The number of digital regulations – regulations that govern the behaviors of technology companies and shape businesses’ behaviors online and in using technologies – has ballooned in the Asia-Pacific (APAC) region in the past few years. According to Digital Policy Alert, 22 APAC governments (taken in this study to include India and all members of the Asia-Pacific Economic Cooperation, APEC) have adopted over 1,500 digital laws and regulations in the past 20 years, including on data privacy, cross-border data transfer, consumer protection, cybersecurity, and content moderation, among many others.

 

Most of these digital laws and regulations were adopted in the past five years, when the APAC region’s digital regulatory stock grew by more than 300%. Digital regulations adopted by state and local governments added 464 regulations to the regional regulatory stock. In addition, more than 300 laws and regulatory proposals are in consultation processes.

​

The proliferation of regulations reflects APAC governments’ growing concerns about the many and very real challenges posed by the digital economy, such as online fraud, data breaches, and deceptive marketing tactics. In a 2024 Ipsos survey, 76% of APAC consumers expressed concerns about data privacy related to AI; another Ipsos survey found that 57% of consumers expect personal data leaks in 2025. Concerns are also rising among businesses: Data breaches cost on average US$4.9 million annually to firms around the world.

​

National security considerations also drive governments to adopt digital regulations; export controls of sensitive technologies and bans on China AI models like DeepSeek have become increasingly common. The proliferation of digital regulations in some cases also reflects the “Brussels Effect”: the phenomenon of jurisdictions adopting regulations that are similar to the European Union’s sweeping laws, such as the General Data Protection Regulation (GDPR), Digital Services Act (DSA), and the Digital Markets Act (DMA). In addition, the proliferation of various digital regulations also reflects local political economy dynamics and, in some instances, “bureaucratic capture,” wherein government agencies prioritize their own interests in securing resources and their influence in policy-making.

​

As digital technologies become key drivers of economic growth and national security, the impetus for and design of digital regulations is shaped by a complex mix of national digital competitiveness, industrial policy, and strategic priorities. For example, countries are increasingly leaning toward “digital nationalism,” prioritizing domestic interests and industries and boosting local tech ecosystems, and curbing the influence of foreign companies.

 

While promoting domestic ecosystems should not entail protectionism – after all, local businesses and tech companies very often leverage foreign technologies to boost their competitiveness – governments face complex considerations on how to optimize digital regulations to promote competitiveness and development.

​

While digital regulations may be needed to guard against various online harms, a growing body of research shows that some types of digital regulations can

create increasingly heavy costs on businesses that would be inimical to innovation and digital adoption, at a juncture where global and regional trade in digital services is a driver of economic growth, especially in APAC.

​

For example, findings from a 2018 study suggest that the GDPR has resulted in a 2% drop in exposed firms’ revenues. Taken at face value, this would cost the Asia-Pacific an implied US$600 billion, or 1% of the region’s gross domestic product (GDP). If barriers to cross-border transfer of data dampens digital services trade by up to 5% as posited in some studies, data localization mandates would result in some US$80 billion in lost digital trade in the APAC region. The adoption of digital competition regulations such as the EU’s Digital Markets Act, if estimating a 5% increase in businesses’ technology expenditures, would result in US$150 billion in new costs of doing business in the APAC region.

​

Taken together, the many studies on the effects of digital regulations point to cost increases to firms, consumers, and economies - including many Western investors operating in the APAC region. The Organization for Economic Co-operation and Development’s (OECD) Digital Services Restrictiveness Index (DSTRI) suggests that costly regulations have already been adopted in the APAC region; the stringency of Russia, China, Indonesia, and India’s respective regulatory stocks being the costliest.

​

Granted, the costs of digital regulations may be offset by broader societal benefits. In the APAC region, these benefits are often assumed or framed qualitatively. Improved measurement of the cost and benefits of regulations are needed, to understand the potential and actual impacts of digital regulations.

​

Regulatory impact assessments (RIAs) to improve the quality of digital regulations

​

In the search for appropriate guardrails for the digital economy to flourish, digital policymakers need to strike a careful and consistent balance and weigh the benefits and costs of laws and regulations. Governments have sought to approach this balancing exercise through regulatory impact assessments (RIAs).

Such assessments are typically performed by the ministry or agency pursuing a regulation. Experiences from around the world suggest that RIAs enable governments and the public to properly scrutinize proposed regulations, pre-empt the introduction of unnecessary or overly burdensome regulations, sensitize agencies to greater deliberation on the kinds of regulations they would pursue, and allow private-sector stakeholders to assess and provide meaningful feedback on regulations.

​

However, research also shows that RIAs still fall short of their potential as gatekeepers to sieve out regulations that harm rather than benefit society. Nearly 50 academic studies on RIAs used in the United States, the European Union, South Korea, and other economies show that RIAs could be improved, for example in terms of rigor.1 Even when RIAs are formally conducted by the executive branch, political considerations often influence the process and outcomes.

​

An RIA process is precisely the antidote to recognize the impetus for and transparency issues behind any particular regulation and a means to call out politicized motivations and demonstrate their effects. While some might argue that overly rigid or burdensome RIA procedures could delay necessary regulatory interventions, rigorous, impartial, and well-calibrated RIAs do not have to be more stringent or time-consuming.

​

The critical importance of rigorous RIAs in the digital era cannot be overstated. Poorly vetted regulations can result in large economic costs and alter economies’ development pathways. Hastily implemented digital rules, especially if modeled after regulations from other jurisdictions without careful consideration for local needs, can also undermine public trust in policymakers’ ability to analyze and institute regulations for the public good.

​

The purpose of this study is to assess the APAC region’s use of RIAs specific to digital regulations and promote a common baseline of a Model RIA on Digital Regulations. In particular, this study: (1) reviews APAC governments’ use of RIAs in general and RIAs used to assess digital regulatory proposals in particular; and

(2) proposes ways for APAC economies to enhance the rigor of their RIAs for digital regulations, including through the Model RIA for Digital Regulations. Even though each APAC economy is different in its institutional frameworks, political economy dynamics, and development levels, a baseline RIA, such as the one proposed here, can accommodate national differences and enable countries to account for local circumstances.

​

This study also analyzes and rates the contents of 27 RIAs on digital regulations in seven APAC economies where data on RIAs is publicly accessible – Australia, Canada, Chile, South Korea, Mexico, New Zealand, and the United States – and which collectively represent almost two-thirds of the APAC region’s GDP. The exercise is to understand what RIAs focus on, and how well RIAs analyze the proposed regulations, their costs and benefits, and their alternatives, and where there are gaps in RIAs that can be bridged.

​

The main findings of this study are as follows:

​​

1. 86% of the 22 APAC economies analyzed carry out RIAs, but leading emerging economies such as India and Indonesia use RIAs inconsistently.

2. The rigor of APAC’s RIAs on digital regulations can be improved; RIAs can still come across as rubber-stamping exercises rather than as proper gatekeepers.

3. To ensure they promote digital technologies, which underpin services trade as the growth driver of the 21st century, APAC governments should urgently enhance the quality of their RIAs on digital regulations and adopt a Model RIA on Digital Regulations.

4. APAC governments should periodically review and update their RIAs on digital regulations, including through a public consultation.

5. APAC governments should prune their digital regulatory stock to ensure regulations remain current and do not undermine economic growth.

6. Asia-Pacific Economic Cooperation (APEC) members should set up an APEC Pathfinder to collectively enhance RIAs for digital policy.

 

​

​

​

​

​

1. See studies such as  See various discussions and reviews, such as, for example, OECD (2021), OECD Regulatory Policy Outlook 2021, OECD Publishing, Paris, https://doi.org/10.1787/38b0fdb1-en; Christiane Arndt-Bascle and Paul Davidson, “Improving Regulatory Impact Assessment (RIA) Systems and RIAs,” One.oecd.org (OECD, August 2022), https://one.oecd.org/ document/GOV/RPC(2022)9/ANN1/en/pdf; Kirpatrick, Colin and David Parker (eds), Regulatory Impact Assessment: Towards Better Regulation? (Cheltenham: Edward Elgar Publishing), https://www.amazon.com/Regulatory-ImpactAssessment-Competition-Development/dp/1848441959; Hertin, Julia, Klaus Jacob, Udo Pesch, Carolina Pacchi (2009), “The production and use of knowledge in regulatory impact assessment - An empirical analysis.” Forest Policy and Economics, 11, 5–6, 2009, https://doi.org/10.1016/j. forpol.2009.01.004; Dunlop, Claire, Martino Maggetti, Claudio M. Radaelli, Duncan Russel (2012), “The many uses of regulatory impact assessment: A meta-analysis of EU and UK cases,” Regulation & Governance, John Wiley & Sons, 6,1, 23-45, https://ideas.repec.org/a/wly/reggov/v6y2012i1p23-45. html; Moreira de Castro, Camila (2014), “Some aspects of implementing Regulatory Impact Analysis in Brazil,” Revista de Adm. Pública 48, 2, https://doi.org/10.1590/0034-76121359; Rantala, Kati, Noora Alasuutari, and Jaakko Kuorikoski (2024), “The Logic of Regulatory Impact Assessment: From Evidence to Evidential Reasoning,” Regulation & Governance 18, 2, https://doi.org/10.1111/rego.12542; Kim, Song June and Sun Gwon Ha (2023), “Regulatory impact analysis: The experience of policy analysis in the Korean central government,” in T.J. Lah and Thomas R. Klassen (eds.), Policy Analysis in South Korea (Policy Press Scholarship Online), https://doi. org/10.1332/policypress/9781447362579.001.0001.

 

 

​​

​​​​​​​​​​​​​​​​​​