Abstract:Against the backdrop of growing attention to AI legislation, “regulation by design” is emerging as a forward-looking and compliance-oriented paradigm,demonstrating its unique value in technology governance for the digital age.This approach requires developers to embed regulatory requirements into digital systems through code at the product design stage,effectively mitigating technological risks through proactive design.From a technical practice perspective,regulation by design encompasses three types including design control,design optimization,and value creation through design,each targeting distinct regulatory objectives and application scenarios.Design control restricts user behavior via code-based constraints;design optimization aligns technological systems with specific standards;and value creation through design achieves predefined ethical or social goals.The rise of regulation by design stems from the limitations of traditional ex-post regulatory models in addressing risks posed by emerging technologies such as big data and AI.It signifies a paradigm shift from “remedial governance” to “preventive governance” ,emphasizing technical measures as core regulatory tools.However,this new model faces challenges including insufficient legitimacy,standardization dilemmas,and feasibility concerns.To ensure its lawful application,implementation must strictly adhere to principles of legality,reasonableness,and ethical compliance.Drawing on the EU's legislative practices in digital regulations like the Artificial Intelligence Act,China should accelerate the establishment of a regulatory framework for regulation by design.This involves integrating it into the rule of law through legislative norms,standard guidelines,corporate compliance,and market mechanisms to effectively address risks posed by emerging technologies.
郭小东. 论设计监管:数字时代科技治理的新范式[J]. 中国科技论坛, 2025(8): 43-50.
Guo Xiaodong. On Regulation by Design:A New Paradigm for Technology Governance in the Digital Age. , 2025(8): 43-50.
[1]SCHAAR P.Privacy by design[J].Identity in the Information Society,2010 (2):267-274. [2]劳伦斯·莱斯格.代码2.0:网络空间中的法律[M].李旭,沈伟伟,译.北京:清华大学出版社,2018:136. [3]徐冬根.二元共治视角下代码之治的正当性与合法性分析[J].东方法学,2023 (1):36-48. [4]罗杰·布朗斯沃德.法律3.0:规则、规制和技术[M].毛海栋,译.北京:北京大学出版社,2023. [5]高秦伟.数字行政中法治价值的设计与实现[J].比较法研究,2024 (2):32-47. [6]FRIEDMAN B.Value-sensitive design[J].Interactions,1996 (6):16-23. [7]VERBRUGGEN P.Does Co-Regulation strengthen EU legitimacy?[J].European Law Journal,2009 (4):425-441. [8]LESSING,L.Free Culture[M].New York:The Penguin Press,2004:125. [9]PAGALLO U.Cracking down on autonomy:Three challenges to design in IT law[J].Ethics and Information Technology,2012 (14):319-328. [10]宋华琳.规则制定过程中的多元角色:以技术标准领域为中心的研讨[J].浙江学刊,2007 (3):160-165. [11]GORNET M,Maxwell W.The European approach to regulating AI through technical standards[J].Internet Policy Review,2024 (3):1-27. [12]KOOPS B J.The (in)flexibility of techno-regulation and the case of purpose-binding[J].Legisprudence,2011 (2):171-194. [13]华劼. “通过设计保护隐私” 机制的法律实践、技术支撑与商业运用研究[J].情报杂志,2019 (2):116-122. [14]BYGRAVE L A.Data protection by design and by default:deciphering the EU's legislative requirements[J].Oslo Law Review,2017,4 (2):105-120. [15]张欣.我国人工智能技术标准的治理效能、路径反思与因应之道[J].中国法律评论,2021 (5):79-93. [16]LACHAUD E.The General Data Protection Regulation and the rise of certification as a regulatory instrument[J].Computer Law & Security Review,2018,34 (2):244-256.
2025, 
