocate adequate resources for exercising regulatory functions (for the Government to “spend on itself”). That tension makes it harder to resist technological solutions that promise efficiency gains. Second, the heightened demand for public regulation generates a series of complex regulatory challenges in highly technical fields (like producing and supplying energy) that stretch the capacities of state authorities. Authorities compete for the requisite expertise with private actors and with each other. The contemporary administrative state faces the permanent threat that its ability to exercise effective normative control gets systematically compromised (resulting in under-regulation, dysfunctional regulation and inconsistent enforcement). This pressure incentivises the search for technological solutions. (As we will see below, it is also a factor in the rise of “bespoke” and “outsourced” regulation.) Third, public regulation has certain fixed functions and value assumptions (like protecting citizens from systemic threats to their life and property). Technological solutions become hard to resist where they outperform human regulators in that respect. This point underlies one of Lucy’s more forceful arguments about how promised gains in safety facilitate resorting to technological management.Footnote 120
B. Control Society
Another long-term trend we need to factor in is the process of generating, refining and expanding control mechanisms. This is not just about increased efficiency: the evolution of controls reconfigures social relations. And it is not simply about the rise of the administrative state either. Modern control mechanisms (like the increasing reliance on data management) are deployed extensively by both public and private actors across a wide range of social settings. The development of the administrative state is in a dialectic relationship with this trend.
James Beniger, when exploring the origins of the “information society”, traced the trend back to the industrial revolution when material and energy flows triggered a crisis of control.Footnote 121 Control techniques (including bureaucratic organisation, regulated processes and standard setting) were deployed in response. Crucially, this is the story of control techniques passing back and forth between state and non-state actors. Practices of bureaucratic administration developed in government institutions were perfected (and enhanced with technological solutions) in major corporations in the middle of the nineteenth century. Then, those perfected practices seeped back into the public sphere. Weber already reflected on this “perfected” bureaucracy.Footnote 122 Bureaucratic control mechanisms (collecting data, defining authority and competence criteria, the precise designation of duties and responsibilities, etc.) then spread to almost all sectors of society. This is the rise of what Gilles Deleuze calls a “society of control” – where the “numerical language of control” is extensively deployed.Footnote 123
We can spot a historical pattern: every 20 years or so, “control society” is enriched with new features, usually triggered by technological innovations. The invention of the telegraph, the typewriter,Footnote 124 the keyboard calculator and the tabulator,Footnote 125 modern accounting methods, technical standards, the telephone and then the computer are milestones in this development.Footnote 126 So is the Internet raising to a new level the tendency of both corporations and state institutions to operate on the basis of data. Its radical impact lies in making real-time data collection possible. In turn, it also makes inevitable the development of algorithms for processing data in vast quantities. By the 2010s, we had reached the era of “big data”Footnote 127 and surveillance society.Footnote 128
Its entanglement with the administrative state guarantees that modern state law keeps adapting to the evolution of control society. Naturally, the contemporary, “data-based” incarnation of control society forces further adjustments.Footnote 129 Data is becoming a key resource and data-based control mechanisms facilitate the spread of technological management by expanding the scope of “cybernetically controllable” social processes. They now threaten to conquer even domains of human creativity and moral engagement that used to be considered inaccessible to machines.
C. Platform Society
As mentioned above, innovative technologies can generate new social spaces and modes of social interaction. They have their own ways of disrupting regulatory practices that are difficult to capture in terms of the long-term development trends of the administrative state and modern state law. Here, we address one such technological development: the rise of Internet platforms.
Crucially for our investigation, Internet platforms create social spaces of their own where technological management becomes the default control mechanism. It is not just that they resort to “algorithmic” behavioural control: dozens of algorithms work in close cooperation, creating a distinct (highly organised and tightly controlled) virtual environment. Platforms are increasingly seen not simply as advanced web services, but as embodiments of a new type of social coordination,Footnote 130 a new “integration scheme” (in Karl Polanyi’s sense of the termFootnote 131 ) with its own “core organisational logic”.Footnote 132 Algorithmic coordination competes with and partly displaces previous control mechanisms like bureaucracy or market coordination. In some respects, codes on platforms are more effective than those traditional mechanisms: they are able to collect and process vastly more data by using a wide range of algorithms to convert information on social phenomena and human interaction into digits. José van Dijck and his co-authors detect the emergence of “platform power” and “platform society” (from the mid-2010s).Footnote 133
The shift to platform services also leads to the increase (and the increasing complexity) of private regulation. More and more commercial activities are based on long-term engagement with “users” – as opposed to supplying consumers with physical products. Under these circumstances, public regulation shapes up increasingly as “regulation of private regulation”. And as the pressure to resort to technological solutions (as opposed to hiring armies of private regulators and enforcement agents) is particularly strong for commercial actors, it is bound to entangle public regulators in challenges of behavioural control by code.
The legal theory of code would benefit from paying more attention to the new wave of technological progress represented by the “semi-autonomous” regulatory universe of platforms.Footnote 134 (Hildebrandt’s insightful reflections on the “onlife world” are not specific to platform services,Footnote 135 and Brownsword remains focused on the contract law implications of commercial transactions on platforms.Footnote 136 ) The publicly available, written policies of most platforms are only the tip of the iceberg: vast quantities of effective norms are embedded in codes. Millions of decisions of legal significance are made every moment – curtailing free speech, specifying the meaning of non-discrimination or privacy or distributing rides among taxi drivers.Footnote 137 One notable implication is the shifting focus of normative guidance addressed above (Section III(C)): platform owners and executives become the effective agents. (This is explored further in Section V when addressing “bespoke” and “outsourced” law.) Second, commercial executives and IT personnel take responsibility for the translation of norms to algorithms. Third, the traditional techniques of restricting the arbitrary exercise of power (complaints mechanisms, the obligation to give reasons for decisions, etc.) are relocated directly to the platforms, away from the standard institutional structures of constitutional law.Footnote 138
V. The Changing Face of the Law
So far, we have focused on laying conceptual foundations and adding some social theoretical depth – offering adjustments to the analytical framework of the legal theory of code. Hopefully, we are better positioned now to explore the shifting character of (state) law. We seek to demonstrate that by relating the regulatory challenge of accommodating technological management to salient trends in contemporary law. We focus on social and institutional forces that facilitate the spread of behavioural control by code in a dynamic (and increasingly complex) regulatory landscape. The analysis is merely illustrative, limited to looking at a handful of trends: the increasing reliance on “compliance regulation” and the emergence of “bespoke” and “outsourced” law. A more complete analysis would also need to account for complicating factors and countervailing trends (like the continued influence of human rights over regulatory frameworksFootnote 139 ). The concrete examples supporting the analysis will be typically taken from European law that (at least in Europe) very much dictates the development of regulatory practices in the areas of state law most relevant for technological management (like platform regulation).
A. The Proliferation of Compliance Regulations
Above (Section III(B)), we have touched on “compliance regulation” as a mode of normative ordering. We need to take a closer look at some of the implications of its proliferation in state law (as a key manifestation of the unfolding of the administrative state).
The character of compliance regulation is often captured in terms of a contrast between “ex post” and “ex ante” regulation.Footnote 140 In conceptual terms, that can be misleading: all (substantive) legal norms have ex post and ex ante aspects. The former are pushed to the fore when norms are factored into imposing liability for past conduct and the latter guide addressees when figuring out what they can do without breaking the law. But it does not mean that there are no conceptually relevant distinctions here between modes of normative ordering. We have argued (Section III(B)) that traditional law (typically) leaves its addressees extensive freedom to determine the exact mode of compliance and settling liability issues in legal disputes dynamically shapes the terms of normative guidance. That indeed looks like a mode of normative ordering where even some of the ex ante aspects of the law need to be figured out from interpreting ex post liability decisions. (And as this is a prominent feature of the common law, it is unsurprising that Brownsword’s Law 1.0 looks a lot like an abstract characterisation of the common law.Footnote 141 ) By contrast, normative mechanisms may seek to dictate “in advance” the exact terms of compliance. It is not just that the role of ex post articulation of normative guidance is relegated: there may be deliberate attempts to control the addressees’ conduct in ways that pre-empt most legal disputes. In that sense, this kind of law is more preventive (ex ante) than reactive.Footnote 142
Still, the relevant conceptual distinction may be better framed by focusing on the shifting balance between negative and positive obligations. Dictating the terms of compliance demands more than just signalling what law-abiding addressees should not do: it calls for a more detailed articulation of what they should do – often step by step. This is the hallmark of compliance regulation. The normative guidance is still manifested in a range of (interconnected) negative and positive obligations, but the detailing of positive obligations becomes a character-defining feature.
Of course, the distinctions here have significant nuance to them. E.g. one can think of the difference between the duty to avoid causing personal injury by negligent conduct and the duty to fit buildings with a fire alarm of a certain specification. Even the former takes concrete shape as a “duty of care” requiring addressees to take positive steps (like managing risks reasonably by implementing safety measures). Still, the extent to which the law seeks to dictate the exact terms of compliance makes a character-defining difference. Compliance regulations typically require continuous adjustment and specific, targeted efforts. Compliance also usually calls for documentation (to be presented to competent authorities on a regular basis or upon request).Footnote 143 Also, compliance regulations often constitute “professional” systems of rules based on the relevant subject-specific expertise (of engineers, physicians, ecologists, etc.). Such norms have a doctrinal profile markedly different to the “lawyer’s law” of, say, torts and criminal law.
As we have seen (Section IV(A)), compliance regulation is not a new phenomenon. It is not just that “risk-preventing” and “protective” regulations were established in the wake of the industrial revolution. The detailed articulation of positive obligations has a deep history (e.g. in the form of steps to be taken to produce the intended legal effects by drafting and signing a document). However, making a wide range of professional practices, industrial processes and other activities subject to the continuous requirement of alignment with a dense web of regulations (monitored by a bureaucratic apparatus) is unique to the character of the advanced administrative state. The mass “rollout” of compliance regulations can be traced to the 1960s and 1970s,Footnote 144 and it came to exert profound influence on contemporary practices of drafting legislation.Footnote 145
Above (Section IV(A)), we have argued that certain features of the administrative state facilitate the spread of behavioural control by code. This is also true of compliance regulations. Compliance regulations have a history of functioning without the assistance of advanced technologies, but they are especially well-suited for efficiency gains through technological assistance. As the more detailed articulation of expected conduct (in terms of both negative and positive obligations) narrows the scope for the addressees’ choices, technological solutions can target distinct (and sequential) aspects of their conduct (like pieces of information they need to provide before accessing a service). After all, many compliance regulations can be translated into checklists and algorithms. Technological solutions can develop to assist compliance,Footnote 146 and then, regulators have the option to make their use mandatory. And once technological solutions are able to prevent deviation from the norm, it is no longer necessary to formulate expected conduct in terms of obligations.Footnote 147 The intended targets of the regulation become indirect addressees and the focus of normative guidance shifts to a narrower group of stakeholders (owners, designers, etc.). That is, of course, behavioural control by code.
The advocates of the legal theory of code (and especially BrownswordFootnote 148 ) are well aware of the affinity between compliance regulations and technological management. Tellingly, some of Brownsword’s and Lucy’s more compelling pointsFootnote 149 revolve around traffic rules – a paradigmatic case of compliance regulation. Traffic rules can be algorithmised and in the world of autonomous vehicles, that may be the way to keep them functional. It is not far-fetched to envisage (and many doFootnote 150 ) that, for automated vehicles, road signs and traffic lights are becoming superfluous.
We face here the prospect of compliance regulations morphing into technological systems organised around algorithms. The trend is probably best articulated in so-called “by design” regulations that build risk prevention directly into the architecture. In this context, “by design” (e.g. data protection by designFootnote 151 ) refers to a combination of technological measures (like deploying certain software) and organisational features (like entrusting an official with decisions on personal data or only permitting specific personnel to access the key to the server room).
It is worth noting that private systems of normative ordering (like Internet platforms) are key sites for exploring ways of translating compliance regulations into mechanisms of behavioural control by code. “Platform law” is largely compliance regulation to start with,Footnote 152 and as we have seen (Section IV(C)) the technology underlying them has features particularly amenable to technological management.
B. The Emergence of Bespoke Regulation
Legal scholarship has recently awakened to the fact that certain areas of the law are becoming increasingly “bespoke”.Footnote 153 That is, in some regulatory contexts, the law is losing its general character: it becomes “tailor-made” to fit the situation of specific addressees. Think of legislators or regulators setting standards for a handful of powerful companies (or even just a single company) that have enormous economic clout and that innovate so fast that keeping relevant regulations up to date becomes a daunting challenge. That prompts a move away from “one size fits all” regulations “set out in statutes of general applicability, written in broad, almost constitutional form”.Footnote 154 This should not be conflated with the flexible, case-specific interpretation of otherwise generally formulated rules by courts or other authorities. We talk of regulatory measures drafted with specific companies, industries or practices in mind and then adjusting them again and again to keep up with the changing circumstances.
A particularly instructive example, once again, is platform regulation. In Europe, the addressees of the Digital Markets ActFootnote 155 (sometimes characterised as “ex ante competition law” aimed at market anomaliesFootnote 156 ) are the “gatekeepers” providing “core platform services” and enjoying “an entrenched and durable position”. This practically means the 22 core platform services of only six large companies.Footnote 157 The Digital Services Act (DSA) also has a chapter on “very large online platforms and search engines”. Based on the Commission’s designation, this currently concerns a total of 19 services.Footnote 158 A recurrent theme is the mandate of the Commission and the Digital Services Coordinators to “monitor” the platforms,Footnote 159 to “engage in dialogue”,Footnote 160 and to “issue guidelines”.Footnote 161 The increasingly fashionable regulatory sandboxesFootnote 162 are also institutionalised facilitators of bespoke regulation.Footnote 163 In some ways, those regulations have become the record of the twists and turns of the relationship between EU institutions and a handful of multinational companies.
Regulations that effectively take shape in a process of recurrent negotiations between regulators and specific addressees exert increasing influence over the broader regulatory environment. Above (Section IV(A)), we have touched on factors that make the administrative state vulnerable to the outsized influence of a handful of powerful stakeholders: increasing technological sophistication and fast, disruptive technological progress stretch the subject-specific expertise of public regulators. The political influence of large companies and strategic industries can force regulators into a cooperative relationship with addressees that ends up compromising their authority. When the addressees (e.g. the providers of platform services) have powerful incentives to expand the scope of technological management, public regulators may not be well positioned to resist the kind of regulatory “drift” that subverts the reasonable balance between different modes of normative ordering in contemporary legal systems.
C. Outsourced Law
The factors facilitating bespoke regulation are also relevant to another conspicuous trend: the outsourcing of regulation. In fact, the two are often intertwined: the entanglement of private and public regulation may generate a cooperative, negotiated process of producing law “tailor-made” for key stakeholders. And outsourcing may also lead to a regulatory drift promoting the growing prominence of behavioural control by code – without much strategic foresight.
The point is not simply that private regulation operates alongside state law. We talk of the tendency of leaving to private regulators what could legitimately be considered a matter of public regulation. This is what we call (borrowing a term from Pauline Westerman) “outsourced law”.Footnote 164 This naturally amplifies concerns, voiced by both Hildebrandt and Lucy,Footnote 165 that technological management “levels the playing field” between public and private regulation.
Once again, platforms and their semi-autonomous regulatory universe provide a fitting illustration. In parallel to the trend of state law embracing compliance regulation, we see Internet platforms setting internal rules to exercise extensive regulatory control over individuals. The formation of virtual spaces on the Internet (that large platforms inhabit) has altered the predicament of self-regulation in two consequential ways. First, users develop a distinctive relationship with platforms that is both stronger and weaker than what service providers have in physical spaces. It is weaker because, even when virtually “present” inside platforms from morning until late into the night, users experience no physical constraints. But the relationship is also stronger because platforms (and especially social media platforms) “organise” their users’ lives more comprehensively, subjecting them to a dense web of (often covert) rules and reaching deep into their intimate sphere (their self-expression through private communication, personal relationships and emotional life).Footnote 166 Second, as mentioned above (Section IV(C)), in the platform space, technological management is the default control mechanism.
Legislators have an ambiguous attitude towards such systems of private regulation. European law resorts extensively to outsourcing through “co-regulation”,Footnote 167 but it also seeks to restrict the scope for private regulation in certain areas. Clearly, efforts to strike a reasonable balance remain subject to ongoing contestation. As to curtailing private regulation, a key motivation behind the DSA is to replace previously autonomous private regulation with norms anchored in European law and state law.Footnote 168 The volume of compliance regulations is increasing and the progressively more detailed specification of obligations narrows the platforms’ room for manoeuvre. Of course, this makes conflicts between public and private regulation more likely. A way to relieve the tension is focusing public regulations primarily on procedural standards, while leaving it largely to outsourced law to determine the substantive rules. E.g. the DSA only stipulates that platforms must operate a complaints mechanism (and must support their decisions with reasons). It remains the platforms’ responsibility to calibrate how far, say, freedom of expression extends under their rules. Outsourcing the specification of substantive standards is often achieved by referencing “appropriate technical measures”, “appropriate interfaces”Footnote 169 or “user friendly mechanisms”Footnote 170 – allowing platform providers to determine what algorithms and interfaces they deploy to generate the required regulatory impact.
The connection with the underlying logic of bespoke regulation is fairly obvious. Unilaterally imposing substantive public regulations is not always feasible politically, it might have adverse economic consequences and the know-how needed for them may be best cultivated in practices of internal (private) regulation. As a result, a certain mutual dependence develops between public and private regulators, allowing platforms to accumulate power of questionable social legitimacy.
This lends special significance to how platforms differ from other privately regulated spaces. They rely heavily on “inviolable code” as a behavioural control mechanism. Also, technological management penetrates deeply into the intimate sphere of users who find themselves under the purview of predominantly private (outsourced) regulation. In practice, even the procedural standards set through state law are enforced mainly by private actors. As regulatory bodies and courts intervene only sporadically, users barely encounter the state in platform spaces. Indeed, this implies a certain positional advantage for technological management that makes it more difficult for state law to strike a reasonable balance between different modes of normative ordering.
VI. Conclusion
This article offers a sympathetic assessment of what we call the “legal theory of code” – a theoretical framework outlined here predominantly from the works of Brownsword, Hildebrandt and Lucy. The theory offers analytical tools to illuminate contemporary regulatory trends (like the increasing reliance on technological solutions) and it also holds the promise of reinvigorating mainstream legal theory. It throws light on the conceptual character of normativity, it raises crucial questions about the coexistence of different modes of normative ordering and it exerts correcting influence on unduly court-centred (or “dispute-centred”) accounts of the law.
The legal theory of code has excelled at identifying regulatory developments that force legal theorists to reconsider their agenda and recast their analytical tools. Still, we argue that the theory itself would benefit from adjusting its conceptual framing (e.g. its underlying account of normativity), adding more social theoretical depth and broadening its agenda (like paying more attention to regulatory practices on platform services).
Our analysis has specifically focused on exploring how the emergence of behavioural control by code (both in public and private settings) affects modern state law. We agree that the transformation is indeed momentous. As it reshapes power relations and redistributes normative competences, technological management influences how both the direct and indirect addressees of specific regulations exercise their agency. And where behavioural control by code dramatically limits the scope for violating regulations (and thereby the possibility of legal disputes), courts inevitably lose some of their ability to orient legal development.
Still, envisaging a relentless march towards the total domination of technological management over regulatory practices (in line with Lucy’s “death of law” thesis) is premature at best. The conceptual novelty of what we witness should not be overstated. (E.g. this makes us somewhat sceptical about Brownsword’s agenda for a new “conceptual scheme”.Footnote 171 ) Behavioural control by code indeed represents the further evolution of regulatory practices, but key aspects of it are closely intertwined with deep-seated tendencies of the control society and the administrative state (like the proliferation of compliance regulations).
It would be a mistake simply to project the innate tendencies of certain technological facilities on the trajectory of legal development. We argue for relying on a more complex theoretical framework. We need considerable social theoretical depth to figure out the implications of the growing prominence of technological management. We need a better understanding of the co-evolution of the administrative state and modern state law to account for the dynamic balance between facilitating and countervailing factors affecting the scope of behavioural control by code. We need to look at the levers of control over technological management that state law preserves (through property law, commercial law, etc.). We also need to trace the shifts in the power dynamics between stakeholders to ascertain whether they indeed point to subverting the coexistence of various modes of normative ordering a modern state law. Finally, we also need to explore the varying potential of technological management to penetrate different areas of the law (not just administrative regulations but the law dealing with the consequences of harming others by inflicting physical injury, by lying to them, by insulting them, etc.).
Our analysis has touched on key aspects of this broader theoretical agenda. But it remained a limited engagement: it has dealt more with facilitating factors than countervailing ones (like the human rights aspects of regulatory practices) and it has offered very little on the underlying dynamics of stakeholder interests. A lot of further research remains to be done to sustain the momentum of the legal theory of code. It is notable, however, that our (partial) account preserves the distinct possibility that we witness the further evolution of modern state law within its established conceptual parameters. Of course, we do not envisage a harmonious evolution through adapting to novel technological solutions. We recognise ways in which the administrative state (guided by bounded and conditioned policy choices) may find itself compromised in its ability to control the spread of technological management. Some of its built-in features (scarce resources for enforcement, limited access to relevant regulatory expertise, etc.), its close association with the structures of control society and the emergence of social spaces where behavioural control by code is the default control mechanism all constrain the range of viable policy options (and thereby the trajectory of positive law). Various modes of normative ordering (including traditional law) find their place in the shifting regulatory landscape, but nothing guarantees that, in the long run, public authorities (and the institutions of the administrative state in particular) will be able to utilise effectively the normative levers at their disposal to strike a reasonable balance between them.
The lesson emerging from our analysis is that we should worry less about conceptual novelty in behavioural control by code (“non-normative signals”, “technological normativity”). We have the categories at hand to make sense of what is going on. We need to worry more about facilitating the search for solutions to the shifting challenges of institutional design. Keeping the law adequate to the regulatory challenges it needs to tackle remains an ongoing (and sometimes daunting) challenge.
Open access
