The Regulatory Frontier Designing the Rules that Shape Innovation 2025

As technologies blur sector lines, drawing the regulatory perimeter – the scope of activities and actors subject to oversight – has become one of the most consequential design choices. Define it too broadly, and innovation will be trapped in compliance. Do so too narrowly, and risk will migrate outside the rulebook. Entity-based models break down in cross- sector markets. Traditional frameworks used to regulate institutions rather than activities, which worked when products were stable and companies stayed within defined lanes. Now, technology companies processing payments or hospitals deploying diagnostic AI perform regulated functions without fitting into traditional categories, exposing the limits of outdated regulatory design. Activity-based rules redraw the perimeter. Modern frameworks ask what a company does rather than what it is. If a company holds customer funds, custody rules must apply – whether it is a bank, an exchange or a fintech platform. Dubai’s International Financial Centre applies this model for digital assets, regulating issuance, trading, custody and advice consistently across actors.2 Risk-tiered boundaries focus oversight where it matters most. Instead of treating every product the same, regulators can tailor scrutiny to the potential harm an innovation could cause. In healthcare, this approach is well-established; low- risk tools move quickly through review, while new technologies that influence diagnosis or treatment undergo a deeper evaluation. Singapore’s Health Sciences Authority, for example, uses a four-tier system for software as a medical device.3 There are light requirements for wellness or monitoring apps, but rigorous testing for programmes that analyse medical images or guide therapy decisions. The result is faster access to safe innovation and stronger protection where it matters most. When boundaries fail, trust erodes at both extremes. A perimeter drawn too narrowly pushes innovation into unregulated or offshore markets. Drawn too broadly, it drags experimentation into heavy compliance, slowing deployment. Either extreme undermines confidence – the first through lack of protection, the second through excess friction. Getting the perimeter right determines whether innovators build inside trusted markets or outside them, and whether regulators remain credible architects of the innovation economy. Equally important is keeping that perimeter adaptive – able to expand as new activities emerge and narrow where risks diminish so oversight remains relevant.1.1 Defining boundaries that protect without constraining The Regulatory Frontier: Designing the Rules that Shape Innovation 7