The harms of today’s information economy — including misinformation, tech addiction, pervasive state and commercial surveillance, extremes of wealth and economic precarity, and growing entrenchment of data-driven bias and inequality — are tearing at the fabric of society. Our existing legal and regulatory institutions have failed to counter these harms. Nothing short of a complete overhaul will do.

The Redesigning the Governance Stack Project is a multi-year effort to reinvent the institutions and tools we use to govern technology and technology companies. This effort prioritizes public accountability and strong public oversight. It seeks to restore and recenter the rule of law within a new institutional framework designed around information-economy needs and failure modes. This is a “full stack” effort, encompassing the sorts of implementation details that shorter-term projects might propose but also extending down to rethink fundamental principles of regulatory organization and operation.

Currently, we have concept papers for three pillars: Regulatory Monitoring, Govtech Provisioning, and Policy Mechanisms. Each paper is accompanied by a curated bibliography of useful sources.

Pillar 1: Regulatory Monitoring

The project’s first concept paper imagines how to equip the administrative state to monitor the information economy and enforce mandates relating to monitoring and information production. Some of its suggestions have the goal of facilitating meaningful compliance with the kinds of public mandates that exist, or might soon exist, now. Others are designed to equip regulators to understand the operation of digital architectures, systems, and processes more generally so that they and/or Congress can determine how to structure new, more effective public mandates. 

The paper first describes the kinds of information that regulators need and then considers the mechanisms that must be strengthened or created to ensure access to all of the necessary information. Next, it sketches a set of institutional changes designed to enable regulators, auditors, and the public to acquire, verify, and understand information about digital architectures, services, and processes. Finally, it considers steps that policymakers can take to help develop and deepen the pool of people with the technical and organizational skills required to conduct, audit, and oversee the monitoring of digital architectures, systems, and processes.

Download the paper.

Pillar 2: Provisioning Digital Tools and Systems for Government Use [“Govtech”] 

The project’s second concept paper recommends a series of changes to the current policy landscape for govtech provisioning. The suggestions include rethinking the traditional “make vs. buy” dichotomy in public procurement, mandating interoperability and transparency of govtech tools and systems, and reenvisioning accountability requirements to avoid the problem of “waterfall” development.

To support these policy changes, the paper first recommends improved support and coordination for five important govtech-related functions. Next, it proposes some corresponding changes to institutional structure and organization. Finally, it emphasizes the need to bolster technical capacity within government by developing a pipeline of specialized, govtech-related training programs, curricula, and fellowships.

Download the paper.

Pillar 3: Designing Policymaking Mechanisms for Regulatory Dynamism 

The project’s third concept paper focuses on the design of regulatory policymaking mechanisms that translate decisions about public values–such as “avoid deceiving consumers”–into operationalized forms that support iteration and experimentation. It outlines a set of foundational principles for a dynamic, effective regulatory toolkit that empowers regulators to act sooner, experiment, create governance seams, mandate beneficial friction, and extend regulatory authority in ways that mirror the scale and interdependence of digital supply chains.

To support this expanded regulatory toolkit, the paper recommends empowering regulators to mandate data flow restrictions, to develop design requirements for both user-facing and technical interfaces, to require continuous adversarial testing of certain kinds of systems and processes, and to develop and impose human subjects oversight requirements adapted to the operation of digital architectures, services, and supply chains. The paper also emphasizes institutional changes, which include replacing the relevant parts of the Administrative Procedure Act (APA) and their corresponding agency implementations. As a baseline, regulators should be able to engage in streamlined, iterative rulemaking and to develop what we call policy sandboxes—experimental oversight regimes with tunable parameters—as well as premarket certification and/or licensing regimes for digital architectures, products, and services.

Download the paper.

With Support From