Regulatory Imperatives for the Future of SADC ’ s “ Digital Complexity Ecosystem ”

This article uses a “digital complexity ecosystem” framing to delineate the challenges facing regulation of the digital economy in the Southern African Development Community (SADC) region. The digital complexity ecosystem approach, grounded in the field of complexity science – and in particular the study of complex adaptive systems (CASs) – is used to illuminate the sources of uncertainty, unpredictability and discontinuity currently present in the SADC digital sphere. Drawing on examples from three regulatory areas, namely mobile financial services, Internet of Things (IoT) network and services markets, and e-health services, the article argues that SADC regulatory bodies will themselves need to adopt highly adaptive, nonlinear approaches if they are to successfully regulate activities in the digital ecosystem moving forward. Based on the findings, recommendations are made on SADC regional regulatory agendas and, at national levels, matters of concurrent jurisdiction.

Regulatory Imperatives for SADC's "Digital Complexity Ecosystem" from the field of complexity science.Complexity science is interdisciplinary, and explores the broad terrain (Anderson, 1999;Schneider & Somers, 2006) and application (Akgün, Keskin & Byrne, 2014) of complex adaptive systems (CASs), using a variety of concepts, theories and methodologies for studying such systems (see, for example, Gates (2016), who uses the combined term "systems thinking and complexity science" (STCS)).This article draws on particular concepts from this body of theoretical knowledge as analytical tools, notably those of uncertainty, unpredictability and discontinuity, because they are all closely associated with innovation outcomes.I have observed the presence of these three themes at the current conjuncture of digital innovation and its early effects in the economies of the region, for example the regulatory challenges arising from the introduction of mobile financial services, or MTN Business offering services through IoT platforms in South Africa and Namibia.I have fused notions from complexity science with conceptions of the dynamics of the "digital economy", "digital transformation" and "regulatory imperatives" to arrive at the conception of the "digital complexity ecosystem" presented here.
The value of this kind of conception is its focus on the need for policymakers, regulators and other stakeholders to engage in complexity-oriented, CAS-oriented thinking and analysis, rather than to consider simple solutions to complex challenges, when interacting with emergent digital services.For example, the study of IoT requires complexity science thinking, because IoT artefacts, processes and innovative outcomes are such complex, adaptive (and self-adaptive) applications and systems (see, for example, the work of Moraes do Nascimento & Perreira de Lucena, 2017).
Many features of digital ecosystems can be considered as complex, adaptive systems, whether the feature consists of introducing IoT applications for smart cities, or building out mobile financial services, or a manifestation in the socially oriented arenas of Internet-supported education, digitally enabled health practice, or digital government.Each of these systems is multi-faceted -constantly shifting, adapting and evolving as supply-side and demand-side actors adjust to new services, new competitive advantages or threats, new opportunities, and unexpected outcomes.

Risk for SADC regulators
Given this adaptive complexity inherent in the elements of digital ecosystems, regulation of these ecosystems' core elements -such as electronic communications markets, Internet-based services markets, and digitally supported environments arising from convergence of electronic communications and Internet-based services (e.g.smart cities) -requires advances in the institutional environment towards intensive knowledge formation, in order for regulatory bodies to perform effectively.Regulatory institutions that fail to build and command such knowledge will run the risk of becoming all but irrelevant to the emergent digital ecosystem.This risk is already apparent in the SADC region, where the pace of change is poised to test the Abrahams capacity of regulators to advance the supporting regulatory agenda at the required pace.
Some may try to argue that digital complexity ecosystem regulatory challenges are not particularly pressing in a region such as the SADC, where several of the countries' Internet penetration levels are among the lowest in the world, but the converse is true.If the roughly 78% of SADC residents 2 not yet using the Internet are to join the digital complexity ecosystem and participate in a manner that safely enhances their livelihood opportunities, the regulatory imperatives outlined in this article must be at the forefront of the agendas of the region's regulatory authorities.Furthermore, it can persuasively be argued that while African economies are growing in size, they are not growing sufficiently in technological, process or governance complexity, or in the enhancement of "the technical capabilities of people and institutions" (African Center for Economic Transformation, 2013) required for transforming from mainly low-technology-using agricultural and services-based economies to medium-or high-technology-using 3 agricultural and services economies, supported by digitally complex ecosystems.Effective regulation is needed to enhance the effective operation of the supporting digital ecosystem.
It is acknowledged that there are other contemporary regulatory questions pertaining to the digital ecosystem that are not covered in this article -such as regulation for overthe-top (OTT) services, for cloud computing, for smart cities, for cryptocurrencies, and for other forms of digital transformation -and that also need regulatory research and debate.The scope of this article excludes a full review of the current state of SADC regulation for the digital economy.Such further research would be important for designing a formal regulatory agenda and research programme for SADC regulators and regional regulatory associations.

Regulation in the digital complexity ecosystem
In the late 1990s and early 2000s, much of the electronic communications sector research focused on the social and economic regulation of the "telecommunications economy", with particular attention to regulatory approaches to guiding telecoms market structures and facilitating transition from monopoly to competition (Boylaud & Nicoletti, 2001;Buigues, 2006;Bourreau & Dogan, 2004;Fredebeul-Krein & Freytag, 1999;Gillwald, 2005;Noll, 1999).The research agenda then expanded to include regulation for fostering the "mobile communications economy" (Gebreab, 2002;Haucap, 2003;Nanevie, 2012), and then for evolution of the "broadband 2 This percentage is based on total estimated population and total estimated Internet access (Internet World Stats, 2017), noting that only a very small age cohort would not need to engage in direct Internet use, but should still have indirect participation in the digital ecosystem.3 The OECD classifies telecommunications (non-manufacturing) as being among medium-low R&D intensity industries; IT and other information services (non-manufacturing) as being among mediumhigh R&D intensity industries; and software publishing (non-manufacturing) as being among high R&D intensity industries (Galindo-Rueda & Verger, 2016).
Regulators in the SADC region have been mainly engaged in laying the infrastructural foundations for a digital economy, with greater or lesser degrees of success.The emerging phase of digital economy evolution evinces a greater degree of complexity in law-making and rule-making than before, a phase in which greater mastery of the regulatory environment is required.This phase is about more than "ICT regulation"; it is about moving to interconnected jurisdictions and spheres of regulation that will promote the digital business, commerce, trade and services that operate on the foundational infrastructure.
Economic regulation for the electronic communications sector has generally been understood as addressing access, effective competition, and consumer protection (Blackman & Srivastava, 2011, p. 10), noting the distinctions amongst theories of regulation, e.g., public interest, interest group, power of ideas, institutional, and network theories (Baldwin, Cave & Lodge, 2012, pp. 40-67).Economic regulation also addresses sector innovation, as discussed extensively in Blackman and Srivastava (2011) and Baldwin et al. (2012).Meanwhile, social regulation for the electronic communications sector has generally been concerned with "achieving socially desirable results", including addressing essential services (Baldwin et al., 2012, pp. 19 and 24).
While much of this important theoretical work on the modalities of electronic communications regulation remains relevant, there are many new features, interpretations and applications of economic and social regulation that are relevant Abrahams to digital ecosystem evolution in 2017 -and which will grow in importance and relevance in the next decade, including in SADC region countries.The digital economy of mobile apps; OTT services and other digital platforms; mobile money; utilisation of robotics and social media in banking; gamification in digital education; online entertainment; digital health services; early formations of smart cities (such as the Konza Techno City in Kenya); and many more digital modalities, is one in which the regulatory agendas of African electronic communications sector regulators will need (i) to be refocused and (ii) to be complemented by the efforts of other sector regulators.Without shifts in regulatory focus and practice, African economies will struggle to transition to well-functioning digital economies.To give but one example, definitions of universality now need to include consideration of access to online e-services and mobile services for education, health, banking and finance, and other mobile or Internet-based services.

The SADC digital economy
The economy of the region is strongly services-based, with a few economies also having a significant agricultural or manufacturing component (see Mobile telephony (voice and text) access on the African continent has increased significantly in recent years, and was estimated at 420 million unique mobile subscribers, or a 43% penetration rate, at the end of 2016.Industry reports suggest that the mobile industry, including mobile broadband, could account for an estimated USD214 billion of Africa's annual GDP by 2020(GSMA, 2016, p. 6).Mobile penetration in countries in the SADC region ranges from those with penetrations of 60% and above (Botswana, Lesotho, Mauritius, Seychelles, South Africa, Tanzania), to those with penetrations between 50% and 59% (Democratic Republic of Congo, Swaziland, Zambia, Zimbabwe), between 40% and 49% (Mozambique, Namibia), to the low-penetration countries of Angola, Malawi and Madagascar (34%; 35% and 23% respectively) (GSMA, 2017, p. 9;ITU, 2017a, pp. 240-243).
Mobile Internet subscriber penetration is estimated at 28% for the whole of Africa (GSMA, 2017, p. 33) and total Internet penetration at 31% in 2017 (Internet World Stats, 2017), indicating that Internet penetration is largely mobile.SADC region Internet penetration is lower than the continental average and is reported as being highest in Mauritius, The Seychelles, 5 and South Africa, and significant in Botswana, 4 Latest publicly available data for SADC region.5 Mauritius and The Seychelles are small island states.
Regulatory Imperatives for SADC's "Digital Complexity Ecosystem" Namibia, Swaziland, Zambia and Zimbabwe, while penetration is less than 10% in the Democratic Republic of Congo (DRC), Madagascar and Malawi (Internet World Stats, 2017).There is now a clear trend towards mobile broadband adoption on the continent and it is envisaged that around 60% of subscribers will have mobile broadband Internet access, in other words usable Internet, by 2020 (GSMA, 2017, p. 7).Low household incomes and rural modes of subsistence production (WEF, 2017, p. 7) may hold back the pace of adoption of mobile broadband, but adoption is set to continue, given the innovations in digital services for consumers at many income levels.The smartphone adoption trend creates the foundation for a stronger consumer push to a digital economy in the SADC region in the next decade.Four SADC countries appear in the Global Mobile Engagement Index (GMEI) (a measure of frequency of mobile service usage with smartphones and non-smartphones) out of 56 countries surveyed, namely South Africa, Mozambique, Tanzania and DRC with, for example, Tanzania showing significant usage of remittances via mobile money service, online banking and bill payment (GSMA, 2017, p. 27).

Abrahams
While substantial numbers of subscribers, connections and broadband services will mean that network effects (demand-side economies of scale) increase, and while these network effects can create value for rural households -through, for example, benefits of mobile money transfer or access to educational content -this value can only manifest where villages and villagers have reasonable access and quality of service with respect to voice and broadband.Bello, Opadiji, Faruk and Adediran (2016) shed some light on the realities for rural households on the wrong side of the digital divide in villages in rural Nigeria, where access to basic mobile service is low due mainly to lack of network infrastructure and quality of service.There are many such villages across the SADC region, raising critical questions for electronic communications sector regulators with respect to continued major gaps in universality and quality of service in the next decade.In the SADC region, when one looks at the countries with populations above 10 million, one finds that in Angola, an estimated 55% of the population is rural, 57% is rural in the DRC, 83% in Malawi, 67% in Mozambique, 34% in South Africa, 67% in Tanzania, 58% in Zambia, and 67% in Zimbabwe (ECA, AfDB Group & AUC, 2017, p. 37).
The SADC regional economy has a strong bias towards services and agriculture as the largest contributing sectors to GDP, sectors in which innovative digital applications and platforms can be adopted with relative ease, provided that the economic and social environments are reasonably well regulated and governed.IoT applications are already in operation for urban management in a few cities (example Windhoek) (NUST, n.d.), and appetite for mobile financial services has been observed (Mazer & Rowan, 2016;Robb & Vilakazi, 2016).

Mobile f inancial services
In the SADC region, digital technologies and processes are transforming consumer and business markets in the financial sector towards fully-digital banking, including robotic transaction processing and virtual assistants, requiring attention to cybersecurity.Mobile money adoption is significant in Swaziland and Botswana (21% and 22% respectively) and high in Zimbabwe and Tanzania (45% and 51% respectively) (Fanta, Mutsonziwa, Goosen, Emanuel, & Kettles, 2016).Adoption in 2017 is likely to be higher than in the latest survey years.(Fanta et al., 2016).In the case of Zambia, a recent study found that 94.3% of rural people did not have a bank account and around 70% of urban adults did not have bank accounts (Banda, 2016), while 9 million or 53% had a mobile phone (GSMA, 2017, p. 9).Noting that mobile money transactions would now be significantly higher than the USD300 million per month estimated in 2014 (GSMA, 2015b, p. 32), these data present a strong case to leverage the deepening mobile penetration rates and extensive ownership of mobile phone devices to enhance financial inclusion through digital innovation, balanced against appropriate levels of regulation.The mobile financial services basket includes both service processes and mobile money, notably the following types of services: mobile money transfer from person to person; mobile payments including bill and merchant payments; mobile credit and savings with or without a bank account; mobile insurance; and other mobile financial services for the unbanked and the banked, e.g., where supermarket chains or networks of retailers develop products to transfer money across borders, to transfer through the banking system, or to transfer through Internet banking using a smartphone or other connected device.
The 2016 FinMark Trust study (Fanta, et al., 2016, p. 19) indicates that the four main forms of mobile money usage in eight countries in the SADC region are paying bills, buying air-time, sending money and receiving money, with bill payments being a minor proportion of "top four" transactional activity, as compared to the more 6 Formally included means financial inclusion in the banking and financial system.

Abrahams
extensive uses of mobile financial services elsewhere on the continent, including mobile salary disbursements and mobile payments for commercial transactions, education and health services, and transport (GSMA, 2017, p. 27;GSMA, 2015a, pp. 30-35).Mobile financial services bring networks of retailers, banks and mobile operators into competition in the mobile financial services sector, with potential long-term innovation and consumer benefits.Thus, while the current pace of mobile financial inclusion is slow in the SADC region, the potential is great and can be translated into actual financial inclusion through proactive regulation.
In 2014, the cost of intra-regional remittances was comparatively high when using the traditional banking system: the average total cost of sending USD200 within Southern Africa was USD20.47 (approximately 10% of the value of the transaction) for cross-border banks 7 ; and USD17.24 for banks operating in a single country (AfDB, 2014, p. 73).By contrast, the cost to the consumer of using mobile money service providers for cross-border remittances is significantly lower.In 2017, Airtel Money Malawi charges 3% of the value of the transaction for cross-border transfers of the equivalent of USD200 in Malawian Kwacha and no cash-out charges are applied, though charges are higher than bank charges in the lowest transaction band (Airtel Money Malawi, 2017).In Tanzania, with respect to Airtel Money tariffs effective from September 2017, there are no charges to the sender for amounts above TZS200,000 8 (approximately USD88) and cash-out charges are low for Airtel Money customers and partner networks, but high for the recipient at the lower transaction bands (Airtel Money Tanzania, 2017), a matter that may require regulatory attention.
The African Development Report 2014 motivated for the financial integration of retail payment systems across the continent, in order to promote greater economic participation and cross-border trade, noting that mobile financial services innovation was then at the early stages of its evolution (AfDB, 2014).In this context, the review commissioned by the Committee of Central Bank Governors in SADC (CCBG-SADC) with respect to the laws and regulations applicable to national payment systems gave rise, in March 2016, to the publication of SADC Mobile Money Guidelines (FinMark Trust, 2016).The SADC Model Law on Electronic Communications and Transactions, prepared for SADC electronic communications regulators is also relevant, as indicated later.

Internet of Things (IoT) networks and services
IoT applications and services require human-to-machine (H2M), machine-tomachine (M2M), and, ultimately, everything-to-everything (E2E) communication, creating "[a] global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving 7 Cross-border banks operate in more than one African country 8 TZS = Tanzania Shilling, written locally as TSH.
Regulatory Imperatives for SADC's "Digital Complexity Ecosystem" interoperable information and communication" (Brown, 2015).At international level, IoT deployment is significant in applications in smart cities, connected vehicles, and healthcare (Brown, 2015), and is emerging in the fields of industrial maintenance, building information modelling, and the insurance sector (Civerchia, 2017;Gartner, 2016), the latter case interweaving the electronic communications and financial services sectors in another area fostering overlap in regulatory agendas.
With respect to early trends and use cases in IoT adoption in Africa, Ndubuaku and Okereafor (2015) Africa, 2016;GSMA 2017;World Bank, 2016), potentially spaces for building IoT applications.

Abrahams
While IoT applications can use existing Wi-Fi and other telecoms networks, operators Huawei, MTN, Vodacom and others are also offering new network solutions such as LTE-M (medium bandwidth) and re-using 2G networks for IoT for smart grids and object tracking; as well as introducing low-power and narrow-band networks such as LPWA IoT networks and NB-IoT networks 10 for smart water metering and other solutions (Hawkes, 2017, p. 14).IoT data sensing, capture, storage and communication provide the basis for making available extensive data as the basis for research in data analytics, predictive analytics, and artificial intelligence, leading to enhanced evidence-based decision-making and applications of value to societies and economies.However, sharing the data, and conducting data-driven activities, via the Internet raise significant cyber risk.The SADC Model Law on Data Protection and the SADC Model Law on Computer Crime and Cybercrime are relevant, as indicated later.

e-Health services innovation
Public health advancement places strenous demands on government funding, and on efficient use of the resources available for patient management in hospitals and clinics across the SADC region.Some of the applications to public health management challenges, that can promote greater efficiency in healthcare management, arise from digital innovation (i) in the use of location-specific services for targeted approaches to malaria management and response; or (ii) in the field of data analytics, for example with respect to the management of dread diseases (such as cancer, heart attack and stroke), and chronic diseases such as HIV/AIDS; or (iii) the use of IoT applications ranging from remote health monitoring to facilities management.
Article 7 of the SADC Protocol on Health requires the sharing of health data and the establishment of a regional indicators database (SADC, 1999), requirements that are ever more important as the regional economy becomes more integrated.Health applications of the Internet, including the use of IoT for sharing public-healthrelated data or anonymised patient data, can be appropriate, relatively low-cost, digital innovations in primary healthcare services.However these innovations are at a nascent stage in the SADC region.Hawkes (2017, p. 5) reports South African start-up Vitls as offering a wearable device that monitors vital signs and "sends the data to the cloud where algorithms create actionable insights for medical staff ", noting that IoT applications need healthcare institutions to introduce electronic medical records, which is considered possible in the medium term.IoT applications in healthcare can encourage greater self-management, for example in the treatment of diabetes (Brown, 2015, p. 11) and other diseases of lifestyle.At the same time, there are, in these health applications, concomitant risks of interference with data, as well as privacy risk and ethical risk, all requring regulatory attention.e-Health 10 LPWA IoT network means low power wide area IoT network; NB-IoT network means narrow band IoT network.
Regulatory Imperatives for SADC's "Digital Complexity Ecosystem" regulatory issues overlap with regulating the trust environment to advance the use of IoT platforms and services, as health regulatory issues pertaining to the ethical treatment of patient data by clinicians and health practitioners require privacy and data security with respect to patient personal information and medical records.The SADC Model Law on Data Protection and the SADC Model Law on Computer Crime and Cybercrime are also relevant here, as indicated later.

Seeing the SADC digital economy within a complex adaptive ecosystem
The ways in which regulatory dynamics interact with economic (or social) dynamics lead to an evolving digital ecosystem.The ecosystem influences the economy, and vice versa.As we have seen in the preceding sub-sections, the SADC digital economy demonstrates many of the features that are typical of complex adaptive systems, for example: uncertainty that arises due to the risks experienced in mobile financial services; unpredictability that arises through the emergence of next generation telecoms and IoT infrastructure networks; and discontinuity that arises where regulation rapidly shifts from a focus on telecoms regulation, to electronic communications sector regulation, to digital ecosystem regulation.

SADC regulatory imperatives in the digital complexity ecosystem
The SADC regulatory imperatives are discussed below in the following sequence: (i) key challenges in regulating mobile financial services; (ii) key challenges in regulating IoT networks and services; and (iii) key challenges in regulating the e-health services environment.

Regulating mobile f inancial services
It is widely recognised, at both a global and SADC regional level, that the attention of regulators is required with respect to: competition and interoperability across providers in the mobile money ecosystem (see, for example, Bourreau & Valletti, 2015); cross-border remittances and money transfers (see, for example, Mazer & Rowan, 2016); licensing or approval of service providers (see, for example, Evans & Pirchio, 2015); regulating to advance innovation (see, for example, Blechman, 2016); and regulatory harmonisation with respect to all of these issues within regional and continental blocs.Some of these responsibilities are the role of central banks, some the role of electronic communications sector regulators, and others the role of competition authorities.Furthermore, consistency and harmonisation issues arise with respect to regulatory action across the SADC region, raising the profile of regional regulatory associations in promoting the digital complexity ecosystem.

Competition and interoperability
Given its relative convenience and socioeconomic efficiency, SADC regulators need to research and understand the barriers to extensive mobile money adoption that could be addressed through regulation.Regulatory assurance of, in particular, the promotion of interoperability of mobile money services, is important with respect to the following (Bourreau & Valletti, 2015): interoperability of the mobile networks that promote mobile money services; interoperability of mobile money agents to serve consumers of any service; and national and regional interoperability across mobile money platforms (at the SADC regional level, these would include Airtel Money, or Vodacom M-Pesa, or another platform).
With respect to regulatory lessons from mobile money services in the SADC region and in Africa, studies are relatively recent.Robb and Vilakazi (2016, pp. 27-28), with reference to Tanzania and Zimbabwe, note that Tanzanian firms embraced interoperability, possibly due to the symmetrical nature of the market; while some Zimbabwean firms encouraged interoperability (NetOne and Telecel) to the benefit of consumers, and others did not (Econet), possibly due to the relatively small market size and Econet being a dominant player.In the Zambian experience (Banda, 2016), competition issues relate to agent exclusivity, interoperability at the agent level for agent sharing (about 50% of 5,000 agents are active), issues around account opening, and network effects.Other regulatory issues Banda notes in the Zambian context are that the National Payment Systems Act 1 of 2007 may have limitations with respect to services beyond payments and transfers; for example, no allowance is made for interest payments on the funds in a mobile money wallet.Some of the just-cited regulatory issues require the attention of competition authorities, others require the attention of the banking regulator.Issues in competition regulation are paramount in respect of the emerging mobile financial payments ecosystem, which includes an array of products and services, including mobile insurance and mobile credit, in addition to the more traditional mobile money products.

Cross-border remittances and money transfers for cross-border trade
Advancing mobile money systems for cross-border trade, to enhance access to income over and above remittances, requires the attention of the general competition and consumer protection regulators, as well as the sector-specific regulators, namely central (or reserve) banks, electronic communications regulators and financial integrity regulators (FinMark Trust, 2016, p. 29).The ex ante promotion of competition in mobile money and payments markets by regulators can potentially stimulate interest in fostering the mobile money and mobile payments ecosystem as a means to intraregional trade.

Licensing
The SADC Mobile Money Guidelines propose that central banks focus on the licensing and licence conditions (or approval) of mobile money service providers (MMSPs), while electronic communications regulators focus on the licensing and licence conditions of the mobile network operators (MNOs) who constitute or support the MMSPs.For example, with respect to approvals, Directive #24 of the Central Bank of the DRC, the country's banking regulator, requires that, "[p] rior to performing any electronic money activity, electronic money institutions, as Regulatory Imperatives for SADC's "Digital Complexity Ecosystem" defined in the Directive, must be approved by the Central Bank" (Di Castri, 2014).Contemplating the take-off of mobile financial services, Evans and Pirchio (2015) suggest that heavy regulation may stifle development, e.g., via a requirement for a banking licence for mobile money transfer even if there is no banking involved, or via the level of personal identification and know-your-customer (KYC) data required for basic transactions where small amounts of money are transferred.In the recent Tanzanian experience (CGAP, 2016;Mazer & Rowan, 2016;Roberts, 2016), the central bank allowed light touch regulation for the three MNOs who held significant mobile money market share, leading to rapid growth in the numbers of registered mobile money users, active users, and active agents.

Regulating to advance innovation
Using lessons from Kenya, a regulatory respondent (personal communication, 2016), explains that the regulator's dilemma is whether to regulate or whether to allow innovation and market evolution before regulating.In the mobile finanical services context, this applies to, among other things, the presence of agents and super-agents; clarifying the relevant market definitions; and consumer protection, e.g., transparency in billing.Focusing on one particular dimension of the dilemma, the respondent commented on regulatory uncertainty (personal communication, Kenyan regulatory respondent, 2016): […] while M-Pesa is a success in everyone's eyes, when the innovation came into being, as a regulator you don't know whether the regulation will create competition issues, you don't know whether the innovation works, you don't know where to balance between competition issues and recoupment of the innovation cost, … if it is a competition issue, is it temporal, transitional or permanent?
This draws attention to the question of when and how the regulator steps in, based on its agenda, knowledge, foresight and resources.The regulator has to consider the definition of the relevant (new) market in order to design and conduct market studies.Working through these questions means that SADC regulators will require greater research capacity than is currently available, as well as foresight mechanisms, to adjust to the digitally complex environment.
The same Kenyan respondent explained (personal communication, Kenyan regulatory respondent, 2016): […] where Equity Bank came up with Equitel thin-film, SIM-based transfer (you just add an additional SIM and place it on top of existing SIM), Safaricom went to court and said "maybe someone will steal data from our SIM".The Competition Authority allowed rollout and took a wait-and-see approach.One of the main government agencies asked about the risks associated with unauthorised access to people's data.All the This reflection illustrates the multiple concerns of multiple regulators and the inability to make, or inadvisability of making, quick decisions based on past experience when countenancing innovative shifts in technologies, services and markets.As regulating to advance innovation requires the existence and effective action of multiple regulators, SADC countries must act to fill the gaps in the regulatory environment.This will require the attention of those countries who do not yet have competition laws (Angola, DRC, Lesotho), those without competition authorities (DRC, Lesotho, Mozambique) (Ngobese & Kühn, 2017), and those without consumer protection authorities, cybersecurity regulators and other regulatory institutions required to cement the regional digital ecosystem.Beyond filling the gaps with respect to institutions and statutes, future challenges and complexities will include role clarity, i.e., unanticipated, multi-directional, overlapping responsibilities across regulators that require new forms of concurrent jurisdiction and affect the practice of designing new regulation.

Regulatory harmonisation
Regulatory harmonisation in the African telecoms and ICT sector is seen as a way to promote common approaches to common problems, as well as a means to create similar regulatory environments, thereby encouraging investment, competitive regional markets and consumer access (ITU, 2017b).Through the Harmonisation of ICT Policies in Sub-Saharan Africa (HIPSSA) project, a number of guidelines and model laws have been formulated, including three SADC model laws relevant to the mobile financial services environment.The SADC Model Law on Electronic Transactions and Electronic Commerce (ITU, 2013a) provides guidance with respect to legal recognition and legal effect of electronic communications and transactions; attribution of secure electronic signatures; the protection of online consumers; and matters related to online marketing and online safe harbours.Other relevant model laws are the SADC Model Law on Data Protection and the SADC Model Law on Cybercrime.With this guidance, each SADC country enacts its own laws and publishes its own related regulations, enabling the effective regulation of mobile financial services as a key component of the digital economy in the region.
With respect to the payments system environment, the Office of the Committee of Central Bank Governors in SADC (CCBG-SADC), the regional regulatory office for the banking sector, has established a Payments System Project under its Payments Subcommittee, which attends to matters of exchange control and banking supervision.The Payment Systems Project is interested in three key objectives Regulatory Imperatives for SADC's "Digital Complexity Ecosystem" (SADC BA, n.d.), namely (i) an environment of harmonised, inclusive, and sustainable banking services; (ii) co-operation with national regulators to achieve integrity and credibility with respect to banking services; and (iii) improved technical and regulatory capacity of member associations to make their financial markets more attractive to regional and international investors.Meanwhile, the SADC Mobile Money Guidelines, commissioned by the CCBG, include commentary on (i) regulatory approaches necessary to create an enabling environment for vibrant mobile money markets; (ii) the ecosystem and the mobile money role players engaged in the formulation of regulations; (iii) common technical and operational standards for possible implementation by central banks, telecommunications regulators and other mobile money stakeholders; and (iv) domestic and regional interoperability through regulatory harmonisation (FinMark Trust, 2016, p. 2).
With respect to the just-listed SADC Model Laws and to the SADC Mobile Money Guidelines, central banks and electronic communications sector regulators have significant responsibilities, many of which are still to be acted on in ways that can create a strong regulatory environment for mobile money, mobile credit, mobile insurance, mobile payments and other mobile financial services.

Regulating IoT networks and services markets
SADC regulators must acknowledge the transformative nature of IoT infrastructures and applications, with respect to their contribution to economic organisation and advancement, and their provision of data for enhanced decision-making, as discussed above.The effective evolution and formation of IoT networks and services in the SADC region will require attention to a series of connected regulatory agendas and measures, within individual regulators and across multiple regulators.Many IoT use cases will present regulators with new issues for attention with respect to matters such as: competition and barriers to entry in IoT network infrastructure markets (requiring the attention of electronic communications regulators and competition authorities); and data privacy and cybersecurity (requiring the attention of cybersecurity regulatory bodies, information privacy regulatory bodies, and health professions councils where patient records are involved).

Competition in IoT networks and services
New challenges arise for access to the digital economy with respect to emerging IoT network infrastructure (for example, LWPA IoT and NB-IoT) availability, pricing and penetration.Digital access concerns also relate to the IoT-enabled services that can improve livelihoods and lifestyles.Since the existing SADC mobile network operators are in a strong position to create IoT network and service markets, this presents possible barriers to entry for new players and potentially high prices for business and household consumers, requiring regulatory attention.Key IoT regulatory issues (Brown, 2015, pp. 19-20) that will need to be investigated by SADC Abrahams regulators include spectrum licensing and management to foster IoT networks and uses, noting also the new uses for 2G networks; addressing and numbering for "globally addressable things"; and competition regulation to address abuse of dominance where it arises.

Data privacy, cybersecurity and cybercrime
Converged IoT payments systems mean that payments can be made over an IoT platform, from your mobile device, or from your watch, or from your car, raising personal data protection and cybersecurity risks.The SADC Model Law on Data Protection (ITU, 2013b) provides guidance on the establishment of national data protection authorities, rules applicable to the processing of personal data, rights of the data subject, and transborder data flows.The SADC Model Law on Computer Crime and Cybercrime (ITU, 2013c) provides guidance on what would constitute cybercrime offences -including illegal access, illegal data interference, and data espionage -as well as on matters of criminal liability.
In terms of these two SADC Model Laws, each SADC country must enact its own data protection and cybersecurity laws and publish its own related regulations.In the Hawkes (2017) study, an industry expert argues that regulation in Africa is lagging the early initiatives in IoT deployment, noting that while existing legislation for personal data protection could potentially be extended to IoT, this may not suffice for the range of new IoT use cases.The same expert notes that few SADC countries have enacted the relevant data protection legislation.Similarly, few countries in the region have effective (or any) cybersecurity legislation, designed with the specific intent of addressing risks in IoT services markets, as the basis for regulation.For example, South Africa's privacy and data protection law, the Protection of Personal Information (POPI) Act was passed in 2013, before entry of IoT network and service providers, and only signed into law in 2017.And South Africa's cybersecurity/ cybercrime law has not yet been enacted.Botswana, Mauritius and Zambia have laws that address some aspects of cybersecurity and cybercrime, but these laws need to be updated to address, inter alia, matters relating to IoT-based services (personal communication, cybersecurity specialist, South African government, 2017).

Regulating e-health services
Regulatory issues that arise in respect of e-health services for electronic communications regulators and for health regulators include: availability of broadband and IoT networks; pricing of broadband and IoT services; privacy and trust with respect to the storage of anonymised personal health data in the cloud; and security pertaining to sharing of health data as the basis for data analytics services.

Availability of broadband and IoT networks and pricing of services
Introducing and utilising e-health services requires availability of broadband infrastructure in hospitals and clinics, in order to effectively collect and communicate Regulatory Imperatives for SADC's "Digital Complexity Ecosystem" patient health data from clinics and hospitals to decision-making structures, with a reasonable degree of accuracy and validity.Promoting broadband access is already on the regulatory agenda for electronic communications regulators, though progress is slow in many SADC countries.New regulatory challenges relate to the emerging market structures for low-power or narrow-band networks; competition and abuse of dominance; and universal access to these networks and related services at prices that are affordable for public hospitals and clinics.
Data privacy, trust and security In the healthcare system, patient confidentiality and the protection of personal information are of equal importance to the potential value generated by gathering and analysing of big data generated through IoT applications.Here, information privacy regulators, cybersecurity regulators and health regulators all have roles to play.
Noting that historical health regulations may create barriers to digital transformation in public health, it is necessary to study the health regulatory environment from the perspective of digital advances.Detailed investigation is required on matters that require concurrent jurisdiction, or parallel jurisdiction (discussed further below), by the health professions and the electronic communications sector regulators, as well as on matters that require self-regulation by e-health service providers.
The issues presented in this section 4 offer some perspective on uncertainty, discontinuity and unpredictability with respect to regulatory decision-making in the digitally complex ecosystem.

Analysis: Reorienting regulation for the SADC digital ecosystem
Analysis of the emerging SADC digital ecosystem indicates a regulatory environment characterised by uncertainty, unpredictability and discontinuity, one that is in need of complex adaptive responses.Drawing on the points that ensue from the discussion above, at least four key complex adaptive responses are required.First, there is a need for a shift in the regulatory agendas of sector-specific regulators to include attention to the new regulatory challenges discussed here and those discussed by other authors.Second, there is a need for regional regulatory harmonisation.Third, a multiplicity of regulators are engaged in addressing different facets of the regulatory environment for digital services, leading to the requirement to manage and coordinate interwoven regulatory agendas.Fourth, attention must be paid to the greater need for self-regulation -by operators, service providers and consumers -and co-regulatory arrangements.

New regulatory agendas and challenges
It is apparent that SADC regulators must adapt their agendas to include new items in respect of competition, data protection, cybersecurity and cybercrime.SADC countries will also need to establish new regulators, or, where possible, revise the mandates of existing regulators.In this respect, a key role of regional regulatory bodies is to advance the knowledge required among SADC national regulatory authorities for future-oriented regulation.For example, IoT supply can only advance effectively and productively to meet local and regional demand where regulatory reviews and appropriate, timely ex ante regulation are part of the IoT ecosystem.
Regulatory studies are required to understand the extent to which existing legislation may provide an initial foundation for conducting reviews and guiding regulatory decisions.In addition, research-based studies must guide how matters such as IoT licensing, data privacy, and cybersecurity will be regulated.This is necessary to inform the practices of regulatory authorities, identify priority areas for attention, and clarify the roles of various regulators and any areas of possible concurrent jurisdiction.It is also necessary to provide clarity for market entrants, for example, with respect to encouraging IoT market formation.In practical terms, the Communications Regulators' Association of Southern Africa (CRASA) can make an important contribution to fostering advances in regulatory agendas and practices for SADC regulators.

Regulatory harmonisation
Important topics for regulatory harmonisation include mobile money and mobile payments; approaches to the formation of IoT markets and services; and the related issues of cyberspace risk and governance.These and other fields of enquiry are knowledge-intensive fields of regulation, requiring the existing SADC regional regulatory associations, CRASA and the CCBG-SADC, to act in ways that further advance the value of model laws, codes and regulatory guidelines.Greater effort is required to promote the establishment of new regulators for data protection and cybersecurity/cybercrime across the SADC region, so as to create the necessary foundations for regulatory harmonisation in this sphere.

Concurrent and parallel jurisdiction
Effective regulation for the future evolution of cyberspace requires the attention of multiple regulators and regional regulatory associations (in, inter alia, banking and finance, competition, consumer protection, cybersecurity, electronic communications, health professions, transport) to advance (i) regulation of mobile money and mobile payments markets; (ii) evolution of IoT markets; (iii) evolution of data analytics and other digital services; and, ultimately to foster (iv) interconnected digital markets across the SADC region.Some matters will require concurrent jurisdiction across regulators, which will in turn require clarification of roles and responsibilities, drafting of memoranda of agreement, and preparation and finalisation of countrylevel regulations based on model laws or guidelines for regulatory harmonisation.
Creating an ecosystem approach requires more than just concurrent jurisdiction.The converged services of digital financial services and digital healthcare, to give but two of many possible examples, create the need for parallel jurisdiction, with greater Regulatory Imperatives for SADC's "Digital Complexity Ecosystem" emphasis than before on simultaneous, cross-sectoral, collaborative and, occasionally, integrated regulation with respect to operator behaviour, consumer behaviour, and the behaviour of many service providers (for example, hosts of cloud services, and other unique stakeholders in particular sectors, such as health professionals or e-health service providers).Recognition of parallel jurisdiction means that distinct regulators understand their individual, respective contributions to fostering an effective digital ecosystem, and they seek to create complementarity through their decision-making.They seek to understand each other's contributions and identify where and how to address the gaps arising from the early stages of formulating regulatory decisions for the complex digital ecosystem.
A case in point, at regional level, is the need for a regular interface amongst CRASA, the CCBG-SADC, the COMESA 11 Competition Commission (eight SADC countries are members of COMESA), and the signatories to the SADC Memorandum of Understanding on Inter-Agency Cooperation in Competition Policy, Law and Enforcement (for a brief overview of this MoU, see Ngobese and Kühn, 2017, pp. 3-4).Extended forms of mutual discussion, collaboration, and formulation of formal arrangements for concurrrent and/or parallel jurisdiction among these institutions are necessary to push forward the boundaries of cyberspace for consumers and users of mobile money services in the region.
In the SADC, the number of regulators needing to engage with the broad field of mobile and Internet-based services (read electronic communications, mobile financial services, IoT networks and services, e-health services) would be close to 100 regulators (or more) if each country were to have the types of regulators recommended in model laws and guidelines.These would include banking and financial services regulators (central banks), competition regulators, electronic communications sector regulators, data protection or information privacy regulators, cybersecurity regulators, general consumer rights regulators, health professions regulators, and others.Given the size of the regulatory community and the complexity of its regulatory agenda, the regulatory community itself needs to become a complex adaptive system, as regulators cannot possibly address the range and complexity of issues by applying "tried and tested" regulatory approaches where new innovative approaches are needed.

Self-regulation and co-regulation
Self-regulation is an important field of exploration for SADC policymakers and regulators, in order to encourage greater self-management by operators and service providers, with respect to activities of minimum risk, or areas where selfregulation would remove an unnecessary burden on regulators.Where possible, user communities and provider communities can create and sign up to applicable codes of 11 COMESA is the Common Market for East and Southern Africa.
conduct.Also relevant are co-regulatory approaches, where regulators publish codes of conduct and monitor compliance, a modality that is much less onerous than direct regulation.
6. Conclusions: The complex adaptive system of regulation for the SADC digital economy This article has sought to introduce a discussion of SADC regulation within a complex digital world.The specific discussion points reflect the uncertainty and unpredictability of the regulatory landscape, and the points of discontinuity with a regulatory history largely focused on the silos of telecoms, or banking, or health services.Over the coming decades, deep structural economic change is inevitable in the SADC region, whether due to endogenous or exogenous influences.Regulators must confront, rather than shy away from, the complexity enshrined in the digital future.
Important considerations for addressing complexity include non-linear thinking (Anderson, 1999;Schneider & Somers, 2006) and non-linear regulatory design; regulatory approaches that understand the digital economy as a complex adaptive system (Akgün, Keskin & Byrne, 2014); and the application of methodologies for studying such systems (Gates, 2016).Non-linear thinking can and should be applied by regulatory organisations in the content of the regulatory agenda and in the design of approaches to regulation.In other words, it may not be possible or advisable to promote continuity in regulatory approaches -such as applying general competition theory to mobile financial services regulation and addressing the traditional issues of dominance and abuse of dominance -where the nature of the regulatory challenges is significantly dissimilar to historical trends or completely new (e.g., the issues of provider-based and agent-based interoperability).
Regulators must consider the best possible regulatory approaches based on the characteristics and relevant factors pertaining to the matter at hand, thinking about regulation as part of shaping the future of systems of communication as an adaptive, interpretive exercise, rather than as simply a rule-driven exercise based solely on past experience and historical trends.
It would be advantageous for SADC regulators to consider each new challenge in relation to its own specific characteristics and influencing factors, rather than to simply look to past regulatory approaches for answers.Regulators can, accordingly, consider the nature of the system changes and innovations taking root, and design regulation that strongly encourages innovation, while balancing the interests of industry development and consumer welfare.Furthermore, regulators will need to consider and adopt particular methodologies for studying complex adaptive systems in the digital sphere, such as STCS evaluation methodologies (Gates, 2016) or research methods for studying virtual communities (Aguirre, 2011), and other Regulatory Imperatives for SADC's "Digital Complexity Ecosystem" methodologies applicable to regulating in a context of digital complexity.
The article has touched on some of the key emergent regulatory dimensions in this SADC digital complexity ecosystem, in the context of mobile financial services regulation, regulation of IoT networks and services markets, and regulation of e-health services.However, it has not touched on many other important emerging phenomena, notably cloud computing, spectrum management, or issues of the intellectual property rights of entrepreneurs and start-ups in high technology hubs where tech developers and entrepreneurs are engaged in digital innovation and digitally enabled innovation.With respect to these manifestations of digital complexity, additional concerns arise for a future regulatory agenda for the digital services ecosystem.Moreover, it is noted that, beyond regulation, private firms and governments will need to pay attention to factors in the wider enabling environment, including new infrastructure investment, significantly heightened skills development, technology and process innovation, and strategy and leadership relevant to the digital transformation of business, government and civil society.Most importantly, the need for regulation must always be balanced against the need for innovation and investment in this domain.SADC regulators need to take a broad view of the many challenging emerging regulatory issues in their jurisdictions and construct a regulatory agenda that includes in-depth studies of the many new phenomena arising in the digital sphere.

Sources: ECA, AfDB Group & AUC, 2017; Internet World Stats, 2017; World Bank, 2017 * latest data 2015 ** latest data 2014 # other industry is not included in order to highlight local manufacturing
Mobile money statistics for Tanzania are as follows: with a population of 56 million (Internet World Stats, 2017) and 40.2 million mobile subscriptions, there were, in June 2017, 20.2 million mobile money accounts with five mobile money providers (Vodacom M-Pesa, Tigo Pesa, Airtel Money, Ezy Pesa and new entrant Halotel Money) (TCRA, 2017).Furthermore, Tanzania had more than 166,000 mobile money agents in 2016, and one-third of Tanzanians lived within 5km of an agent(CGAP, 2016).
Notwithstanding the quite strong adoption in Tanzania and Zimbabwe, mobile money and mobile financial services are not yet widespread in the SADC region (see Regulatory Imperatives for SADC's "Digital Complexity Ecosystem" Figure 1 below 6 ) ( Jackson, 2017)eafor, 2015)ition, in Nigeria, from IoT being dominated by M2M communication (e.g., point-of-sale devices, fleet management, personal vehicle tracking and security monitoring of oil tankers and vessels), to E2E communication with more advanced IoT applications needed in traffic management, oil pipeline monitoring, wildlife conservation, and tracking of medical equipment(Ndubuaku & Okereafor, 2015).TheHawkes (2017)study presents African examples of the use of IoT applications in energy and utilities (IoT-enabled solar systems in Ghana and Ivory Coast; sensors in water pumps in rural Rwanda; electricity load limiting through smart meters in Johannesburg); IoT applications to foster precision agriculture and "agro based analytics" (IoT in livestock tracking, and the deployment of agricultural drones for data collection to inform usage of scarce agricultural inputs).It comments on the unexploited potential in healthcare (for remote patient monitoring and management, or the management of virus epidemics through extensive data collection and predictive analytics), amongst other uses.South African insurtech startup Naked Insurance is seeking to offer customers a "new generation insurance" experience( Jackson, 2017).New insurance business models include remote sensors and other IoT-connected devices at the insured's premises, sending data to a data centre or warehouse for rapid customer response.Tech hubs in the SADC region, such as the FABLab Design and Technology Centre in Windhoek, Tshimologong Digital Innovation Precinct in Johannesburg, and a few other tech hubs are participating in IoT innovation to meet local demand and offer IoT services at locally defined prices.For example, FABLab is adapting sensors for localised uses in Namibia, initially focused on environmental sensing, with future interest in water and waste management, parking and transport management, and other applications to urban management (see the Smart Citizen -FABlab Namibia video).9 Tech hubs and collaborative working spaces are now estimated to number over 300 across Africa, and around 70 in the SADC region, including FABLab, Tshimologong, Bongohive Zambia and Dar es Salaam Innovation Space (Disrupt Abrahamsagencies had their own concerns.The [regulatory approach] could lead to curtailment until Equity Bank can address all the issues, or [the regulator can] let them roll out and understand the challenges[…].The whole problem is not resolved, but particular approaches can resolve particular parts of the dilemma.