Share

By Date


  • 11-February-2021

    English

    Encouraging vulnerability treatment - Overview for policy makers

    Most digital security incidents are caused by malicious actors (e.g. cybercriminals and state-sponsored groups) exploiting vulnerabilities in organisations’ digital ecosystems. Addressing vulnerabilities before attackers take advantage of them is an effective means of reducing the probability of cybersecurity incidents. This paper discusses vulnerabilities in products’ code such as software and firmware, and in how products are implemented in information systems. It shows that the technical community has progressed in developing good practice for treating vulnerabilities, including through co-ordinated vulnerability disclosure (CVD). However, significant economic and social challenges prevent stakeholders from adopting good practice, such as legal frameworks that do not sufficiently protect 'ethical hackers' from legal proceedings. The paper stresses that public policies aimed at removing obstacles and encouraging vulnerability treatment could significantly reduce digital security risk for all. The findings from this paper will inform the development of a new OECD Recommendation in this area.
  • 9-February-2021

    English

    Understanding the digital security of products - An in-depth analysis

    Economies and societies are increasingly reliant upon 'smart products' that contain code and can connect to one another, e.g. through the Internet. Recent cyber-attacks such as Mirai, WannaCry, NotPetya and SolarWinds have underlined that the exploitation of vulnerabilities in smart products can have severe economic and social consequences. Such attacks increasingly threaten users’ safety and well-being, as well. This report shows that economic factors play an important role in the relative 'insecurity' of smart products. It develops an analytical framework based on the value chain and lifecycle of smart products, and applies the framework to three case studies: computers and smartphones, consumer Internet of Things (IoT) devices and cloud services. It demonstrates that complex and opaque value chains lead to a misallocation of responsibility for digital security risk management, while significant information asymmetries and externalities often limit stakeholders’ ability to behave optimally.
  • 9-February-2021

    English

    Enhancing the digital security of products - A policy discussion

    From 'traditional' software to cloud services and Internet of Things (IoT) devices, our economies and societies are increasingly reliant upon 'smart products' that contain code and can connect to each other, e.g. through the Internet. Such products are vulnerable to cyber security risk, and economic factors often play a major role in their relative ‘insecurity’. This report discusses how policy makers can address key challenges that prevent smart products from reaching an optimal level of digital security. Increasing transparency and information sharing, promoting co-operation (including at the international level), and ensuring the duty of care of supply-side actors (e.g. through the principles of security-by-design, security-by-default and responsible end-of-life) are important avenues for policy action. Policy makers can leverage many tools to achieve these objectives, from public procurement, certification and multi-stakeholder partnerships, to labels and ex ante legal requirements.
  • 5-February-2021

    English

    Regulatory policy: global relations

    Work with OECD non-member countries, the LAC region, Southeast Asia and MENA.

    Related Documents
  • 3-February-2021

    English

    How do laws and regulations affect competitiveness: The role for regulatory impact assessment - OECD Working Paper

    This paper reviews OECD members’ regulatory appraisal practices for competitiveness undertaken as part of their regulatory impact assessment (RIA) frameworks.

    Related Documents
  • 3-February-2021

    English

    How do laws and regulations affect competitiveness - The role for regulatory impact assessment

    The impacts of laws and regulations on competitiveness have strong implications for OECD economies, as they can lead to unforeseen negative externalities and considerable regulatory costs for businesses and citizens. Nevertheless, the use of regulatory policy to assess the impacts of regulations on competitiveness has seldom been examined. This paper fills this gap by reviewing OECD members’ regulatory impact assessment (RIA) frameworks and the extent to which the competitiveness effects are currently appraised. It categorises regulatory impacts on competitiveness into three strongly interrelated components – cost competitiveness, innovation, and international competitiveness – and builds upon the OECD’s expertise to examine how regulations affect each component of competitiveness in turn. In doing so, the paper proposes a more complete structure that regulators can use to define and assess the competitiveness impacts of regulation as part of their RIA processes framework.
  • 20-January-2021

    English

    Good regulatory practices and co-operation in trade agreements - A historical perspective and stocktaking

    This paper presents a stocktaking of standalone chapters in trade agreements dedicated to good regulatory practices and international regulatory co-operation. While standalone regulatory policy chapters in trade agreements remain a new development, they signal countries’ increasing interest in elevating the visibility and ambition of regulatory policy, in line with their commitments in the 2012 OECD Recommendation of the Council on Regulatory Policy and Governance and the 2005 APEC-OECD Integrated Checklist on Regulatory Reform. Still, the level of ambition of these chapters varies widely depending on the state of play of regulatory policy in trading partners. By comparing the main substantive and structural features of these chapters, this stocktaking aims to inform the development of similar chapters in future trade agreements.
  • 20-January-2021

    English

    International Regulatory Co-operation - Adapting rules to an interconnected world

    This programme gathers available evidence on the gains that can be achieved through greater co-ordination of rules and their application across jurisdictions.

    Related Documents
  • 17-December-2020

    English

    The governance of regulators in Latin America - Evidence from the 2018 Indicators on the governance of sector regulators

    Using data from the 2018 OECD Indicators on the Governance of Sector Regulators, this paper analyses the governance of economic regulators in seven Latin American economies (Argentina, Brazil, Chile, Colombia, Costa Rica, Mexico and Peru) and across five critical network sectors (energy, e-communications, rail transport, air transport and water). The indicators allow for direct comparison of thirty economic regulators and provide a snapshot of the governance arrangements designed to preserve independence, practices to promote accountability, and the functions of the regulators. After describing key institutional characteristics of the regulators in the sample, the paper uses the indicators to identify patterns in governance. Evidence from in-depth performance reviews of regulators complements the indicators, shedding light on cost recovery fees, budgetary processes, and the use of advisory bodies in Latin American regulators.
  • 4-December-2020

    English

    Reviewing the Stock of Regulation

    The stock of laws has been growing steadily over time in countries as a result of governments responding to new and emerging challenges. Yet these and other new laws do not always fit well with existing regulatory frameworks, especially as economies and countries are becoming ever-increasingly more interconnected. The OECD Best Practice Principles for Reviewing the Stock of Regulation offers a practical and flexible framework for countries to follow when reviewing laws. The principles provide assistance to countries in establishing their ex post evaluation regimes, whilst also providing practical guidance about relevant methodologies to adopt. This report is part of a series on 'best practice principles' produced under the auspices of the OECD Regulatory Policy Committee. As with other reports in the series, it extends and elaborates on principles highlighted in the 2012 Recommendation of the Council on Regulatory Policy and Governance.
  • << < 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 > >>