A number of countries have adopted policies that seek to mandate the sharing of source code or algorithms (typically from foreign firms) who enter into certain sectors.
Motivations for national policy
Such rules are positioned as security or regulatory mechanisms. As certain sectors become increasingly automated, ensuring that critical systems are secure and their operations are inline with regulation is important.
In recent years such issues have become crucial as code and algorithms are shaping our everyday activities. The need to open up the “black box” is becoming important for regulators.
In the context of digital infrastructure, for example, ensuring that foreign vendors are securing their devices and not enabling backdoors has become a much discussed national security issue. Audits of source code are an important aspect of cyber-security. In areas such as vehicle emissions and health, regulators may also require reviews of how algorithms are operating to ensure regulations are being met.
Besides from regulatory demands, source code and algorithm mandates might act as a form of forced technology transfer. Reverse engineering has long been a key tool used by emerging nations to transfer technology, and source code requirements can accelerate this process. An example of a forced technology transfer rule that attracted suspicion was the draft Chinese finance regulations. This stated that foreign companies that sell computer equipment into the sector would be transfer their source codes.
Implementation in trade rules
For firms, such conditions can have major economic implications. Many companies will consider access to their source code or algorithms as a red line, with the potential risk of losing intellectual property.
Source code rules in trade agreements seek to prevent forced technology transfer conditions. Rules such as the TPP included only requirements on source code, but this has been enlarged to include algorithms in recent agreements such as the USMCA (as algorithms become more relevant to operation of products and services).
Given important public policy motivations, as outlined above, for disclosing source code and algorithms, trade agreements have often included a number of exclusions and clarifications.
Ensuring that open source is not inadvertently impacted by these trade rules is one essential clarification. Exceptions around public policy and security might also be mentioned which can reduce risks of such rules impacting on regulation.
There are however serious questions about whether such exceptions are sufficient. For example, in countries with large public sectors, algorithms need to be understood by managers as part of procurement. But when public sectors are increasingly outsourced to consultants and private contractors, questions of coverage and exceptions may not be enough.