Risk governance and risk-based regulation(5): Evidence of the performance of risk governance and risk-based regulation

Now that we have a better understanding of the foundations of risk governance and risk-based regulation and have looked at some examples of its application, it is time to ask the hard question: does it work?

Answering that question is all but easy. By and large the debate of risk governance and risk-based regulation is driven by scholars from the UK, the USA and Europe; and that by and large they engage with theoretical and policy questions, rather than matters of implementation and practice.[1]

The following sections cluster the empirical findings in three themes: the perceived lack of homogeneity in risk governance application across countries and sectors, the observed changes in understanding and drivers of risk governance, and the perceived risks of risk governance and risk-based regulation.

Little homogeneity in risk governance application across countries and sectors

Scholars have mainly observed risk governance and risk-based regulation in the UK, the US, Australia and New Zealand, and Europe. Some argue that it may be a specific conceptualisation of regulatory governance that fits well within the context of these Western liberal democracies, but perhaps less well elsewhere. That said, they consistently point out that there is little homogeneity in risk governance and risk-based regulation within these countries—or as one scholar states: ‘Risk regulation is a messy world’ [1]. It is relevant here to stress, once more, that even within single jurisdictions scholars find limited homogeneity in the application of governance and risk-based regulation across policy sectors.

Particularly popular in the empirical literature are comparisons between risk governance and risk-based regulation in the US and UK on the one hand and European countries on the other. Typically, scholars describe the US and the UK as more salient to risk-based regulation and risk governance than European countries. The US and the UK are considered to prefer a rational-instrumental form of risk governance that puts much weight on ‘hard’ scientific data. European countries are, on their turn, considered to prefer a deliberative-constitutive form of risk governance ‘that is designed to address the factual and normative complexities of technological risk evaluation by granting to public administration substantial and ongoing problem-solving discretion in relation to particular issues’ [2]. In a similar vein, the US is considered more prone to err on the side of Type 1 errors (to prevent overly restrictive regulation) and European countries on the side of Type 2 errors (to prevent harmful under-regulation).

However, these cross-country comparisons may too quickly result in caricatures of risk governance, other scholars argue. They warn that there may be too much emphasis on the individual differences in how countries apply risk governance and risk-based regulation. When studying, for example, the application of the precautionary principle in the US and Europe (see the previous blog post) scholars sometimes tend to forget that the differences between these jurisdictions are rather small when compared to how they differ from other jurisdictions around the world.

A changing understanding and drivers of risk governance

Scholars have observed that the politics of risk governance has changed substantially over the last two decades. They repeatedly point at changes in public perceptions of risk, and increased public pressures on policymakers to govern risk. More than before, governments are found to respond with regulatory interventions to these changes in public perception of risk and changes in public opinion about risk. This has resulted in a significant shift in regulatory governance. No longer are governments purely regulating the direct risks stemming from activities and events: ‘public risk perceptions are … a reality that must be engaged on its own terms. Perception has become, in a sense, as important as the hazard to which it relates’ [3].

As a result, risk governance now understands risk in broader societal terms—as opposed to considering risk a purely technical probability. Risk is no longer considered an absolute certainty because of societal complexities that come with measuring risk. This has resulted in a shift from science-technocratic risk models that bases risk probability calculations on ‘hard data’ to socio-political models that acknowledge the impossibility of ‘perfect’ probabilities and instead rely on knowledge-based or subjective probabilities.

In short, among academics and regulatory policymakers there now is ‘consensus that while the standard model of scientific investigation remains a necessary form of risk analysis (especially in the tasks of risk identification and estimation), it is no longer a sufficient form (especially in the areas of risk evaluation and management)’ [4]. As a direct result from this shift, deliberative and consensus-oriented approaches to regulatory governance are promoted as holding more promise for ‘good’ risk governance than traditional rational-instrumental approaches. That said, ‘questions remain as to the extent to which traditional, often technocratic, cultures of risk regulation are able to permit meaningful interaction between publics and decision makers’ [5].

The risks of risk governance and risk-based regulation

A final theme that scholars regularly return to when studying risk governance and risk-based regulation are the ‘risks’ that come with this approach to regulatory governance. A frequently observed undesired effect is that of a ‘risk spiral’. Using the language of risk in regulatory governance alters the general public’s understanding of risk and heightens their risk anxiety. This may result in increased expectations of the general public in how much risk they ‘ought’ to be subject to, and how much risk should be reduced, pooled, mitigated or prevented by government. In response, governments will increase their risk governance activities and interventions and increase the use of the language of risk. That furthers anxiety of risk in the general public, resulting in more calls for risk reduction, pooling, mitigation and prevention—ad infinitum.

In a related vein, scholars point out that governments often show ‘an overreaction … to a risk or (public safety) incident by issuing more regulation and more oversight than necessary to control the risk at an acceptable level’ [6]. This can result from too swift responses and the uncoherent adding of risk-based regulation elements to an existing regulatory regime, which may cause regulatory failure in the future—for instance the post-GFC risk-based regulation interventions. It may result from a tendency of regulators ‘to be drawn to their highest risks and … pull back resources from lower risks’ [7]. Lower risks may, over time, produce significant harm and political contention (see the previous blog post). Finally, it may result from a desire of regulators to achieve ‘full’ safety and address ‘the last 10 per cent’ at all costs. In such a situation, the costs of, particularly, reducing small risks can quickly become excessive.

Other scholars point out that risk as an approach to regulatory governance has resulted in the process of ‘responsibilisation’ in which citizens are increasingly expected to take the responsibility in protecting themselves. Risk as an approach to regulatory governance is then seen to fit a neo-liberal policy agenda and a justification for undermining (social) welfare. Somewhat related, making risk and the rational-instrumental approach central to risk governance creates an illusion of the manageability of risk. That may result in a false sense of security of how well future risks can be reduced, pooled, mitigated or prevented. Other challenges of this approach to regulatory governance are epistemic and ethical. These are central to next blog post.

Take home lessons for regulatory policymakers and practitioners

While the findings summarised here are insightful, they fall short in addressing pressing questions of what forms of risk governance and risk-based regulation yield desirable outcomes, where and why. Insights that governments take different approaches to risk governance, even in different policy areas within a single jurisdiction, help stress that there is no one-size-fits-all model for risk governance and risk-regulation. The current evidence base is, however, too small to conclude whether risk governance and risk-based regulation is desirable in the first place. In light of all the publications on risk as an approach to regulatory governance, the limited number of evaluative, comparative case studies—both risk governance to risk governance comparisons as well as risk governance to other regulatory governance approaches—is shocking.

Equally important to keep in mind for those interested in applying this approach to regulatory governance is that it provides a paradox. Risk governance and risk-based regulation may, at first glance, bring a rational, transparent and accountable way to allocate limited regulatory resources to address the most pressing risks. However, the efficiency gains of that utilitarian motivation for choosing this approach to regulatory governance may quickly be undone if risk governance and risk-regulation is taken seriously. Both rational-instrumental and societal-political risk assessments ask for substantial time and resource investments. Deciding on the right level risk management to implement will be equally time and resource intensive. However, without taking these steps seriously, the risks of risk governance and risk-based regulation may outweigh the benefits.


1.            Hutter, B.M., A Risk Regulation Perspective on Regulatory Excellence, in Achieving Regulatory Excellence, C. Coglianese, Editor. 2017, Brookings Institution Press: Washington, D.C. p. 101-114.

2.            Fisher, E., Risk Regulation and Administrative Constitutionalism. 2010, Portland: Hart Publishing.

3.            Burgess, A., Introduction, in Routledge Handbook of Risk Studies, A. Burgess, A. Alemanno, and J.O. Zinn, Editors. 2016, Routledge: London. p. 1-14.

4.            Rosa, E., Metatheoretical foundations for post-normal risk. Journal of Risk Research, 1998. 1(1): p. 15-44.

5.            Jones, K.E. and A. Irwin, Regulating resilience? Regulatory work in high-risk arenas, in Creating space for engagement? Lay membership in contemporary risk governance, B.M. Hutter, Editor. 2010, Cambridge University Press: Cambridge. p. 185-207.

6.            de Ridder, K. and S. Reinders, Regulation, Oversight, and the Risk Regulation Reflex: An Essay in Public Administration in the Context of the Dutch Risk and Responsibilities Programme. 2014, Groningen: Rijksuniversiteit Groningen.

7.            Black, J. and R. Baldwin, When risk-based regulation aims low: Approaches and challenges. Regulation & Governance, 2012. 6(1): p. 2-22.

[1] Only a small minority (16%, n=21) of the 133 peer-reviewed articles evaluated for the full review that these blog posts build on address an example or examples of risk governance and risk-based regulation in practice. Most articles are conceptual and discuss the foundations of this approach to regulation (52%, n=69) or address the motivations for governments to turn to this approach to regulation (32%, n=43). Also, a large part of the world is underrepresented in the scholarly debate: only a few articles are written by scholars from Asia, Africa or Latin America (11%, n=14), and only a few articles focus on these world regions (9%, n=12).

3 thoughts on “Risk governance and risk-based regulation(5): Evidence of the performance of risk governance and risk-based regulation

  1. I was recently at an oil spill conference (https://www.spillcon.com/) where the focus is on innovations, developments, practices and processes to prevent and respond to spills and well blowouts. There was a prominent theme around the idea that risks of well blow outs and an inability to deal with them are/have reduced significantly – but the public tolerance for risk associated with such things is essentially dropping at a faster rate – so continued (and not insignificant) investment is required in response capability and capacity. This was ties into the theme of maintain a ‘social licence” to engage in exploration activity. This blog remined me of that as a real example of the issues captured by the following quote from the blog: ‘public risk perceptions are … a reality that must be engaged on its own terms. Perception has become, in a sense, as important as the hazard to which it relates’


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s