On 14 March 2022 I had the privilege of delivering the Keynote at the RaC2022 Plenary, followed by the Opening Address by Pia Andrews, five Round Tables and a Townhall, all on the subject of Rules as Code (RaC). RAC2022 was co-organised by brilliant Lyria Bennet-Moses and Marina Yastreboff and Natalia Crnomarkovic. The conference brought together key figures in the domains of Rules as Code, legal informatics and AI and law, welcoming both rising stars and long-time scholarship. It was meant to stimulate serious and sustained conversation between lawyers and computer scientists, developers and advocates of RaC, policy makers, academics and practioners notably in the realm of public law, constitutional law and the rule of law. In this blog posting I share the content of the keynote, hoping to contribute to the conversation.
1. What is the problem for which RaC is the solution?
I am deeply impressed with the RaC movement and convinced that there is a momentum at this moment that should be acted upon: (1) legislative initiatives are overwhelming, there are too many legal and policy rules, easily and often resulting in incompatible legal obligations that stand in the way of legal certainty, diminishing trust in the legal framework and reliability of government policy, (2) we should note that citizens and corporations often lack access to the policy rules that have been developed within public administration behind closed doors, where those rules are meant to guide or determine government decision-making, based on the interpretation and discretion that are key features of legislation (not bugs, if done well), (3) many of these policy rules are now developed in the form of decision (support) algorithms, though not in a democratic setting, as they are decided within the administration, and we cannot be sure they are contestable in a court of law due to various types of opacity, e.g. because they were developed behind closed doors or because those subject to them do not read code, (4) simultaneously, many corporations are run based on softwired business processes that integrate so-called business rules to ensure legal compliance, even though they may not be sure which interpretation is the right one.
RaC as I understand it could, perhaps, bring transparency, foreseeability, accountability and reliability to both law making (the ‘output’ of the legislature) and public administration (both in terms of the individual decisions and in terms of decision-rules they develop to make those decisions).
2. Legal certainty and transparency
The OECD report on Rules as Code states that governments are rule-makers. Governments, however, are much more than that and should actually stop being rule-engines. The task of the government is to govern, to take care of the res publica.
- Governments have to decide, to act and to develop policies (regulations) on how they will act and decide in a transparent way. The foreseeability enabled by making policy rules public is key to RoL.
- RoL means that governments act, decide and regulate within the confines of the legality principle, which requires that the competences to act, decide and regulate are both constituted and limited by the constitution or parliamentary acts.
- The legality principle also implies that human rights law informs the drafting and the application of Acts of Parliament and the Constitution. Any kind of law, even tax law, must be compatible with human rights law. This means that legal rules cannot be interpreted in isolation; it involves the legal context of the rule, including the entire architecture of the relevant jurisdiction.
3. Ambiguity and discretion
Legislatures should make law. That is key to democracy, it is not government that makes the rules of the game but the democratic legislature. Can law actually be reduced to a matter of rules? Are legal norms equivalent with the kind of rules that can be expressed in programming languages?
- Herbert Hart, a renowned legal philosopher asserted that law is about rules, saliently distinguishing between primary (regulatory) rules and secondary (constitutive) rules. But he also confirmed the open texture of legal concepts and the inevitability of discretion. Open texture should not be confused with ambiguity but nevertheless resists formalisation; it highlights that meaning is determined by use, and can therefore not be pinned down once and for all. This brings legal rules close to Wittgenstein’s concept of rules and implies a pragmatist approach to the meaning of legal rules: meaning is defined by use that in turn refers to the consequences of such use.
- Ronald Dworkin, another renowned legal philosopher rejected the idea that law can be defined as a system of rules. He asserted that rules are informed by principles and inform government policies that both co-define the law. Like Hart, Dworkin emphasised the inevitability of discretion in law, but rejected the idea that this would leave decision-making to the arbitrary will or the personal ethics of a judge or government official. Discretion is informed by the implied philosophy of positive law that can be inferred from its totality within a relevant jurisdiction, based on the integrity of the law which should not be confused with logical consistency. To understand discretion and integrity we need a hermeneutical approach and practical wisdom (phronesis)
Let’s take an example. In an excellent research note on RaC Waddington writes that RaC is pivotal for the process of drafting legislation:
If the coding in RaC merely picks out the if-then-and-or-not logic of the exceptions and definitions (and points up a scenario where the first draft would produce an unintended result), then it will have done an extremely valuable job.
Take art. 5.2(b) of the GDPR, which concerns the purpose limitation principle. It says that ‘further processing’ for scientific research shall be considered as not incompatible with the original purpose. This is relevant for the repurposing of personal data initially processed for the purpose of, for instance, medical treatment or online shopping.
Art. 6.4 of the GDPR then says that ‘further processing’ for another purpose than that for which data has been collected may be considered as compatible based on considering five criteria, notably the link between the original and the other purpose, the context of collections and the relationship between data subject and controller, the nature of the data (e.g. sensitive data), possible consequences of such further processing for the data subject and the existence of appropriate safeguards.
The question is whether 5.2(b), as a presumption of non-incompatibility, overrules 6.4 or whether testing against the 5-criteria of 6.4 could overrule the presumption of 5.2(b)?
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) seem to consider that the criteria of 6.4 should be taken into account when deciding on the potential incompatibility, depending on the initial purpose and the relevant legal ground (noting the EDPB is preparing its final guidance on the issue, expected in 2022). Certainty will depend on an eventual judgment of the Court of Justice of the EU (CJEU) which can, however, only decide if a preliminary question is asked, and the answer will depend on the facts of that particular case.
This is a clear example of potential ambiguity that was probably not intended. We can, however, not be sure of that, because legislation is often a compromise. The GDPR may not have come about if all these kinds of problems had been made explicit, requiring explicit agreement.
Would RaC solve this problem? Different solutions can be developed: 5.1(b) overrules 6.4, vice versa or they should be combined in the way that EDPS and EDPB stipulate. The question that should interest us is who makes that decision: legislature, policymakers, civil servants? This is directly related to the idea of the RoL that attributes that kind of decisions to the court. This could imply that irrespective of whoever get to make that decision, we might still want the court to have the last word here. How does this square with RaC? How does RaC affect RoL, as RoL also means that such decisions are multi-levelled, playing out at the level of the legislature, data controllers, DPAs, with the final word of the courts.
This raises the question of whether every unintended ambiguity is a bad thing or whether it is what keeps our legal system adaptive. What if the ambiguity or contradiction is the result of political compromise (law in the real world is not logic), should we disable such compromises?
4. Defining RaC
So what ‘is’ RaC? Is it a technology? Is it a new technological paradigm or a new way to understand law, where code would have legal effect?
Waddington suggests that
[RaC] can involve merely highlighting the logical structures that the drafter is trying to create in the legislation, so that any use of that logic should always be traceable, explainable and open to correction or appeal in the same way as it is when a human follows the logic from the text.
This implies that RaC can be seen as supporting:
- drafting of legislation, foreseeing consequences, removing contradictions and unintended ambiguities or unintended discretion;
- decision making by government agencies that must apply legislative or regulative rules; they can ‘run’ the systems to see bugs, conflicts, determine priorities, foresee results (tax to be paid, benefits to be distributed, fines to be imposed).
While preparing the conference, Pia Andrews spoke of:
‘a reliable reference implementation of rules, in a machine understandable form, to enable the building and testing of systems that rely upon those rules’
This implies that RaC can be seen as supporting:
- decision-making and planning by corporations and citizens that must apply rules they are subject to, which are often unclear to them and may seem contradictory, whereas RaC would enable them to run the reference implementation against their factual situation to test and foresee what choices they have if they wish to comply with the law.
We could then define RaC as law articulated in computer code, aiming to serve the building and testing of three kinds of systems:
- Enforcement on the side of government, noting the government must comply with its own rules
- Compliance on the side of business and other institutions outside the government, where the idea behind RaC is to provide a ‘reference implementation’ or ‘authoritative version’ of the relevant rules
- Compliance of the side of individual citizens who are subject to complex legislation and may want to foresee the consequences of choices they have, testing whether they are lawful and ‘running’ different lawful alternatives against the ‘reference implementation’ to foresee the consequences
The intent seems to be ensuring reliable, lawful and democratic drafting, understanding and implementation of legal and policy rules to achieve ‘better rules’ for people.
5. So how does RaC relate to RoL?
Under RoL governments are not rule makers; in a constitutional democracy it is the legislature that makes the law. Under RoL lawmaking is a multilevel undertaking, involving a dedicated interplay between:
- Representation (equal respect and concern)
- Deliberation (agonism and public reason; argumentation and reasoning)
- Participation (those who suffer the consequences should co-decide)
- Contestation (the applicability validity meaning of the law & the facts)
- Judgement (closure within the decision space provided by the law)
Epistemological considerations should remind us that rules cannot apply themselves. Rules and facts are different ‘animals’, their application necessary involves an act of interpretation that determines the consequences for those subject to the rule. For that same reason one could perhaps automate a rule but not its application to the facts, which requires an act of judgement rather than logic.
6. Legal norms and legal effect
Legal norms are norms with legal effect, attributed by positive law. This is what distinguishes legal from other norms. This relates to democracy and the rule of law, and raises the seminal question, which we discussed in our 2021 Philosophers’ seminar:
Whether and on what basis could computer code have the intended legal effect of binding a constituency as if it were legislation?
This in turn raises the key question of what the word ‘authoritative’ means in the OECD Report and what a ‘reference implementation’ means in Andrew’s definition above? RoL means that it is NOT the government that decides the meaning of the law, but an independent court, in the interplay between legislature, administration, citizens, private parties and the courts – who have the final word.
7. Introducing Rac under Rol: three key questions
- What problems would RaC actually solve?
uncertainty, conflicting interpretations, contestability
[by way of logic solvers and declarative programming]
- What problems can RaC not solve?
democracy and rule of law, which are however not problems to be solved
[logic solvers assume a closed world, this would be incompatible with law]
- What problems could RaC create?
if regulators/public administration decide the articulation of the law
we may have less contestability
[if you ‘solve’ the issue of interpretation you could end up in a closed world]
I am sure RaC advocates will provide other answers. I hope they will nevertheless take these questions seriously, together with drafters of legislation, civil servants and legal scholars.