Abstract
Hazardous industrial activities have historically been regulated from a safety and/or risk management viewpoint based on regulations enacted by governmental authorities. This chapter describes and explains the decline in the role played by governmental actors in the process of safety regulation and the rise of private standards development organizations. Such an evolution raises a wide range of concerns regarding the incentives to enhance safety, the interests that are protected by standards endorsed by regulators, and at a societal level, the drift away from democratic governance of high-hazard activities.
You have full access to this open access chapter, Download chapter PDF
Similar content being viewed by others
Keywords
11.1 Introduction
Government regulation has played a major role in shaping the safety management programs and practices of companies engaged in high-hazard activities. But, there are many other forces at work in modern society that also influence safety management such as negligence liability, insurance coverage, investor decisions, behavioral norms, and increasingly, the development of national and international standards by both private and public sector standards developing organizations (SDOs).
The scope and scale of private standardization activities are vast. Worldwide, thousands of private SDOs engage in setting a multitude of voluntary standards that become available for adoption by national regulators, companies, legislators, and international organizations [18]. In addition, governments are now using standardization to address the governance of new technologies. A survey of the comprehensive US Code of Federal Regulations reveals that US agencies have adopted over 10,000 privately developed standards and, by doing so, made them enforceable regulations.Footnote 1 In the EU, three official organizations are striving to harmonize standards adopted by 33 countries and are also directing the development of new EU standards for topics such as artificial intelligence (AI).Footnote 2
This chapter focuses mainly on private standardization that is relevant to industrial safety. It begins with a discussion of the growing role that such standards play in shaping risk regulation and then considers factors that motivate and empower private SDOs, the benefits and challenges that SDOs pose to self-regulation, and the platforms that SDOs provide that enable industry-led governance of new technologies. Further discussion highlights concerns about growing societal reliance on privately developed standards, and the EU and US focus on the “trustworthiness” criterion for artificial intelligence standards, the subordination of safety regulation, and the drift away from democratic governance of high-hazard activities.
11.2 Interplay Between Standards and Risk Regulation
For decades, national and international standards for products, processes, engineering and management practices have been developed by SDOs for many purposes: e.g., overcome trade barriers, advance the safety of consumer products and industrial equipment, promote interoperability of multiple products, and gain competitive advantage [3]. Well-known examples are voluntary standards for home appliances, communication systems, medical equipment, construction materials, fire protection, food safety, pressure vessels, and many engineering systems and practices.
The largest private SDOs, the International Organization for Standardization (ISO) (over 23,000 standards)Footnote 3 and the Institute of Electrical and Electronic Engineers (IEEE) (over 1200 standards)Footnote 4, proclaim their neutrality and independence and enlist global networks of experts, governmental and company representatives for participation in their standard-setting proceedings. Among other types of SDOs are industrial and trade associations that develop consensus standards which reflect the economic, safety, and other interests of their member companies. For example, in the oil and gas sector, standards have been developed by SDOs such as the American Petroleum Institute (API) (over 700 standards)Footnote 5 and its Norwegian counterpart, Norsok (79 standards).Footnote 6
Most standards relevant to the safety of hazardous industrial activities apply to the design, testing, and performance of the products, systems, materials, and equipment involved. But, safety-relevant management standards have also been enacted. Some are generic and applicable to many different industrial sectors, such as ISO 9000 on Quality Management, ISO 45001 on Occupational Health and Safety, ISO 14000 on Environmental Management, and ISO 31000 on Risk Management. Other standards provide technical detail for the design and operation of industrial systems, such as IEEE standards on protection and coordination of industrial power systems, secure communication networks, and surveillance testing of nuclear safety systems. Finally, UN agencies and other international organizations enact voluntary standards to advance human rights, sustainability, resilience, transparency, and corporate social responsibility [12, 20], (OECD; World Bank). Obviously, companies that adopt any of these types of standards must adapt their safety management systems accordingly.
Many privately developed voluntary standards subsequently become enforcible regulations. Government policies (EU, US) tell regulators who intend to develop a new rule to instead consider adopting or incorporating by reference a relevant private voluntary standard and have it serve as their own regulation.Footnote 7,Footnote 8 This enables regulators to capitalize on the expertise and industry support developed by SDOs, substantially reduce the regulator’s costs and administrative burdens, and keep pace with rapid technological advances.
In the US, most regulation of industrial safety and prevention of major accidents is prescriptive and technically detailed. A regulator who intends to develop a new rule but avoids adopting a relevant private standard is likely to encounter opposition by the targeted industry and be caught up in lengthy adversarial proceedings. Thus, it is no surprise that US regulators have readily chosen the private standard option that embodies the expertise and industrial support developed by the SDO. As a result, in the oil and gas sector in the US and many other countries, virtually all regulations on exploration and production operations are prescriptive versions of hundreds of voluntary standards originally developed by API [2].
In the EU, the regulatory approach to industrial safety is more likely to be performance-based and self-regulatory in that companies are expected to determine how to fulfill safety management functions and perform operations safely. Although companies had sought this flexibility, once gained, many thereafter seek detailed guidance on how to comply with the broad mandate for self-regulation and call upon regulators to provide such guidance. In the Norwegian oil and gas sector, guidances and mentoring are provided by regulators with persuasive reference to relevant voluntary standards set by Norsok and other SDOs [13].
Thus, privately developed standards become essential features of both the self-regulatory and prescriptive approaches to industrial safety [14], and this interplay, as the oil and gas examples indicate, leads to societal dependence on private SDOs and the subordination of safety regulation. Although a low-visibility feature of modern risk governance, this trend needs to be better understood and aligned with public policies and norms.
11.3 Toward a Better Understanding of Standardization
The universe of private SDOs can be seen as a global knowledge-producing infrastructure that serves the standardization needs of companies, countries, non-governmental organizations, trade groups, and many others [23]. It is subordinating and replacing government regulation, thereby bringing about a de facto change in public policy. It is, therefore, essential to gain a better understanding of the standardization infrastructure and its influence on regulation and management of industrial safety.
The public–private divide between most standardization and regulation needs to be kept in mind. Regulation (and its co-regulatory and self-regulatory variants) is a government-created framework for transparently making decisions in the public interest. Open to stakeholders and public involvement, regulation employs established procedures and follows substantive mandates that are aligned with societal norms and public policies, and it provides for accountability. In contrast, standardization is a fragmented, unregulated, opaque field populated mainly by privately owned and financed SDOs who set their own procedures, usually exclude public involvement, disregard transparency and restrict access to documentation, and make self-serving, private-interest decisions that are usually driven by economic considerations. Simply put, regulation is public domain, standardization is private domain (unless directed by government as in the case of the EU’s single market program), and arranging for their complementarity is the main societal task at hand [5].
As discussed earlier, two types of standards are often safety-relevant. Technical and engineering practice standards number in the thousands, and usually apply to the design and performance of an extremely broad range of products, their design, interchangeability, interoperability, and their integration into systems, processes, and controls. Management standards are few but adopted by many and apply to structure, procedures, functions, tasks, communications, quality control, and other aspects of an organization’s system for meeting its goals.
Regulators often adopt or incorporate by reference such standards as generically applicable rules or as highly persuasive (de facto mandatory) referential guidances as discussed earlier. This supports regulatory programs that are prescriptive and take a one-size fits-all approach to safety. But when done routinely to facilitate industrial compliance with a self-regulatory program, it can harden the program’s soft law approach to industrial safety [18].
The initial claim of soft law/self-regulation was to provide some leeway for companies to consider their unique circumstances and accordingly define their own best-practice approach to safety management. But, the massive adoption of detailed technical standards leads back to a prescriptive approach to safety, where individuals and organizations at all levels are expected to follow referential standards and guidances for compliance. Thus, standardization can facilitate industrial compliance with self-regulation but can also transform self-regulation into a prescriptive regime.
Standardization of management systems can also work against another intended benefit of self-regulation, that self-regulation would enable a progression of advances in risk analysis and safety culture by experts in these fields. But, management standards such as those set by ISO incorporate knowledge from many fields which may be outdated, biased, or based on insufficient expertise, yet because of their widespread adoption, such standards may enable a “cementation of inadequate principles and methods” [1].
Among its other attributes, standardization provides platforms for industrial leadership on important societal issues that legislators and regulators have failed to fully address [21]. Private SDOs such as API can be expected to integrate and imbed industrial positions on environmental, societal, and governance (ESG) issues (e.g., sustainability, climate change, privacy) in their standards and thereby enable industry leadership on the issues before public awareness and discourse and before government positions are taken [15].
Finally, it is well-established that most privately developed standards are designed to serve the economic and private interests of their developers rather than deciding solely upon best practices for workplace and societal safety. This obviously raises questions regarding the relevance or value of having these standards serve as references to fulfill an organizations’ self-regulatory responsibilities. Safety-relevant standards also incorporate assumptions as to the characteristics of high-risk organizations and their operational context, assumptions that correspond to the characteristics of the organizations involved in developing the standards. Although the assumptions may not be realistic or acceptable for many other organizations not part of the SDOs, the standards will serve as references in their cases as well.Footnote 9
Despite these observations, standardization is of great value to the global economy and technological advancement, and as discussed earlier, there are pragmatic reasons for its proliferation and power. It shapes regulation and enables self-regulation, helps industry take the lead in societal governance of new technologies, and avoids the bureaucracy, procedures, public involvement, costs, and politics associated with regulation. It enlists expertise and industrial support rapidly and is more capable of keeping pace with technological advances. It is promoted by legislators and regulators. Its SDOs are unaccountable participants in risk governance. And it creates markets and technical and commercial collaborations, enables competitive advantage, gains safe harbor from negligence liability, and secures regulatory outcomes that fit the practices and interests of the entities involved. But even the most ardent proponents of standardization recognize the need to have this private enterprise complement safety regulation and align with public policies [21].
11.4 Standardization and AI
Perhaps the most important attributes of private standardization are its ability to generate the technical knowledge needed for soft law governance of new technologies and its enabling of relationships and transactions between developers of the technologies, users, investors, and governments. These relationships are essential for the financing, interoperability, implementation, and commercial success of the technologies [7].
The case of artificial intelligence (AI) is instructive. The EU and the US are committed to deriving societal value from AI but worry that governance too stringent will stifle its further development and applications and are, therefore, cautiously issuing interim policy statements and guidances that are leading to self-regulatory/soft law governance of AI [9, 17]. Foreseeable problems are being addressed, involving, for example, access to proprietary information, monopolistic practices, and allocation of liability for harms [8].
Both regimes are confronted by widespread public concerns about the value and societal impacts of AI itself and about potential misuse and unintended consequences when put to use in an unlimited range of applications. This has led both the EU and US to identify and define the core issue of the “trustworthiness” of AI and create interim principles of trustworthiness (often referred to as “ethical principles”) for AI developers and users to self-assess the acceptability of their AI systems and applications. Trustworthiness principles common to both the EU and US include accuracy, explainability, reliability and resilience, privacy, safety, mitigation of bias, transparency, fairness, and accountability, with the EU list adding an emphasis on ensuring informed human involvement in decision-making and oversight [10, 11]; (NIST n.d.).
These broad principles for self-assessment provide the basis for an extremely loose and ineffective form of self-regulation unless further defined for use in actual cases, and credible oversight, mentoring, and accountability functions are established through government-industry co-regulation. A co-regulatory approach with these features is especially important for AI applications to workplace safety and safety management systems for the prevention of major accidents such as surveillance and remote control of operations and evaluation of near miss incidents.
Given the evidence that governments are reluctant to regulate AI, it can be expected that the EU and US approaches will be extremely reliant on private standardization of AI applications and the trustworthiness/ethical principles. A cascade of private standards is already underway with the IEEE announcing its finalization of 14 voluntary AI standards and associated compliance certification programs on topics ranging from algorithmic bias to well-being metrics for ethical AI. Not to be outdone, ISO has 31 voluntary AI-related standards ready for adoption or use as guidance, or in progress, including a forthcoming standard for AI risk management.
As a result, concerns about the proliferation of AI standards are being expressed such as the hardening of the self-regulatory or co-regulatory approach, the difficulty of assessing numerous standards to identify gaps and contradictions, and the need for a coordinating entity [16]. The path forward will be difficult unless responsible oversight and direction is brought about by private–public collaboration.
11.5 A Concerning Trend in Progress
The reliance of regulators on privately developed standards is not new. It had already become common practice since the emergence of self-regulation in the 1980s. Self-regulation was presented as a step change in the management of industrial safety, leaving more leeway to high-hazard companies to define the safety enhancement measures best suited to their characteristics and circumstances as opposed to routinely complying with generic standards prescribed by regulators. A close look at what led to more self-regulation and more standardization at that time shows that the fast pace of technological advances and the limited resources available to regulators were key elements outweighing ambitions to enhance safety [4].
The situation has not changed since then. Technology is still fast and requires fast response for its governance and the adaptation of safety management systems, whereas regulatory processes remain cumbersome and slow. Furthermore, regulators lack expertise to keep up to speed with new and evolving technologies and have budget limitations preventing them from recruiting the best experts or developing the required competences in-house. Privately developed standards circumnavigate some of these challenges and quickly provide pragmatic results. However, this growing public reliance on privately developed standards entails critical concerns.
Privately developed standards can be considered a missed chance to significantly improve safety in practice. Standards developed by industrial SDOs are meant to protect and advance the interests of their members. Setting very high-level standards inspired by the best practices of the most safety-mature member organizations would do no good for and, be opposed by, the least progressive members. Therefore, standards developed by private SDOs are instead aligned with the practices of the least progressive, providing no incentive or insights for organizations to do better safety-wise. This fall back on standards with limited ambition enables “business as usual” and also serves another purpose that is dear to the SDOs member companies. Adopting them is easy and helps to establish a “safe harbor” against negligence liability for these companies.
The universe of private SDOs is unregulated, and its uncoordinated response to a new technology such as AI with a multitude of standards can create difficulties in assessing and putting them to use. Reliance on such standards for effective self-regulation and highly valued interoperability outcomes requires responsible public–private leadership to carry out oversight, coordination, and harmonization functions.
At a broader societal level, the increasing role of privately developed standards in the governance framework leads to neglecting or crowding out public interest perspectives. Whereas regulators are meant to represent the voice of the society, the process of developing standards by private SDOs usually does not provide for transparency nor the involvement of stakeholders that represent a balancing of different societal interests and norms [6].Footnote 10 In that respect, reliance on private standards escapes the democratic process that regulators are supposed to follow and resembles the contractual outsourcing of governmental decision-making functions. In the absence of representation of other interests beyond that of industrial organizations, economic value becomes the main driver in standards development, and cost–benefit analysis becomes the main decision tool for deciding what a standard should provide.
The democratic deficit that is incurred by the privatization of regulation reaches beyond the opaqueness of standards development. Many standards involve proprietary information, and thus cannot be explained. Although standard-setters claim that ethical and other societal interests are incorporated in the standards, there is often no way to know the details of what was done exactly and how or to test the standards.
Thus, all these issues involved by the regulatory reliance on private standardization reflect a concerning drift away from democratic governance of hazardous industrial activities.
Notes
- 1.
National Institute for Standards and Technology, Standards incorporated by reference database (showing 11,259 total incorporations by référence as of December 20, 2014): https://standards.gov/.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
European Commission, Standardization Policy, https://ec.europa.eu/info/.
- 8.
American National Standards Institute, U.S. Standards System: https://www.standardsportal.org/ (last accessed on 07/09/2021); and the National Technology Transfer and Advancement Act, 15 U.S.C 3701 et seq.
- 9.
An industrial SDO may lose member companies that have more progressive policies on corporate societal responsibilities. See Total Withdraws from the American Petroleum Institute (15/01/2021).
- 10.
CEN-CENELEC, Standardization and Societal Stakeholders at cencenelec.eu (last accessed 07/09/2021).
References
T. Aven, M. Ylonen, The strong power of standards in the safety and risk fields. Reliab. Eng. Syst. Saf. 189, 279–286 (2019)
M. Baram, The US Regulatory regime for preventing major accidents in offshore operations, in Risk Governance of Offshore Oil and Gas Operations, ed. by P. Lindøe, M. Baram, O. Renn (Cambridge University Press, 2014), pp. 154–187
M. Baram, K. McAllister, Private voluntary self-regulation, in Alternatives to Regulation, ed. by M. Baram (Lexington Books, 1982), pp. 53–76
C. Bieder, Safety science: a situated science: an exploration through the lens of safety management systems. Saf. Sci. 135 (2021)
E. Bremer, Private complements to public governance. 81 Mo. Law Rev. pp. 1116–1125 (2016). Retrieved from https://scholarship.law.missouri.edu/mlr/vol81/iss4/14
J. Contreras, Understanding balance requirements for standards-development organizations. CPI Antitrust Chronicle (2) (2019). Retrieved from https://ssrn.com/abstract=3454894
DIN, The Economic Benefits of Standardization (ASTM Business Link, 2001). Retrieved from www.DIN.de
M. Ebers, Regulating explainable AI in the European Union: an overview of the current legal framework(s), in Nordic Yearbook of Law and Informatics 2020: Law in the Era of Artificial Intelligence, ed. by L. Colonna, S. Greenstein (2021). Retrieved from https://ssrn.com/abstract=3901732
European Commission, White Paper on Artificial Intelligence-A European Approach to Excellence and Trust. White paper, European Commission, COM, Brussels, 2020
European Commission Expert Group, Ethics Guidelines for Trustworthy AI (European Commission, 2019). Retrieved from op.europa.eu
Executive Office of the President, Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government. Federal Register (EO 13960) (2020). Retrieved from https://www.federalregister.gov/documents/2020/12/08/2020-27065/promoting-the-use-of-trustworthy-artificial-intelligence-in-the-federal-government
I. Higham, UN guiding principles on business and human rights, in Standardization and Risk Governance, ed. by E. Olsen, K. Juhl, P.H. Lindøe, O. Engen (Routledge, 2020), pp. 217–234
K. Kaasen, Safety regulation on the Norwegian continental shelf, in Risk Governance of Offshore Oil and Gas Operations, ed. by P. Lindøe, M. Baram, O. Renn (Cambridge University Press, 2014), pp. 103–131
P. Lindøe, M. Baram, The role of standards in hard and soft approaches to safety regulation, in Standardization and Risk Governance, ed. by E. Olsen, K. Juhl, P. Lindøe, O. Engen (Routledge, 2020), pp. 235–254
J. Macey, Why is the ESG focus on private companies, not the government? Bloomberg Law (2021). Retrieved from https://news.bloomberglaw.com/esg/why-is-the-esg-focus-on-private-companies-not-the-government
G. Marchant, Soft law governance of artificial intelligence. AI Pulse (2019). Retrieved from https://aipulse.org/soft-law-governance-of-artificial-intelligence/
G. Marchant, L. Tournas, C. Gutierrez, Governing emerging technologies through soft law: lessons for artificial intelligence. Jurimetrics 61(1) (2020)
W. Mattli, T. Buthe, Setting international standards: technological rationality or primacy of power? World Polit. 56, 1–42 (2003)
NIST, AI Risk Management Framework (n.d.)
OECD, Guidelines for Multinational Enterprises (n.d.). Retrieved from OECD: www.oecd.org
WEF, Agile Regulation for the Fourth Industrial Revolution: A Toolkit for Regulators (World Economic Forum, 2020). Retrieved from http://www3.weforum.org
World Bank, Environmental and Social Performance Standards for Private Sector Activities (n.d.). Retrieved from World Bank. www.worldbank.org
J. Yates, C. Murphy, Engineering Rules: Global Standard Setting Since 1880 (Johns Hopkins University Press, 2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2022 The Author(s)
About this chapter
Cite this chapter
Baram, M., Bieder, C. (2022). Standardization and Risk Regulation for High-Hazard Industries. In: Laroche, H., Bieder, C., Villena-López, J. (eds) Managing Future Challenges for Safety. SpringerBriefs in Applied Sciences and Technology(). Springer, Cham. https://doi.org/10.1007/978-3-031-07805-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-07805-7_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-07804-0
Online ISBN: 978-3-031-07805-7
eBook Packages: EngineeringEngineering (R0)