For much of modern regulatory history, law has concerned itself with conduct. What actors do. How they behave. Whether their actions violate established norms. This approach assumes that behaviour is the primary source of risk and that capability is neutral. When behaviour deviates, law intervenes. When conduct complies, legitimacy follows. Digital systems have exposed the limits of this assumption.
In complex, automated and highly scalable environments, behaviour is increasingly the output of capability rather than its source. Systems behave the way they are designed to behave. Outcomes emerge not from individual intent alone, but from structural affordances embedded deep within architecture. Regulating conduct without interrogating capability has therefore become insufficient.
The historical comfort of behaviour-based regulation
Behaviour-based regulation evolved in environments where capability was constrained by physical reality. A factory could only produce so much. A publisher could only distribute so widely. A broadcaster could only reach certain audiences. Law focused on conduct because capability was implicitly bounded.
Digital platforms dissolved these constraints. Observation became continuous. Distribution became instantaneous. Amplification became automated. Capability expanded exponentially while regulatory frameworks remained focused on downstream behaviour. This mismatch explains much of the frustration that now characterises digital governance.
Why conduct-based rules struggle at scale
Conduct-based regulation presumes identifiable actors, traceable decisions and reversible outcomes. Digital systems complicate each assumption. Decisions are increasingly distributed across automated processes. Responsibility diffuses across teams, models and feedback loops. Harm propagates before oversight can respond.
As a result, enforcement becomes selective and symbolic. Law remains formally intact but substantively weakened. This is not because regulators lack resolve, but because they are governing effects rather than causes.
Capability as the new locus of risk
Capability defines what a system can do regardless of how responsibly it is used. Certain capabilities generate persistent risk even under strict compliance regimes.
Continuous behavioural tracking creates asymmetry of knowledge and power. Unrestricted media extractability enables irreversible harm. Predictive artificial intelligence introduces opacity and amplification beyond human oversight. These risks are intrinsic to capability, not contingent on misuse. Recognising this distinction marks a critical evolution in regulatory thinking.
The false neutrality of technical design
Technical architecture is often presented as neutral infrastructure upon which values are imposed through policy. This framing obscures reality. Design choices encode priorities. Defaults shape outcomes. Incentives influence behaviour long before policy intervenes.
When systems are designed to observe continuously, extraction becomes trivial. When amplification is automated, volatility becomes profitable. When prediction is prioritised, manipulation becomes efficient. Neutrality is an illusion created by distance between design and consequence.
Why regulating capability simplifies governance
Regulating capability does not require constant supervision. It sets boundaries within which behaviour unfolds. When systems are incapable of profiling, regulators need not police profiling. When media cannot be extracted freely, courts need not reconstruct irreparable harm. When AI is confined to detection rather than prediction, oversight becomes feasible. Capability regulation reduces the surface area of risk rather than chasing its manifestations.
The political hesitation around capability limits
Governments have traditionally hesitated to regulate capability. Such regulation appears intrusive, technologically prescriptive and potentially innovation-limiting. This hesitation is understandable. Capability regulation requires confidence that alternatives exist. Without proof of feasibility, limits appear arbitrary. This is where operational evidence matters.
Feasibility transforms legitimacy
Regulators are empowered when they know restraint is possible. Demonstrated alternatives change what law can demand. Architectures that eliminate behavioural tracking, implement zero-knowledge data handling, restrict media extractability and constrain artificial intelligence provide that proof. They show that capability reduction need not destroy functionality. Systems such as ZKTOR are examined in this context because they demonstrate coherent restraint rather than partial compliance. Their significance lies not in scale, but in architecture. They expand regulatory imagination.
From optional ethics to baseline expectation
Once restraint is shown to be feasible, it ceases to be optional. What was once framed as ethical ambition becomes baseline responsibility. This transition has precedent across regulatory history. Safety mechanisms that initially appeared burdensome eventually became non-negotiable once their effectiveness was proven. Digital capability regulation is approaching a similar threshold.
Capability regulation and innovation
A common objection to capability regulation is that it stifles innovation. This objection assumes that innovation depends on maximal freedom. In practice, innovation often flourishes under constraint. Boundaries force creativity. Clear limits reduce uncertainty. Stable environments encourage long-term investment.
Architectures that prioritise safety, dignity and predictability enable forms of innovation that surveillance-driven systems suppress. Capability regulation reshapes innovation rather than suppressing it.
The role of incentives
Capability is closely tied to incentive structures. Systems designed for behavioural monetisation optimise for extraction and amplification. Systems decoupled from such incentives prioritise stability and trust. Regulating capability implicitly reshapes incentives. It aligns economic viability with societal resilience. This alignment reduces the need for constant corrective intervention.
Courts, regulators and the shift in doctrine
Legal doctrine evolves through exposure to limits. As courts encounter cases where conduct-based remedies fail, pressure builds for upstream intervention. Judicial reasoning begins to acknowledge that some harms cannot be remedied after occurrence. Regulatory doctrine adapts accordingly. Capability enters legal vocabulary not as abstraction, but as necessity.
Design obligations as the bridge
Design obligations offer a practical pathway between conduct regulation and capability governance. They do not dictate specific technologies. They define unacceptable risk profiles. Systems remain free to innovate within boundaries that prevent irreparable harm. This approach preserves regulatory flexibility while asserting architectural responsibility.
Europe’s strategic position
Europe is uniquely positioned to lead this transition. Its regulatory institutions possess legitimacy. Its legal culture values restraint. Its citizens demand dignity over optimisation. By shifting focus from conduct to capability, Europe can align governance with technological reality without abandoning rights-based principles. This alignment strengthens rather than weakens regulatory authority.
Beyond compliance culture
Compliance culture encourages minimal adherence. Capability governance encourages structural responsibility. When systems internalise limits, compliance becomes implicit. Oversight becomes lighter. Trust becomes plausible. This shift marks the maturation of digital governance.
A redefinition of responsibility
Responsibility in digital systems cannot rest solely on behaviour. It must extend to what systems are designed to make possible. Regulating capability acknowledges this reality. It recognises that some risks are too great to manage reactively.
Europe’s digital governance journey has progressed from absence to accountability. The next step is structural restraint. Regulating conduct addressed the symptoms of digital harm. Regulating capability addresses its source. The future of democratic digital infrastructure depends on this evolution.
Top comments (0)