Risk governance and risk-based regulation(2): The evolution of risk

It is safe to say that humankind has always been subject to risk. For long, however, humans have considered risk along the lines of fate and determinism. Our ancient ancestors thought of risk as something they could not influence. Their future was either set in stone, regulated by the forces of nature, or regulated by spirits and deities. Risk as a way of thinking about a makeable and thus changeable future is a rather recent development. One of the world’s leading risk scholars, Eugene Rosa, has captured this well by stating: “Risk has a very long past, but very short history” [1].

Risk from the 12th to the 18th Century

Rudimentary risk assessment and management

The contemporary understanding of ‘risk’ can be traced back to 12th Century Italy. It was there and then that merchants needed control over future gains and losses of the goods they were trading in [2]. Early developments in probability theory and a documented history of trade allowed for rudimentary estimates of the uncertainties of investments. This was a major development as it allowed to separate the risk of trading in a good (the uncertainty of loss or gain) from the good itself, and trade the risk for a price. Suddenly, the unknown future ‘could be estimated, commodified and exchanged’ [3].

Of course, this process did not happen overnight. It took some 600 years, from the 12th to the 18th Century, to move from a rudimentary understanding of risk as something that is not merely fate or determinism, to something that could be captured, calculated, and to some extent controlled by humans. But once this notion was accepted, developments sped up incredibly. During the Enlightenment, public authorities in Europe became apter in systematic data collection at the population level. Combined with ongoing developments in probability theory and mathematics at that time, the fundaments for risk as an object of public governance were laid [4, 5].

Towards welfare states

From the 18th Century onwards, risk becomes a fundamental concept that allows for ‘rational’ governance, particularly at the population level. The idea arose that ‘State policy should be shaped by administrative and arithmetic knowledge of the population’ [3]. In other words, governance through the calculation of probability. Another idea that rose was that on the individual level, people can often not control the risks they are subject to. Yet, at the aggregate level, these risks can be controlled, either by pooling the risk through public insurance and State-organised welfare or by minimizing the risk through modifying and deterring its origins.

The industrial revolution that had started in the second half of the 18th Century brought about a range of changes that were unprecedented—if not in terms of substance then at least in terms of scale. Industrialization led to a novel distribution of risks through rapid urbanization, negative externalities, and the working and living conditions that large groups of working-class people suddenly found themselves in. Particularly in Europe, insights in these new risks led to a growth of risk pooling initiatives, such as public pensions, unemployment insurance, and public health schemes.

Risk in the 19th and 20th Century

A range of developments in the 19th and 20th Century have affected our thinking of risk and risk governance, and ultimately led to risk-based regulation. Some of these happened in sequence, some in parallel.

A gradual change in law

It became obvious that many of the ‘new’ risks that resulted from industrialisation were too complex to address through a traditional understanding of law. Particularly the system of tort law in the United States, in which the evidentiary burden is on the plaintiff, was unable to deal with many of the indirect or slow-to-materialize risks from industrialization. By the second half of the 20th Century, the United States Congress determined that the tort system ‘was incapable of providing an effective response to the increasing threats to the public health and safety and the environment attributable to new technologies and development’ [6].

Between the 1960s and the 1990s, in the United States, this led to a move away from minimal federal regulation towards an approach of risk governance where the government often took action to regulate anticipated health, safety and environmental harms. Risk technologies (particularly risk estimation) were seen as a way to provide public security. Regulation thus moved further away from restoring harm once done to preventing harm to occur in the first place. Countries elsewhere, particularly in Europe and the Asian Tigers, followed suit and around the world, it was accepted that managing risks and public safety had become a task for government—the ‘regulatory state’ was born.

A gradual change of governance

A more critical reading of this period is provided by ‘governmentality’ scholars. They argue that the new risks, or more precise, the new understanding of risks allow those in power to push for a way of governing that is ever more intrusive. That is, risks have become more than being the “mere” objects of public governance through government-led regulation. In this critical reading, of interest to those in power are the underlying practices of these risks and ‘how to most effectively govern the conduct and actions of populations to minimize identified risks’ [7]. That is, rather than seeking to reduce the risk, governments have become interested in reducing the behaviour that may result in the risk.

Thus, not only can the government hold individuals responsible for having caused harm, but the government can hold individuals responsible for engaging in activities and behaviours that may cause harm. To these critics, regulating behaviours because they may cause harm, particularly at the aggregate level of society as a whole—such as drunk driving, smoking in public places, or the consumption of fatty foodstuffs—allows governments limit to individual freedom even further than they have before. In sum, the new understandings of risk have moved the object of public governance from substance and matter to human conduct; and have moved the modes of governance from restoring damage and preventing harm to imposing on and internalising in people norms of ‘accepted’ behaviour.

A utilitarian approach to regulation

The above discussion captures the birth of risk governance, but what about risk-based regulation? It is often argued that risk-based regulation is a specific take on risk governance. In risk governance, risk is an object of governance (including regulation) as explained above. In risk-based regulation, the focus is on the allocation of resources based on risk levels [8]. Risk is used as a decision-making resource that allows for reasoned action of how to respond to a possible harm or gain when lacking knowledge in qualitative on quantitative terms [9]. Examples of risk-based regulation will be discussed in future blog posts in this series. For now, it suffices to define risk-based regulation as ‘an evidence-based means of targeting the use of resources and of prioritizing attention to the highest risks in accordance with transparent, systematic, and defensible framework’ [10].

Particularly in the 1980s, under President Ronald Reagan in the US and Prime Minister Margaret Thatcher in the UK, there was a call on government departments to become more cost-effective and efficient—the turn to New Public Management [11, 12]. To government departments and regulatory agencies, the tools of risk assessment and risk management allowed them a utilitarian approach to ‘allocate regulatory resources in proportion to the risks and interventions they require’ [13] and ‘explicitly explain their selective decisions based on the assessment of the risk that the regulated actors (companies or individuals) present’ [8]. It should be noted here that risk-based regulation is not the same as Professor Malcolm Sparrow’s problem-oriented approach to regulation—that is, find the biggest problem and fix it [14]. The latter is less systematic and structured than risk-based regulation [15].

Risk in the 21st Century

By the end of the 20th Century, writings on the role of risk in modern society by a range of influential thinkers entered mainstream debates in the wake of large disasters—including the Chernobyl nuclear disaster in the Soviet Ukraine in 1986, the BSE (bovine spongiform encephalopathy) crisis in the UK in 1996, and the 9/11 terrorist attacks in New York in 2001. Among the most know thinkers are Ulrich Beck who coined the term ‘risk society’, Anthony Giddens, Aaron Wildavsky and Nicklas Luhmann. While the details of their arguments differ considerably, their main lines of thought show striking similarities: In current times, people have become preoccupied with risk and taming the future. Despite all controls that have been put in place to reduce, pool, mitigate or prevent risk, risk causes anxiety at the societal level.

The risk society perspective

To Beck, this preoccupation is because we are faced with larger risks than ever before: risks are global, outlast generations, and affect all irrespective of class, culture, or citizenship. To Giddens, this is because we now ‘live on a high technological frontier which absolutely no one completely understands and which generates a diversity of possible futures [16]. To Wildavsky, this is because of the paradoxical situation that risk prevention requires risk-taking and risk exposure [17]. To Luhmann, finally, this is because large risks loom in different systems (such as the economy, the environment, or politics) that are difficult to mitigate for those outside those systems but may have detrimental consequences across systems [18].

Particularly the notions of new risks (and amplified existing ones), as well as notions of systemic risks raised by these thinkers, echo in the risk governance models we see around the globe today. New technologies (such as developments in ICT, nano-technology, genetically modified foodstuffs and artificial intelligence) are considered to bring huge opportunities but come with risks that cannot be (objectively) estimated. At the same time, many of today’s major risks such as climate change and the interconnectedness of global finance are systemic, meaning that they are embedded in the larger context of societal processes. ‘Systemic risks have therefore a growing potential of harm since effects can be amplified or attenuated throughout the prolongation of effects based on a complex system of interdependencies’ [19].

From uncertainty to probability and back again

Thus, while our understanding of risk, risk evaluation and risk management has grown tremendously over the last decades, it has also become clear that many of the risks we are facing today are exceptionally difficult to reduce, pool, mitigate or prevent. The power of risk governance and risk-based regulation as a means to safeguard society may very well have come to their absolute limits. Over the last years, critical questions have been raised about risk governance and risk-based regulation as perhaps providing a false sense of security. The routinization of risk governance and risk-based regulation as is observed around the globe ‘may obscure the conceptual foundations and limitations of this method’ [20].

The conceptual foundations and limitations critical scholars point at, bring us back to questions about the ontology and epistemology of risk, and the broad range of definitions discussed in the first installment in this series of blog posts on risk governance and risk-based regulation. More and more, the leading scholars of risk are calling for a move away, or at least softening of, the high value assigned to ‘hard’ probabilities based on ‘objective’, quantitative data, collected and processed by technical experts. They call for the inclusion of ‘subjective’, qualitative data and knowledge of lay-people in the assessment and management of risk. The definition of risk as being “the objective probability of harm multiplied by the objective impact of harm” has quickly lost its mythical status. After centuries of statistical development in which we saw uncertainty captured in ‘clean’ probabilities, risk scholarship has moved back to the ‘fuzzy’ language of uncertainty again.

The rule of sacrifice

The leading risk scholar Aaron Wildavsky has famously coined ‘the rule of sacrifice’ as one of the core paradoxes of risk [17]. He argues that macro-stability requires micro-instability: To keep a population stable, the risk-raking behaviour of delivering babies is required. To have a stable retirement in the future, the risk-taking behaviour of putting aside money in the now is required. And so on. The same holds for the role of risk in regulatory policy and practice: To achieve stable results through risk governance and risk-based regulation, the risk-taking behaviour of changing entrenched assumptions and conventional models is required.

This brief history of (our thinking of) risk indicates that risk is not a static object that can be reduced, pooled, mitigated or prevented with stable, one-size fits all governance interventions and regulatory tools. In the blog posts that follow in this series examples will be given of what is considered the current state of the art. Over time these will, no doubt, however, need updating.


1.            Rosa, E., Metatheoretical foundations for post-normal risk. Journal of Risk Research, 1998. 1(1): p. 15-44.

2.            Bernstein, P., Against the gods: The remarkable story of risk. 1996, New York: John Wiley & Sons.

3.            Doron, C.-O., The experience of ‘risk’. Genealogy and transformations, in Routledge Handbook of Risk Studies, A. Burgess, A. Alemanno, and J.O. Zinn, Editors. 2016, Routledge: London. p. 17-26.

4.            Huber, M., Colonised by risk – the emergence of academic risks in British higher education, in Anticipating Risk and Organising Risk Regulation, B.M. Hutter, Editor. 2010, Cambridge University Press: Cambridge. p. 114-135.

5.            Alemanno, A., Risk and regulation, in Routledge Handbook of Risk Studies, A. Burgess, A. Alemanno, and J.O. Zinn, Editors. 2016, Routledge: London. p. 191-203.

6.            Shapiro, S.A. and R.L. Glicksman, Risk Regulation at Risk: Restoring a Pragmatic Approach. 2003, Stanford: Stanford University Press.

7.            Edge, S. and J. Eyles, Contested Governmentalities: NGO enrollment and inf luence over chemical risk governance rationales and practices. Environmental Policy and Governance, 2015. 25(3): p. 188-200.

8.            Macenaite, M., The “Riskification” of European Data Protection Law through a two-fold Shift. European Journal of Risk Regulation, 2017. 8(3): p. 506-540.

9.            Steele, J., Risk and Legal Theory. 2004, Oxford: Hart Publishing.

10.          Black, J. and R. Baldwin, Really Responsive Risk-Based Regulation. Law and Policy, 2010. 32(2): p. 181-213.

11.          Hood, C., The “new public management” in the 1980s: Variations on a theme. Accounting, organizations and society., 1995. 20(2-3): p. 93-109.

12.          McLaughlin, K., S. Osborne, and E. Ferlie, New Public Management: Current trends and future prospects. 2002, New York: Routledge.

13.          Davies, G.J., et al., Regulators as ‘agents’: power and personality in risk regulation and a role for agent‐based simulation. Journal of Risk Research, 2010. 13(8): p. 951-982.

14.          Sparrow, M.K., The Regulatory Craft. Controlling Risks, Solving Problems, and Managing Compliance. 2000, Washington: Brookings Institution.

15.          Baldwin, R. and J. Black, Driving Priorities in Risk-based Regulation: What’s the Problem? Journal of Law and Society, 2016. 43(4): p. 565-595.

16.          Giddens, A., Risk Society: the Context of British Politics, in The Politics of Risk Society, J. Franklin, Editor. 1998, Polity Press: Cambridge. p. 23-34.

17.          Wildavsky, A.B., Searching for Safety. Studies in Social Philosophy & Policy, no. 10. 1988, New Brunswick: Transaction Books.

18.          Luhmann, N., Risk: A Sociological Theory. 1991, Berlin: de Gruyter.

19.          van Asselt, M. and O. Renn, Risk governance. Journal of Risk Research, 2011. 14(4): p. 431-449.

20.          Renn, O., Three decades of risk research: accomplishments and new challenges. Journal of Risk Research, 1998. 1(1): p. 49-71.

4 thoughts on “Risk governance and risk-based regulation(2): The evolution of risk

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s