The Law and Practice of Global ICT Standardization: Economic Governance through Private Standards Bodies

The functioning of technologies largely relies on standards – technical specifications that ensure that devices, systems and networks “talk” to each other. Due to the rapid pace of digital development, standards are increasingly assuming regulatory, economic and societal roles. How do these standards come to being? How, if at all, can their increasing regulatory function be legitimized? And what is their role in the current legal order? In her new book, Olia Kanevskaia attempts to provide answers to these and many other legal questions arising around ICT standardization.

Unravelling the links between standards, society and law

“Home is where the Wi-Fi connects automatically.” There is some truth in this slightly stereotyped statement: our daily life can no longer be imagined without digital connectivity, and no economic activity would take place without devices and networks that connect to the global web.

All these connections are enabled through standards – technical agreements written in network specification and protocols and that codify characteristics of electronic systems. Examples of ICT standards range from 5G and Wi-Fi specifications to Internet protocols and programming languages. But despite these standards’ crucial role in almost every economic and societal aspect, not much is known about the processes of their creation. Especially from the legal perspective, ICT standardization remains a much under-explored topic.

This may be explained by the fact that traditionally, standards are considered voluntary, while laws are mandatory. Standards are mainly developed by companies, enterprises, and private sector organizations; laws are developed by the legislators. However, standards may also become mandatory by being referenced or incorporated in legislation or legal contracts. In the absence of (effective) laws, standards may wield significant regulatory power by steering the markets. In the global trade arena, standards for digital technologies are increasingly becoming a matter of national security, raising concerns of protectionism and global competition in the high-tech markets (see, for instance, different policy initiatives from the US and EU, discussed here and here). Hence, even if they are not laws, connectivity standards set normative obligations that govern the global network society.

My new book, “The Law and Practice of Global ICT Standardization,” views connectivity standards from the perspective of their legitimacy in the current global rulemaking. To that end, it examines the legislation applicable to standards development, the governance mechanisms of the leading private standards bodies, and the application of these public and private rules in practice. Bearing in mind different ways how standards can be legitimized, the book asks two questions: 1) to what extent do current standardization processes comply with the applicable legal requirements? and 2) should there be increased governmental scrutiny of private sector standardization activity?

The Law and the Process of ICT standards

The first part of the book studies different regulatory levels that govern standardization activities in the ICT sector, the interplay between these levels, and the nature of legal constraints they place on standards bodies.

Standardization is regulated in many legal frameworks, including international trade law (the WTO TBT Agreement being the primer source) and regional or national competition and administrative laws. The relevant rules take a form of best-practice obligations regarding the design of standards development processes. These obligations are provided by a set of broadly interpreted procedural principles, which include transparency, openness, and consensus, and which are open for interpretation by standards bodies and market players. Public law legitimacy of connectivity standards is thus supplied by private actors.

The book proceeds with exploring institutional aspects of ICT standardization by systematically examining governance and decision-making processes of seven leading standards bodies: the ITU, ETSI, 3GPP, IEEE-SA, IETF, W3C and Bluetooth SIG.

These institutions of private governance each have their own organizational rules and a wide range of administrative and technical procedures. But as these rules must follow the broadly prescribed legal requirements, they also must cater to the needs of their members and participants – predominantly private companies.

Standards bodies are heterogeneous. Each of them emerged from unique cultural settings, historical background and institutional processes: IETF, for instance, is traditionally considered an “informal group of likeminded experts” that preliminary represent their own opinions and views, while ITU and to a certain extent, ETSI are comprised of national committees representing “national positions.” It is then not surprising that their interpretations and implementations of legal rules related to the procedural and substantive guarantees also vary, not least with respect to the procedural guarantees in their governance processes and the powers and discretions of their leadership (for more on this, see here). Procedural legitimacy of connectivity standards is thus provided by the tailored operational frameworks and long-standing cultural traditions of expert-driven communities.

Effectiveness and Legitimacy in Practice

The book continues with an evaluation of the legal rules and procedures of standards bodies in the light of current trends and practices in the ICT industry. Do standards development processes that comply with the set of procedural requirements lead to more effective standards?

Case studies and interviews with industry experts, as presented in the book, show that the larger part of the standardization community appears generally satisfied with the governance of most standards bodies. However, frustrations with standardization processes arise once they lead to exclusion – either from the decision-making process or – as a result of decisions taken during a standards development process – from the market.

Even if procedures that are closed and exclusive generate faster and more efficient results, they negatively affect the market uptake of connectivity standards. And while technical quality seems to trump procedural quality, open and inclusive standardization ensures wider stakeholder input and leads to better qualitative results in the long run. Expert legitimacy of connectivity standards is thus inseparable from their procedural and public law legitimacy.

Connectivity standards as emerging global economic governance

There are several gaps in public law on standardization, procedures of private sector standards bodies, and the practical application of these public and private rules. A particularly striking observation is that all sets of rules lack in acknowledging connectivity standards as a form of global governance, and institutions developing these standards – as global institutions of economic activities. As technology evolves, so do its regulatory role and normative power. The question is then whether the current regulatory landscape will ensure that connectivity standards reflect not only the technological reality, but also societal considerations.

The legitimacy of connectivity standards is multifaced, and different actors and communities have a different take of what a “legitimate” standard and standards development processes should be. Similarly, it is nearly impossible to pinpoint the exact reasons of standards’ ineffectiveness, or their failure. Speaking the language of the classics, “Successful standards are all alike; every unsuccessful standard is unsuccessful in its own way.”

In this regard, the answers to the main questions raised by this book are not straightforward. Standardization processes comply with the applicable legal requirements to the extent that their members are comfortable with joining these organizations. The rather broad formulation of these legal rules allows for a lot of flexibilities, which is convenient to the legislators as well as standards bodies. And while the increased governmental scrutiny is likely to improve the overall legitimacy of standardization processes, it should be performed with caution and bearing in mind the private nature of standards bodies.

To adapt to the legitimacy challenges presented by the technological and regulatory developments, standards bodies require increased flexibility. To comply with the set of legal requirements, however, they require clearer processes and external oversight. These two rather opposing objectives are equally important for standardization processes and should be considered by regulators and standards bodies when proposing any changes in the public laws or in the procedures of the institutions of economic governance. The question remains whether the recent examples of the regulatory initiatives in the EU and US that aim to address shortcomings of national standardization policies will be able to strike a balance between these two objectives.

–

(An earlier version of this blogpost was published in fifteeneightyfour in February 2023)