Lawmakers have been unable to adapt to the pace of change and digital element of today’s society, making it near impossible for compliance teams to help their companies navigate business in a new digital world.
The Fourth Industrial Revolution, better known as Industry 4.0, was first mentioned in 2016 by founder and executive chairman of the World Economic Forum, Professor Klaus Schwab. While the Third Industrial Revolution focused on electronics, information technology and automated production, the Industry 4.0 era focuses on digital transformation, involving new capabilities for people and machines that will impact every aspect of life across the world.
The Internet of Things, machine learning, cognitive computing and artificial intelligence are part of the evolution taking place in Industry 4.0. This, combined with new business models and new businesses that utilise the technical advancements of Industry 4.0 (such as ride sharing, chatbots, automated self-driving cars, mobile computing, mobile payments, gig economy members and online communities), mean that the Industry 4.0 evolution is developing faster than anyone could have expected.
With these advances in technology and the development of commercial business models come legal and compliance challenges, the most notable of which are the risks around the security of information and who has access to it. For example, the introduction of artificial intelligence has greatly impacted the legal and compliance industry when it comes to deciding who is liable for the decisions made by automated devices. Likewise, the gig economy has raised serious questions around employee rights, insurance, contractor–employee relationships, entitlements, benefits and liability, and the digital economy has led to increases in digital fraud, phishing attempts, payments fraud, spamming and other fraudulent activity.
Most people would not be able to say how Industry 4.0 businesses protect their rights and are responsible for their actions. While questions like those below are easy for experienced lawyers to answer, they are not straightforward for members of the public. The myriad local and international laws that apply also complicate matters even further.
- Who is responsible when a self-driving car causes an accident?
- When you pay someone using an online app, who are you doing business with? Is it an overseas company? Where are they located? Do you have recourse if something goes wrong?
- Who is going to step in and help if an app managed by a business in a foreign country misuses your data? Is that a local regulator? An offshore one? The police?
- If a member of the gig economy steals your idea for a new product, how do you seek action against them? How do you even locate them?
- To what extent are these portals and communities taking responsibility for their users and activities, or are they just a piece of technology and disclaiming all liability?
- How are businesses supposed to handle withholding taxes on payments when most of the time it is unclear who they are actually dealing with or where their counterparty is based?
- If you stay at a property purchased through a sharing website, what would happen if you suffered an accident onsite? Are you insured?
- When you use an app provided on an app store, has that been checked? Is it safe to use? Is the fact that a tech giant is putting that app on their site a representation that they have checked that it is safe to use? Is there a warranty that these store providers give to users?
- What is the liability for damages if these apps are free most of the time?
- If a food delivery driver suffers an accident, are they covered by the employer, or are they independent contractors?
- How will the gig economy workers cope in 50 years when no one has saved up for retirement through an employee or employer contribution?
- If you buy a product online and have it shipped to your country as part of a new globalised economy, which warranty applies?
- If you use an app on your phone to transfer money, is the app company treated like a bank? Are they regulated? Is it safe to use these services?
These are just some of the fundamental challenges facing lawmakers, legal and compliance professionals dealing with Industry 4.0 changes – challenges that remain substantially unaddressed.
Lawmakers can’t keep up with the pace of change
It is very clear that lawmakers are not creating new laws at the pace required to close the gaps. Their strategy has been to leave Industry 4.0 matters unaddressed and hope that the laws from Industry 3.0 or 2.0 or, in some cases, those dating back to the industrial revolution will try and address new economies. More often that not, existing laws will require clarifications or adjustments to be able to be handle the new issues. Lawmakers need to acknowledge that businesses are not able to wait years for courts to make decisions on new issues that could have been easily dealt with by an adjustment to an existing law. The law should be a ‘living and breathing’ instrument that adjusts according to the industry it is seeking to regulate.
Lawmakers don’t really understand the issues that come with the new Industry 4.0 economy
We have all seen the examples of lawmakers interviewing Industry 4.0 executives and trying to reconcile their business models with Industry 3.0 or even Industry 2.0 thinking. While this is entertaining to watch, it is a sad reflection on our lawmakers’ inability to stay current with technical revolutions or seek the talking points they need to engage with businesses in a coherent and intelligent fashion. There is no excuse for not understanding the area of expertise in which you are seeking to regulate. While lawmakers cannot reasonably be experts in every area of the law, they can certainly obtain advice and briefing from their staff or expert consultants for those areas they are not experts in.
Lawmakers in some countries focus on local, short-term constituent-driven issues
While it should go without saying, lawmakers should be tackling the big issues, not the easy ones that add minimal value and are not universally significant. We have seen many instances of this emanating from the United States Congress, where enacted laws require significant compliance initiatives but offer minimal value. Compliance teams should be focused on compliance with the most important issues for business.
The issues are global but the laws and lawmakers are not
The challenge with most, if not all, of the new issues is that they are global issues. The problem is that, on the rare occasions when laws are being contemplated, the laws are being considered locally. There seems to be no clear strategy for globally-consistent laws or for lawmakers to communicate their initiatives to other regions. The clear inconsistencies between laws in different regions creates a burden for business and an increased challenge for compliance teams as companies are forced to have myriad localised policies and the costs of compliance dramatically increase. There must be some consideration to global laws for some truly global issues.
Lawmakers don’t engage with businesses at key compliance conferences
If lawmakers attended industry events they would start to learn first-hand the challenges that compliance and in-house legal teams have in complying with the very laws that they create; however, too often the lawmakers don’t attend at all or appear only very briefly. It should be mandatory for lawmakers to attend industry and business conferences – not the media-led global forums in high-end ski villages, but the local ones in markets and industries with attendees that are trying to operationalise the laws and make them useful.
Compliance teams don’t engage users and stakeholders well enough
Members of society do not understand how their personal data is being used and how their privacy is impacted as a result. A very simple example of this would be how 99 percent of agreement signatories do not take the effort to read the documents’ terms and conditions – they just flip the page or scroll on. Historically this did not really matter for the majority of cases, but as we enter into Industry 4.0 the agreement on how the contained data is to be used is increasing exponentially and can have far more serious consequences. Compliance teams need to take on bigger roles with legal teams to clearly communicate terms and conditions to users, most likely via totally rewriting complex legal terms into simple language. There needs to be a rethink of terms and conditions in a business-to-consumer environment.
Compliance teams don’t often lobby to lawmakers
Laws that are impossible to comply with (at all or within reasonable cost limits) can be avoided. An important part of the role of the compliance officer is to be vocal with lawmakers to make sure that they pass laws that are capable of being complied with. This can be done either directly or through industry groups. Lawmakers need to know the effects of the laws that they are passing. Focusing on the ‘costs of compliance’ will often fall on deaf ears though, so speaking about the efficiency that could be gained from doing things differently will likely achieve a better outcome.
Businesses only want intelligent and practicable regulations
It is a fallacy to suggest that businesses are not looking for new laws and regulatory frameworks to apply to them. Everyone who plays a game wants to know what the rules are. The suggestion that people can just make up the rules that they want and hope that everyone else seems to agree is misaligned. The role of government is to provide a structure in which businesses can operate and play on a level playing field. Yet the lawmakers in most countries have failed to build the regulatory frameworks that are essential to the Industry 4.0 economy. To the extent that businesses are operating without clear guidance, it is really up to them to create internal policies on how they are going to operate. Compliance and legal teams have a great opportunity to help define the in-house laws that should apply to their new businesses. These policies need to be more than just a list of rules – they need to be coupled with a compliance programme to make sure that the agreed policy is implemented.
There is no clear communication with stakeholders
The old maxim of ‘ignorance of the law is of no excuse’ made sense when laws were relatively simple, but how can anyone be expected to understand today’s complicated laws? Likewise, when laws are created by companies in the form of contracts, terms and conditions and rules, they should be made patently clear. Companies are obliged to ensure that they simplify the complexities of their Industry 4.0 offerings for all users and buyers.
No one is stepping up when lawmakers fail to act
With lawmakers failing to act quickly enough, an interim measure is required. This is where industry groups have a unique opportunity to compel their members to a common standard. In the absence of law compelling answers to a particular issue, then there is value in industry groups setting standards and de facto laws that companies should follow. Of course, like all laws (albeit de facto ones), there should be some form of enforcement and accountability for failures. Not having these in place makes most industry initiatives a non-binding wish list. These have minimal value to business and its stakeholders and, wherever possible, stronger enforcement mechanisms should be used to drive compliance.
The Industry 4.0 period is revolutionary as it allows organisations to collect data, analyse it and drive informed action back in the physical world; however, this manipulation of data raises serious questions and the potential for breach and misuse. Therefore, it is paramount for companies to ensure that they have a robust culture and infrastructure for data security awareness and are compliant with data privacy regulations.
Industry 4.0 is going to be a challenge as it is developing far faster than most people are able to cope with. Legislators are rarely seen, so the development of the frameworks on which to implement the Industry 4.0 world may just be up to those who have the intelligence and the knowledge to make a difference: in-house counsel and compliance people.