Reports

Countries have made significant efforts in recent years to develop domestic, regional and international frameworks for consumer protection enforcement co-operation across borders. However, recent work by the OECD Committee on Consumer Policy has shown that challenges remain in many countries, in particular a lack of legal authority to fully engage in enforcement co-operation. This toolkit acts a practical resource for consumer protection enforcement agencies that do not currently have the domestic legal authority needed for enforcement co-operation to make the case for obtaining relevant legislative tools. It also provides guidance to ensure related legislative reforms are fit for purpose. The toolkit sets out a range of legislative actions countries may take to improve cross-border enforcement co-operation, covering investigatory powers, enforcement outcomes and co-operation practices. Its annex addresses operational and legal issues, and provides concrete examples of cases and legislation from a broad range of both OECD countries and partner economies.

Regulators act as 'market referees', balancing often competing interests of stakeholders in the sector, including governments, current and future actors in the markets, and consumers. At the same time, markets are changing at an unprecedented pace due to new technologies, the international drive toward carbon-neutral economies, shifts in consumer needs and preferences, and, most recently, the profound changes brought by the coronavirus pandemic. Assessing the performance of economic regulators must therefore be a continuous process. This progress review evaluates the changes put in place by Latvia’s Public Utilities Commission since the previous OECD performance assessment review in 2016, in the interest of increasing the effectiveness of its regulatory activities and improving final outcomes for consumers and the economy.

The Impact of Regulation on International Investment in Finland examines what drives FDI into Finland and which domestic regulatory aspects may discourage foreign investment. The report analyses trends in FDI flows towards Finland and other Nordic-Baltic countries and discusses the benefits of foreign investment for the Finnish economy. It provides a comparative overview of the regulatory frameworks in force in Finland and its Nordic-Baltic peers, outlining both economy-wide and sector-specific findings, and explores how changes in these regulatory frameworks are linked to changes in FDI inflows in the region. Foreign investors’ views on Finland’s business environment complement these findings. The report underlines potential areas for reform and suggests policy actions that could further improve Finland’s investment climate and contribute to attracting and retaining more FDI, while also strengthening its positive impact.

As 'market referees', regulators contribute to the delivery of essential public utilities. Their organisational culture, behaviour and governance are important factors in how regulators, and the sectors they oversee, perform. The OECD Performance Assessment Framework for Economic Regulators (PAFER) looks at the institutions, processes and practices that can create an organisational culture of performance and results. The report uses PAFER to assess elements linked to both the internal and external governance of Portugal’s Energy Services Regulatory Authority (ERSE). The review acknowledges the well-respected status of ERSE within the institutional framework, analyses the key drivers of its performance, and identifies a number of challenges and opportunities to help the regulator prepare for the future, including in the context of deep market transformation and the COVID-19 crisis.

La législation existante n’a cessé de s’étoffer au fil du temps dans les pays dans le sillage des actions menées par les gouvernements pour faire face aux enjeux émergents. Pourtant, les lois existantes et nouvelles ne sont pas toujours parfaitement adaptées aux cadres réglementaires existants, d’autant que les économies et les pays sont de plus en plus interconnectés. Les Principes de bonne pratique de l’OCDE pour l’examen de la réglementation existante offrent un cadre pratique et souple auquel les pays peuvent se conformer lorsqu’ils examinent les lois. Ces principes aident les pays à établir leurs régimes d’évaluation ex post, tout en leur donnant des conseils pratiques sur les méthodologies à adopter. Le présent rapport s’inscrit dans une série de « principes de bonne pratique » élaborés sous la direction du Comité de la politique de la réglementation de l’OCDE. Comme les autres rapports de la série, il complète et précise les principes formulés dans le cadre de la Recommandation du Conseil de 2012 concernant la politique et la gouvernance réglementaires.

Most digital security incidents are caused by malicious actors (e.g. cybercriminals and state-sponsored groups) exploiting vulnerabilities in organisations’ digital ecosystems. Addressing vulnerabilities before attackers take advantage of them is an effective means of reducing the probability of cybersecurity incidents. This paper discusses vulnerabilities in products’ code such as software and firmware, and in how products are implemented in information systems. It shows that the technical community has progressed in developing good practice for treating vulnerabilities, including through co-ordinated vulnerability disclosure (CVD). However, significant economic and social challenges prevent stakeholders from adopting good practice, such as legal frameworks that do not sufficiently protect 'ethical hackers' from legal proceedings. The paper stresses that public policies aimed at removing obstacles and encouraging vulnerability treatment could significantly reduce digital security risk for all. The findings from this paper will inform the development of a new OECD Recommendation in this area.

Economies and societies are increasingly reliant upon 'smart products' that contain code and can connect to one another, e.g. through the Internet. Recent cyber-attacks such as Mirai, WannaCry, NotPetya and SolarWinds have underlined that the exploitation of vulnerabilities in smart products can have severe economic and social consequences. Such attacks increasingly threaten users’ safety and well-being, as well. This report shows that economic factors play an important role in the relative 'insecurity' of smart products. It develops an analytical framework based on the value chain and lifecycle of smart products, and applies the framework to three case studies: computers and smartphones, consumer Internet of Things (IoT) devices and cloud services. It demonstrates that complex and opaque value chains lead to a misallocation of responsibility for digital security risk management, while significant information asymmetries and externalities often limit stakeholders’ ability to behave optimally.

From 'traditional' software to cloud services and Internet of Things (IoT) devices, our economies and societies are increasingly reliant upon 'smart products' that contain code and can connect to each other, e.g. through the Internet. Such products are vulnerable to cyber security risk, and economic factors often play a major role in their relative ‘insecurity’. This report discusses how policy makers can address key challenges that prevent smart products from reaching an optimal level of digital security. Increasing transparency and information sharing, promoting co-operation (including at the international level), and ensuring the duty of care of supply-side actors (e.g. through the principles of security-by-design, security-by-default and responsible end-of-life) are important avenues for policy action. Policy makers can leverage many tools to achieve these objectives, from public procurement, certification and multi-stakeholder partnerships, to labels and ex ante legal requirements.