Regulatory Experimentation and Public Authority Innovation: Administrative-Law Lessons of the Regulatory Sandbox Model
DOI:
https://doi.org/10.54200/kt.v6i1.108Keywords:
regulatory sandbox, regulatory experimentation, administrative procedure, artificial intelligence, market surveillance, administrative auditsAbstract
This article examines the institution of the regulatory sandbox in the context of the exercise of public authority and the renewal of administrative law. It starts from the premise that the pace of innovation – particularly in the fields of digital technologies and artificial intelligence – consistently outstrips traditional legislative and administrative cycles, creating regulatory uncertainty and new challenges for the protection of the public interest. Against this background, the article argues that the regulatory sandbox should not be understood as a form of deregulation, but rather as a safeguarded, procedure-based experimental framework designed to support regulatory learning and evidence-based rule-making. The study first situates the sandbox within a public law framework, focusing on the role of administrative decisions, supervisory and inspection mechanisms, and judicial review. It then provides an empirical overview of regulatory sandboxes across several sectors, including financial services, energy, healthcare and artificial intelligence, highlighting both converging patterns and sector-specific differences. Particular attention is paid to the European Union’s Artificial Intelligence Act, which introduces a mandatory obligation for Member States to establish national AI regulatory sandboxes, and to the Hungarian implementation of this requirement. The analysis emphasizes that from 2 August 2026 the sandbox will become a compulsory institutional element of AI governance in Hungary. The article concludes that regulatory sandboxes can function as key instruments of a “learning state”, provided that they are embedded in a transparent institutional framework, apply proportionate safeguards, and ensure the public dissemination of regulatory insights beyond the participating entities.
References
Article 29 Data Protection Working Party. (2017). Guidelines on transparency under Regulation 2016/679. Online: https://ec.europa.eu/newsroom/article29/redirection/document/51025
Ahern, D. (2021). Regulatory Lag, Regulatory Friction and Regulatory Transition as FinTech Disenablers: Calibrating an EU Response to the Regulatory Sandbox Phenomenon. European Business Organization Law Review, 22(3), 395–432. https://doi.org/10.1007/s40804-021-00217-z
Allen, H. J. (2019). Regulatory Sandboxes. The George Washington Law Review, 87(2), 579–645. https://doi.org/10.2139/ssrn.3056993
Bartlett, V. L., Dhruva, S. S., Shah, N. D., & Ross, J. S. (2022). Clinical studies sponsored by digital health companies participating in the FDA's Precertification Pilot Program: A cross-sectional analysis. Clinical Trials, 19(1), 119–122. https://doi.org/10.1177/17407745211048493
Bundesministerium für Wirtschaft und Energie [Federal Ministry for Economic Affairs and Energy] (BMWi). (2021). New flexibility for innovation. Guide for formulating experimentation clauses. Online: https://bit.ly/3Z3R9S4
Cornelli, G., Doerr, S., Gambacorta, L., & Merrouche, O. (2024). Regulatory Sandboxes and Fintech Funding: Evidence from the UK. Review of Finance, 28(1), 203–233. https://doi.org/10.1093/rof/rfad017
Council of the European Union. (2020). Council Conclusions on Regulatory Sandboxes and Experimentation Clauses as tools for an innovation-friendly, future-proof and resilient regulatory framework that masters disruptive challenges in the digital age (2020/C 447/01). Official Journal of the European Union, C 447/1, 23.12.2020.
European Commission. (2017). Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 (WP248 rev.01). Online: https://ec.europa.eu/newsroom/article29/items/611236
European Commission. (2021). Better regulation guidelines. SWD(2021) 305 final. Online: https://commission.europa.eu/system/files/2021-11/swd2021_305_en.pdf
European Commission. (2024). European Blockchain Sandbox. Best practices report. 1st Cohort, Part B. Online: https://bit.ly/4kZ7zoX
European Commission. (2025). European Blockchain Sandbox. Best practices report. 2nd Cohort. Online: https://bit.ly/4u1b6Hm
European Data Protection Board (EDPB). (2020). Guidelines 4/2019 on Article 25. Data Protection by Design and by Default. Version 2.0. Online: https://bit.ly/3OABzve
Fáykiss P., Papp D., Sajtos P., & Tőrös Á. (2018). A FinTech-innovációk ösztönzésének szabályozói eszközei: Innovation Hub és Regulatory Sandbox a nemzetközi gyakorlatban. Hitelintézeti Szemle, 17(2), 43–67. https://doi.org/10.25201/HSZ.17.2.4367
Financial Conduct Authority (FCA). (2017). Regulatory sandbox lessons learned report. Online: https://bit.ly/3ZSKIBH
U.S. Food and Drug Administration (FDA). (2022). Digital Health Software Precertification (Pre-Cert) Pilot Program. Online: https://bit.ly/40undyS
Firniksz J. (2024). Innováció és szabályozás párbeszéde: A kísérleti alapú szabályozási eszközök és a vállalati megfelelés kölcsönhatása. Pro Publico Bono – Magyar Közigazgatás, 12(3), 115–141. https://doi.org/10.32575/ppb.2024.3.5
Fraunhofer IWES. (2025). Northern German Regulatory Sandbox (Norddeutsches Reallabor).
Greenstone, M. (2009). Toward a Culture of Persistent Regulatory Experimentation and Evaluation. In D. Moss, & J. Cisternino (Eds.), New Perspectives on Regulation (pp. 111–125). The Tobin Project. Online: https://tobinproject.org/sites/default/files/assets/New_Perspectives_Full_Text.pdf
Haythornthwaite, R. (2007). Better Regulation in Europe. In S. Weatherill (Ed.), Better Regulation (pp. 19–26). Hart Publishing. https://doi.org/10.5040/9781472563972.ch-002
Holló R. (2023). A magyar energiajogi szabályozásba bevezetett regulatory sandbox klauzulák. A szabályozási tesztkörnyezetek értékelése és azok potenciálja. KözigazgatásTudomány, 3(1), 171–185. https://doi.org/10.54200/kt.v3i1.55
International Energy Agency (IEA). (2022). JenErgieReal regulatory sandbox. Online: https://www.iea.org/policies/17543-jenergiereal-regulatory-sandbox
Information Commissioner’s Office (ICO). (2024). Regulatory Sandbox Insights Report 2024. Online: https://bit.ly/47bEzUZ
International Organization for Standardization (ISO). (2023). ISO/IEC 23894:2023 – Information technology – Artificial intelligence – Guidance on risk management. Online: https://www.iso.org/standard/77304.html
Kálmán J. (2019). Ex Ante „Regulation”? The Legal Nature of the Regulatory Sandboxes or How to „Regulate” Before Regulation Even Exists. In Hulkó G., & R. Vybíral (Szerk.), European Financial Law in Times of Crisis of the European Union (pp. 215–226). Dialóg Campus. Online: https://bit.ly/4aDOoNS
Kálmán J. (2025). The Role of Regulatory Sandboxes in FinTech Innovation: A Comparative Case Study of the UK, Singapore, and Hungary. FinTech, 4(2), 26. https://doi.org/10.3390/fintech4020026
Kerényi Á., & Molnár J. (2017). A FinTech-jelenség hatása – Radikális változás zajlik a pénzügyi szektorban? Hitelintézeti Szemle, 16(3), 32–50. https://doi.org/10.25201/HSZ.16.3.3250
Lapsánszky A. (2012). A hatósági ellenőrzés és a hatósági felügyelet alapkérdései. In Patyi A. (Szerk.), Hatósági eljárásjog a közigazgatásban (pp. 407–446). Dialóg Campus.
Lapsánszky A. (2019a). A hatósági ellenőrzés. In Patyi A. (Szerk.), A közigazgatási hatósági eljárásjog jogintézményei (pp. 433–488). Dialóg Campus. Online: https://bit.ly/3Oxc91v
Lapsánszky A. (2019b). A hatósági döntések. In Patyi A. (Szerk.), A közigazgatási hatósági eljárásjog jogintézményei (pp. 293–334). Dialóg Campus. Online: https://bit.ly/3Oxc91v
Lapsánszky A., & Boros A. (2021). A közigazgatási jog gazdasági szerepköre. In Jakab A., Könczöl M., Menyhárd A., & Sulyok G. (Szerk.), Internetes Jogtudományi Enciklopédia (Közigazgatási jog rovat, rovatszerkesztő: Balázs I.). HVG-ORAC. Online: https://ijoten.hu/szocikk/a-kozigazgatasi-jog-gazdasagi-szerepkore
Monetary Authority of Singapore (MAS). (2020). Sandbox Express Guidelines (7 January 2020). Online: https://bit.ly/4kYBkpF
Monetary Authority of Singapore (MAS). (2022). FinTech Regulatory Sandbox Guidelines (1 January 2022). Online: https://bit.ly/4aRqfSy
National Institute of Standards and Technology (NIST). (2023). Artificial Intelligence Risk Management Framework (AI RMF 1.0) (NIST AI 100-1). https://doi.org/10.6028/NIST.AI.100-1
OECD. (2023). Regulatory sandboxes in artificial intelligence. OECD Digital Economy Papers, No. 356. https://doi.org/10.1787/8f80a0e6-en
OECD. (2025). Regulatory sandbox toolkit. A comprehensive guide for regulators to establish and manage regulatory sandboxes effectively. OECD Publishing. https://doi.org/10.1787/de36fa62-en
Ranchordás, S. (2021). Experimental Regulations and Regulatory Sandboxes: Law without Order?. Law and Method, 2021, 1–29. https://doi.org/10.5553/REM/.000064
Therapeutic Goods Administration (TGA). (2022). Report on ’Cell, Gene and Tissue Regulatory Framework in Australia: Stakeholder Perspectives’ – TGA response. Online: https://bit.ly/4kRBRtq
Therapeutic Goods Administration (TGA). (2025). Understanding regulation of software-based medical devices. Online: https://bit.ly/3NrG36Y
Truby, J., Brown, R., Ibrahim, I., & Parellada, O. (2022). A Sandbox Approach to Regulating High-Risk Artificial Intelligence Applications. European Journal of Risk Regulation, 13(2), 270–294. https://doi.org/10.1017/err.2021.52
World Bank. (2020). Global Experiences from Regulatory Sandboxes. Fintech Note No. 8. World Bank Group. https://doi.org/10.1596/34789
Zetzsche, D. A., Buckley, R. P., Arner, D. W., & Barberis, J. N. (2017). Regulating a Revolution: From Regulatory Sandboxes to Smart Regulation. Fordham Journal of Corporate & Financial Law, 23(1), 31–103. Online: https://ir.lawnet.fordham.edu/jcfl/vol23/iss1/2/
