Experimental Regulations for AI: Sandboxes for Morals and Mores

Recent EU legislative and policy initiatives aim to offer flexible, innovation-friendly, and future-proof regulatory frameworks. Key examples are the EU Coordinated Plan on AI and the recently published EU AI Regulation Proposal which refer to the importance of experimenting with regulatory sandboxes so as to balance innovation in AI against its potential risks. Originally developed in the Fintech sector, regulatory sandboxes create a test bed for a selected number of innovative projects, by waiving otherwise applicable rules, guiding compliance, or customizing enforcement. Despite the burgeoning literature on regulatory sandboxes and the regulation of AI, the legal, methodological, and ethical challenges of these anticipatory or, at times, adaptive regulatory frameworks have remained understudied. This exploratory article delves into the some of the benefits and intricacies of allowing for experimental instruments in the context of the regulation of AI. This article’s contribution is twofold: first, it contextualizes the adoption of regulatory sandboxes in the broader discussion on experimental approaches to regulation; second, it offers a reflection on the steps ahead for the design and implementation of AI regulatory sandboxes

echnology has always been a constant source of uncertainties, risks, change, and, in many cases, disruption (Beck 1992;Frey 2019).Complexity, uncertainty, and the fast pace of the innovation process generate a panoply of regulatory challenges (Awrey 2012; Crootof & Ard 2021).Innovation is a regulatory moving target that does not fit well with traditional and primarily reactive regulatory frameworks (Bennet Moses 2011;2013).Technology requires thus regulators to make a number of complex decisions: whether and when to intervene; what kind of regulatory intervention to employ (e.g., command-and-control rules imposing safety requirements or self-regulation); what stakeholders to involve in the regulatory process; and how long the regulatory intervention should last (Cortez 2014).Regulators are also responsible for the social embedding of new technologies and managing the complex tension between the economic and social benefits of innovation and the risks associated with (Weimer & Marin 2016).This article focuses on a timely illustration of the conflict between law and innovation: the regulation of Artificial Intelligence ('AI') through experimental regulation and policy.
As this article explains, for a long time, experimental regulatory instruments stricto sensu, that is, legally binding instruments that establish the temporary regulation of a societal problem on a trial-and-error basis (often in derogation from existing rules or with a limited territorial application), were relatively rare and poorly received in EU and national legislation (Ranchordás 2013;Ranchordás 2014).This has started changing in the last decade with the growing perception that digital technologies differ significantly from traditional markets and require more agile and flexible regulatory frameworks (Attrey et al. 2020).To illustrate, the Coordinated Plan on Artificial Intelligence (2018) refers to the need to "experiment and test [AI applications] in real-world environments." In 2020, the European Council adopted a set of conclusions on the role of regulatory sandboxes and experimentation clauses in an innovation-friendly, future-proof, sustainable and resilient EU regulatory framework (European Council 2020).The European Council defines regulatory sandboxes "as concrete frameworks which, by providing a structured context for experimentation, enable where appropriate in a real-world environment the testing of innovative technologies, products, services or approaches (…) for a limited time and in a limited part of a sector or area under regulatory supervision ensuring that appropriate safeguards are in place" (European Council 2020).
The inclusion of experimental instruments in the regulation of AI can be partially explained by the need to accommodate future developments and address its inherent complexity.The regulation of AI is challenging for several reasons, including the (partially) unforeseeable number and type of future AI applications and the low likelihood that public and private actors will always employ AI responsibly (Clarke 2019).While AI has countless benefits, its regulation calls for both ethical standards and concrete policies and regulations (Theodorou & Dignum 2020;European Commission 2019).At the time of writing, the regulation of AI remains thus under heavy construction.
The EU Proposal for the regulation of AI published on April 21, 2021 gives us a glimpse of the likely future regulation of AI based on risk assessments and ex ante prohibitions.If promulgated in its current form, this regulation will seek to prohibit a number of AI applications that manipulate and discriminate individuals and impose restrictions on many other AI systems with a negative impact on fundamental rights.However, this apparently restrictive regime does not totally close the door to novel developments of AI.Instead, the text of the regulation at the time of writing indicates that this piece of legislation aims "to create a legal framework that is innovation-friendly, future-proof and resilient to disruption." It does so by "encouraging national competent authorities to set up regulatory sandboxes" (EU AI Regulation Proposal 2021).AI regulatory sandboxes will be expected to establish a controlled environment to test innovative technologies for a limited time on the basis of a testing plan agreed with the competent authorities.At first blush, the proposal to allow for regulatory experiments at Member State level may sound appealing.It fits within the recent EU trend to advance flexible and future-proof approaches to regulation and help consolidate the recently established-and still controversial -innovation principle (Garnett et al. 2018;Portuese & Pillot 2018;Ranchordás 2020).Nevertheless, in the race to regulate AI (Smuha 2021), playing with sandboxes is no child's play.Drawing on the recently published EU AI Regulation Proposal and a small number of ongoing national initiatives, this article explores the benefits and intricacies of enacting experimental instruments in the context of the regulation of AI.This article draws upon three key strands of scholarship: the mounting body of literature on the regulation of AI (e.g., Calo 2015;Veale & Edwards 2018;Yeung 2018;Hacker 2018;Clarke 2019;Wachter & Mittelstadt 2019;Kosta 2020); the scholarly work that explains the operationalization of regulatory sandboxes in the financial sector (e.g., Zetsche et al. 2017;Omarova 2018;Allen 2019Allen , 2020;;Knight & Mitchell 2020;Koker et al. 2020); and the more longstanding-albeit scattered-literature on experimental legislation and policy learning (e.g., Listokin 2008;Van Dijck & Van Gestel 2011;Ayres et al. 2011;Ranchordas 2013Ranchordas , 2014;;2015;Wiseman 2013).Extant scholarship on these three central areas of interest has thus far remained disconnected.This article aims not only to establish a dialogue between these different fields but also to discuss the legal and ethical complexities of introducing an experimental approach to the regulation of AI.
This article is structured as follows.Section 1 introduces the most significant challenges of regulating AI with a brief review of recent scholarly analyses on the subject.Section 2 delves into the concepts of experimental regulations and regulatory sandboxes and explains how these instruments have been designed and used over the last decades.This section also sheds light on some of their shortcomings.Section 3 reviews a small number of existing national initiatives involving sandboxes and other experimental approaches to the regulation of AI.Section 4 offers a reflection upon some of the aspects that regulators should take into account when embracing experimental regimes in the context of AI.

REGULATING AI: KEY CONCERNS
This section does not aim to provide a thorough overview of the legal issues pertaining to the regulation of AI.Instead, it highlights some of the key concerns discussed in the growing legal literature that has delved into this subject over the last decade.For the sake of simplicity and considering its focus on AI regulatory sandboxes, this article only refers to AI applications, even though some of these applications may include different approaches to artificial intelligence, that is, "the theory and development of computer systems able to perform tasks normally requiring human intelligence" (Jobin, Ienca & Vayena 2019).
AI, machine learning, and deep learning are already deeply embedded in our lives and have the potential to keep challenging our interactions with technology in fields ranging from healthcare to financial services (Fenwick, Vermeulen & Corrales 2018, UK House of Lords 2018).On the one hand, the challenges faced in the regulation of AI fit the broader discussion of law and innovation.These challenges refer in particular to the questions of whether law stifles innovation and how to regulate technology under uncertain conditions.Thus far, existing scholarship has presented different possibilities to regulate dynamic markets: legislate, make threats, or wait and do nothing (Wu 2010;Cortez 2014).On the other, the impact of AI on existing legislative and regulatory frameworks is unique.AI is changing our legal landscape in an unprecedented way (Calo 2015).Legal systems were developed with the virtues and vices of humans in mind: the civil servant that would try to use her discretionary powers to award a public contract to a family member or acquaintance, because that's what humans do; the exhausted tax officer who, at the end of a long day, would miscalculate a tax return, because that's what humans do; or the social security caseworker that would forgive and forget a struggling mother on welfare that wrongly filled in benefits forms even though this mistake could easily be qualified as fraud, because that's also what humans do (Fosch Villaronga, Kieseberg & Li 2017).AI applications make similar and dissimilar mistakes and call for the regulation of both old and new societal problems.Nevertheless, they pose unprecedented challenges to regulators.
First, the scale of the problem is different as AI applications process (Gerards & Xenidis 2021) and aggregate information in a way that humans cannot.They are thus capable of mass manipulation of consumer weaknesses (Hacker 2021), exercising political influence over millions of individuals, and disseminate algorithmic discrimination at an unparalleled pace (Gerards & Xenidis 2021).Second, the opaque, complex, allegedly biased, and rapidly changing character of automated systems does not interact well with the legal imperatives of legal certainty, transparency, explainability, and equal treatment.The EU General Data Protection Regulation has sought to address some of the risks of automated decision-making.However, the national implementation of Article 22 GDPR on the right to explanation, that is, the right to receive specific information and the right to get an explanation of the decision reached after such assessment and to challenge it, has resulted in the emergence of different legal solutions for the need for transparency in automated decision-making (Malgieri & Commande 2017;Malgieri 2019).Many unsolved questions remain and existing legislative frameworks and instruments (e.g., algorithmic impact assessments) (Kaminski & Malgieri 2020) only provide partial answers to the need for enhanced transparency and accountability (Wachter, Mittelstadt & Floridi 2017).Third, AI's potential for direct and indirect discrimination and manipulation is now far beyond the realms of science fiction (Gerards & Xenidis 2020).The impact of AI on fundamental rights has sought to address this, namely with Article 35 GDPR which enshrines the duty to carry out a data protection impact assessment but its implementation remains tainted by legal uncertainty (Janssen 2020).However, algorithmic discrimination continues to challenge extant doctrinal paradigms of EU and national non-discrimination laws, blurring the lines between direct and indirect discrimination (Gerards & Xenidis 2021).Despite the efforts put in place by the GDPR, data protection continues to be disrupted by the rapid development of new AI applications and their unpredictable character (Kuner et al. 2018).
The European Commission and its expert groups have been working on the development of ethical and inclusive AI frameworks that respect fundamental rights while at the same time ensuring that "Europe can become a global leader in innovaation in the data economy and its applications" (European Commission 2020).Existing European legislative and policy efforts seek to develop an AI ecosystem that will allow citizens, businesses, and services of public interest to reap the benefits of AI (for example, improved health care), optimize services, and reduce the costs of public services that weigh on governments' budgets (European Commission 2020).At the same time, the impact of AI on fundamental rights and public values has not been disregarded in ongoing efforts to regulate it.The EU AI Regulation Proposal seeks to address it with a number of measures.This proposal follows a risk-based approach which distinguishes between different types of risk.AI systems qualified as presenting an "unacceptable risk" to the safety, livelihood, and fundamental rights will be prohibited (e.g., social credit systems such as the one in place in China; AI applications that manipulate human behavior with harm as a likely result thereof).AI systems qualified as "high-risk" used in a number of areas such as critical infrastructures, education, law enforcement, law enforcement, and administration of justice will be subject to strict obligations ex ante.AI systems with "limited risk" will be subject to specific transparency obligations.AI applications with minimal risk such as spam filters fall outside of this EU regulation.
Despite the importance of the proposed measures, there have been for years concerns that a strict regulation of AI at European level may hinder its future development (Gurkaynak, Yilmaz & Haksever 2016).The EU AI Regulation Proposal suggests that the answer to this concern should include the development of AI regulatory sandboxes (Title V, EU AI Regulation Proposal).This suggestion is not new.In the Resolution of 12 February 2019 on a comprehensive European industrial policy on artificial intelligence and robotics, the European Parliament had explicitly stated the importance of "welcoming the use of regulatory sandboxes to introduce, in cooperation with regulators, innovative new ideas, allowing safeguards to be built into the technology from the start, thus facilitating and encouraging its market entry" (European Parliament 2019).It was also here that the European Parliament highlighted "the need to introduce AI-specific regulatory sandboxes to test the safe and effective use of AI technologies in a real-world environment" (European Parliament 2019).The adoption of regulatory sandboxes introduces, nevertheless, two novel elements to the regulation process: first, an experimental approach to regulation which has often been regarded with distrust due to its likelihood to break with existing legal principles and paradigms of legal certainty, legal unity, and equal treatment; second, the assumption that legal systems can switch to more adaptive and anticipatory approaches to regulation that can foresee where there is room for experimentation and according to what rules.The next section explores these two elements drawing on existing experiences with experimental regulations.

EXPERIMENTAL REGULATIONS AND SANDBOXES
Experimental regulations, pilots, and regulatory sandboxes are justified by a wide array of reasons (Ranchordás 2014).In the context of the regulation of emerging technologies, these instruments are employed because they can allegedly help innovators bring to the market new products and services that would otherwise be impeded by existing regulations.Broadly speaking, an experimental approach to regulation-whatever the precise chosen instrument is (e.g, regulatory sandbox, free-zone)-involves the setting aside of otherwise applicable rules or trying out rules because existing regulatory frameworks regarded as burdensome for innovators.The concept of experimental regulations and policies employed in this article refers primarily to secondary legislation with an experimental character (experimental regulations), pilot projects, and regulatory sandboxes.It excludes thus institutional forms of EU experimental governance which focus on different dynamics (Sabel & Zeitlin 2010;Sabel & Zeitlin 2012;Börzel 2012;Zeitlin 2015).This section provides an overview of different types and functions of experimental regulations employed in European countries, devoting particular attention to regulatory sandboxes.

INTRODUCTION
Regulatory sandboxes emerged in the last decade in the context of FinTech (Allen 2019).However, the experimental approach underlying these instruments is not entirely new.Rather, experimental laws and regulations have existed for centuries, and they can be dated back to French legislation enacted in the 17th century (Ranchordas 2013).Early forms of experimental laws allowed local authorities to adapt national laws and policies to local circumstances and budgets.Legal experiments were also used in the 19th century in the former British Empire to help govern certain provinces, also to accommodate local specificities (e.g., in India).In the United States, experimental legislation has allowed, for more than a century, states to experiment, within their powers, with the implementation of multiple laws and innovate beyond existing federal initiatives.This phenomenon is often referred to in the scholarly literature as "states-as-laboratories" (Gardner 1996;Ranchordas 2014).Yet, in most European countries this experimental approach to lawmaking has remained underused for centuries.It was only in the last thirty years that legislators in Europe have started to adopt it.At the time of writing, multiple European jurisdictions know some form of experimental legal regime, even though the definition and legal framework for its application differ greatly.In Germany, experimental laws have been applied at different levels and they have allowed municipalities to conduct several experiments, for example, in the field of education (Horn 1989;Maß 2001;Freund 2003).In France, the Constitution allows (since the constitutional revision of 2003) for experimental laws and regulations to be adopted both at national and decentralized levels (Articles 37 and 72).These constitutional dispositions are further developed in sector-specific legislation and in an organic law enacted on April 19, 2021, which seeks to facilitate the enactment of experimental regulations at local level.Experimental laws have been employed in France in a wide variety of sectors, ranging from agriculture to technology (Stahl 2010;Conseil d' Etat 2019).In the Netherlands, experimental regulations have also been used for the past three decades to improve the quality of legislation, test new regulatory approaches in multiple sectors such as education, urban planning, and traffic safety (Ranchordas 2014; Cnossen & Van der Laan 2018).The adoption of an experimental approach to legislation and regulation entails a number of techniques that encourage market actors to test new products, services, and technology in a real-life environment.Regulatory experimentation enables the gathering of data about a novel technology and it promotes evidence-based regulatory reforms (Van Dijk & Van Gestel 2011).National specificities aside, the broad category of experimental regulations typically shares three main features: a temporary character; a trial-and-error approach to regulation, and a collaborative character which requires the involvement of different stakeholders.In theory, experimental regulations should only be applied to a representative sample of individuals; they should be guided by a clear vision of what is aimed by the experiment; and they should be guided by clear objectives that can help regulators evaluate their results either periodically or at the end of the experimental period.The determination of this experimental period should account for a sector or product typical lifecycle, that is, the time that is typically needed to observe clear results.This is important as, while certain experiments may deliver immediate results (e.g., direct complaints resulting from direct discrimination by AI applications), others may require more time to show their true colors (e.g., indirect long-term discrimination by sophisticated AI applications).
On the one hand, the adoption of experimental regulations can ensure that new regulatory dispositions are tested in real-world conditions and regulators can assess their effectiveness on a regular basis: by applying or not applying-as is the case of regulatory sandboxes-certain dispositions, regulators can assess the effectiveness of laws and policies.This is particularly true when regulators are able to apply laws and policies to different groups on a random basis, thus isolating the causal impact of the law from other factors (Ayres et al. 2011).On the other hand, experimental regulations allow regulators to assert how well new AI applications fit within existing legal frameworks.

EXPERIMENTAL LAWS AND REGULATIONS
There is no widely accepted definition of "experimental legislation" or "experimental regulation" as these concepts are greatly dependent on national legal frameworks and scholarly interpretations.However, drawing on existing literature (Van Dijck & Van Gestel 2011;Ranchordas 2014;Heldeweg 2015), an "experimental law" can be defined as a legislative or regulatory instrument of a temporary nature with limited geographic and/or subject application which is designed to test a new policy or legal solution and includes the prospect of an evaluation at the MORALS + MACHINES 1/2021 end of the experimental period.In practice, the experimental character of a law translates itself in the adoption of experimental clauses or regulations which allow for the temporary adoption of legal measures that are only applied in a certain territory of part of the population.Since experimental regulations often entail setting aside existing dispositions, the principle of legality requires that experimental measures have an explicit legal basis, that is, the experiment must find its legitimation source in a statute.For example, if an experiment is to be conducted in the field of AI applications to healthcare, a statute or a European regulation should explicitly state under what conditions the experiment can be conducted, what legislative dispositions may be disapplied, by whom, and for long.In other words, the legislative basis will determine the terms for temporary and experimental derogations by secondary legislation.
There are two key types of legal experimentation.Experimental regulations can either experiment by derogating from existing legislation or by enacting new or different rules in the context of devolution.In the case of experimentation by derogation, the experiment will mean that certain rules will not be applied to a certain group of citizens or geographical region for a predetermined period of time.The primary legislator introduces an experimental clause in the legislative basis to enable a derogation from statutory rules by secondary legislation (the experimental regulation).A part of the country (for example, the five largest or most representative municipalities) will then comply with the experimental regulation, while the remaining part of the country will abide by other rules.With experimentation by devolution, a federal, supranational or national government empowers multiple lower levels of government (state, national or local) to establish in parallel new regulations in their own jurisdictions on a particular policy area or objective.Experimental arrangements by devolution create different opportunities to enact new laws, adapt national policies to local circumstances and budgets, and initiate policy experiments.This transfer of powers may also enable the different local governments to enact different experiments.Contrary to experimentation by derogation, not all the units in the sample group will apply the same legal conditions to their citizens.Each local unit may experiment with its own solution as long as this fits the federal or supranational experimental framework.

REGULATORY SANDBOXES
Regulatory sandboxes are types of legal experiments that either waive or modify national rules on a temporary basis in order to promote innovation.Regulatory sandboxes are designed to allow market actors to benefit from less burdensome regulatory conditions than those established by law.In computer science, the term 'sandbox' refers to an isolated testing environment which allows for the monitoring of a system and prevents malicious programs from damaging a computer system (Yordanova 2019).In regulation, a regulatory sandbox is an instrument designed to test new services and products in an artificially created regulatory environment.Its tests are not performed in a laboratory but in the real-world with a selected number of participants.Regulatory sandboxes integrate the trend to promote the so-called "smart regulation, " an overarching normative framing for a "micro-optimizing, technology-specific, regulatory strategy" (Omarova 2020).
Regulatory sandboxes emerged 2014 in the context of the UK FinTech policy with the UK's ambition to stimulate the growth of Fintech (HM Treasury 2014).The UK's prudential financial regulator (FCA) first introduced regulatory sandboxes in 2015 to test the market introduction of Fintech products.Several successful regulatory sandboxes followed in the British financial sector.In the meanwhile, regulatory sandboxes have been employed in other regulated sectors such as health care (supervised the Care Quality Commission) and energy (OfGem).Regulatory sandboxes are also now used throughout the world in more than fifty jurisdictions (e.g., Australia, Abu Dhabi, Canada, Denmark, Malaysia, Singapore, France), mostly in the financial sector (Attrey et al. 2020).They exist by themselves or are integrated in broader innovation policies such as innovation hubs, portals, which aim to support the development of fintech (or other) ecosystems (Buckley et al. 2020).
Regulatory sandboxes allow a small number of private firms and the regulators supervising them to engage in iterative learning, offering room for the testing of novel ideas, and enabling rapid regulatory adjustments as results are produced (Allen 2019).Regulatory sandboxes provide learning opportunities to regulatory actors with limited risks as the derogation from otherwise applicable rules or the customization of the applicable regulatory framework is limited to a number of selected individuals or firms.A regulatory sandbox is a way of testing how to best regulate new types of services by working collaboratively with private actors and thus gather more information about them.Regulatory sandboxes aim to achieve different goals related to the promotion of effective competition and innovation.Regulatory sandboxes provide access to regulatory expertise and a set of tools to facilitate testing of new products that would otherwise not be granted access to markets.Regulatory sandboxes aim to offer an experimental scheme which allows for innovative products to receive a guided introduction into a largely unknown market.
Regulatory sandboxes cover a wide variety of programs run by national financial regulators in order to allow for controlled testing by private firms of innovative financial products and services (Omarova 2020).They provide a 'safe experimental space' for innovators to offer real products and services to consumers with the benefit of a waiver, significant relaxation or temporary inapplicability of regulations (Buckley et al. 2020).A regulatory sandbox can generate usable empirical data for better regulatory decision-making.The idea behind the sandbox is for the regulator to approve a firm-specific, deregulated space for the testing of innovative products and services without being forced to comply with the applicable set of existing rules and regulations.With this instrument, the regulator aims to foster innovation by lowering regulatory barriers and costs for testing disruptive innovative technologies, while ensuring that consumers will not be negatively affected (Fenwick, Vermeulen, Corrales 2018).After a call has been launched, a cohort of firms is selected from the pool of eligible applicants that can demonstrate that their business ideas are genuine innovation (Attrey et al. 2020).The market actors selected to join the regulatory sandbox are then given authorization to test their products and strategies without having to comply with otherwise applicable regulatory requirements and financial burdens.
The regulatory sandbox model is particularly attractive because it ensures that the impact of technology will be open to discussion, democratic supervision and control.In this way, public entitlement to participate in regulatory debates can help to create a renewed sense of legitimacy and confidence that justifies the regulation that is subsequently adopted (Fenwick, Vermeulen, Corrales 2018).Nevertheless, at the resemblance of other experimental regulatory instruments, they have important limitations.

GENERAL CRITIQUE TO EXPERIMENTAL REGULATIONS
Experimental laws and regulations were met in the 1980s, 1990s, and early 2000s with great skepticism.They were thought to be contrary to key principles of law such as legal certainty, proportionality, and equal treatment (Horn 1989;Maß 2001).In the last decade, this perspective has changed and it is now clear that these legal principles offer sufficient flexibility to accommodate experimental laws and regulations (Ranchordas 2014).The principle of legal certainty entails that laws should be intelligible, clear, and predictable so that citizens can know what rules bind public authorities and their own behavior.This principle contains two dimensions: a static dimension that requires legal determinacy and a dynamic dimension that allows legislation to adapt to changing circumstances (Oldenziel 1998;Popelier 2008).This means that experimental regulations that are designed in a clear and objective way are not necessarily contrary to the principle of legal certainty.This principle does not dictate the immutability of laws.On the contrary, it seeks to prevent situations in which citizens do not know what laws are valid.Obsolete laws that do not accommodate societal changes violate the principle of legal certainty; experimental laws that have been well-regulated and have well-defined boundaries do not.
A similar reasoning applies to the principle of equal treatment: The enactment of an experimental regulation always gives rise to a situation where market actors will be treated differently.Some market actors will comply with experimental regulations, others with the previously existing regulatory framework.However, if an experiment has clear objectives, a representative sample, a fixed and reasonable period, and the differentiation is only the one strictly necessary to conduct the experiment, the different treatment is fully justified.This interpretation of the principle of equal treatment in the context of experimental regulations was discussed in the Opinion of Advocate General Maduro in the Arcelor Atlantique case (C-127/07, EU:C:2008:728): "legislative experimentation" naturally requires "that the new policy [is] applied to only a limited number of its potential subjects (...) as a result, the policy is artificially circumscribed so that its consequences can be tested before its rules are extended, if appropriate, to all operators who might, in the light of its objectives, be subject to it." The Advocate General explained that this inherent need to differentiate is compatible with the principle of equal treatment as long as experimental laws have a transitory character and the trial takes place according to objective criteria (C-127/07, EU:C:2008:728).In other words, an experimental law or regulation will only defy the principles of legal certainty (interpreted as a multidimensional principle) and equal treatment when it is not adequately justified, designed, or when it is likely to generate situations of unacceptable inequality (Jacobs 2018).
In 2019, the French Council of State published an extensive report on the implementation of experimental legislation in France where some of the shortcomings of legal experiments were discussed with greater detail (Conseil d'Etat 2019).Despite the mounting acceptance of this legislative and regulatory instrument, the French Council of State concluded in its report that the design and implementation of experimental laws and regulations both at national and decentralized levels were often plagued by methodological deficiencies (Conseil d'Etat 2019).The French Council of State' s findings included the following problems: experimental regulations were often not designed with clear objectives in mind; there were also examples of experimental regulations that had been guided by contradictory objectives; the implementation of some experiments had been unduly interrupted and their results generalized their evaluation; and the sample defined for the experiment was incorrectly selected (Conseil d'Etat 2019).Some of these methodological problems have also been identified in The Netherlands (Ranchordas 2014), Israel (Bar-Siman-Tov 2018), and at EU level in the context of the experimental regime for a reduced VAT rate on labor-intensive services (Council Directive 1999/85/ EC; European Commission 2003).
While experimental legal regimes have proven to have multiple benefits, the French Council of State has also alerted to the fact that experimental legislation, while trying to reduce the individual burdens for individuals, has also increased the overall number of regulatory burdens as experimental regulations also establish new compliance rules.

SHORTCOMINGS OF REGULATORY SANDBOXES
Regulatory sandboxes have also been criticized on design and methodological grounds.The efficacy of these sandboxes depends to a larger extent on their design.For example, the assessment criteria for the products being tested may inadequately capture the potentially problematic effects of these innovations on the market or their risks for consumers (Omarova 2020).Furthermore, it is possible that a regulatory sandbox is only successful at the micro level but the products under testing cannot be released at the macro level, that is, outside the controlled sandbox environment (Omarova 2020).Regulators that have thus far implemented regulatory sandboxes have a limited testing capacity and may not able to draw reliable insights about the broader impact of certain products or services outside a sandbox (Omarova 2020).Regulatory sandboxes can indeed only be used by a relatively small number of eligible entities that are selected for a specific purpose so as to limit the impact of potential risks.Not all private firms will be allowed to "play in the (regulatory) sandbox:" the testing product or service must be appropriate for the sandbox; there must be a need for the creation of a regulatory sandbox (for example, if a technology is not innovative and adequately regulated, this need will not be justified); and candidates should offer guarantees of their suitability to join the sandbox (for example, by submitting a project that fits its goals and is genuinely innovation; fulfilling specific requirements such as being an authorized financial institution in that country) (Buckley et al. 2020).

ANTICIPATORY REGULATION
Depending on their design, experimental regulations and regulatory sandboxes with a strong collaborative and proactive character can be examples of a novel approach to regulation and governance: anticipatory regulation.This approach emphasizes flexibility, collaborative governance, and the promotion of innovation through regulation (Nesta 2017).Anticipatory regulation helps reframe regulation as new technologies develop, ensure that regulators can drive innovation, and respond faster to prevent consumer harm (Nesta 2017).Its main pillars include future-proofing, iterative learning, outcomes-based regulation, and experimental approaches.Anticipatory regulation can, in theory, be regarded as a step further than the concept of responsive regulation (Ayres & Braithwaite 1992) which offered a framework for escalating forms of government intervention and collaboration between regulators and private actors.

MORALS + MACHINES 1/2021
While adaptive regulation seeks to promote regulatory change and support innovation by adapting existing regulatory frameworks, anticipatory regulation aims to offer an "iterative development of regulation and a better understanding of technology's impact on society" (Nesta 2017).Nevertheless, the shift toward anticipatory regulation and its instruments (such as regulatory sandboxes) may mean that the stability of legal regimes will have to be interpreted very broadly and it will be necessary to move away from the rigidity that traditionally characterized law.Anticipatory regulation remains understudied and thus not yet offers a clear vision of how regulation should be designed.This is not necessarily a shortcoming but a caveat to be aware of: Anticipatory regulation and its experimental instruments may quiver the traditional foundations of regulation which have thus far been perceived as a typically reactive mechanism to market failures or risks.It is important to investigate in future research whether our existing regulatory methodologies, processes, and instruments are prepared to embrace this anticipatory perspective in order to ensure that anticipatory regulation is not reduced to an empty buzzword.

REGULATORY SANDBOXES AND PILOTS FOR AI: EXISTING INITIATIVES
The development of regulatory sandboxes for AI is relatively recent.Thus far, there are very few examples of these sandboxes at national level.While it is too early to draw any conclusions on their results, these national initiatives may shed some light on how future AI regulatory sandboxes based on EU AI Regulation Proposal could be designed.
In the United Kingdom, the Information Commissioner's Office initiated in 2019 the Beta phase of a sandbox which aimsto enhance data protection and support innovation.This initiative is designed to support organizations using personal data to develop products and services that are innovative and have demonstrable public benefit.The six companies that are part of the regulatory sandbox at the time of writing develop different types of AI application (e.g., secure Advisory AI services that are used to support the clinical assessment of acute mental health; age appropriate child-centered content moderation).For each term, the regulator has determined a set of key areas of focus and sought expressions of interests from organizations that are innovating in specific subjects where clear substantial benefits have been demonstrated (e.g., AI applications for the protection of children's rights and freedoms online) (ICO 2021).The first pilot which was successfully completed in September 2020, inspired the Norwegian and French Data Protection Authorities to develop similar initiatives.
In 2020, the Norwegian Data Protection Authority (Datatilsynet) introduced a regulatory sandbox which aims to promote ethical, privacy-friendly, and responsible innovation within AI.Inspired by the ICO regulatory sandbox, companies selected for the Norwegian regulatory sandbox will be guided in the development of products that comply with data protection law, are ethical, and respect fundamental rights (Olsen 2020).The Norwegian sandbox follows the principles of responsible AI as proposed by the EU High Level Group on Trustworthy AI.The Norwegian AI Sandbox will exempt companies from any enforcement measures during the development phase of the service without providing an overall exemption from the personal Data Act.This regulatory sandbox received twenty-five applications from multiple public and private organizations and selected four projects for the regulatory sandbox which started in March 2021 (Datatilsynet 2021).
The French Data Protection Regulator (CNIL) has also launched a new call for applications for a regulatory sandbox that aims to develop innovative applications.This regulatory sandbox will not exempt the participants from the application of the GDPR but it will help organizations implement privacyby-design from the very beginning.The first term of the regulatory sandbox will be dedicated to the health care applications.
In Germany, some regulatory sandboxes have been developed in the field of automated driving.A regulatory sandbox operating in Hamburg lasted seven months and offered a test bed for an autonomous delivery robot.One of the important findings of the evaluation of this sandbox was the need to estimate well the time and costs devoted by public authorities and private participants to the monitoring of the project (BMWi 2019).
Outside the EU, the interest in regulatory sandboxes for the promotion of innovation is also increasing.In January 2021, Russia introduced regulatory sandboxes for the promotion of digital innovation.The eight projects selected include AI applications in the field of transportation, healthcare, and tourism.The federal law establishing these legal experiments (Federal Law No. 258-FZ) requires a thorough assessment of the risks potentially resulting from the regulatory sandbox and the measures aimed at minimizing them (CMS 2020).

REGULATORY SANDBOXES AND THE EU AI REGULATION PROPOSAL: A REFLECTION
The EU AI Regulation Proposal presents regulatory sandboxes in its Title V (at the time of writing) as "measures in support innovation." The proposal does not regulate in detail these regulatory sandboxes (and there is no expectation that it will or should do so).The proposed Regulation offers the possibility to Member States competent authorities or the European Data Protection Supervisor to establish "AI regulatory sandboxes." These sandboxes "shall provide a controlled environment that facilitates the development, testing and validation of innovative AI systems for a limited time before their placement on the market or putting into service pursuant to a specific plan." As it is customary in the context of regulatory sandboxes, the experiment will be supervised by the competent authorities "with a view to ensuring compliance with the requirements of this Regulation and, where relevant, other Union and Member States legislation supervised within the sandbox" (Article 53 (1) EU AI Regulation Proposal).The establishment of regulatory sandboxes can be regarded as a way of ensuring that there are exceptions for the (at the time of writing) strict regulation of AI that will enable future (and yet unforeseeable) developments in the field of AI.Moreover, AI regulatory sandboxes create additional opportunities to continuously develop the regulatory process and give time and space to national regulators to translate novel scientific evidence into regulation (Ho & Ouellette 2020).
One of the concerns that can possibly arise from the establishment of national regulatory sandboxes is the fragmentation of the European approach to the regulation of AI.In order to address this concern, the proposed Regulation now states that "Member States' competent authorities that have established AI regulatory sandboxes shall coordinate their activities and cooperate within the framework of the European Artificial Intelligence Board.They shall submit annual reports to the Board and the Commission on the results from the implementation of those scheme, including good practices, lessons learnt and recommendations on their setup and, where relevant, on the application of this Regulation and other Union legislation supervised within the Sandbox" (Article 53 (5)).The modalities and the conditions of the operation of the AI regulatory sandboxes, including the eligibility criteria and the procedure for the application, selection, participation and exiting from the sandbox, and the rights and obligations of the participants shall be set out in implementing acts.Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 74 (2).The Commission's power to adopt delegated acts is subject to strict limits: the delegated act cannot change the essential elements of the law; the legislative act must define the objectives, content, scope and duration of the delegation of power; and the Parliament and Council may revoke the delegation or express objections to the delegated act.However, it remains important for national legislators and regulators to further elaborate on the regulatory regime that will be applied to future regulatory sandboxes and coordinate these rules with other European regulators.
The EU legislative acts providing a legal basis for future AI regulatory sandboxes should still shed light on the type of experimental legal regime that will be adopted.In other words, it should be clear whether Member State authorities will be able to offer regulatory waivers or other types of regulatory arrangements for AI experiments.A sandbox can consist in the adoption of bespoke guidance, that is, customized guidance provided to the innovator; temporary derogations from specific rules (exemptions or relief); or regulatory comfort (shared risk), that is, when an innovator wishes to trial a new product or service but is concerned with the breach of certain rules, regulators can "provide comfort" about what they consider to be compliant behavior and their approach to enforcement for a number of agreed issues and a certain period; or confirmation, that is, the regulator will establish within a certain framework the type of activity that is permissible.A legal basis for regulatory sandboxes should decide not only the type of regulatory intervention but also its duration and its area of application (number of individuals allowed to test the selected projects or regions).The appropriate duration of an AI regulatory sandbox will depend on the goals set by European and national legislation.Regulatory sandboxes are experiments and as such, they must constitute representative testbeds for innovation.This entails, for example, that the individuals that test novel AI applications should be part of a representative sample.
Regulatory sandboxes disrupt traditional approval paradigms and allow private actors to conduct limited tests of their innovations with fewer regulatory constraints but with real individuals (Sherkow 2021).This "safe space" for trial-and-error offers opportunities for the promotion of innovation in the development of AI but it also has some risks.The proposed Regulation maintains its risk-based approach in the title on regulatory sandboxes and offers some dispositions on this matter.It provides that "any significant risks to health and safety and fundamental rights identified during the development and testing of MORALS + MACHINES 1/2021 such systems shall result in immediate mitigation and, failing that, in the suspension of the development and testing process until such mitigation takes place" (Article 53 (3).
The information provided by the EU AI Regulation Proposal, particularly without knowing what delegated acts will be issued in the nearest future, is not yet sufficient to judge the likelihood that regulatory sandboxes will truly contribute to the coherent advancement of innovation in AI.As a regulatory and a policy-learning instrument and in the context of a forward-looking approach to regulation, experimental regulations and regulatory sandboxes are in theory suitable tools to promote innovation.However, their design, implementation, and the risk that they will be accepted by traditional regulators, lawyers, and courts should not be taken for granted.Therefore, future regulation and soft law on AI regulatory sandboxes should be considerate of a number of aspects that, at the time of writing, are still unclear.
First, it is unclear how many AI regulatory sandboxes will be authorized per Member State, in which fields, what their limitations will be, what type of regulatory relief they are allowed to provide, and how they will be funded.Thus far, it is clear that regulatory sandboxes should comply with EU data protection legislation but more information is required as it is likely that many sandboxes will meddle with sectors regulated at both EU and national levels.It can be expected that national regulatory sandboxes will have limited room to customize the sandbox as, unless EU legislation explicitly provides room for derogation, national authorities will not be able to exempt participants from compliance with EU legislation.A clear legal basis at EU level is thus required to avoid situations of legal uncertainty.Not every single detail can or should be worked out at this level.For example, only the national authority working together with the key stakeholders and* participants can draft (in a collaborative effort) a realistic timetable and estimate the necessary resources for the execution of the regulatory sandbox.The selection of eligible participants should also be done by national competent authorities.Second, despite the existing dispositions on coordination of regulatory sandboxes (Article 74 EU AI Regulation Proposal), fragmentation of the EU's AI policy remains a risk.The revision of the EU AI Regulation Proposal as well as follow-up legislation (including delegated acts) and soft law instruments should include detailed data information on a number of elements, including methods for collection of experimental data and specific limits on scope, use, and duration of regulatory sandboxes.
The provision of objective guidance for the design of AI regulatory sandboxes can ensure that this instrument's full potential is utilized and regulatory experiments provide meaningful findings as to not only the AI systems being tested in the sandbox but also the effectiveness of the overall AI regulatory framework (e.g., what rules can be set aside? what rules should be stricter?).

CONCLUSION:
In a recent Pulitzer-award-winning novel, "a scientist's work" is presented as an endeavor that is "determined by two things: his [her/their] interests and those of his [her/their] time" (Doerr 2014).The study of AI applications is undoubtedly one of the most complex and inexorable subjects of our current times.However, history has unfortunately taught us the dangers of allowing research to be driven blindly by one's interests and timeliness.AI asks scientists to work together on developing applications that are efficient, ethical, and compliant with legal and moral frameworks.The inclusion of an experimental approach to the regulation of AI can contribute to an interdisciplinary and innovation-driven vision of the future of AI applications.Nevertheless, this article offers two words of caution for sandbox-enthusiasts.First, the proposal of regulatory sandboxes appears to be packed in the narrative that law and regulation stifle innovation, are merely reactive, and lag behind the rapid pace of innovation (Bernstein 2006).This perspective has gained significant traction in the last two decades.While there is some truth in the view that key improvements in our society can be primarily attributed to technological innovation rather than to regulatory intervention, the role of state intervention and the importance of regulation in the protection of the public interest have been significantly underestimated (Brownsword & Somsen 2009;Mazzucato 2013Mazzucato , 2018;;Weiss 2014).The claim that regulation hinders innovation, and thus regulatory sandboxes are needed to test novel AI applications at national level, distracts us from the most important reason why regulatory sandboxes and other experimental regulatory instruments should be used in the context of AI (and beyond it): Experimental legal instruments-despite their imperfections-contribute to the development of evidence-based lawmaking and the continuous reassessment of regulation.Second, experimental regulations and regulatory sandboxes have the potential to contribute to the development of evidence-based lawmaking, only if and when they are well-designed and evaluated.It is unreasonable to expect that the results obtained in any regulatory experiment can be fully compared to those resulting from a laboratory experiment.Laboratory conditions are impossible to recreate in the real-world in which regulation is tested.However, experimental regulations are the second-best alternative: If they are adequately designed, supported by a clear legislative framework, and evaluated according to objective and preestablished criteria, they can contribute to the development of evidence-based lawmaking (Keyaerts 2013).In conclusion, AI regulatory sandboxes are not the answer to more innovation in artificial intelligence, they are part of the path to a more forward-looking approach to the interaction between law and technology.This new approach will most certainly be welcomed with reluctance in years to come as it disrupts existing dogmas pertaining to the way in which we conceive the principle of legal certainty and the reactive-rather than anticipatory-nature of law.However, traditional law and regulation were designed with human agents and enigmas in mind.Many of the problems generated by AI (discrimination, power asymmetries, and manipulation) are still human but their scale and potential for harms (and benefits) have long ceased to be.It is thus time to rethink our fundamental approach to regulation and refocus on the new regulatory subject before us.