Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Law and the Emerging Political Economy of Algorithmic Audits

Petros Terzis, Michael Veale, Noëlle Gaumann

TL;DR

The paper addresses how regulatory regimes like the UK Online Safety Act and the EU Digital Services Act are crystallising algorithmic auditing into formal, legally mandated practices. It surveys the provisions, industry responses, and the emerging political economy surrounding external audits, including the roles of vetted researchers, trusted flaggers, and external auditing bodies under the DRPA. The authors highlight tensions around independence, benchmark definitions, and the risk that market forces—especially the Big 4 audit firms—could ossify auditing standards and dilute sociotechnical scrutiny. They also offer practical foundations for improvement, emphasizing transparency, confidentiality, and clearer timeframes, with the aim of enabling accountability without stifling innovation. Overall, the work provides a crucial map of the regulatory landscape, potential futures, and actionable considerations for policymakers, auditors, and researchers to ensure audits meaningfully address societal impact while remaining feasible.

Abstract

For almost a decade now, scholarship in and beyond the ACM FAccT community has been focusing on novel and innovative ways and methodologies to audit the functioning of algorithmic systems. Over the years, this research idea and technical project has matured enough to become a regulatory mandate. Today, the Digital Services Act (DSA) and the Online Safety Act (OSA) have established the framework within which technology corporations and (traditional) auditors will develop the `practice' of algorithmic auditing thereby presaging how this `ecosystem' will develop. In this paper, we systematically review the auditing provisions in the DSA and the OSA in light of observations from the emerging industry of algorithmic auditing. Who is likely to occupy this space? What are some political and ethical tensions that are likely to arise? How are the mandates of `independent auditing' or `the evaluation of the societal context of an algorithmic function' likely to play out in practice? By shaping the picture of the emerging political economy of algorithmic auditing, we draw attention to strategies and cultures of traditional auditors that risk eroding important regulatory pillars of the DSA and the OSA. Importantly, we warn that ambitious research ideas and technical projects of/for algorithmic auditing may end up crashed by the standardising grip of traditional auditors and/or diluted within a complex web of (sub-)contractual arrangements, diverse portfolios, and tight timelines.

Law and the Emerging Political Economy of Algorithmic Audits

TL;DR

The paper addresses how regulatory regimes like the UK Online Safety Act and the EU Digital Services Act are crystallising algorithmic auditing into formal, legally mandated practices. It surveys the provisions, industry responses, and the emerging political economy surrounding external audits, including the roles of vetted researchers, trusted flaggers, and external auditing bodies under the DRPA. The authors highlight tensions around independence, benchmark definitions, and the risk that market forces—especially the Big 4 audit firms—could ossify auditing standards and dilute sociotechnical scrutiny. They also offer practical foundations for improvement, emphasizing transparency, confidentiality, and clearer timeframes, with the aim of enabling accountability without stifling innovation. Overall, the work provides a crucial map of the regulatory landscape, potential futures, and actionable considerations for policymakers, auditors, and researchers to ensure audits meaningfully address societal impact while remaining feasible.

Abstract

For almost a decade now, scholarship in and beyond the ACM FAccT community has been focusing on novel and innovative ways and methodologies to audit the functioning of algorithmic systems. Over the years, this research idea and technical project has matured enough to become a regulatory mandate. Today, the Digital Services Act (DSA) and the Online Safety Act (OSA) have established the framework within which technology corporations and (traditional) auditors will develop the `practice' of algorithmic auditing thereby presaging how this `ecosystem' will develop. In this paper, we systematically review the auditing provisions in the DSA and the OSA in light of observations from the emerging industry of algorithmic auditing. Who is likely to occupy this space? What are some political and ethical tensions that are likely to arise? How are the mandates of `independent auditing' or `the evaluation of the societal context of an algorithmic function' likely to play out in practice? By shaping the picture of the emerging political economy of algorithmic auditing, we draw attention to strategies and cultures of traditional auditors that risk eroding important regulatory pillars of the DSA and the OSA. Importantly, we warn that ambitious research ideas and technical projects of/for algorithmic auditing may end up crashed by the standardising grip of traditional auditors and/or diluted within a complex web of (sub-)contractual arrangements, diverse portfolios, and tight timelines.
Paper Structure (27 sections)

This paper contains 27 sections.

Table of Contents

  1. Introduction
  2. Comparative Analysis of the Online Safety Act and the Digital Services Act
  3. Overview
  4. Legislative Background: Online Safety Act
  5. Legislative Background: Digital Services Act
  6. Internal audits
  7. Novel audit-like actors
  8. External auditors
  9. Potential Trajectories
  10. Convergence with traditional auditing
  11. Hybrid practices and hybrid, but separate, cultures
  12. New forms, cultures, and actors of/for auditing
  13. Elements of the Emerging Political Economy of Algorithmic Auditing
  14. Independence is complex
  15. Unclear OSA Independence
  16. ...and 12 more sections