Introduction

The fast pace of technological innovation has produced a structural tension between emerging technologies and the regulatory systems meant to govern them. Technologies such as artificial intelligence (AI), advanced robotics, gene-editing tools, distributed ledger systems, and autonomous vehicles evolve far more rapidly than traditional regulatory frameworks can adapt. This temporal mismatch creates what scholars call the regulatory lag, wherein rules designed for earlier technological paradigms struggle to manage novel risks, externalities, and ethical implications.^[1] The result is a dual-sided challenge where innovators face uncertainty about compliance obligations, while regulators lack real-time insight into the risks associated with frontier technologies.

In response to this gap, policymakers worldwide have increasingly turned to regulatory sandboxes-controlled environments in which organizations can test new technologies, business models, or processes under the supervision of regulatory authorities. Originally developed in the financial technology (fintech) sector, regulatory sandboxes have expanded into domains including health technology, mobility, AI systems, environmental innovation, and quantum technologies.^[2]

Although regulatory sandboxes are commonly framed as mechanisms to promote innovation, they also play a critical and underexamined role in assessing emerging technology risks. Sandboxes create structured opportunities for regulators and innovators to jointly evaluate safety, privacy, fairness, cybersecurity, and ethical considerations before technologies scale to full public deployment.

What Are Regulatory Sandboxes

A regulatory sandbox is a controlled, time-limited environment in which innovators can test new products, services, or technologies under relaxed regulatory conditions and the supervision of a regulatory authority. The purpose is twofold; Firstly, to allow innovators to experiment without the full burden of compliance, and secondly to allow regulators to observe new technologies in real world or quasi-real conditions before determining whether regulatory adjustment is necessary.^[3]

The basic features and operations of these sandboxes include;

1. Participants operate under a predefined testing plan specifying duration, scale, user groups, risk mitigation measures, and reporting requirements. This ensures risks remain contained.

2. Testing periods typically range from 3 to 18 months. The time limit prevents indefinite regulatory relief and ensures periodic reassessment.

3. Applications are evaluated based on novelty, potential consumer benefit, readiness for testing, and the necessity of regulatory flexibility.

4. Regulators maintain continuous supervision, often requiring periodic reporting on system performance, risks, incidents, and user feedback.

5. Upon completion, participants either exit into the market under standard regulation, scale up with modified regulatory conditions or discontinue the product if risks or performance gaps prove unacceptable.^[4]

In this sense, regulatory sandboxes operate as “regulatory laboratories,” enabling empirical evidence gathering that informs risk assessment, regulatory strategy, and policy design.

Sandboxes In Foreign Jurisdiction

The regulatory sandbox model first gained prominence in 2015, when the United Kingdom’s Financial Conduct Authority (FCA) launched the world’s first formal fintech sandbox.^[5] The initiative was motivated by a dual need which are supporting the rapidly growing fintech sector and addressing uncertainty about how existing rules applied to new digital financial products.^[6] The success of the FCA model often measured through increased market entry, improved consumer protections, and iterative regulatory learning led to global adoption across jurisdictions such as Singapore, Australia, Canada, and the European Union.

Singapore’s Monetary Authority of Singapore (MAS) operates one of the most advanced and widely recognized regulatory sandboxes. Having 3 categories of regulatory sandboxes which are Sandbox, Sandbox Express and Sandbox plus.^[7]

Australia’s regulatory sandbox, managed by ASIC, is designed to allow firms and persons to experiment their fintech innovations without needing to comply with the full legal framework being applied to traditional banks. The purpose is to facilitate financial services testing without first going through the processes of acquiring Australian financial services (AFS) licence or Australian credit licence (credit licence). The Australian Enhanced Regulatory Sandbox allows testing for up to 24 months unlike the UK that allows just for 6 months. Airwallex, a global payment solutions provider, utilized the sandbox to test cross-border payment systems for small businesses.^[8]

The European Union has also adopted a distributed sandbox strategyacross sectors including financial services, data governance, cybersecurity, sustainable energy, and artificial intelligence (e.g., under the EU AI Act’s provision for AI sandboxes).^[9]

The early fintech sandboxes provided a blueprint that emphasized risk containment through participant caps and predefined testing scopes, supervisory engagement through continuous dialogue between innovators and regulators, data-driven decision-making using performance metrics, consumer feedback, and risk indicators and iterative rule adaptation, sometimes leading to new guidance or regulatory reforms.^[10]

Several African countries including Nigeria, Kenya, Rwanda, and South Africa have adopted fintech sandboxes to support financial inclusion and digital transformation.

Regulatory Sandboxes in Nigeria

The framework for regulatory sandboxes in Nigeria is still evolving and currently limited to sandboxes for financial technology which was published in January 2021. This framework was established by the Central Bank of Nigeria and startups were invited on 12 December 2022 to apply and be part of it. The sandbox was launched and operated in partnership with Emtech, a company that provides central bank infrastructures.^[11] The CBN’s Sandbox framework is a 15-page document that aims to foster innovation, promote financial inclusion, and ensure consumer protection by providing a platform for engagement with fintech companies in the payments sector. This framework establishes the requirements, eligibility criteria, and advantages of the CBN’s sandbox, as well as its potential implications for Nigeria’s fintech ecosystem^[12]. The sandbox is meant for both new startups and existing entities that are already operating with CBN’s license. Unlike sandboxes of other countries, the CBN’s Sandbox framework allows companies/startups to nominate how much time they will need to test their innovation in the sandbox, but the limit is 5 years maximum.^[13]

The framework provides for mode of application, which is by sending a mail to the CBN through a designated mail address- Sandbox@cbn.gov.ng. The mail is to carry a cover letter which must be signed by designated individuals of the applying entities. Also, the requirement listed in article 2.1 of the framework must be contained in the mail. A successful candidate will be contacted within 45 days after the closure of an application window and a Letter of Approval will be issued.^[14]

Article 3.0 of The CBN framework for operational requirements of the Sandbox listed 4 stages of in the sandbox program namely; Entrance/Filing Stage, Reporting Stage, Exit Stage and Evaluation/Approval stage.

This framework allows for the controlled, live testing of innovative financial products and services under the regulator’s supervision. With the aim of balancing innovation with financial stability and consumer protection. CBN provides close supervision and guidance, allowing regulators to pre-emptively identify risks through real-time data analytics and scenario-based testing.

Regulatory Sandboxes for Emerging Technology Risk Assessment

While regulatory sandboxes are commonly described as mechanisms for supporting innovation, their most underappreciated contribution is their capacity to identify, evaluate, and mitigate emerging technology risks. Because new technologies often exhibit unpredictable behaviors especially in real-world settings sandboxes create structured environments where potential harms can be observed early and addressed iteratively. Regulatory sandboxes also foster collaboration among regulators, businesses, and other stakeholders, creating better regulations that balance the needs of all parties. Furthermore, allowing regulators and those regulated to learn from each other promotes trust and increases technology adoption.^[15] Regulatory sandboxes function as risk-assessment infrastructures and the techniques and instrumental to the underlisted;^[16]

Identifying Unknown and Early-Stage Risks: Sandboxes help uncover these risks by enabling real-world user interactions, live system performance under varying conditions, exposure to diverse environmental inputs, and stressors that cannot be replicated in laboratory settings.

Mapping Emerging Technology Risk: Typologies such as Safety risks, Cybersecurity risks, Privacy and data governance risks, Algorithmic risks, Systemic risks, Ethical and societal risks. By observing these risks in controlled deployments, regulators gain actionable insights into appropriate legal, technical, and procedural safeguards.^[17]

Feedback Loops and Iterative Rulemaking: This leads to revised interpretation of existing rules, new sector-specific guidelines, updates to technical standards, creation of certification pathways, and evidence-based legislative reforms.

Balancing Innovation and Precaution: The innovation principle supports experimentation and rapid development while the precautionary principle emphasizes risk avoidance in the face of uncertainty.

Transitioning From Sandbox Testing to Full-Scale Deployment: This involves evaluation of risk-mitigation performance, incident history, compliance with ethical and technical benchmarks, scalability assessments, and readiness for long-term monitoring.

Conclusion

Regulatory sandboxes have emerged as a pivotal governance innovation for navigating the complex and uncertain landscape of emerging technologies. By offering controlled environments for experimentation, sandboxes enable regulators and innovators to collaboratively identify risks, test safeguards, and refine regulatory approaches before technologies reach full-scale deployment. This approach is particularly valuable in fast-evolving domains such as artificial intelligence, financial technologies, autonomous mobility, blockchain systems, and digital health areas where traditional regulatory frameworks often struggle to adapt.^[18]

Sandboxes serve not only as tools for promoting innovation but also as essential infrastructures for risk assessment, regulatory learning, and evidence-based policymaking. Their value lies in uncovering early-stage risks, enabling scenario-based and adversarial testing, and facilitating real-time feedback loops that inform adaptive regulation. At the same time, sandboxes are not without limitations. Challenges including regulatory capture, unequal access, data privacy concerns, and premature scaling underscore the need for strong governance and capacity-building measures. Moving forward, regulators must adopt governance principles grounded in transparency, accountability, multi-stakeholder participation, and rights protection. Ultimately, sandboxes represent more than a regulatory trend they are core components of a broader shift toward experimentalist governance, where evidence, iteration, and real-world testing stand at the center of policymaking. When designed and implemented effectively, they hold tremendous potential to safeguard public interests while enabling responsible innovation in an increasingly digital and interconnected world.