Systemically Important Technology

How should big technology platforms be regulated?  Some want to break them up. Others want to restrict, or unrestrict, the speech they permit. Others worry about privacy; some do not.  All these battles are highly politicized. In our recent paper, ‘Systemically Important Technology’, we offer a different, less stalemated, approach.  Technology has become central to our economy and society. We know how to regulate institutions that are as important as many technology firms have become. We propose applying that paradigm – the paradigm we use to oversee certain financial institutions – to technology.

Our paper  offers two suggestions. First, technology regulators should designate certain firms as systemically important, based not only on their size, but also on their interconnectedness, how easily they can be replaced, their complexity, and other factors.  Second, technology regulators should form a council that meets regularly to identify and address issues of systemic risk in technology – a Technology Stability Oversight Council, or TechSOC.

Big Tech’s size and scale — along with our increasing reliance upon it — demonstrate the systemic importance of the dominant tech platforms. Many of the most valuable and highest-earning companies in the world are tech firms. These tech giants provide services to billions of users, as do a group of less-prominent but deeply influential infrastructure providers. Increasingly, tech’s influence has reached into our everyday lives in such a way that is almost impossible to avoid; with so much of business and daily life dependent on the internet, the infrastructure underlying internet services takes on an outsized role. If it disappeared, we would struggle. Moreover, as we show in the paper, important technology firms have disappeared, so far thankfully briefly, due to hacks, outages, and bankruptcies.

Within the financial sector, systemic risk is used to characterize shocks that could cause cascading effects, with an important component being contagion — that failures in one institution will spill over to others. This notion of systemic risk can be applied to many major, and some less major tech firms. The structure of the internet ecosystem creates conditions of dense interconnection that can give rise to the type of contagion that underpins systemic risk. These firms are in some ways ‘too big to fail’ – their failure would have disastrous consequences. In such cases regulation to ensure systemic resilience for tech platforms is appropriate, and may be necessary.

Adopting components of the financial regulatory framework can help ensure systemic resilience and prevent future disasters in the tech. Financial regulation differs from other types of regulation in its emphasis on resilience and system stability, and it has proved its strength through the COVID-19 pandemic. In particular, the designation of Systemically Important Financial Institutions (SIFI) and the establishment of FSOC have played an important role in ensuring the systemic resilience of financial firms and can be used as a model for systemically important technology firms. While these technology firms don’t necessarily meet the specific SIFI designation criteria of FSOC, we propose taking the financial services regime as a model, and adapting it to the distinctive aspects of the technology context.

First, we propose that a new regulatory category be established through federal legislation, analogous to the creation of the SIFI designation established in Dodd-Frank; we label it Systemically Important Network Institutions (SINIs). The FSOC factors of size, interconnectedness, and substitutability might be usefully applied to the technology ecosystem to determine which platforms are to be considered SINIs. Some technology firms that might be determined as systemically important include dominant providers of cloud infrastructure, communications infrastructure, network infrastructure, application infrastructure, and enterprise IT SAAS, as these raise potential concerns regarding the aforementioned FSOC factors.

Second, we propose that a council of relevant federal regulators be brought together to identify and supervise SINIs — designated the Technology Stability Oversight Council, or TechSOC. This would be composed of the heads of relevant federal entities, such as the Federal Communications Commission, Federal Trade Commission, Cyber and Infrastructure Security Agency, Federal Reserve, National Telecommunications and Information Administration, National Institute of Standards and Technology, and any potential Digital Platform Agency. This collection of tech regulators could usefully draw lessons from the experience of financial regulators in identifying vulnerabilities in an increasingly interconnected system. The TechSOC structure would also force information sharing and other forms of informal coordination among agencies that otherwise have only a piece of the relevant information.

TechSOC would be looking for systemic risks posed by individual firms — searching for highly nonlocal effects of local disruptions. Once it had identified particular firms — and perhaps certain widespread practices, if appropriate — as systemically important, it could then subject these firms to heightened regulatory scrutiny.

Our proposal offers a number of advantages over the current system. It consolidates a balkanized regulatory landscape and rationalizes a regulatory mission. It offers a different perspective on technology regulation, one that addresses real problems that have — so far — bedeviled both important technology firms and their government minders. It takes the best features of a successful resilience regime and adapts them to a critical part of the economy, in a way that should appeal across the political spectrum.

As the technology sectors become increasingly pervasive in our daily lives, the need for a new regulatory framework is pressing. A systemic risk regulation structure would provide a way for policy-makers to ensure, hand in hand with technology firms themselves, that firms are resilient and the system a strong one. For tech platforms that have become too big to fail, we can no longer afford to focus energy only on their bigness. We should – and can – take steps to prevent the catastrophic fallout from their failure.

Kevin Werbach is Professor of Legal Studies & Business Ethics at The Wharton School of the University of Pennsylvania.

David Zaring is Professor of Legal Studies & Business Ethics at The Wharton School of the University of Pennsylvania.