Technology and the law - a constants-based regulatory framework

The conceptual error of regulating technology in isolation

Attempts to regulate technology in isolation face structural limitations. Technology does not replace commercial activity. It mediates it. Software does not trade, platforms do not contract and algorithms do not assume legal responsibility. These functions remain actions taken by human and institutional actors. Treating technology as a primary legal subject obscures accountability and invites regulatory fragmentation.[2]

Moreover, technology evolves at a pace that far exceeds traditional legislative cycles. Laws drafted around specific tools or technical implementations risk rapid obsolescence, forcing regulators into perpetual catch-up mode. This dynamic undermines predictability, which is a foundational value of international commercial law.[3]

Historically, legal systems have navigated technological change by regulating the underlying activity rather than the enabling mechanisms. From the telegraph to electronic data interchange, commercial law has endured by prioritising substance over form.

International commercial law as a stabilising framework

International commercial law provides a stable and adaptive framework for governing technology-enabled commerce. Its objectives include legal certainty, risk allocation, predictability and trust, all of which remain constant regardless of the technological medium. Instruments such as the United Nations Convention on Contracts for the International Sale of Goods (CISG) demonstrate that law can remain technologically neutral, while governing complex cross-border transactions effectively.[4]

The digitisation of contracts, payments and documentation does not alter the core legal questions of offer, acceptance, performance, breach or remedies. It merely changes the environment in which those questions arise. The law must, therefore, adapt interpretively rather than reconstruct itself normatively.

Technology as an engineered system

Legal discussions often treat technology as an abstract tool rather than as an engineered system. From a systems perspective, technology embodies design choices that encode assumptions about data, trust, authority and failure. These choices shape commercial risk long before disputes arise.[5]

Every technological system rests on architecture. Architecture determines how data is stored, transferred, validated and audited. Legal analysis that ignores architecture risks regulating outcomes, while overlooking causes. In international commerce, where transactions depend on interoperable systems across jurisdictions, this omission is particularly consequential.

Architecture, control and legal responsibility

Modern commercial technologies rely on layered and distributed architectures, involving multiple intermediaries. Platforms, cloud providers, payment processors and logistics integrators often exercise functional control over transactions, while characterising themselves as neutral facilitators.

International commercial law has long addressed comparable scenarios through doctrines of agency, delegation and attribution. The legal question is not whether an intermediary is technological, but whether it exercises control. Where control exists, responsibility should follow. Technology does not justify regulatory exceptionalism.[6]

Lessons from technology-driven regulation

The limitations of regulating technology by chasing its dynamic manifestations are not merely theoretical. They are evident in existing international legal instruments that have struggled to maintain relevance as technological architectures have evolved.

One instructive example is the Council of Europe’s Convention on Cybercrime, commonly known as the Budapest Convention on Cybercrime. Drafted at a time when computing systems were relatively discrete and access-based, the Convention focuses heavily on specific technological acts, such as unauthorised access, data interference and system misuse. While groundbreaking at the time of its adoption, its effectiveness has increasingly depended on domestic reinterpretation as commercial systems have shifted towards cloud-native, distributed and platform-mediated architectures. The Convention regulates technological events rather than enduring architectural control points, resulting in uneven adoption, interpretive divergence and fragile cross-border enforcement.[7]

A second example can be found in the enforcement trajectory of Regulation (EU) 2016/679, otherwise known as the European Union’s General Data Protection Regulation (GDPR). Although often described as technology neutral, regulatory practice has increasingly gravitated towards surface-level application compliance, such as consent interfaces and cookie mechanisms, rather than deeper architectural questions concerning data models, internal propagation, automated decision logic and distributed accountability. The result has been high compliance costs and inconsistent enforcement outcomes, with limited influence on underlying system design.[8]

These examples do not reflect a failure of international law as such. They highlight the risks of regulatory approaches that prioritise technological manifestations over enduring system characteristics.

Data, documentation and trust in cross-border commerce

Trust is the currency of international trade. Historically, that trust has been embodied in documents such as bills of lading, letters of credit, certificates of origin and inspection reports. Digitalisation seeks to dematerialise these instruments, but it cannot dispense with the trust attributes they provide.

Electronic trade documentation must preserve authenticity, integrity and legal recognition across borders. The challenge is not technical feasibility, but legal equivalence. Instruments such as the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce (MLEC) and the UNCITRAL Model Law on Electronic Transferable Records (MLETR) affirm this continuity by requiring electronic records to perform the same legal functions as their paper counterparts.[9]

Automation and the reallocation of discretion

Automation is frequently described as a process that eliminates human discretion. In reality, it reallocates discretion to system designers, rule authors and data curators. Decisions embedded in code reflect assumptions about normality, thresholds and prioritisation, all of which carry legal consequences.

From a commercial law perspective, automation raises familiar questions concerning authority, attribution and accountability. These are not novel concerns. They are central to agency law, professional responsibility and contractual delegation. Technology shifts the locus of discretion, but it does not eliminate the need for legal responsibility.[10]

Failure, resilience and commercial risk

Technological systems are designed based on assumptions about failure. Latency, partial outages, data inconsistency and system errors are foreseeable conditions rather than anomalies. The legal relevance of failure lies in whether it was anticipated, mitigated or negligently ignored.

International commercial law already distinguishes between unforeseeable impediments and failures arising from inadequate risk management. Technology sharpens this distinction. Where architectural shortcuts or insufficient safeguards lead to non-performance, established doctrines governing breach, delay and force majeure remain applicable.[11]

Technology, trade and institutional readiness

Contemporary trade regimes increasingly depend on digital infrastructure for customs processing, payments, compliance verification and dispute resolution. Initiatives such as the African Continental Free Trade Area (AfCFTA) illustrate how technology can function both as an enabler and as a stress test of institutional capacity.

The success of such regimes depends not on technological sophistication alone, but on legal coherence and administrative readiness. Digital platforms cannot be a substitute for the consistent application of trade rules, the mutual recognition of legal effects or predictable dispute resolution. Technology accelerates compliance, it does not replace law.[12]

Conclusion

The convergence of technology and law does not require radical legal reinvention. It requires restraint, clarity and discipline. Technology should be governed not by chasing innovation cycles, but by regulating what endures, namely data integrity, architectural control, accountability and institutional responsibility.

International commercial law remains uniquely equipped to perform this task. By anchoring technology governance to established legal principles and resisting technology exceptionalism, the law can remain authoritative even as technological change accelerates.