Should the UK’s digital regulator play in the sandbox?

Governments of developed countries around the world are looking for ways to stimulate economic growth. Common approaches are to look to either reduce regulatory blockers to innovation or intervene in markets to make them more competitive.

Digital markets have been one of the fastest growing sectors of the global economy, and countries have taken different approaches to regulating them. The UK introduced the Digital Markets, Competition and Consumers Act 2025 (DMCCA) on 1 January 2025, which requires firms designated with Strategic Market Status (SMS) to adhere to certain obligations and expectations set by the Competition and Markets Authority (CMA).

On 13 February 2025, the UK Department for Business and Trade (DBT) published a ‘strategic steer’ to the CMA setting out its expectations for the role that the CMA will play in achieving the government’s goal of economic growth, including in its role as the digital regulator under the DMCCA.¹

The strategic steer from the DBT explains that, in order to contribute to the national goal of economic growth, the CMA should ‘give appropriate consideration to prioritising pro-growth and pro-investment interventions’ in all its investigations and potential remedies. The strategic steer also explains that ‘[t]he CMA should use the new DMCCA Digital Market Competition regime flexibly, proportionately and collaboratively to unlock opportunities for growth across the UK digital economy and the wider economy’, highlighting the need to ‘[m]inimise uncertainty by engaging with those affected by the CMA’s work’ and ‘focus on collaborative approaches to resolving issues’.²

This raises a question as to how the CMA might establish regulatory dialogue with the newly regulated digital companies to meet these objectives, working with the companies in a collaborative and flexible way. Collaboration and flexibility are particularly important in dynamic and fast-moving markets, such as digital markets, where there is continuous product development and innovation. In particular, innovation may result in disruptive technologies that do not necessarily sit within existing regulations. This can reduce incentives for innovation if there is no flexibility in the regulatory approach.

One practical, collaborative approach that allows for regulatory dialogue and flexibility to support innovation is regulatory sandboxes.

What is a regulatory sandbox?

Sandboxes are a tool whereby firms can test new products in the market with real consumers, with fewer regulatory constraints than they would typically be subjected to and less risk of enforcement action.³ This allows the regulator to learn about new products while assessing them against their regulatory objectives, which can promote innovation by reducing regulatory risk.

In regulation, there is often an information asymmetry between the regulator and the regulated companies. This asymmetry works in both directions: the regulator has more information about its intentions and objectives, while the regulated company has more information about its products and actions. Sandboxes can therefore be useful for addressing this asymmetry to make the regulatory relationship more effective. This is particularly important in sectors involving significant innovation, such as the digital sector, where it is important to maintain incentives for firms to innovate, while delivering on regulatory objectives.

Regulatory sandboxes have already been adopted by several regulators in the UK for different purposes and with varying levels of uptake. For example:

• the Financial Conduct Authority (FCA) introduced its sandbox in 2016, providing some regulatory relief to innovators trialling new products. There has been significant interest and uptake from a large number of firms;⁴
• the Information Commissioner’s Office (ICO) introduced its sandbox to support the development of innovations utilising personal data while ensuring compliance with the data protection frameworks;⁵
• Ofgem launched the Energy Regulation Sandbox (ERS) in 2017, providing energy firms with some regulatory relief while trialling new innovations. There has been limited uptake of the ERS since its launch;⁶
• Ofgem is developing a Future of Regulation Sandbox, in which it will be able to trial new regulations and changes to existing ones before implementing them, with the aim of limiting risk to consumers and markets.⁷

The box below details how sandboxes have been used at the FCA.

Sandboxes are created at the discretion of the regulator, meaning that the regulator determines who is eligible and should be given permission to participate.⁸ Alternatively, a firm may decide to initiate its own sandbox, whereby it invites the relevant regulator to engage with the product development related to a specific innovation.⁹

While a new product is passing through the sandbox, the regulator can guide its development and require changes to ensure compliance with the regulations that it would be subject to outside the sandbox. Firms also have the opportunity to demonstrate that certain regulations might not need to apply.

A further incentive for participation is that it can reduce regulatory risk post launch. As a result, at least for financial services, successful participation in a sandbox has led to an increase in the likelihood of an innovation attracting funding from investors.¹⁰

What makes a sandbox effective?

The success of a sandbox depends on several factors:

• innovative activity in a regulated environment that can benefit from market testing and regulatory guidance;¹¹
• alignment of objectives between the regulator and the innovator;
• effective communication, sharing of information, and trust between the regulator and the innovator.

Success can be difficult to determine. Products that have passed through the sandbox and launched in the real world would represent success. However, a product that does not make it out of the sandbox might not, in itself, indicate failure. Instead, this might indicate that a product was either not attractive to consumers or could not be made to be compliant with the regulation, both of which could still be considered a success of the sandbox, if this was identified in an efficient way.

There is often an unavoidable conflict of interest between a regulator and the regulated companies. Hence, for any dialogue to be successful in achieving innovation and/or growth, there must be an alignment of objectives. Where there are trade-offs, for example between lower prices for, or easy access to, a new technology, and the required return for the business to undertake risky innovation, these need to be ironed out to ensure that the regulator and the innovator are working towards a common goal. A sandbox can develop a framework for understanding objectives and building trust.

The box below outlines the evolution of Google’s Privacy Sandbox and its engagement with the CMA.

Supporting growth and innovation

In order for regulation to protect users from harm and facilitate growth, regulators need to have flexibility and agility in their ability to apply regulations to new products, services and business models.

Sandboxes are a valuable tool for both regulators and digital firms, as they enable them to make specific changes to products and services to ensure that they comply with regulation (e.g. in terms of interoperability). They are also helpful where firms are seeking to innovate and want to ensure compliance before making significant investment. In these circumstances, a sandbox can support product development by giving the regulator an opportunity to better understand the impact of new technologies and business models, and also to clearly communicate its expectations of the firm.

¹ Department for Business and Trade (2025), ‘Strategic steer to the Competition and Markets Authority’, Open Consultation, 13 February.

² Ibid.

³ Allen, H.J. (2019), ‘Regulatory Sandboxes’, George Washington Law Review, May, 87:3, p. 580.

⁴ Financial Conduct Authority (2024), ‘Regulatory Sandbox’, 9 May.

⁵ Information Commissioner’s Office, ‘The Guide to the Sandbox’.

⁶ Ofgem, ‘Energy Regulation Sandbox’. To date, only five sandboxes have been granted, and one has been declined.

⁷ Ofgem (2024), ‘RIIO-3 Sector Specific Methodology Decision – Overview document’, 18 July, para. 12.46.

⁸ Eligibility criteria will typically include alignment with existing regulatory standards, consumer benefit, innovation, and viability of the sandbox. See, for example, Financial Conduct Authority (2022), ‘Regulatory Sandbox eligibility criteria’, 27 March; ICO, Sandbox assessment criteria indicators.

⁹ For example, Google’s Privacy Sandbox was initiated by Google and became a forum for the ICO and the CMA to engage with Google while it explored possible approaches to the removal of third-party cookies from Chrome.

¹⁰ For example, the FCA has found that at least 40% of firms that completed testing in its first sandbox cohort received investment during or after their participation. Financial Conduct Authority (2017), ‘Regulatory sandbox – Lessons learned’, October, p. 5.

¹¹ For example, Ofgem has had relatively little uptake of its sandbox, and has noted that it received only one application from a network company, which it considered was likely to be due to a lack of innovation from network companies.