Don't Just Leave it to the Lawyers!

Many years ago I was involved in the creation of a joint venture between a number of the largest telco suppliers. I vividly recall one meeting, late in the process, where I was in the room with around 15 lawyers, politely arguing over the minutest of details in the 200 page shareholder agreement, and thinking that this must qualify as one of Dante's nine circles of hell! 

As a technologist, with a fascination for business models, I have generally found myself steering away from the legal & regulation aspects surrounding digital transformation. But over the last 24 months I have come full circle and find myself avidly reading up on the latest twists and turns in the regulation surrounding data, AI, platforms, etc..   I have come late to the conclusion that everyone who has a role in going beyond connectivity and defining the next generation of telco services (technology or business model), and everyone who is responsible for creating the next generation of telco Customer Experience Management (CEM), needs to have a working knowledge of the evolving data & competition policy landscape. I personally have focused my efforts on understanding what's coming down the line in EU regulation, primarily because it tends to be more advanced than much of the rest of the world, and very often is developing the templates that other jurisdictions eventually aim to follow.

The first thing to understand is the impressive breadth of this EU data regulation landscape, and what the EU trying to achieve with this legislation. The three leading actors from the EU side are: Ursella von der Leyen - President of the European Commission; Margrethe Vesteger - EU Commissioner for competition / digital; Thierry Breton - EU Commissioner for Internal markets.  All three of these individuals undoubtedly have wide ranging and complex challenges facing them, but their interests all intersect on the topic of data & technology policy, and share the view that the EU is rapidly becoming a significant Digital Laggard behind the USA and China. Furthermore, there appears to be no current pathway for the EU to become a digital peer of the other two great economic powers. They also have more immediate concerns over abuse of technology for both commercial and political purposes, as well as longer concerns over the role of technology in achieving climate goals.

A summary of the EU ambitions for the development of data, IT & platform legislation are as follows:

• Foster an environment for EU Digital Transformation and technology leadership in the world: Or put another way, ensure that the EU doesn’t become a digital backwater, and a digital colony of USA or China.
• Have sufficient control of the technology to protect the political system: By this I mean be able to fight fake news, and political meddling by external powers.
• Protection of EU citizens: Establish sufficient technology control to be able to protect people’s privacy and digital identity, as well as protect EU businesses.
• Upskill the EU workforce: Create an environment whereby a skilled EU workforce in digital technologies can emerge.
• Drive towards climate goals: Ensure EU’s technology direction of travel aligns with EU ambitions to become carbon neutral.

In order to achieve these goals, the EU has put in train a long list of digital legislative initiatives. The top 10 that I find interesting are as follows:

1. Digital Services Act (DSA):  This clarifies the responsibilities of online platforms such as Facebook, Google etc.. around topics such as take-down of illegal content, the rights for redress, etc..
2. Digital Markets Act (DMA): This ex-ante regulation (i.e. regulation that lists prohibited practices such as a ban on self-preferencing, as well as defining the concept of a gatekeeper (i.e. an entity with disproportionately large market influence which needs to be specifically regulated).
3. Markets Definition: A modern definition of current markets to allow for proper regulation. The current definition of markets is terribly outdated and makes it almost impossible to regulate.
4. ePrivacy: This provides more detail to GDPR specifically for Datacomms and the protection of personal Metadata. (This is important to anyone in the advertising industry).
5. eIDAS (EU id): EU identity regulation addressing authentication and security. Currently being updated.
6. EU Digital Services Tax: Surrounds where tax is to be paid for digital services (generally specified as where value is generated).
7. EU Data Governance Act:  This is all about establishing trusted intermediaries for data sharing within the EU. This will embrace initiatives such as GAIA-X.
8. AI Strategy & Regulation: This will focus on defining an appropriate legal and ethical framework for AI use within EU. Main initial focus will be on topics such as autonomous driving, biometric identification, surveillance etc..
9. Platform to Business (P2B) regulation:  This introduces new rules for the relationship between online platforms and business users with the purpose of promoting fairness and transparency for business users and tackling unfair contractual clauses and trading practices. 
10. Markets in Crypto Asset Regulation (MICA): This is the emerging EU legislation surrounding how crypto tokens are regulated and is likely to impact on any plans for embedding blockchain based tokens in any service scenario.

The breadth and ambition of this legislation might all seem a bit bewildering at first but it all works towards the broad set of goals the EU is hoping to achieve (i.e. improve EU tech leadership, protect the political system and the user, and upskill the EU workforce).

And as you scan through this list of emerging regulation, the telco and the rest of the stakeholders (hyperscalers, niche players, content providers, etc..) are going to need to be cognizant of how each piece of regulation will impact on their business models and ambitions. The table below is my interpretation of the likely impact of each piece of regulation on the various key stakeholders.

• DSA: This is certainly negative for the hyperscalers and the other platform players, but that doesn’t translate into a positive for the rest of the ecosystem. Main beneficiaries of this regulation will probably be the users.
• DMA: This is certainly negative for the big hyperscalers as it is designed to limit their market power and force them to access to key innovation capabilities. Accordingly this makes it pretty positive for everyone else in the ecosystem as it will help to somewhat address the in-balance of power.
• ePrivacy: This is certainly negative for the big hyperscalers and reasonably negative for any of the other stakeholders as it will restrict some of the business models these companies would aim to operate (i.e. monetizing customer data). Telcos would tend to view this in a neutral sense as they feel they are already heavily regulated, do not tend to operate business models that monetize data heavily.
• Digital Services Tax: This will not be welcomed by the hyperscalers as it reduces their tax accounting flexibility. But has long been seen as inevitable so not a surprise. Smaller impact on some of the other players who have managed to take some advantage of this flexibility and probably very little impact on telcos.
• Data Governance: This will generally be well accepted by most players. It will strip hyperscalers of some of their potential to lock-in users by making data portability less cumbersome. But it also has the potential to increase the overall dynamism of the market. Could be positive to telco hopes of federating services outside of their national region.
• AI Strategy: As we move from little regulation in this area to increased regulation it is reasonable to assume that everyone will have to take some of the pain to enshrine the new regulation into their current offerings & practices
• P2B: This will regulate how platforms operate with businesses and is likely to add extra requirements on to any company who plans to go to market via a platform business model. Most telcos are at least considering evolving towards operating platform business models in their 5G2B services and so will need to understand the implications here.
• MICA: This will only affect anyone who is embracing tokenomics. It will apply much tighter regulation on the issuing of blockchain based tokens. For example, Facebook's LIBRA ambitions will need to navigate this.

The above is just a relatively shallow level of analysis of the complex changes that are underway.   To really understand the likely impact of this sort of regulation, one needs to map out the value & data flows in your business and identify any key chokepoints in your value flow where the emerging regulation may change the rules of engagement. The work that Professor Michael Jacobides of London Business School has done in this area is a great example of how to apply this knowledge to a specific scenario. It’s well worth reading his paper on “Regulating Big Tech in Europe: Why, so what, and how understanding their business models and ecosystems can make a difference”, if you want to develop an advanced understanding of this topic.

I’d be very interested to know whether this is a topic that you tend to leave to the lawyers in your company or whether you encourage your product managers, operations managers and technologists to explore. As I mentioned earlier, my opinion is that everyone who has a role in defining the next product or business model, and everyone who is responsible for creating the next generation of telco CEM, needs to have a working knowledge of this area. They don’t need to be experts, but don’t just leave it to the lawyers!!