Governing the Digital Economy Demands a Post-Financial-Crisis Scale of Commitment
Posted:
Time to read:
Governments are writing the rulebook for artificial intelligence and the platform economy more or less in real time—and they are already changing their minds. In Brussels, the AI Act had barely begun to bite before a ‘Digital Omnibus’ arrived in late 2025 to simplify it; by May 2026 EU lawmakers had agreed to postpone the toughest obligations on high-risk systems, some of them until 2028. In Washington, the federal government has pivoted towards a lighter touch and towards pre-empting the fast-growing patchwork of state AI laws. Firms are left to navigate three shifting regimes at once. The mood music is the same everywhere: regulate, then hesitate; tighten, then loosen; harmonise in principle, diverge in practice.
To anyone who lived through financial regulation over the past two decades, this is not a novel spectacle. It is a rerun.
That is the argument of my new working paper for the OECD, Regulatory Governance of the Digital Economy: Lessons from the Financial Services Sector. Governments now confronting Big Tech face the very difficulties that financial regulators wrestled with—and often lost to—in the years before 2008. And the financial sector’s response to that failure, painful and expensive as it was, is the closest thing we have to a manual for what comes next.
The Same Traps, in a New Setting
The parallels are structural, not cosmetic. Financial firms operated across borders that national supervisors could not follow; digital platforms do the same, only more so. Financial innovation outran the statute book; AI outruns it faster. Risk in 2008 travelled invisibly through a web of connected institutions; in the digital economy it travels through networks that are larger, quicker and even more opaque. And in both worlds the firms being regulated knew far more than the people regulating them.
That information gap is usually where the trouble starts. Before 2008, a shadow-banking sector of some $60 trillion performed bank-like functions almost entirely outside the regulators' line of sight; when short-term funding froze, the losses cascaded through money-market funds holding trillions more. You cannot act on a risk you cannot see. The digital-economy version is the black box: supervisors are asked to police algorithmic systems whose workings are disclosed partially, late, or not at all. The paper’s first lesson is blunt—visibility has to be engineered in advance, through reporting duties and disclosure standards, exactly as post-crisis reform eventually forced daylight onto derivatives markets and, more recently, onto the reserves said to back stablecoins.
And the parallel is no longer hypothetical, even within finance itself. Surveying regulators across dozens of jurisdictions, both the OECD and the Financial Stability Board have already named AI as a possible new channel for systemic risk—and their worries rhyme with 2008. A handful of firms supply the hardware, cloud capacity and underlying models on which everyone else depends, so trouble at one of them radiates outwards. Institutions relying on the same models and data tend to move the same way at the same moment, amplifying booms and crashes. The models are opaque. And many of these critical providers sit beyond any financial regulator’s reach.
Speed Is the Enemy of the Static Rulebook
The deeper problem is pace. Rules written for stable markets and predictable institutions aged badly against an industry that reinvented itself faster than legislators could respond. The OECD’s own diagnosis is that governance must move from ‘regulate-and-forget’ to ‘adapt-and-learn’—from rulebooks that are set and then abandoned to institutions built to keep learning. The digital economy makes this urgent, because delay is never neutral. Each year a gap goes unaddressed, market structures and business practices entrench, and unwinding them later grows harder, politically and technically. The EU's decision to grandfather AI systems deployed before its new deadlines is a live illustration: the longer the runway, the more is locked in before the rules ever apply.
Two lessons follow. Regulators need authority to act on forward-looking risk assessment, before harm materialises, rather than waiting for the equivalent of a bank run. And rules should bite on economic substance, not legal form: activities that do the same thing and generate the same risks should be treated alike, whatever they are called and whatever technology delivers them. That test of functional equivalence lets regulators close gaps through administrative adaptation, instead of waiting for the slow machinery of fresh primary legislation.
When the Crisis Comes, Improvisation Is the Expensive Option
Not every lesson from finance is a lesson in failure. The paper draws a pointed contrast between the improvised, chaotic handling of Bear Stearns and Lehman Brothers and the comparatively orderly treatment of Silicon Valley Bank, which ran on procedures prepared in advance. The moral is uncomfortable for a fast-moving sector: the time to design an emergency playbook is before the emergency, not during it. Digital systems will have their own operational shocks—a critical-infrastructure outage, a cross-border cyber incident, or a confidence run amplified by social media in minutes rather than days, as the GameStop episode showed. Authorities forced to invent a co-ordinated response mid-crisis pay for it in collective-action problems, legal uncertainty and lost time.
Co-ordination Is Hard – and Harder Here
This is where the digital economy is not merely a repeat of finance but a tougher case. After 2008, financial supervisors could at least converge on a shared objective: stability. Digital regulation has no such common star. Behind the technical disagreements sit genuinely conflicting political choices—over privacy, competition, free expression and innovation—that no amount of technical harmonisation can dissolve. The lesson is not to wish these differences away but to design around them: bind co-operation where interests align, accept persistent diversity where they do not, and make market access conditional so that host countries keep some leverage over firms they cannot otherwise reach. Left unmanaged, fragmentation invites regulatory arbitrage and, at the extreme, a race to the bottom in which the harms land in one jurisdiction while the profits are booked in another. The current three-way split between Brussels, Washington and the American states is precisely the terrain the paper maps.
The Uncomfortable Bottom Line
Which brings me to the part policymakers will like least. The thread running through every lesson is that good governance of the digital economy is not cheap. The post-2008 reforms worked, where they worked, because governments were eventually willing to pay for them: new mandates, new data infrastructure, skilled supervisors, standing machinery for co-operation. The digital economy will demand no less, and probably more, because its risks move faster and its leading firms are, if anything, more capable than the banks ever were. The temptation everywhere—visible in the current rush to ‘simplify’ before the rules have even been tested—is to wish the problem smaller than it is. Finance tried that once. The bill arrived in 2008.
The technologies remaking our economies deserve a response built on what we already learned, at considerable cost, the last time a fast-moving, cross-border, systemically important industry outran its supervisors. We do not have to learn it again from scratch.
The author’s article is available here.
Philipp Paech is an Associate Professor of Law at the London School of Economics, and a Global Distinguished Professor of Law at the University of Notre Dame.
OBLB categories:
OBLB types:
OBLB keywords:
Jurisdiction:
Share: