Abstract

Purpose As part of the growing necessity for inter-organisational and multi-disciplinary interaction to facilitate complex innovation in digital security, there needs to be greater engagement with regulation in the innovation process. This is particularly true in the case of security technologies that are embedded within wider systems and that are largely invisible to most of the users of that system. This paper aims to describe stakeholders’ perspectives on regulation in the digital security innovation process and evaluates the implications of these perspectives on anticipatory regulation in digital security. Design/methodology/approach Using a qualitative methodology based on semi-structured expert interviews and ethnographic participant observation, the study draws on the authors’ involvement in a formally organised programme of academia–industry–government collaboration called Digital Security by Design (DSbD). Findings The study highlights a relational dimension to establishing regulatory responsibilities that is enabled through interdisciplinary dialogue. The study contributes to understanding the multifaceted roles of regulation in digital security innovation across organisations and areas of expertise. It does so by identifying four themes in how regulation is perceived in the DSbD programme: ethical imperative, adding value, adoption lever and passive compliance. Practical implications Incorporating regulatory responsibilities through dialogue early in the innovation process, rather than only once a security technology’s deleterious effects are noticeable, which could make digital innovation and transformation safer and better regulated. It can also make regulation successfully adopted, rather than an exercise in damage control or an adversarial process between regulators and organisations. Originality/value This paper presents original empirical research on how regulation is considered by stakeholders in a novel multi-disciplinary digital security innovation process. It then uses these findings as a basis to evaluate the implications for establishing regulatory responsibilities for a class of security technologies that are embedded within wider systems and that are largely invisible to most of the users of those wider systems.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.