Regulatory Cooperation in AI Sandboxes: Insights from Fintech

The global expansion of artificial intelligence (AI) has necessitated the adoption of the ‘regulatory sandbox’ regime, an experimental framework originally matured within the financial sector to pilot novel technologies under regulatory oversight. This approach provides entrepreneurs with a controlled environment to test innovations while benefiting from specific regulatory dispensations or waivers during the trial phase. In the European Union, the Artificial Intelligence Act now obliges Member States to establish these sandboxes to facilitate compliance, foster innovation, and contribute to evidence-based regulatory learning. 

Because AI systems, particularly those used in high-stakes decision-making, frequently address complex issues related to data governance, privacy, and sectoral standards, their oversight often falls under the jurisdiction of multiple regulatory bodies simultaneously. This convergence introduces a critical need for regulatory cooperation to mitigate the risks of regulatory overlap, inconsistency, and the potential for ‘regulatory black holes’ where specific harm may fall between the cracks of disparate mandates. Indeed, insights from the Fintech experience suggest that the efficacy of a sandbox is substantially contingent upon successful coordination among the regulatory bodies administering the sandbox, to prevent regulatory arbitrage and a ‘race to the bottom,’ where authorities might offer excessively broad concessions to attract innovative firms. For these reasons, our recent article explores how regulators collaborate in the design and operation of regulatory sandboxes.

To address the challenges outlined above, several structural models for regulatory cooperation in relation to sandboxes exist at the national level. 

The ‘single entry point’ mechanism allows a firm to apply to a primary regulator, who then assists in liaising with other relevant authorities. This model, utilized in jurisdictions like Hong Kong for sandboxes administered independently by the respective financial regulators, provides a ‘one-stop shop’ for participants but can be burdensome for the lead regulator who must manage diverse eligibility requirements and maintain clear communication with all stakeholders. Consequently, the single-entry-point approach is likely more straightforward in the context of cross-sector sandboxes jointly administered, as adopted by the FCA and the Bank of England in the Digital Securities Sandbox (DSS).

Alternatively, some jurisdictions maintain ‘separate entry points’ where independent regulators administer their own distinct sandbox programs. This fragmented approach, seen in countries like India and Australia, often requires firms to navigate multiple bureaucratic processes, though it can be mitigated by informal information-sharing agreements or statutory obligations to work in cooperation. 

A more integrated mechanism involves the establishment of a ‘joint regulatory committee’., composed of the regulators responsible for managing sandboxes. Such a body would facilitate regulatory coordination and enhance inter-agency alignment by streamlining communication, reducing regulatory fragmentation, and promoting consistent decision-making across jurisdictions. A committee of this kind can be established through ‘hard law’ prescriptive legislation, granting it formal decision-making authority, as suggested in Israel’s Bill to Encourage Technology Development in the Financial Field, 5781-2021 (discussed here); or through ‘soft law’ instruments such as memoranda of understanding (MoUs). While a statutory committee can serve as a unified entry point and manage the overall program, maintaining the independence of individual regulators within this structure can lead to unnecessary complications and administrative friction.

The dynamic nature of AI technology favors the use of soft law tools over rigid, prescriptive legislation. Soft law offers the flexibility and adaptability required to respond to fast-moving technological developments and shifting risk profiles. A sophisticated template for this approach is found in the UK’s DSS, which is jointly administered by the Financial Conduct Authority and the Bank of England. The DSS framework is governed by a detailed MoU that establishes a high-level framework for cooperation, emphasizing proactive and timely information-sharing at all levels of the organizations. Under this model, regulators consult one another at early stages of policy deliberation, coordinate on information-gathering for dual-regulated entities, and notify each other of material investigations or enforcement actions involving sandbox participants.

Furthermore, the implementation of a coordinating body, such as the DSS Advisory Panel, provides a forum for regular engagement without stripping individual regulators of their autonomous decision-making powers or statutory accountabilities. This ‘connective tissue’ allows authorities to share knowledge and experience regarding innovative regulatory approaches while remaining individually responsible for their functions. 

In the context of AI, such coordination is particularly vital because AI models often operate as ‘black boxes’ with limited explainability, requiring joint efforts to establish standards for transparency, interpretability, and accountability. Coordinated oversight also enhances public trust by ensuring that governance frameworks remain consistent and relevant as technologies evolve.

Our article concludes that a single-entry mechanism is more appropriate for jointly administered cross-sector sandboxes, with soft law instruments preferred over hard law due to their greater flexibility and responsiveness. It advocates adopting a detailed Memorandum of Understanding, akin to that of the UK Digital Securities Sandbox (DSS), encompassing information-sharing, consultation, joint regulatory action, and the establishment of a coordinating committee, as a model for AI sandbox governance. Although the DSS operates as a joint sandbox, its principles may also inform the design of separately administered sandboxes in other jurisdictions.

The authors’ article can be found here. 

Ruth Plato-Shinar is the Director of the Center for Banking Law and Financial Regulation at Netanya Academic College, Israel. 

Andrew Godwin Professor of Commercial Law and Associate Dean at Melbourne Law School.