Financial regulation is caught in a vicious cycle where information gaps drive more complexity, which in turn makes compliance harder — a problem that native digitalisation can break. This blog traces the evolution from basic machine-readable regulation (MRR) to fully executable rules-as-code (RaC), examining the benefits, challenges, and cross-country experiments underway in New Zealand, France, the UK, and beyond.

Author: Parimal Kumar Shivendu, former Assistant General Manager, FinTech Department, Reserve Bank of India 

This article represents the author’s personal perspectives based on research conducted during the Innovation Leaders Residency initiative. 

_______________________

Executive Summary

In an increasingly digital world, how regulations are created, disseminated, and enforced is transforming significantly. Supervisory technology, such as Machine-Readable Regulation (MRR)/Machine-Consumable Regulation (MCR), Machine-Executable Regulation (MER), and Rules as Code (RaC) are emerging as key concepts in this evolution. These suptech tools aim to enhance regulatory efficiency and compliance outcomes by translating traditional legal/regulatory texts into machine-readable/executable formats that work around digitally native systems are inherently optimised for automation, scalability, and integration in the digital ecosystem. This transformation enables compliance monitoring and enforcement automation through structured formats and executable algorithms. This paper discusses the stages and possibilities of regulatory digitisation and its benefits — such as reduced compliance costs, standardised regulation, improved document management, etc. — and outlines key challenges, including the complexity of legal language, integration with legacy systems, and maintaining authenticity in digitised regulations. Financial sector regulators stand to gain the most from these advancements, though balancing automated, rule-based systems with flexible principle-based regulation remains a challenge. 

Introduction  

Despite the regulatory emphasis on assurance functions such as risk management, compliance management, and internal audit, instances of firms failing to comply with regulations persist, often resulting in systemic issues. These shortcomings within the systems typically stem neither from a lack of effort nor focus from supervisory entities. The core challenge lies in comprehending the vast, intricate, and constantly evolving nature of financial institutions and markets, wherein regulators frequently lack sufficient information (Barefoot, J.A., 2020). In fact, it initiates a vicious cycle whereby insufficient and untimely information results in heightened regulation. Consequently, increased regulation compounds the complexity of the regulatory environment, thereby exacerbating the challenges faced by managers responsible for assurance functions, ultimately contributing to further failures within the system. This further intensifies the cycle, as heightened regulatory measures are often implemented in response to failures, perpetuating a continuous loop of increasing regulation and complexity within the regulatory environment. 

Digitisation has made data on the financial sector more accessible for financial  authorities to consume. However, financial authorities will need to undergo their own digital transformation to effectively process and respond to the high volume and speed of digitalised data. This endeavour must extend beyond constructing systems and processes that are digital-immigrant, focusing instead on embracing systems and processes that are inherently digital-native. Digitally native systems can be understood to be such systems/ infrastructure that are designed and built specifically to operate in a digital environment. Unlike the systems adapted from traditional or manual processes, digitally native systems are inherently optimised for automation, scalability, and integration in the digital ecosystem. In this respect, Annex-1 outlines how digital-native regulatory systems and processes differ from their analogue-era counterparts across various aspects, including data accessibility, reporting frequency, information processing, risk detection, compliance monitoring, innovation, transparency, digital identity verification, and predictive analytics. These tools are categorised according to the SupTech Generations framework outlined by the Cambridge SupTech Lab, as advanced enabling the digital transformation of financial supervision. 

Digitally native systems have the potential to assist regulators in achieving their primary policy goals, encompassing financial stability, integrity of the financial system, customer protection, and financial inclusion, by enhancing regulatory efficiency and effectiveness through enhanced utilisation of digitised data. For example, the primary objective of FCA UK’s pilot on Digital Regulatory Reporting (DRR) has been to examine how building digitally native systems technology can simplify firms’ compliance with regulatory reporting requirements while enhancing the quality of information submitted to the regulator. The pilot was started in 2018 with three core objectives: (a) converting regulation into code, (b) defining standardised firm data, and (c) executing machine executable regulation against standardised firm data. The pilot is also indicative of the fact that a more technologically adept financial sector regulator could catalyse a virtuous cycle, stimulating further native digitisation of regulated entities within the financial sector itself. 

Native digitisation of regulation  

Consequently, in the era of digital transformation, the creation, dissemination, consumption, and enforcement of laws and its incidental rules and regulations (hereinafter referred to as “regulation”) is experiencing a profound paradigm shift to ensure improved outcome by regulated entities. Supervisory technology (suptech) solutions such as Machine-Readable Regulation (MRR)/Machine-Consumable Regulation (MCR), Machine-Executable Regulation (MER), and Rules as Code (RaC) are increasingly being used to describe the various stages of this transformation. These terms reflect the evolution of regulations into digital formats that enhance accessibility, automation, and compliance in unprecedented ways.  

At a basic level of digitisation, regulatory documents are made available electronically (e.g., through downloading documents in scanned images, PDF or HTML format). At this level, machines can read text but can only process it as natural language. This requires using Natural Language Processing (NLP) algorithms to extract useful information. Techniques like Optical Character Recognition (OCR) can extract text from scanned images. Furthermore, machines can do basic scanning or text extraction where they parse the words but struggle to understand context or meaning without significant programming effort. This form of digitisation allows documents to be stored and accessed easily but offers limited functionality beyond mere readability. Annex-2 gives a brief overview of various NLP techniques utilised for this purpose. However, these methods are rudimentary, as algorithms lack deeper insights into the document’s structure or meaning, leading to inefficiencies in describing and understanding the content. Thus, while elementary digitisation enhances accessibility, it fails to significantly reduce the economic costs of compliance, as manual interpretation is still required.  

At a higher level of digitisation, regulatory documents are transitioned into machine-readable formats like XML or JSON. These formats come with embedded metadata, which includes ontologies, attributes, and elements that provide contextual information about the structure and content of the text. This metadata enables machines to read the text and comprehend its meaning and structure, allowing for more efficient analysis and categorisation. With this level of digitisation, NLP is complemented by machine-readable tags that reduce ambiguity and increase the ability to automate compliance-related tasks. Tools leveraging such metadata can more easily identify legal restrictions or mandates, thereby lowering the economic costs associated with manual regulatory analysis. In fact, at this level, many specialised frameworks are developed to represent legal texts in a structured and standardised way using XML, which allows machines to parse, process, and analyse them quickly. Figure 1 captures different levels. 

Figure- 1 Level of Digitisation 

In its most advanced form, digitisation moves toward the RaC paradigm, where regulations and legislation are written in a fully machine-consumable format. This approach requires rules to be presented in a machine-consumable format, meaning they must be in a code or code-like structure that software can interpret and engage with. This could involve automated compliance tasks such as financial reporting obligations (Digital.Govt.NS, 2018). This allows machines to read and analyse the documents and potentially execute specific legal processes autonomously. With advanced metadata and machine-readable structures, software systems can directly apply the rules, make real-time compliance decisions and automatically determine whether a business meets legal requirements. This transformation reduces the human workload and dramatically lowers compliance costs by removing ambiguities, automating processes, and providing precise, real-time insights into regulatory adherence. RaC represents a future where compliance management is deeply integrated into business operations, eliminating manual interpretation and boosting overall economic efficiency. 

Table 1 illustrates how these terms represent different stages in the digital evolution of regulation, from structured text processing to fully autonomous rule enforcement. MRR and MCR are interchangeably used (from now on referred to as ‘MRR’). Further, cross-county experimentations in this area are highlighted in Annex-3. 

Table -1: Comparison between MRR, MER and RaC

	MRR	MER	RaC
Level of advancement	Foundational	Advanced	Most Advanced
Essence	Structuring regulatory text so that machines can easily process it (e.g., XML, JSON formats).	Structuring regulations in a way that machines can autonomously interpret and apply the rules.	Encoding regulations into fully executable algorithms that can autonomously interpret, apply, and enforce rules.
Human intervention	Requires human interpretation to apply the rules.	It allows real-time automation of compliance tasks but may still need human oversight for complex cases.	Machines autonomously understand, apply, and enforce compliance actions without human intervention.
Example	A government publishes environmental regulations in XML format, allowing software to extract relevant sections, but compliance officers still decide on the final application.  Example: HM Government of UK publishes all provide the content of legislation in XML format using a Legislation Schema that includes both metadata and the content of legislation.	A financial institution’s compliance software consumes anti-money laundering regulations and automatically flags suspicious transactions without human input. Example: As part of FCA UK’s TechSprint on ‘Model Driven Machine Executable Regulatory Reporting’ demonstrated a proof of concept where a small set of reporting instructions could be converted into MER. Machines then used the MER to automatically execute the instructions, pulling the required information directly from a firm’s systems.	An automated welfare system autonomously determines eligibility and disburses benefits based on codified social security rules.
Class of Technology in use	Knowledge Representation (e.g., XML, JSON), Specialised presentation	Knowledge Representation (e.g., XML, JSON), Business Rules Engines	Rule Engines and Decision Automation, Executable Code (e.g., Smart Contracts), AI/ML for adaptive enforcement

 

Significance for financial sector regulator 

Financial sector regulation is suited for this purpose as it tends to be prescriptive and does not evolve as common law does, typically true for common law jurisdiction. Unlike common law, which develops gradually through judicial decisions and precedents, financial regulations tend to be more static. They are typically amended or updated through legislative processes rather than evolving organically through case law. This static nature makes them well-suited for implementation in code or machine-readable formats, as updates can be more easily integrated and enforced.  

However, the current fervour to reduce the supervision’s compliance burden is to adopt principle-based regulation. Principle-based regulation emphasises high-level principles or objectives that entities must adhere to, allowing for flexibility and adaptability in implementation. It focuses on outcomes rather than specific rules, giving firms more autonomy in achieving compliance. However, MRR and RaC involve encoding regulations into machine-readable formats or executable code, making compliance requirements more explicit and detailed and more aligned with rule-based regulation, which specifies precise rules and standards for compliance. They offer clarity and specificity but may lack the flexibility of principle-based regulation. MRR and RaC offer clarity, precision, and automation advantages, but they may not always align with the principles of flexibility and adaptability inherent in principle-based regulation. Finding the right balance between these approaches is crucial for crafting effective and efficient regulatory frameworks promoting compliance and innovation in the financial sector. 

Benefits of digitisation of regulation 

In any case, achieving a higher level of digitisation of regulation can not only improve operational efficiency, foster innovation, reduce compliance costs, and enhance the overall effectiveness of regulatory frameworks. These benefits can be categorised in following:  

• Native digitisation of publishing of regulations (how regulation is disseminated):  Regulations can be published directly in digital formats (e.g., XML, JSON) that are machine-readable from the outset instead of being converted from traditional formats like PDFs or paper documents. This ensures that regulations are instantly available for automated processing, making them more accessible and easier to integrate into digital systems. This approach streamlines the dissemination process, reduces manual effort in converting documents for machine consumption, and ensures timely and efficient access to regulatory updates. It can reduce the lag time for adoption by regulated entities. 

• Improved document management (how regulation is managed over the years): Natively Digitised regulations can be efficiently managed and tracked over time. Changes, updates, or amendments to the rules can be captured in a version-controlled manner, ensuring clear historical records and audit trails. Digital management systems can handle complex regulatory updates more accurately. This allows for easier maintenance of regulatory frameworks, improved transparency regarding changes over time, and better compliance tracking. For instance, a legal compliance platform maintains a record of all amendments to a country’s tax regulations over the years, allowing businesses to cross-reference current obligations with past versions seamlessly. For example: Code of Federal Regulations (CFR) which is the codification of the general and permanent rules published in the Federal Register by the departments and agencies of the Federal Government – maintains 1997 to Present¹ 

• Standardisation of regulation: Digital transformation not only facilitates but also necessitates the standardisation of regulatory content. It will allow uniform formats, structures, and terminologies to be applied across different jurisdictions or sectors. Standardised regulations reduce ambiguity and the potential for varying interpretations. This may also enhance cross-border compliance, improve collaboration among regulatory bodies, and foster innovation in regtech solutions by reducing the complexity of handling disparate regulatory formats. For example, the adoption of the Common Reporting Standard (CRS)² by tax authorities illustrates how standardization simplifies cross-border compliance. CRS provides uniform reporting frameworks, reducing ambiguity and fostering collaboration among regulators while enabling regtech innovations to streamline global regulatory processes. Financial regulations across multiple countries are standardised into a common machine-readable format, enabling multinational banks to apply a unified compliance system across all regions they operate in. 

• Regtech solutions (Consumption of regulation): Machine-readable, consumable, and executable regulations enable the development of advanced regtech solutions that automate the interpretation, application, and monitoring of compliance in real-time. Regtech solutions reduce the burden on organisations to interpret and apply regulations manually, leading to faster, more accurate compliance. They enable proactive compliance monitoring, reduce human errors, and allow organisations to stay up to date with regulatory changes without costly manual reviews. 

Critical challenges of digitisation of regulation 

The transition to digital regulations presents several significant challenges that could impede effective implementation. One major issue is the open texture of law, which allows for ambiguity and multiple interpretations. Additionally, many organisations rely on legacy systems that struggle to adapt to modern regulatory frameworks. Maintaining and updating regulations are crucial to ensure compliance in a dynamic environment. Data security and privacy concerns, resistance to technological change, and legal and ethical issues regarding automated enforcement further complicate this shift. Finally, questions about the authenticity and primacy of digital regulations challenge their legal standing compared to traditional formats. As elaborated in this section, addressing these challenges is essential for successfully digitising regulatory processes.  

• Open texture nature of law: The open texture of law refers to its inherent ambiguity and vagueness, which allows for multiple interpretations and applications in different contexts. Even seemingly straightforward laws can give rise to diverse interpretations based on legal precedent, judicial interpretation, and evolving societal norms. Legal text often has discretionary clauses and interpretive elements. Even a simple law will require multiple interpretations. Translating this language into structured, machine-readable or executable formats is difficult because machines may struggle to capture the subtleties of legal interpretation. This can lead to oversimplification, misinterpretation, or incomplete translation of regulations, which may undermine compliance or enforcement. misalignment between the intent of the regulation and its digital implementation, leading to compliance or enforcement challenges.  

• Legacy systems: Many organisations, especially in highly regulated industries like finance, rely on legacy systems incompatible with modern digital regulatory formats. Updating or integrating these legacy systems to handle MRR, MER, or RaC could be costly and time-consuming. Resistance to modernisation, due to cost or technical limitations, may slow the adoption of machine-readable or machine-executable regulations, delaying the potential benefits. 

• Ongoing maintenance and updating: Regulations are frequently updated or amended, and maintaining machine-readable or executable versions of these regulations requires continuous monitoring and updating. This ongoing process can be resource-intensive, especially in dynamic regulatory environments. Especially when in stress. Inadequate or delayed updates to digital regulations may lead to compliance gaps, as systems continue operating based on outdated rules. A tax regulation is amended, but if the machine-readable version is not updated promptly, businesses could risk non-compliance due to outdated software interpretations.  

• Data security and privacy concerns: An automated system consuming machine-readable data related to customer financial transactions for compliance checks must ensure that it does not violate privacy laws while processing that data. 

• Resistance to change and skill gaps: Implementing these digital approaches requires significant organisational change and new skill sets in both regulatory bodies and regulated entities. Stakeholders may resist adopting new technologies or lack the technical expertise to manage the transition effectively. Regulatory agencies may be hesitant to shift from traditional, paper-based systems to digital rule management, and they may not have sufficient expertise to create machine-executable regulations. 

• Legal and ethical concerns: Machine-executable regulations and automated enforcement can raise legal and ethical concerns, especially if decision-making is fully delegated to machines. Accountability, fairness, and due process issues may arise if compliance or penalties are executed without human oversight. These concerns can result in hesitancy to fully automate regulation, particularly when decisions have significant consequences, such as healthcare, criminal justice, or financial penalties. For instance, if a smart contract autonomously enforces a penalty based on financial regulation, the lack of human oversight might raise questions about fairness or the ability to appeal the decision. It may devoid the affected party of natural justice. 

• Authenticity and primacy of digital regulations: A major challenge in the digital transformation of regulations is determining whether digital forms are as authentic and legally binding as their physical counterparts. This raises concerns about the primacy of digital regulations – whether they should serve as an overlay or fully replace traditional paper-based versions. The lower level of digitisation tends to be more authoritative. For higher levels of digitisation, typically, a third party would be involved, but if a public sector entity does a higher level of digitisation, then it tends to be more authoritative.  Without clear legal recognition, stakeholders may hesitate to trust digital formats, leading to inconsistencies or dual processes. Ensuring that digital regulations are secure, tamper-proof, and legally recognised requires technological advancements and significant legal and cultural shifts within regulatory bodies and the industries they oversee. 

Conclusion

The digitisation of regulations through frameworks like MRR, MCR, MER, and RaC represents a significant step towards automating compliance and improving regulatory efficiency. The financial sector ought to lead the way in adopting these technologies and show the path to other regulators and organisations to navigate challenges such as legal ambiguity, technological integration, and the need to maintain a balance between flexibility and precision in regulatory enforcement. The journey towards fully digitised and machine-executable regulations promises numerous benefits, from reducing compliance burdens to fostering innovation in regtech. However, it requires careful planning, ongoing updates, and robust security measures to ensure these systems remain effective, secure, and legally binding. 

______________________________________________

For further information, we encourage you to read the State of SupTech Report 2025, access session recordings and engage in discussions on GovSpace.io.