1. Introduction
Artificial intelligence (AI) is a paradigmatic case of technological innovation outpacing regulation. Its broad economic and societal impact reveals the limits of traditional ex ante command and control models. The resulting “law of disruption” (Downes, Reference Downes2009) and the Collingridge dilemma (Worthington, Reference Worthington1982) illustrate regulators’ impasse, namely, early legal interventions lack knowledge of the technology, whereas later interventions face lock-in effects. Both approaches are limited by an excess (or lack) of responsiveness and a scarcity (or deficit) of impact. In this context, experimentalist approaches emerge as a potential solution to bridge the gap between technological development and legal oversight.
Regulatory sandboxes (RSs), a form of experimentalist governance, provide controlled environments wherein AI firms can test technologies under regulatory supervision. Originating in the FinTech sector, they are used in the European Union (EU) Artificial Intelligence Act (AIA) to address the “pacing problem” (Marchant et al., Reference Marchant, Allenby and Herkert2011), enhance compliance, promote legal certainty and balance innovation with fundamental rights and safety.
This paper investigates AI RSs through the lens of law and economics, examining the extent to which AI RSs can correct market and government failures and enhance regulatory efficiency when compared with traditional ex ante regulation. It argues that RSs, by mitigating both information asymmetries and enabling iterative regulatory learning, provide an adaptive and innovation-friendly alternative to command-and-control mechanisms. The effectiveness of RSs, however, depends on careful institutional design, correct stakeholder incentives and safeguards against regulatory capture and market distortion.
Using a law and economics framework, this paper evaluates whether RSs can effectively address market and government inefficiencies, deriving comparative insights from prior experimental governance initiatives from FinTech to suggest concrete lessons for effective AI governance. It contributes to the AI governance debate by translating a law and economics diagnosis into an AI RS design blueprint. It shows how AI’s scale, speed, learning capabilities, opacity and unpredictability can stress test standard ex ante rules but also jeopardise the effectiveness of sandboxes. It maps government and market failures to sandbox features in line with the AIA. From these insights, it develops a framework that demonstrates how AI-specific sandbox design can help internalise such failures.
The literature on sandboxes (e.g., Allen, Reference Allen2019, Reference Allen2020; Organisation for Economic Co-operation and Development (OECD), 2023; Zetzsche et al., Reference Zetzsche, Buckley, Barberis and Arner2017) frames them primarily as compliance-facilitating instruments within the field of “smart regulation.” This paper advances the discussion by analysing AI sandboxes as mechanisms capable of correcting specific market and government failures. It connects sandbox design variables (e.g., selection criteria, evaluation protocols, feedback loops) to measurable welfare outcomes and institutional efficiency, a previously underexplored aspect. By aligning these design elements with the AIA’s provisions, this paper moves beyond descriptive analysis to provide a framework for AI-specific experimental governance.
This paper proceeds as follows. Section 2 establishes the need for legal intervention in AI, outlining related market failures. Section 3 considers government failures. Section 4 situates regulatory experimentalism within its historical lineage and derives promises and pitfalls from FinTech. Section 5 applies these insights to the EU AIA, articulates AI-specific evaluation requirements and proposes design principles for “optimal” sandboxes. Section 6 presents recommendations for effective, proportionate and learning-oriented AI sandboxes.
2. Market failure and need for legal intervention in the AI market
Why does AI need to be tackled via legal intervention? Why does it require a regulatory response? According to law and economics theory, the economic rationale for legal intervention is the existence of market failures – that is, economic circumstances wherein market equilibrium fails to achieve Pareto efficiency (Cooter & Ulen, Reference Cooter and Ulen2012). Yet the mere existence of market failure is insufficient to justify regulatory intervention. Markets can, under certain conditions, self-correct, particularly if transaction costs are low or private order mechanisms function effectively. Law and economics models, however, assume a level of predictability and bounded complexity in market interactions.
General purpose models such as ChatGPT challenge this paradigm (Potts, Reference Potts2025). At least four sources of market failure can be identified – namely, asymmetric information, imperfect competition, negative externalities and positive externalities. Scaled and cross-sectoral deployment of AI exacerbates externalities and generates new systemic risks. AI’s rapid iteration and self-adaptive behaviour limit the effectiveness of ex ante rules, while its opacity deepens information asymmetries. These features necessitate rethinking the economic regulation toolkit.
Consider a company developing an AI-driven recruitment system that screens job applications via predictive scoring. The company faces uncertainty concerning compliance with EU non-discrimination, data protection and transparency rules, while regulators lack empirical evidence of the system’s fairness, robustness and explainability. This situation creates information asymmetry: developers cannot foresee regulatory expectations, and authorities cannot assess real-world of these technologies ex ante. Without oversight, the model could reproduce training data biases or drift after deployment, generating negative externalities. An AI sandbox would allow the system to be tested in a monitored environment, where regulators and developers could jointly evaluate fairness metrics, robustness checks and audit protocols before full market release.
2.1. Information asymmetries
Information asymmetries arise when one party has an informational advantage over the other, leading to market failure due to adverse selection or moral hazard problems (Cooter & Ulen, Reference Cooter and Ulen2012). Beyond these classic problems, AI systems introduce new opacity-driven asymmetry known as the AI explainability gap: end-users, regulators and downstream developers cannot inspect or understand model weights, critical parameters, training data provenance or emergent behaviours (Ehsan et al., Reference Ehsan, Saha, De Choudhury and Riedl2023). In moral hazard situations, the principal cannot observe or verify the agent’s behaviour. This type of hazard is quite common in unregulated AI markets.
Consider a scenario where providers have created a sophisticated AI model and intend to deploy it for various purposes, including screening job candidates. When implementing the system, the providers become aware of potential risks and uncertainties associated with its performance and behaviour. These risks could range from safety concerns to unintended biases, which could lead to discriminatory outcomes and result in equality-rights infringements. In the presence of moral hazard, the providers might be tempted to prioritise short-term goals (e.g., profit, enhanced productivity, market dominance) over ensuring that the model is safe (i.e., legally compliant) for deployment. As a consequence, they may release the model without adequately investing in research, testing and risk mitigation measures. This behaviour occurs because, in the absence of regulatory interventions, developers may not bear the full consequences of any negative outcomes of AI models. They anticipate that, in the event of harm caused by the model, any financial or legal repercussions will be limited or dispersed among a chain of stakeholders. Thus, developers might be inclined to take risks and underestimate or neglect potential issues. Moral hazard can lead to AI systems being released onto the market with inadequately addressed risks, potentially endangering adopters, users, consumers or society at large. The opacity of foundation models (FMs) (Bommasani et al., Reference Bommasani, Hudson, Adeli, Altman, Arora, von Arx and Liang2021) exacerbates the temptation to release “black box” systems, as outsiders cannot easily audit the decision logic or trace harmful outcomes back to developer negligence. Moreover, explainability is a concrete challenge: providers may require significant resources (technical, computational and human) to render models intelligible and transparent, with no guarantee of success. Instead, they may leverage the opacity of the system as a perverse incentive, marketing it as a sophisticated but impenetrable tool, shielding themselves from accountability under the guise of complexity.
While moral hazard is a form of ex post asymmetric information, adverse selection occurs before a contract is formed (Parisi, Reference Parisi2013). To illustrate this, consider a marketplace for commercial “AI security” tools, where low- and high-quality models are available. Buyers cannot verify the underlying training data or testing protocols ex ante, so high-quality vendors exit, leaving a “lemons” (Akerlof, Reference Akerlof1978). This situation is exacerbated by technical vulnerabilities intrinsic to AI. For instance, many models remain highly susceptible to adversarial attacks, where subtle and often imperceptible input manipulations lead to incorrect outputs. Similarly, distributional shifts, where the data encountered during real-world deployment deviates from the training set, can lead to rapid performance degradation, particularly in safety-critical domains such as finance. Furthermore, in large-scale or overly complex systems, developers face the risk of emergent unintended behaviours – functionalities not explicitly programmed or anticipated – such as an AI assistant learning to manipulate users to achieve proxy goals. These risks challenge the reliability of AI security tools and deepen the information asymmetry between developers and buyers, destabilising the market.
2.2. Imperfect competition
The AI market is prone to concentration and creation of monopolies or oligopolies, largely because AI technologies benefit from economies of scale and network effects. As for the former, the more data available to train AI models, the smarter and more efficient models become, creating a self-reinforcing cycle that benefits the largest data holders and technology developers. In this scenario, obtaining data from competitors to train algorithms is a key source of competitive advantage. Regarding the latter, the AI market is shaped by strong network effects: the value of a product or service increases as its user base expands, fuelling further adoption, feedback loops and market entrenchment.
Such dynamics can lead to a market where a few firms dominate, stifling competition and innovation. Large technology firms with timely access to capital to invest in AI research and development (R&D) can solidify their market positions, making it challenging for new entrants to compete. The AI market is also characterised by high barriers to entry. Developing competitive AI systems requires investments, access to computing power to train models, servers and cloud infrastructure and highly specialised human capital. These requirements can make small and medium-sized enterprises (SMEs) and startups highly dependent on large firms or deter them from entering the market, cementing incumbents’ market power. As the incumbents supply the chips and proprietary stacks required for large-scale training, vertical integration further increases rivals’ costs, reinforcing entry barriers.
2.3. Negative externalities
AI systems generate costs and benefits that are not exclusively borne by developers. Negative externalities occur when AI developers’ and users’ actions impose costs on individuals who are involved in neither the development nor the direct use of AI technologies. Examples include privacy and security breaches, copyright violations and social inequalities. While such externalities are common to many technologies, AI’s speed, unpredictability and scale make these harms more acute, less traceable and harder to contain.
2.3.1 Bias and discrimination
FMs such as LLaMA or GPT rely heavily on training on unorganised data from the internet. The scale and breadth of the training data amplify risks, making it more difficult for developers to identify and control issues. This can lead to problems, given that the data sources may not always be trustworthy. For example, when training data systematically underrepresent certain demographic groups or embed historic stereotypes, FMs replicate such patterns at scale (Yarger et al., Reference Yarger, Cobb Payton and Neupane2020). As a single upstream model serves many downstream applications, a multiplier effect emerges whereby one latent bias simultaneously propagates into predictive policing systems, credit scoring tools and hiring applications, magnifying social inequality (DeVries et al., Reference DeVries, Misra, Wang and van der Maaten2019; Prabhu & Birhane, Reference Prabhu and Birhane2020).
2.3.2 Systemic algorithmic risks
The increasing reliance on a small set of commercially dominant AI models or systems (e.g., GPTs, LlaMA architectures) for high-stakes screening decisions in e.g., or lending may produce an “algorithmic monoculture” (Kleinberg & Raghavan, Reference Kleinberg and Raghavan2021). When the same algorithm is adopted by multiple companies, this monoculture is prone to correlated errors, including shared vulnerabilities to adversarial prompts or inputs, which can trigger systemic failures across diverse use applications. Widespread dependence on a narrow set of AI models can degrade institutional and sectoral know-how, reduce methodological diversity and leave firms ill-prepared to innovate or respond when the dominant system fails (Kleinberg & Raghavan, Reference Kleinberg and Raghavan2021).
2.3.3 Misinformation and negative effects on democratic processes
Large language models may disseminate false information, producing false yet plausible-seeming content or be used to generate misleading deepfakes. AI systems may generate harms that affect groups or society as a whole, such as undermining democratic processes (Acemoglu, Reference Acemoglu, Bullock, Chen, Himmelreich, Hudson, Korinek, Young and Zhang2023). AI-powered content recommendation systems or personalised AI-generated news may also “echo chambers” and “filter bubbles,” limiting exposure to diverse perspectives and contributing to societal polarisation (Cinelli et al., Reference Cinelli, De Francisci Morales, Galeazzi, Quattrociocchi and Starnini2021; Levy & Razin, Reference Levy and Razin2019).
As third parties cannot readily bargain for compensation ex ante, AI firms do not fully account for the societal costs of innovations, leading to the overproduction of unsafe AI technologies from a social welfare perspective. The economic theory of law posits that this discrepancy between the private and social marginal costs of AI calls for legal interventions that oblige firms to internalise external costs. However, given their learning capabilities and dynamic nature, AI systems can change behaviour over time, even after deployment. Hence, their risks might also evolve, challenging conventional modalities of legal intervention that assume static risk profiles. Economic incentives to internalise externalities may not be sufficient to account for emerging harms. In principle, more adaptive instruments that operate across the AI lifecycle may help address the dynamic nature of AI risks.
2.4. Positive externalities
AI systems can generate positive externalities that extend beyond the parties directly involved in their development and use. When viewed through an economic lens, the key outputs of AI R&D, such as algorithms, models and scientific insights, are largely “non-rival” and only partly excludable (Wagner, Reference Wagner2020). When such knowledge diffuses, other parties can recombine it at negligible marginal cost, increasing the overall productivity and competitiveness.
Economists contend that advances in AI will lead to a jump in productivity – defined as the output per unit input – especially for knowledge workers (Baily et al., Reference Baily, Brynjolfsson and Korinek2023). Tasks that are time-consuming or repetitive can be automated with relative ease, leaving time for more purposeful and value-added activities. For example, Generative AI applications can facilitate faster coding, leaving programmers with more time for difficult tasks, thereby increasing developers’ perceived productivity and well-being (Kalliamvakou, Reference Kalliamvakou2022). Positive externalities are also present in “mission-oriented” AI. For instance, AI R&D for early-stage disease and drug discovery or climate risk modelling produces social value that markets alone may not reward at optimal levels. As profit-seeking firms cannot fully appropriate these spillovers, they underinvest in socially valuable applications.
While opinions on the net societal impact diverge, the increase in productivity resulting from AI systems is expected to be significant, leading to increased efficiency of output production and acceleration of innovation processes (Baily et al., Reference Baily, Brynjolfsson and Korinek2023). These spillovers are so widespread that AI firms have incentives for proprietary releases and maximisation of licensing revenues, even though open-source releases would expand the total innovation commons (Potts, Reference Potts2025).
Regarding the above-mentioned market failures, not all legal interventions are equally effective. Ex ante regulation, which seeks to prevent harmful conduct by shaping parties’ behaviour beforehand via ad hoc obligations, has emerged as the standard legal intervention for AI governance and correction of associated market failures (Galle, Reference Galle2015). However, while ex ante regulation can help address certain risks, experimental tools such as RSs can complement traditional regulation. These tools are better suited to managing the challenges that standard command and control rules often struggle to handle, especially in the rapidly evolving AI landscape. For instance, sandboxes that lower compliance and data access costs for high-public-value experiments can shift private incentives towards projects with large positive externalities.
3. Government failures and limits of command and control regulation in the AI market
The previous section illustrated how market failures and markets’ inability to correct themselves may warrant legal intervention. This section extends the analysis, arguing that regulation may generate inefficiencies (i.e., government failures): in some cases, legal interventions may produce outcomes that are suboptimal or more distortive than the market failures they aim to correct (Wolf, Reference Wolf1989). The negative consequences of government failure may be more severe than those of market failure (Ogus, Reference Ogus2004) and may arise from issues such as regulatory capture, bounded rationality, information asymmetry or discrepant pacing between rigid and slow bureaucratic architectures and fast technological changes. Therefore, as this paper will argue, any specific intervention must tackle both market and government failures.
3.1. Regulatory capture, rent-seeking and knowledge gaps
Building on Tullock’s (Reference Tullock1967) theory that resources employed to influence policy are spent not on increasing wealth but on transferring or resisting transfer of wealth, Krueger (Reference Krueger1974) uses the term “rent-seeking” to describe socially wasteful competition for government–created economic rents, a concept systematised by public choice scholars (Buchanan et al., Reference Buchanan, Tollison and Tullock1980) and applied to regulatory contexts by Posner (Reference Posner1975) and Stigler (Reference Stigler1971). Stigler (Reference Stigler1971) argues that regulatory agencies serve the interests of the regulated industries rather than the public interest. On closer inspection, regulatory outcomes can stem from the influence of organised interest groups (Posner, Reference Posner1974) or the self-interested nature of regulatory agencies that seek to maximise their own powers and budgets (Niskanen, Reference Niskanen1971; Ogus, Reference Ogus2004). The theory of governmental capture has evolved extensively since Stigler’s (Reference Stigler1971) initial contribution (Peltzman, Reference Peltzman2022) and, more recently, materialised in fields such as data protection, where enforcement of the General Data Protection Regulation (GDPR) has been watered down due to lobbying efforts by the regulated industries (Lancieri, Reference Lancieri2022).
Similarly, in the AI context, regulatory capture and rent-seeking efforts can have negative effects on the implementation of legislative initiatives. The ultimate AI governance configuration can depend on the tension between strong national political goals and businesses’ ability to capture regulators (Lancieri et al., Reference Lancieri, Edelson and Bechtold2025). Global actors from the EU to the United States try to attract investments in AI by providing subsidies to firms (European Commission, 2025), while regulated entities may put pressure on regulatory agencies to limit the side effects of strict AI policies via leveraging international regulatory competition dynamics (Europe Needs AI, 2024; Lancieri et al., Reference Lancieri, Edelson and Bechtold2025). The latter factor may have capture-like effects that can lead to industry-friendly changes in how governmental actors perceive technology regulation.
Examples of this dynamic abound, from the intense lobbying of EU AI champions such as Mistral during the AI Act’s final negotiations (Robertson, Reference Robertson2024) to the Draghi Competitiveness Report (Draghi, Reference Draghi2024), which urged reform of the EU technology acquis to boost international competitiveness and triggered sweeping simplification efforts that impacted the newly adopted AI rules (Lazaro Cabrera, Reference Lazaro Cabrera2025). More broadly, AI industry actors influence policymakers through mechanisms such as advocacy, revolving doors (i.e., employees moving between industry and government) and anti-regulation narratives (Bradford, Reference Bradford2024; Wei et al., Reference Wei, Ezell, Gabrieli and Deshpande2024). As will be argued, by facilitating regulator–industry dialogue and establishing discretionary entry criteria, AI RSs can be a vector for regulatory capture and rent-seeking dynamics. Jurisdictions may soften oversight or ease sandbox conditions to attract firms, which can leverage their participation to lobby other jurisdictions.
The term “technical failure” has been used to explain how poor regulation results from resource constraints and organisational weaknesses, with bureaucrats lacking expertise and adopting passive attitudes (Ogus, Reference Ogus2004; Posner, Reference Posner1974). The “knowledge problem” facing policymakers has been qualified as a core limitation of effective regulation, and it is a form of information asymmetry that can be exploited by interest groups, particularly industry (Keck, Reference Keck1988; Potters & Van Winden, Reference Potters and Van Winden1992). Public administrations, especially in Europe, are primarily staffed by legally trained generalists rather than technical specialists (Coglianese & Lehr, Reference Coglianese and Lehr2017; Kickert, Reference Kickert and Kickert2008). This information asymmetry can lead to the design of rules that are inadequate to tackle the core issues of certain technical topics or to ill-conceived enforcement of such rules (Mulligan & Bamberger, Reference Mulligan and Bamberger2019). As new AI rules emerge, institutions have sought to hire staff with AI expertise; however, they can rarely compete with industry salaries and career prospects, making it difficult to attract and retain talent (Stokel-Walker, Reference Stokel-Walker2024).
3.2. Pacing problem and Collingridge dilemma
AI’s rapid advancement has revealed new regulatory complexities, pushing the boundaries of existing norms. Regulators face an ever-moving target (Ranchordás, Reference Ranchordás2021a, Reference Ranchordás2021b), as the law struggles to match the pace of innovation. This “pacing problem” occurs when a technology influences society too quickly for lawmakers to establish appropriate safeguards (Marchant et al., Reference Marchant, Allenby and Herkert2011). The “law of disruption” (Downes, Reference Downes2009) has evolved into an inescapable principle governing modern life: the exponential nature of technological change contrasts with the incremental pace at which social, economic and legal systems adapt. By the time governments “see” the issue at stake and formulate a strategy, that issue has taken another form.
The regulator’s difficulty also reflects the Collingridge dilemma. During early development stages, intervention is possible but understanding is limited; later, impacts are clearer but control declines. From a law and economics perspective, this mismatch constitutes a form of government failure: policymakers adopt rules that are either prematurely rigid or belatedly ineffective. The conventional approach has been either too slow or too fast (Eggers et al., Reference Eggers, Turley and Kishnani2018), as illustrated by the case of ChatGPT.
Various strategies have been proposed to address the “timing mismatch” (Ranchordás & Roznai, Reference Ranchordás, Roznai, Ranchordás and Roznai2020), including interventions in the technological process itself. Some scholars advocate slowing innovation to permit proper assessment of AI harms: after ChatGPT’s release, over 2000 experts called for a 6-month pause in developing new FMs (Future of Life Institute, 2023), although such appeals often emphasise speculative rather than concrete harms (Gebru et al., Reference Gebru, Bender, McMillan-Major and Mitchell2023).
A more promising response aims to address both the pacing problem and the Collingridge dilemma without stalling technological progress. Institutions can learn and adapt alongside technological change via experimental methods. Experimentalist governance, as elaborated below, has emerged to counter government failure and the rigidity of top-down regulation (Morgan, Reference Morgan2018).
4. Regulatory experimentalism and sandboxes: emergence, design and lessons learned
This section traces how RSs emerged as practical instruments and outlines the historical and conceptual roots of experimentalism in public policy, explaining why iterative, learning-oriented regulation has regained prominence in the AI era. The concept of “sandboxing” is unpacked by tracing its origins in software development to its institutionalisation in the FinTech sector. This section derives evidence-based lessons from FinTech, including benefits (e.g., improved information sharing) and limitations (e.g., regulatory arbitrage). These insights inform the discussion on AI-specific sandbox design in the following section.
4.1. Emergence of experimentalism in the policy arena
Throughout history, technological advancements have not only driven socio-technical transitions but also prompted changes in institutions, governance and regulations (Andrade et al., Reference Andrade, Anttila, Galindo, Gronchi, Scott, Sigora, Wei Quan and Zarra2022). For instance, the adoption of innovations such as telegraphs, railroads and utilities was made possible by concurrent transformations in policies, regulations, governance and culture (Andrade et al., Reference Andrade, Anttila, Galindo, Gronchi, Scott, Sigora, Wei Quan and Zarra2022). Through a continuous process of mutual adaptation and learning, these dynamics correspond to the capacity of institutions to learn how to harness innovation, identify its intended purposes and adapt accordingly.
Thus, institutional plasticity – namely, institutions’ ability to adapt to socio-technical changes and re-engineer the way they approach technology – assumes relevance again. It can manifest with experimentalism, which stands out as a type of institutional learning. While experimentation has historically occurred within the scope of soft law, regulators have started to include experimental-friendly provisions in legislative proposals governing AI and other emerging technologies, giving them a clear legal basis.
If the origins of the use of experimental law and policy represented a way for institutions to channel power and promote self-regulation at the local level, the aim nowadays is to improve the quality of lawmaking, incentivising innovation and promoting more evidence-based policymaking (Ranchordás, Reference Ranchordás2021b). The concept of experimentalism is widely understood as “a recursive process of provisional goal setting and revision based on learning” and a “directly deliberative polyarchy” (Sabel & Zeitlin, Reference Sabel, Zeitlin and Levi-Faur2012). The experimentalist governance research acknowledges the inherent unpredictability of governance outcomes and emphasises flexibility over rigid policy enforcement: regulation should be “provisional and subject to revision in the light of experience” (Sabel & Zeitlin, Reference Sabel, Zeitlin and Levi-Faur2012).
Overall, regulatory experimentalism is emerging as a concrete response to frictions between disruptive technologies and regulations (Bradford, Reference Bradford2024). The adoption of experimental approaches allows regulators to test new economic, institutional and technological approaches and legal provisions outside prevailing regulatory structures. This builds on a long history of experimental methods in governance. Authorities at all levels that endorse principles of better regulation make use of tools from outside the traditional ex ante regulation category (e.g., in the case of participatory strategies, stakeholder consultations and expert hearings). In isolation, however, these tools are often intrinsically knowledge-extractive, one-off, hierarchical and unidirectional: regulators solicit expert input, weigh positions and then act. By contrast, regulatory experimentation tools are collaborative, based on mutual learning and iterative. The constant engagement and learning of market players and regulators help narrow the information and implementation gaps left by hard law instruments. Yet regulatory experimentation is not neutral: it shapes markets and innovation dynamics, entailing risks and trade-offs that must be anticipated and managed.
Experimentalist architecture can be found in a number of fields and regimes in the EU internal market and beyond, including the energy sector (Sabel & Zeitlin, Reference Sabel and Zeitlin2008). However, its most effective applications may emerge in the technology policy context, having started to materialise and spread via the increasing adoption of RSs from FinTech to AI.
4.2. Key concepts and features of sandboxes
The concept of a sandbox originated in the computer science field, where software can operate within a closed-off environment – known as a “sandbox” – a designated area of a computer system isolated from the regular operating environment. Within this “protected” space or “safe harbour,” the typical rules of the system do not apply, allowing for experimentation without risk of disrupting the entire system. This concept has been extended to the regulatory domain. According to the Organisation for Economic Co-operation and Development (OECD) (2021), an RS is a limited form of regulatory waiver or flexibility for firms, enabling them to test new business models with reduced requirements. An RS represents a safe space for experimentation that facilitates gathering experiences and playing outside the limits of real-world rules (Ringe & Ruof, Reference Ringe and Ruof2020). Following an evidence-based approach, sandboxes allow involved parties to adapt existing rules to new regulatory challenges by ensuring regulatory comfort (Allen, Reference Allen2019; Makarov & Davydova, Reference Makarov, Davydova, Popkova and Sergei2020).
In general, RSs constitute a framework for testing innovative products and services according to a specific plan agreed and monitored by a dedicated function of the competent authority (Allen, Reference Allen2019; Makarov & Davydova, Reference Makarov, Davydova, Popkova and Sergei2020; Organisation for Economic Co-operation and Development [OECD], 2023). Regulators and firms gather evidence regarding the performances and outcomes of new products, technologies or business models (Makarov & Davydova, Reference Makarov, Davydova, Popkova and Sergei2020). This process helps address or confirm concerns about the impacts of innovations, facilitating access to the market while ensuring a high level of safety and compliance with requirements (Organisation for Economic Co-operation and Development [OECD], 2021).
Sandboxes are generally characterised by a limited duration (Allen, Reference Allen2019; Financial Conduct Authority [FCA], 2015), use of a trial and error approach and collaboration between regulators and the market (Allen, Reference Allen2019; Organisation for Economic Co-operation and Development [OECD], 2023). Typically, sandboxes involve application, preparation, testing, exit and evaluation phases (European Securities and Markets Authority [ESMA], 2018). Applications can be submitted during specific periods or on a rolling basis. Firms admitted to sandbox projects are selected based on predetermined criteria, grouped into cohorts and overseen by regulatory experts (Raudla et al., Reference Raudla, Juuse, Kuokštis, Cepilovs and Douglas2024).
Sandboxes have been established in contexts where existing legislation potentially poses a barrier to entry for new participants or inhibits innovation. Sandbox projects are prevalent in regulated industries such as financial services (Allen, Reference Allen2019; Butor-Keler & Polasik, Reference Butor-Keler and Polasik2020; Makarov & Davydova, Reference Makarov, Davydova, Popkova and Sergei2020), energy (Beckstedde et al., Reference Beckstedde, Correa Ramírez, Cossent, Vanschoenwinkel and Meeus2023; Schneiders et al., Reference Schneiders, Carvalho, Spataru, Spataru, Lv, Carvalho, Nowbuth and Ameli2024) and health (Sherkow, Reference Sherkow2022).
In the financial sector, FinTech concerns “technology-enabled innovation in financial services with associated new business models, applications, processes or products” (Financial Stability Board [FSB], 2017). FinTech firms face strict market entry requirements, often based on established business models (Everhart, Reference Everhart2020; Goo & Heo, Reference Goo and Heo2020). To address this and encourage development of more dynamic FinTech markets, several jurisdictions launched sandbox programmes, providing safe spaces where existing rules are replaced with new rules aimed at achieving similar objectives (Ahern, Reference Ahern2019; Buckley et al., Reference Buckley, Arner, Veidt and Zetzsche2020; Cornelli et al., Reference Cornelli, Doerr, Gambacorta and Merrouche2024; Tsai et al., Reference Tsai, Lin and Liu2020). Participants in FinTech sandboxes agree to abide by these new rules, which are administered and enforced by the regulator.
Having been deployed widely across more than 50 countries, with the United Kingdom (UK) being the first mover (Ahern, Reference Ahern2019; Allen, Reference Allen2019; Cornelli et al., Reference Cornelli, Doerr, Gambacorta and Merrouche2024), sandboxes in the financial sector have been quite successful in improving FinTech’s access to capital and increasing its competitiveness. Cornelli et al. (Reference Cornelli, Doerr, Gambacorta and Merrouche2024) report that, in the UK, firms entering the sandbox see an increase of 15% in capital raised post-entry and 50% in the probability of raising capital, along with positive effects on survival rates and patenting. In the EU, as of 2023, 12 FinTech sandboxes had been established (Raudla et al., Reference Raudla, Juuse, Kuokštis, Cepilovs and Douglas2024). Building on the FinTech experience, Zetzsche et al. (Reference Zetzsche, Buckley, Barberis and Arner2017) argue that RSs are best understood as a transitional device for “smart regulation” (i.e., iterative, data-driven oversight that continuously calibrates rules according to market evidence). Hence, sandboxes generate regulatory learning loops, seeding the infrastructure for evidence-based governance.
4.3. Promises and pitfalls: lessons from FinTech sandboxes
What can be learned from FinTech to inform the design of AI sandboxes? Academic analyses, alongside evidence from participating firms and administering institutions, document the benefits and limitations of FinTech sandboxes, which can provide useful references for other fields, including AI. On the positive side, first, sandboxes facilitate mutual learning, trust and reputation (Fahy, Reference Fahy2022a), help close regulators’ knowledge gaps by building technical capacity around emerging technologies (Ringe & Ruof, Reference Ringe and Ruof2019) and reduce information asymmetries between firms and regulators by providing structured feedback channels (Alaassar et al., Reference Alaassar, Mention and Aas2020; Fahy, Reference Fahy2022b). Second, they should enable safer release of products by requiring testing, risk management and implementation of consumer protection safeguards (Alaassar et al., Reference Alaassar, Mention and Aas2020; Cornelli et al., Reference Cornelli, Doerr, Gambacorta and Merrouche2024; Ringe & Ruof, Reference Ringe and Ruof2020). Third, they can reduce the time to market (Financial Conduct Authority [FCA], 2015; Ringe & Ruof, Reference Ringe and Ruof2019) and promote financial innovation by offering targeted, time-bound relief from rules that predate FinTech (Financial Conduct Authority [FCA], 2015; Ringe & Ruof, Reference Ringe and Ruof2020). Fourth, sandboxes provide greater regulatory certainty, which can facilitate both capital raising and partnerships (Cornelli et al., Reference Cornelli, Doerr, Gambacorta and Merrouche2024; Financial Conduct Authority [FCA], 2015; Ringe & Ruof, Reference Ringe and Ruof2019). Finally, sandbox participation can serve as a credible signal of a firm’s quality for investors (Cornelli et al., Reference Cornelli, Doerr, Gambacorta and Merrouche2024): the launch of FinTech sandboxes has been positively associated with venture investments (Goo & Heo, Reference Goo and Heo2020).
FinTech sandboxes also have limitations. First, “sandbox shopping” or cross-border regulatory arbitrage occurs when participants exploit the differences across jurisdictions (Allen, Reference Allen2019, Reference Allen2020). Second, risk-washing – “a financial regulatory institution’s making products or processes of a company seem to involve less risk for stakeholders by engaging in activities that mimic, superficially or narrowly, genuine attempts to assess and reduce risk” (Brown & Piroska, Reference Brown and Piroska2021, 20) – can undermine the instrument’s credibility. Third, sandboxes may distort markets by conferring advantages on certain firms (Knight & Mitchell, Reference Knight and Mitchell2020). Fourth, sandboxes shift regulators into a more active, resource-intensive role, requiring them to assess which projects are sufficiently innovative to join a cohort (Raudla et al., Reference Raudla, Juuse, Kuokštis, Cepilovs and Douglas2024). Fifth, SMEs may be sceptical of the regulator or lack the capacity to shoulder the additional administrative burden required for sandbox participation (Fahy, Reference Fahy2022b). Finally, sandboxes may fail to attract sufficient participation due to supply (e.g., overly strict eligibility criteria, selective admission, regulators’ risk aversion) and demand-side factors (e.g., transaction costs, additional resources required, perception that the sandbox is insufficient to reduce regulatory uncertainty) (Raudla et al., Reference Raudla, Juuse, Kuokštis, Cepilovs and Douglas2024).
Despite the significant successes in the FinTech sector, this case also represents a cautionary tale of what can go wrong if sandbox design and implementation are not carefully calibrated. Several documented shortcomings are particularly relevant to the governance of AI, where the risks are both harder to detect and potentially more systemic. Importantly, as AI sandbox initiatives are still in the early stages in most jurisdictions, there are opportunities to learn from the FinTech experience and avoid its flaws.
5. RS and AI: an effective tool to correct market and government failures?
This section examines whether and, if so, under what conditions AI RSs can correct market and government failures in the EU context. Returning to the recruitment system example in Section 2, this section examines how an AI RS could structure such experimentation, defining entry conditions, evaluation metrics and exit criteria in line with the AIA’s objectives. It addresses the operational challenges of evaluating AI systems via paradigm-sensitive testing protocols for fairness, robustness, cybersecurity and explainability. Building on these elements, it articulates design principles for “optimal” sandboxes that align incentives, reduce opacity-driven information asymmetries, mitigate externalities and lower burdens for SMEs. Finally, limitations and ambiguities are identified.
5.1. EU framework for AI RSs
Given the boom in regulatory innovation in the FinTech sector, the regulator has seen the potential benefits of adopting a flexible and innovation-friendly tool in the AI field. The AIA devotes an entire chapter to measures supporting innovationFootnote 1 and institutes the establishment of coordinated AI sandboxes across the EU, thereby being the first regulation to include a provision governing regulatory experimentation in AI. Considering the market liberalisation legal basis grounded in Article 114 of the Treaty on the Functioning of the EU, one of the AIA’s central purposes is to address “divergences hampering the free circulation, innovation, deployment and uptake of AI systems and related products and services” (Recital 3). The provisions on AI RSs are intended to satisfy this condition.Footnote 2
The framework established by the regulation is inherently a multi-stakeholder one, but precise indications can be identified for National Competent Authorities (NCAs),Footnote 3 which are mandated to establish at least one AI RS at the national, regional or local level, or to leverage existing sandboxes, receiving technical and operational support from the AI Office (AIO), which maintains a list of RSs. NCAs provide guidance on compliance, risk identification and mitigation measures, producing activity proofs and exit reports to expedite conformity assessments. They ensure cooperation with other relevant authorities and submit annual reports to the AIO and the Board.
Providers or prospective providers must present a sandbox plan to the NCA, and they remain liable for any third-party damages arising from experimentation in the sandbox, although they are exempt from administrative fines. For SMEs and startups, sandbox access is free and prioritised. The AIA also allows for the testing of high-risk AI systems outside the sandbox, subject to the submission of a real-world testing plan, defined by an implementing act, to the market surveillance authority in the respective Member State, which has 30 days to give tacit approval.
5.2. Evaluating AI systems in sandbox environments
While the AIA lays the foundations for how sandboxes should be established, the operationalisation of such principles for the NCA and key institutional actors is left to secondary legislation. One aspect to be clarified in the implementing regulation concerns how to define and test – in the context of a sandbox – AI-specific metrics for evaluation before deployment of AI systems.
Many AI systems, especially those that employ deep learning or general-purpose models, are dynamic, opaque and perform differently depending on the deployment context. These characteristics make it difficult to measure and validate metrics for the e.g., fairness, non-discrimination, robustness, cybersecurity and explainability of systems. Provisions of the AIA concerning technical documentation and conformity assessments create a baseline but might be insufficient for emergent threats or black box model behaviours (Veale & Zuiderveen Borgesius, Reference Veale and Zuiderveen Borgesius2021). In this respect, the AI audit scholarship suggests systematic frameworks (Landers & Behrend, Reference Landers and Behrend2023); for example, fairness metrics depend on factors such as context and protected characteristics (Agarwal et al., Reference Agarwal, Agarwal and Agarwal2023; Landers & Behrend, Reference Landers and Behrend2023; O’Neil et al., Reference O’Neil, Sargeant and Appel2024). Evaluating a system’s fairness in a sandbox may require the definition of target groups and fairness objectives in the testing plan, the inclusion of a pre-determined list of fairness metrics and the introduction of auditing datasets reflecting realistic populations. Measuring and validating these metrics require adequate knowledge on the part of the regulator. Moreover, metrics need to evolve and change over time due to systems’ autonomous learning capabilities.
Some potential solutions include establishing continuous assurance pipelines involving automatic retraining, re-evaluation and monitoring protocols embedded in the sandbox. Model versioning and drift detection mechanisms could be established to track the degradation of metrics. Participants could be obliged to self-report anomalies in model behaviour. To monitor the evolution of metrics in real time, live dashboards could be implemented. Ad hoc iterations regarding metric review and protocol adjustment could also be envisioned with the regulator. Validation could be implemented via repeated A/B testing across user groups and stakeholder co-evaluations in parallel with legal compatibility checks with the EU law acquis. Overall, sandboxes can provide a good place for iterative protocol testing, but this is only possible if regulators develop the infrastructure, knowledge and algorithmic auditability tools necessary for testing and benchmarking AI systems.
To operationalise the evaluation framework, NCAs could track indicators reflecting both regulatory and market performance. For instance, they could measure the improvement in bias reduction metrics between pre- and post-sandbox testing phases, the variation in model performance under adversarial or stress-testing conditions but also the share of sandboxed systems completing conformity assessments without major remediation, the average reduction in compliance approval time following sandbox participation, the proportion of SME participants and the number of standard-setting updates informed by sandbox results. These indicators could provide a transparent baseline for assessing RSs’ effectiveness.
Another challenge related to sandbox design concerns the data that will be used for training, testing and evaluation. Given the data-intensive nature of the AI market, as explained in Section 2.2, large firms with large proprietary datasets have a competitive advantage when compared with SMEs, which lack access to such datasets. Sandbox evaluations require high-quality and representative datasets. If a biased dataset is used during the testing phase and the AI system is then deemed compliant, this may lead to downstream harms. Thus, a robust data governance plan should be included within the sandbox plan, perhaps involving the creation of data trusts that provide access to vetted, diverse and anonymised data. In high-risk AI domains, where large volumes of sensitive data (e.g., biometric, medical, financial) are required, sandboxes should incorporate differential privacy or federated learning approaches to mitigate privacy risks while enabling real-world experimentation. Ultimately, the effectiveness of AI sandboxes hinges on the ability to provide institutionalised access to reliable, representative and ethically governed data.
Finally, it should be emphasised that a sandbox’s architecture, risk assessment protocols and evaluation metrics must be paradigm-sensitive. For example, while supervised learning models can be vetted against static benchmarks, reinforcement learning agents in dynamic settings require iterative stress tests and situational safety checks, rule-based symbolic systems lend themselves to logic consistency audits and large language or other general purpose models demand layered scrutiny for emergent behaviours, context drift and scale-dependent harms.
5.3. Designing “optimal” AI sandboxes to correct market and government failures
If well designed and run, sandboxes can address specific market failures – particularly information asymmetries, externalities and imperfect competition – and government failures (e.g., regulators’ knowledge gaps and the pacing problem).
5.3.1 Incentive alignment
As highlighted in Section 2, information asymmetries primarily stem from the intricate value chain involved in AI development and deployment, as well as from the presence of multiple stakeholders with divergent incentives, combined with the limited technical expertise of governmental bodies. Such asymmetries may lead to negative externalities, including unsafe systems being placed on the market, leading to downstream harms (e.g., discrimination, privacy violations).
Section 3 outlined how asymmetric information between policymakers and firms may lead to inefficiencies, either because knowledge gaps mean that poor rules are designed or because a lack of technical expertise hampers enforcement. Section 2.3 highlighted the dynamic nature of AI risks and the negative externalities that, without legal intervention, result in the production of unsafe AI products. Problems due to biased training data, algorithmic monocultures and filter bubbles can be difficult to tackle via ex ante requirements.
For the above-mentioned failures, RSs can provide an incentive alignment mechanism, ensuring that participating firms adhere to safety and legal requirements, test their products in controlled environments and place safe AI systems on the market, mitigating both information asymmetries and negative externalities. When surveyed regarding their willingness and motivation to participate in an AI RS, AI firms operating in the EU acknowledged that such an environment could promote more responsible AI innovation and expressed strong enthusiasm for applying such a framework (Andrade & Zarra, Reference Andrade and Zarra2022). According to these AI firms, the main incentive for joining a sandbox is the opportunity to test AI systems in an environment that closely replicates real-world conditions (Andrade & Zarra, Reference Andrade and Zarra2022), along with benefits of collaborating with regulators to facilitate compliance with technical requirements.
Iteratively testing AI models in sandboxes can help reduce opacity-driven information asymmetries and mitigate AI’s dynamic risks via sharing training datasets, evaluation reports, robustness checks and evaluation metrics. Additionally, sandboxes can mitigate algorithmic monoculture risks by enabling controlled A/B deployments of alternative models and collecting and sharing incident data, encouraging model diversity. As controlled testing environments, they allow firms to identify and mitigate risks linked to their technologies before full-scale deployment. For example, methodologies for AI explainability and best practices for documenting the AI development process can be refined in sandboxes (Truby et al., Reference Truby, Brown, Ibrahim and Parellada2022). Importantly, testing plans should explain how firms will red team their products and stress test them under real-world conditions, giving regulators an opportunity to provide feedback and clarify expectations.
5.3.2 Regulatory learning
On the regulator’s side, sandboxes represent a means to close knowledge gaps and develop first-hand expertise on market developments, enhancing the effectiveness of enforcement. Beyond serving as controlled environments for compliance, AI RSs can facilitate knowledge-sharing between firms and regulatory authorities, contributing to the establishment of industry-wide best practices. This collaborative framework can lead to new partnerships, acquisitions and investments, particularly in cross-border sandboxesFootnote 4 that bring together AI providers from different jurisdictions.
Knowledge gaps may be prevented if regulators employ AI experts. The technical complexity of certain products is particularly challenging for regulators overseeing AI sandboxes (Organisation for Economic Co-operation and Development [OECD], 2023), and the experience in the sandbox may not be sufficient to equip them with adequate technical knowledge. Insufficient expertise can have detrimental effects on sandbox outcomes, leading to misleading conclusions or market distortions if evaluators do not fully understand the projects (Organisation for Economic Co-operation and Development [OECD], 2023). To overcome their lack of technical expertise and effectively execute their role, authorities must acquire multidisciplinary expertise. At the centralised level, the AIO will employ more than 140 experts with diverse backgrounds in technology, law and economics to oversee compliance. Member States should also ensure that their national authorities are equally well-equipped to prevent regulatory knowledge gaps.
Section 3.2 introduced the “pacing problem” as a source of government failure in the regulation of AI. In that respect, shorten feedback loops between markets and institutions: through small-scale trials regulators are equipped with evidence-based tools to detect emerging AI risks early in the process, helping to avoid episodes such as the ChatGPT case. In this way, as the AI market evolves rapidly, sandbox regulators gain direct access to technical documentation, datasets, incident logs and evaluation metrics, which can inform their understanding of technology and shape the development of technical standards.
5.3.3 Exemptions for SMEs
Section 2.2 explained that the AI market is prone to concentration, with large players dominating, controlling computing power and training data, and creating barriers to entry for SMEs. In an increasingly regulated environment, legal compliance imposes significant financial burdens on regulated entities. Under the AIA, high-risk AI providers must complete multiple compliance steps, including developing a quality management system, maintaining detailed technical documentation, conducting conformity assessments and registering systems in an EU database (Articles 9, 11, 17, 43 and 71). While incumbents can absorb these red-tape-related costs, SMEs are at a disadvantage. The impact assessment accompanying the AIA emphasises the financial difficulties facing SMEs. For a small enterprise with up to 50 employees and an annual turnover of EUR 10 million, the total compliance costs for deploying a single high-risk AI system could reach EUR 300,000 (Renda et al., Reference Renda, Arroyo, Fanni, Laurer, Sipiczki, Yeung and de Pierrefeu2021). This mirrors the challenges SMEs encounter under the GDPR (Freitas & Mira da Silva, Reference Freitas and Mira da Silva2018).
Well-designed sandboxes can mitigate some drawbacks of imperfect competition dynamics by introducing targeted safeguards and exemptions for SMEs and startups (Article 62 AIA). As mentioned in Section 5.1, Member States will grant SMEs priority access to AI RSs at no cost, provided they maintain a registered branch in the EU. Hence, in this case, sandboxes do act as “compliance facilitators” and reduce barriers to entry by providing assistance to SMEs and lowering compliance costs (Pellegrino et al., Reference Pellegrino2022).
Beyond addressing market and government failures, there are other key advantages of participation in a sandbox – advantages concerning reputation and knowledge building. RSs play a crucial role in shaping innovation by ensuring alignment with broader social, economic and technological objectives while maintaining compliance with legal requirements (Ranchordás & Vinci, Reference Ranchordás and Vinci2024). Participation in sandboxes furnishes AI providers with benefits that extend beyond regulatory conformity.
5.3.4 Reputational gains
Similarly to FinTech, participation in an RS may strengthen the credibility of SMEs among investors, customers and regulatory bodies, which is especially significant in the AI industry, where safety considerations are paramount. Moreover, AI providers that undergo rigorous regulatory scrutiny in a sandbox may address market concerns regarding their technologies, improving their market positioning and attracting strategic partnerships and investment opportunities. Indeed, engaging in such initiatives can showcase a firm’s commitment to safety and accountability, strengthening its reputation (Buocz et al., Reference Buocz, Pfotenhauer and Eisenberger2023).
5.3.5 Product improvements and stronger networks
The real-time feedback provided by regulators within the sandbox framework may allow AI providers to refine their products more efficiently, ensuring compliance from the early development stages. This iterative approach not only accelerates regulatory approval but also guarantees that solutions meet legal requirements from the outset. By proactively mitigating risks via these initiatives, firms can enhance the reliability of their products while minimising unforeseen harm. The early identification of vulnerabilities, biases and blind spots may reduce the risk of post-deployment failures, which could result in costly recalls, legal liabilities or reputational harm.
Furthermore, sandbox participation enables direct interaction with other peers and key stakeholders, allowing firms to contribute to the development of industry standards and best practices. Additionally, sandboxes serve as networking platforms that facilitate collaboration among industry participants and foster business partnerships.
5.3.6 Access to market
Finally, “optimal” AI RSs could also accelerate market access for participants by reducing regulatory obstacles. In other industries, RSs have successfully shortened the “time to market” for innovations, increasing legal certainty and fostering technological advancement (Truby et al., Reference Truby, Brown, Ibrahim and Parellada2022). However, the AIA does not explicitly define the regulatory barriers to be lifted. As explained in Section 4.3, in FinTech RSs, temporary relaxations of licensing requirements allow innovative firms to enter the market more easily. In the financial industry, offering certain products without the necessary licenses is typically prohibited, making it difficult for FinTech firms that do not conform to existing regulatory frameworks to obtain the necessary permits. In such cases, regulators may grant a temporary suspension of enforcement, enabling firms to test their products within the sandbox under supervision.
By contrast, in the AI market, fast-track access to the market for AI firms is not a given. AI RSs do not provide exemptions from legal barriers. Moreover, under the AIA, there is no prohibition on placing an AI system on the EU market if it complies with regulatory requirements. Therefore, successful participation in an RS is not a prerequisite for market entry (Andrade et al., Reference Andrade, Galindo and Zarra2023). To address this limitation, RSs should establish clear deadlines and well-defined programme timeframes, given that regulatory processes and market dynamics do not always align.
In this context, the AIA mandates that participation in RSs be time-limited; however, it does not specify the exact duration of such programmes. Instead, the timeframe will be determined via the implementing act, which must ensure that the period is “appropriate” and may be extended by NCAs. Establishing legal certainty regarding the duration of sandbox participation is essential for the effectiveness of these programmes, ensuring that participants who complete the sandbox phase can transition smoothly into the market. For example, Article 60 of the AIA permits high-risk AI systems to be tested outside the RS in “real-world conditions” for up to 6 months, with the possibility of an additional 6-month extension.
The transition period for an AI system from training to market deployment depends on various factors, including the provider’s business model and the nature of the AI product. Thus, the lengths of experimental testing projects within RSs also vary. Drawing on experiences from other sectors and pilot programmes across different jurisdictions, the duration of RS initiatives typically ranges from 3 months to several years (Organisation for Economic Co-operation and Development [OECD], 2023). The essential requirement is that RS participation should facilitate faster and more efficient market deployment than would be possible outside the sandbox. If this advantage is not realised, the administrative burdens imposed by the sandbox will outweigh its intended benefits, undermining its purpose.
5.4. Limitations and ambiguities of AI RSs
The previous section outlined potential benefits for AI firms that may incentivise them to apply for a sandbox and correct market and government failures. This section depicts the side effects and structural limitations, showing that sandboxes represent one tool available to policymakers, not a standalone solution for the governance of AI. A key challenge for programme authorities is ensuring that sandboxes are sufficiently attractive to AI providers. Firms may be reluctant to participate if the advantages of a sandbox are not clearly delineated in comparison to standard market entry or if the associated administrative burdens are perceived as excessively high. Hopefully, the adoption of the implementing act by the AIO will address these concerns.
5.4.1 Lack of presumption of conformity and liability exemption
The AIA does not establish an official presumption of compliance for firms participating in RSs, which may reduce their appeal. In other words, under the AIA, sandboxes are designed to “facilitate” compliance, although participation does not automatically certify an AI system’s conformity with regulatory obligations. Streamlined regulatory processes can help reduce administrative complexity, enabling firms to concentrate on innovation. However, the “time to market” factor has different significance in the AI sector than in heavily regulated industries such as finance. Without strict entry barriers and given the dynamic nature of AI markets, firms may have fewer incentives to participate in sandboxes (Andrade et al., Reference Andrade, Galindo and Zarra2023).
Furthermore, the AIA does not provide a liability exemption for firms operating within the sandbox, meaning that participants remain fully accountable under EU and national laws for any harm caused to third parties during experimentation and testing in the controlled environment. Hence, sandboxes do not provide a mechanism for evaluating liability risks associated with AI products. This could deter providers of high-risk AI systems from applying, as they may be unwilling to face legal uncertainties without some form of protection (Truby et al., Reference Truby, Brown, Ibrahim and Parellada2022).
The AIA allows for some interpretative flexibility, which could enable more lenient application of the rules for participants. While it asserts that no exemptions from applicable legislation will be granted, it acknowledges that competent authorities will have discretionary power to apply the rules within legal limits. This discretion allows authorities to adapt regulatory requirements to specific AI projects within the sandbox. Notably, Article 57(7) AIA stipulates that, upon request, the competent authority must provide AI system providers with written documentation confirming successful sandbox participation, along with an exit report summarising the activities, results and lessons learned. Providers can use this documentation as evidence of compliance during conformity assessments or market surveillance procedures.
5.4.2 Distortion of competition
Section 5.3 emphasised that, under certain circumstances, sandboxes may address imperfect competition dynamics by supporting smaller players. However, creating excessively favourable conditions for sandbox participants could distort competition and prevent a level playing field (Andrade et al., Reference Andrade, Galindo and Zarra2023). This risk is particularly relevant in the European AI market, which is highly fragmented. Thus, the implementing act introduced by the AIO will be crucial to ensuring that Member States and competent authorities apply uniform criteria at the EU level. It will establish harmonised eligibility and selection criteria for participation, as well as procedures for application, monitoring, exit and termination of the sandbox. It will also set standardised requirements for sandbox plans, exit reports and terms and conditions applicable to participants.
5.4.3 Sandbox shopping
Regulatory authorities must collaborate to mitigate the risk of forum shopping or “sandbox shopping,” where firms strategically choose to operate in jurisdictions with the most favourable regulatory conditions (Juenger, Reference Juenger1988). The variability in sandbox frameworks across Member States may incentivise firms to register in jurisdictions with more lenient compliance requirements or expedited market entry processes, even if their primary market is elsewhere. Such regulatory inconsistencies could weaken the harmonisation of the EU’s AI single market and give firms in more permissive jurisdictions an unfair competitive advantage. To prevent these distortions, a centralised and coordinated approach by the AIO, alongside continuous cooperation and communication between NCAs, is necessary. Moreover, the implementing act will define uniform principles applicable across Member States, ensuring a standardised approach to eligibility, participation and termination procedures for AI RSs.
5.4.4 Regulatory capture
Section 3.1 discussed how AI regulation is subject to heavy lobbying by interest groups. While rent-seeking dynamics and regulatory capture may occur in the “governance rooms” when AI rules are being negotiated or enforced, improperly designed AI RSs may be the perfect place for the emergence of such phenomena. It may be the case that industry stakeholders exert disproportionate influence over the decision-making processes in the sandbox, particularly when industry representatives hold key advisory positions concerning governance. In such cases, the framework may be shaped in ways that prioritise the commercial interests of participants over broader public policy objectives, compromising the RS’s role in balancing innovation and public interest.
Another form of regulatory capture may arise when certain firms, particularly those with significant lobbying influence and financial resources, receive preferential treatment. These firms may benefit from more favourable conditions in the conformity assessment process, gaining an undue competitive advantage. Additionally, there is a risk that NCAs could become overly reliant on AI providers’ technical expertise, leading to intellectual capture. In such cases, regulators may inadvertently adopt the industry’s perspective, potentially neglecting broader societal implications or alternative regulatory approaches. Furthermore, regulatory capture may result in weak enforcement within the sandbox, leading to inadequate oversight of AI systems undergoing testing and enabling the proliferation of harmful practices.
5.4.5 Window dressing and innovation theatre
RSs can sometimes serve as tools for firms and governments to project an image of innovation and forward-thinking regulation without meaningfully addressing fundamental challenges associated with AI development and deployment. This can result in a superficial “window dressing” exercise, where sandboxes primarily function as a branding or public relations strategy rather than a mechanism for substantive regulatory oversight. Firms participating in sandboxes may leverage their involvement to market themselves as leaders in ethical and responsible AI, gaining public trust and attracting investments, even if their engagement does not translate into meaningful improvements in AI governance.
Similarly, governments and regulatory bodies may use RSs to signal their commitment to fostering innovation and modernising regulations without implementing structural changes necessary to ensure accountability and public interest protection. Poorly designed or under-resourced sandboxes can become “innovation theatres” where institutions celebrate innovation activities without fully evaluating their impacts or considering failures or missteps along the way (Macknight, Reference Macknight2025) or accept too many projects with low impact (Intergovernmental Fintech Working Group, 2022). This scenario is particularly likely if institutions measure the success of a sandbox in “press releases” rather than evidence-based outcomes. To counter these pitfalls, the Financial Conduct Authority (FCA) (2017) stresses that sandboxes are only considered successful when clear success indicators are defined to assess participants. Hence, sandboxes should be designed to envision stringent entry criteria linked to public interest goals, commit to supervisory teams that are multidisciplinary, establish transparent reporting methods, metrics and lessons and provide a mechanism to feed empirical findings into regulatory reviews.
To mitigate these risks, the AIO and NCAs will have to implement robust accountability and transparency mechanisms that enable public scrutiny and hire resources with technical expertise. The AIA addresses such concerns by requiring NCAs to submit annual reports to the AIO and the Board, beginning 1 year after the establishment of an AI RS and continuing until its termination, along with a final report for independent oversight. These reports must include comprehensive details concerning the progress and outcomes of RSs, including best practices, incidents, lessons learned and policy recommendations. To enhance transparency, the reports must be publicly accessible online. Moreover, the EU is tasked with developing an interface that consolidates all relevant information.
In addition, the implementing act should establish and enforce stringent conflict of interest policies, ensuring rigorous vetting of potential participants and key stakeholders to prevent regulatory capture and innovation theatre. It should also ensure that the selection of firms participating in RSs reflects a diverse range of AI use cases, preventing undue industry influence and balancing competing interests.
6. Final remarks: good governance for successful AI sandboxes
From a law and economics perspective, this paper has offered insights into how AI sandboxes and other experimental regulatory approaches can address AI uncertainties by systematically gathering information, keeping pace with rapidly evolving technological fields and fostering consensus on contentious policy issues via structured deliberation. However, despite their potential, experimental instruments remain underutilised due to factors such as limited awareness among policymakers, reluctance to embrace evidence-based decision-making and concerns about legal certainty (Ranchordás, Reference Ranchordás2013). Moreover, structural limitations must be acknowledged: edge cases and adversarial human behaviour cannot be fully replicated at the sandbox level (Organisation for Economic Co-operation and Development [OECD], 2023). While the AIA’s sandbox provisions have catalysed adoption of these mechanisms, they have not overcome the institutional challenge of anticipating and adapting to rapid technological change. As this paper has demonstrated, real progress depends on operationalising AI-specific evaluation through concrete testing protocols, continuous assurance mechanisms and data governance arrangements that regulators can apply.
RSs may not serve as a “silver bullet” for achieving all legislative objectives (Zarra, Reference Zarra, Bagni and Seferi2025), but they remain a critical component of the broader AI regulatory framework. To fully reap their benefits, effective governance must be paired with technical implementation capacity, where continuous assurance pipelines are built into sandbox designs from the outset, aligning with the AIA’s lifecycle approach.
A multi-layered, multi-stakeholder approach remains essential for the success of AI RSs in the EU. NCAs should act as collaborative partners, facilitating the market entry of new AI technologies (Ringe, Reference Ringe2023). As highlighted in the AIA, key stakeholders should include AI system providers, particularly SMEs and startups, the AIO, NCAs and the European Data Protection Supervisor, who ensures that AI model training and testing adhere to EU data protection laws. Secondary stakeholders should also be actively involved in the establishment and operation of RSs, including the AI Board, AI Scientific Panel and EU initiatives such as the AI-on-demand Platform. Moreover, national and European standardisation bodies, notified entities and civil society organisations should contribute perspectives and expertise to enhance the governance structure of sandboxes. The role of the AI Board should involve ensuring coordination at the national level (Ranchordás, Reference Ranchordás2021a).
To lower the structural asymmetries between large incumbents and SMEs, the governance framework should incorporate shared data trust or equivalent access models and privacy-enhancing technologies so that testing relies on representative, vetted data. These measures will reduce entry barriers for small players, improve evaluative validity while helping avoid bias propagation.
To strengthen cooperation, AI RSs should develop close ties with the AI Innovation Accelerator. This integration could be achieved by including a representative from the Accelerator within the governance framework of the RS. Moreover, paradigm-sensitive protocols should become the default: supervised-learning systems can be vetted against static benchmarks; reinforcement-learning agents in dynamic settings require iterative stress tests and situational safety checks; rule-based symbolic systems lend themselves to logic-consistency audits; and large language or other GPAI models demand scrutiny for emergent behaviours. Embedding this differentiation into admission criteria, test plans and exit reports will increase the reliability and comparability of outcomes.
This paper has shown how, provided ambiguities are addressed, sandboxes can play a crucial role in addressing market and government failures. To achieve sandboxes’ objectives, effective governance structures, robust technical implementation, clear operating routines and inclusive stakeholder collaboration are essential. Based on these insights, recommendations can be made for policymakers and prospective participants.
Clear communication channels must be established to minimise the burden on SMEs and startups with limited legal and administrative resources. Ensuring that application processes are straightforward and transparent will encourage participation. For instance, calls for applications should explicitly outline meeting schedules, enabling participants to plan resource allocation efficiently. Firms engaged in sandbox testing should also report on their progress via regular, structured updates, such as weekly or monthly bilateral meetings. Deliverables should be clearly specified, ranging from the initial testing plan to the final exit report. A monitoring and evaluation framework should be implemented to continually assess testing performance, while competent national authorities should have the power to request further information or conduct on-site inspections. Validation should combine repeated A/B tests, stakeholder co-evaluation and checks for legal compatibility, providing publicly available summaries to generalise lessons beyond individual cases. Enhancing incentives and support mechanisms for SMEs and startups will encourage broader participation, while strengthening the governance framework to include a diverse range of stakeholders will ensure RSs’ effectiveness.
To prevent firms from remaining in RSs indefinitely, clear exit criteria must be defined. AI providers should retain the ability to leave the testing environment at their discretion, subject to assessment by the NCA. National authorities must render a final decision on the success of the testing process within a predetermined timeframe, which should be outlined in the implementing act. A key exit criterion should be the participant’s ability to meet the AIA’s conformity assessment requirements upon completion of sandbox testing. This could be formally documented in an exit report prepared by the competent national authority, which might include a “compliance rating” or “score” reflecting the AI system’s performance against regulatory benchmarks. Given that sandbox participation does not exempt firms from compliance with the AIA, satisfying these requirements will be a prerequisite for market entry.
Beyond benefiting individual firms, RS outcomes should contribute to broader societal knowledge. If the findings remain overly specific to individual cases, their societal value may be limited, favouring participants over non-participants. Ultimately, RSs should not function as mechanisms for selecting market winners or providing indirect advantages to those involved; rather, their insights should be widely shared (Andrade et al., Reference Andrade, Galindo and Zarra2023). Accordingly, the results of sandbox activities must be publicly accessible. Where feasible, de-identified outputs should be shared to accelerate learning across jurisdictions and inform standards.
Crucially, while RSs and similar experimental governance initiatives present promising opportunities, success depends on their design and implementation. If they are not properly structured, they may yield limited outcomes and fail to drive meaningful regulatory improvements. The implementing act is expected to address such challenges by establishing clear participation criteria, improving communication and knowledge-sharing mechanisms and streamlining administrative processes to reduce burdens on participants. To ensure consistent application of the AIA and maintain a level playing field across the EU, cross-border participation in RSs should be facilitated. Furthermore, when introducing AI RSs, Member States should evaluate alternative mechanisms that may achieve similar objectives.
In sum, a well-designed RS can serve as an instrument for advancing responsible AI governance. While the establishment of such frameworks requires substantial investments in human resources and expertise, the long-term benefits outweigh the initial costs. If effectively implemented, AI RSs – as envisioned in the AIA – will significantly enhance Europe’s position in the global AI landscape.
Acknowledgements
The author would like to thank the editors and reviewers for their insightful comments and feedback, which substantially improved this article and the editor for the careful coordination of the review process. The author is also grateful to Prof. Georg Ringe and Prof. Sharon Oded for their valuable comments on earlier drafts, as well as to the research communities of ICONs and Lawtomation for the stimulating discussions that helped shape this work. Appreciation is further extended to the Law and Economics departments of Hamburg University, Rotterdam University, and Bologna University for their constructive engagement. A special thanks goes to Antonio Aloisi for his support. The author made use of ChatGPT to assist with the editing of this article. GPT-5.1 was accessed and used, with modifications, in August and November 2025.
Funding statement
The author declares none.
Competing interests
The author is employed at the European Commission. The information and views set out in this article belong to the author and do not necessarily reflect the official opinion of the European Commission.
Antonella Zarra is a doctoral researcher at the Institute of Law and Economics of the University of Hamburg, where she examines the role of experimental governance in the regulation of AI technologies. She is also a lecturer on digital platform regulation at IE University in Madrid, where she is a member of the Chair in EU Digital Private Law. As part of the European Doctorate in Law and Economics, she has been a visiting researcher at Erasmus University Rotterdam and the University of Bologna. Antonella currently serves as a Case Handler Officer at the European Commission in Brussels. Within the Digital Services Act Enforcement team, she focuses on risks posed by online platforms’ algorithms. Previously, she worked at Meta, where she coordinated Open Loop, a policy prototyping program with a focus on the AI Act. Antonella holds an MSc in Economics of International Institutions from Bocconi University.
Open access
