Right touch regulation is a strategy for regulatory organizations seeking to adapt and evolve in a rapidly changing landscape. This approach should be applied after first considering the balance of personal freedoms with public safety. Before diving into assessing risk, it is important to think through what competing rights are at play. Professional regulatory organizations are encouraged to customize this framework to their specific contexts, ensuring that core regulatory functions and legal obligations are met. This approach not only helps in managing current challenges but also prepares organizations for future developments, maintaining the delicate balance between regulation and innovation.


Every regulator wants to keep evolving. Regulation is not stagnant, nor should it be, to effectively protect the public. In earnestly responding to change, regulators aim to be fair and efficient. The question becomes how does a regulator evolve and find the right balance when doing so? What should a regulator keep in mind when responding to and anticipating changes that impact the public? The framework of right touch regulation is one approach that regulators can apply when determining what their role should be.

What is Right Touch Regulation?

Right touch regulation, a conceptual framework in how to approach regulation, was first published in 2010 by the Council for Healthcare Regulatory Excellence (later re-named the Professional Standards Authority), an independent government oversight body for regulators, in the United Kingdom. Since then, right touch regulation has continued to develop and draw popularity as a useful approach. Right touch regulation is a principle-based approach to regulation focused on quantifying and qualifying risk.

What Does "Risk" in Right Touch Regulation Mean?

The foreword by Harry Cayton in the original report in 2010 describes that right touch regulation is aimed at striking a balance between two often-competing interests in law: freedom and safety. In other words, regulation must strike a balance between overly controlling someone's life and protecting everyone else. It is easy to oversimplify these conflicting interests, yet they ring true in most areas of regulation. For example, when considering whether to discipline a registrant for their social media posts, when creating new standards to be responsive to innovation, when taking action against someone without a license who has been passing themselves off as a licensee or when creating new internal policies or procedures.

The undercurrent of right touch regulation is premised on how to balance a registrant's personal freedom against the risk to the public (including risks beyond physical harm). Finding the right balance between these two competing interests can be a difficult task but it is helpful to not lose sight of them when engaging with right touch regulation.

What are the Principles of Right Touch Regulation?

Right touch regulation does not offer a hands-off approach to addressing risks. Instead, it offers an accessible framework that aims to keep hold of both competing interests outlined above. Right touch regulation draws on existing principles of good regulation: proportionate, consistent, targeted, transparent, accountable and added agility. With these principles in mind, the framework is as follows:

  • Identify the problem before the solution;
  • Quantify and qualify the risks;
  • Get as close to the problem as possible;
  • Focus on the outcome;
  • Use regulation only when necessary;
  • Keep it simple;
  • Check for unintended consequences; and,
  • Review and respond to change.

What Should I, or my Organization, Consider When Implementing Right Touch Regulation?

The decision-making framework can be helpful to regulators. However, not all approaches to right touch regulation need to be the same. If you are considering right touch regulation in your organization, we encourage you to reflect on the following:

  • One size does not fit all. Right touch regulation, and the framework, is not a strict blueprint. They are practical suggestions in decision-making that flow from long-standing principles of good regulation. How a regulator achieves the principles of right touch regulation does not have to look the same. It is possible to meet the principles of good regulation within different scopes or scales. Every regulator should determine what works best, considering what or who they regulate.
  • Make it stick. Although right touch regulation principles can be implemented relatively quickly, they should be done in a way that ensures longevity. Implementation falls short where they are not maintained by the regulator. Consistency and agility should go hand in hand when implementing right touch regulation.
  • Remain mindful of core regulatory functions. Approaches to right touch regulation should remain focused on the core regulatory functions of an organization. Examples of core functions are licensing, disciplinary processes, development of standards or compliance. Certain roles and responsibilities are created through legislation, and required, for a regulator to meet their statutory obligations. Although right touch regulation offers practical approaches to assessing risk, it should not fetter the statutory obligations or discretion of the regulator. Equally, when faced with new legislation, right touch regulation may be helpful to interpret the updates in a manner that is consistent with the regulator's obligations and core functions.
  • Different approaches help grow the framework. Right touch regulation welcomes debate and improvement. Demonstrated by the updates through 2010 to today, different approaches to right touch regulation can help it improve and benefit all regulators. In considering different approaches, it is helpful to return to the idea that every regulator is offered the privilege of regulating a specialized and specific function or profession because they are in the best position to do so. The specialized knowledge should provide a jumping off point in how right touch regulation is implemented.
  • Remain mindful of legal obligations. When implementing right touch regulation regulators should be mindful of legal obligations such as the regulator's governing legislation, privacy legislation, human rights legislation, administrative law, developments in case law and corporate obligations. Principles of right touch regulation are helpful for a regulator to identify those areas where there is a higher risk of harm, but they do not speak to specific legal obligations. Implementing right touch regulation without considering legal obligations can create further unintended risk for a regulator.

An Example of Right Touch Regulation + Artificial Intelligence

Putting it all together with the example of artificial intelligence, many regulators are faced with the evolution of artificial intelligence (such as large language models like ChatGPT). Artificial intelligence, a clear example of evolution and innovation, may require new standards or guidelines. Sitting down and considering the impacts and benefits of artificial intelligence is important to being responsive and agile. In taking a right touch regulation approach and arriving at an assessment of "risk", considering the impact on registrants and the potential harm to the public is a helpful starting point.

Some harm to the public is clear, such as false or incorrect information being passed off as accurate. Other types of harm may be more nuanced and if not considered in a proportionate manner, could drift farther outside what is necessary to protect the public. A regulator should turn their mind to specific risks. For example, there are differences between using AI to provide a treatment plan or diagnosis versus using AI in a scheduling and task-management system. Similarly, using AI to do research that impacts a professional's advice versus using AI to respond to customer emails in a professional tone may have different implications. The impact on registrants' freedom is also fact-specific, depending on what the AI is being used for and how it relates to the regulator's core functions. One regulator's approach may not fit another and could impede growth and innovation if too wide of a net is cast. In assessing the overall "risk" the right touch regulation framework may help a regulator through conceptualizing their approach and ensuring legal and statutory obligations are considered.

Takeaways

Prior to applying right touch regulation within your organization, it is important to return to its core principles and consider the balance of freedom and safety in assessing "risk". When implementing right touch regulation, approaches can be different for every regulator. Stepping back and considering core functions and the specialized expertise of your organization may benefit your organization in longevity of being proportionate, consistent, targeted, transparent, accountable, and agile in the work that you do.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.