Governing Digital Harm Without Borders

Sandboxes as Instruments for Experimentation, Co-Innovation and Regulatory Learning

Drawing on the TUM Think Tank's policy brief on AI Sandboxes and recently released analytical work at Privacy Laws & Business, Andras examined when and how regulatory sandboxes function as genuine governance tools. Three logics are visible in current international practice: regulatory compliance (EU AI Act, UK ICO); institutional capacity-building (ITU's Central America initiative, Canton of Zurich); and rights-based co-design, exemplified by the COR Sandbox's focus on children's online redress. The recurring finding: the learning rationale that distinguishes sandboxes as governance instruments is the dimension most systematically underspecified, and most at risk of being crowded out by the faster demands of innovation promotion. Effective sandboxes require clear exit criteria and a named authority accountable for translating findings into regulatory action.

Social Media Digital Safety Requires a Whole-of-Society Approach

Content moderation and safety by design tools are maturing. The harder challenge is tackling harmful content across borders, where national laws, cultural norms, and victims' perspectives may collide. Andras drew on the TUM Think Tank's Frontiers in Digital Child Safety report (developed with Harvard's Berkman Klein Center) and OECD work on safety by design to argue that  age assurance, privacy-preserving defaults, accessible redress mechanisms, and genuine child participation in the design of digital services are not optional features. They are what proactive, child-centred safety actually requires.

Safety by Co-Design Jam

Andras co-facilitated a participatory workshop with Ioanna Noula and the Child Online Redress (COR) Sandbox, working directly with youth participants from Greece, Ireland, and France on co-designing digital safety approaches. A principle running across the TUM Think Tank's work found its most direct expression here: the people most affected by digital systems should have a meaningful role in shaping them.

Key Takeaways

1. Sandboxes are not a single instrument. The scholarship distinguishes at least two distinct logics shaping their design: innovation promotion, which privileges speed and market access, and regulatory learning, which prioritises evidence quality and institutional durability. Conflating them leads to poorly calibrated governance tools.  In practice, the first logic privileges speed and market access; the second, evidence quality and institutional durability.
2. Protecting children in the digital environment requires safety by design, not restriction by default. Simply labelling a service as "not for children" is not a safeguard. Safety by design measures, such as age assurance, child-centred design, privacy-preserving defaults, and accessible redress mechanisms need to be built in from the start.
3. The people most affected by digital systems should help shape them. Across both the sandbox panel and the co-design workshop, meaningful stakeholder participation, including from children and young people, emerged not as a procedural nicety but as a substantive condition for effective and legitimate governance.
4. Regulatory learning requires accountability structures. Sandboxes carry an inherent risk of permanently deferring regulatory decisions under the rubric of ongoing experimentation. Without named accountability for translating findings into regulatory action, experimentation becomes a substitute for governance rather than a contribution to it.
5. No single actor can govern digital harm alone. The Forum's animating conviction, reinforced across every session, is that cross-sector, cross-border, and cross-disciplinary collaboration is not a preference but a structural requirement for addressing harms that do not respect institutional or national boundaries.

We look forward to contributing to further conversations on digital safety and sandboxes and shaping efficient governance structures with stakeholders in these areas.