In addition to security and interoperability standards, standardisation could make it possible to incorporate a certain number of ethical and even legal principles directly into the technology, i.e. by design (at the infrastructure layer and protocol level, for example). Renaissance Numérique has been advocating this idea for several years now, and initially put it forward in its "Facial Recognition: Embodying European Values" report in 2020. As far as metaverses are concerned, we could envisage, in addition to technical standards (relating to interoperability and security, for example), standards such as compliance with the European Union's Charter of Fundamental Rights, the GDPR, or any other relevant legislation. However, such a paradigm shift is not easy to achieve. It requires the technical operationalisation of legal concepts, but also the need to make non-compliance with standards detrimental to metaverse operators. The operationalisation of certain concepts and auditability must therefore be considered.

Auditability is the raison d'être of any standardisation system. If the standards are not auditable, there is no way of checking that they are being complied with. Establishing these standards must therefore make it possible to draw up a certification reference system [[[A "technical document defining the characteristics that an industrial product or service must have, and the procedures for checking conformity with these characteristics". See: Ministère de l’Économie, des Finances et de l’Industrie (2004): «La certification en 7 questions des produits industriels et des services», p. 4.: https://evaluation.cstb.fr/doc/certification/certification-en-7-questions.pdf"]]] that includes the list of requirements to be audited, clearly translating the norms established by consensus through a standardisation body. Once the reference system has been established, i.e. once the legal principles and technical aspects have been translated into practical requirements, inspection bodies can audit a system with a view to certifying it.

In this respect, the example of the Transparency & Consent Framework (TCF) is worth exploring. In just three months, the industry has put in place a standard applicable to the online advertising ecosystem, enabling the management of billions of people's identities every day. For the time being, however, most metaverse standardisation initiatives seem to focus on technical standards. Of the ten working groups set up by the Metaverse Standards Forum, which brings together most of the players in the ecosystem, nine focus on technical interoperability issues. The last, however, is dedicated to issues of privacy, cybersecurity, and identity. For its part, the French Association for Standardisation (Afnor) commissioned a standardisation committee on the Metaverse. This also focuses primarily on interoperability issues.

Policy prototyping is another way of changing the way we govern the internet and new technologies. "Policy Prototyping is the art of testing and experimenting with policy ideas to ultimately provide evidence-based input that can improve existing governance frameworks and/or inform lawmaking processes” (source : Open Loop). However, these processes are extremely costly and require infrastructure and a degree of both technical and legal expertise. In practice, these processes are still under-explored by regulators, legislators, and public players in general, who lack resources.

However, some initiatives have seen the light of day, such as in Finland in the field of minimum social benefits, or more recently as part of the international Open Loop project, on specific subjects linked to emerging technologies. Bringing together regulators, institutions, elected representatives, SMEs, academics, civil society, and major companies, Open Loop aims to facilitate the operationalisation of the economic players' responsibilities. In June 2023, this programme published the results of an analysis on the applicability of certain measures in the AI Act. Renaissance Numérique encourages the development of such experimental multi-stakeholder processes, in order to analyse the relevance of the existing legal framework regarding the Metaverse, and to put forward recommendations relating to the technical operationalisation of concepts such as respect for privacy, protection of personal data, or the fight against cyberbullying, in immersive worlds. In this sense, policy prototyping could be one way of addressing the lack of applicability of the existing legal framework that is currently being developed.

Regulatory sandboxes are a way of experimenting with regulations while facilitating innovation in the digital sector. Supervised by the regulatory authorities, they enable, according to Arcep’s definition, "[economic] players to test their innovative technology or service without necessarily having to comply with the entire regulatory framework that would normally apply", for a set period of time and within a restricted framework. In France, for example, the CNIL (the data protection authority) recently launched a sandbox dedicated to projects using artificial intelligence for the benefit of public services. In addition to the relative flexibility they allow for experimentation, sandboxes also give regulators the opportunity to build up their skills through discussions with key stakeholders on subjects that are often complex and where legal expertise alone is not enough.

However, like policy prototyping programmes, setting up regulatory sandboxes requires significant financial and human resources. For the time being, most European regulators seem to lack the financial and human resources to deploy them.

Ultimately, this more agile approach to regulation should enable more effective governance of tomorrow's internet to emerge, whether or not it evolves in the form of the Metaverse.

The key concept here, which is apparent in standardisation initiatives, policy prototyping and sandbox experimentation, is the multi-stakeholder aspect. Rather than top-down regulation that is often inconsistent and difficult to apply, the idea is to bring together metaverse operators, terminal suppliers, users, the relevant regulatory authorities, legislators, the world of research and civil society, in order to arrive at a holistic and structured approach to Metaverse governance. This is what Renaissance Numérique proposes, on its scale, for all of its work, and specifically for the Metaverse with the Metaverse Dialogues.

For his part, Thierry Breton, European Commissioner for the Internal Market, is calling for the launch, "similarly to the European Bauhaus", of “a creative and interdisciplinary movement, aiming to develop standards, increase interoperability, maximising impact with the help of IT experts, regulatory experts citizens' organisations and youth". With this in mind, between February and April 2023 the European Commission convened a "European citizens' panel on virtual worlds". Bringing together 140 citizens from the 27 Member States, the panel published 23 recommendations on the values and actions needed to create attractive and equitable European virtual worlds. These recommendations are intended to feed into the Commission's work on virtual worlds and tomorrow's internet.

The second key concept, which lies at the heart of the “third path” outlined here, is agility. Without wiping the slate clean of existing restrictive legal frameworks, which are necessary, the challenge is to simultaneously establish multi-stakeholder mechanisms that are as agile as possible, with feedback loops to adapt to technologies as they evolve. This aspect is all the more important with regard to the Metaverse, as the underlying technologies are not yet fully mature, and the uses to which they will be put, and therefore the business models that will be linked to them, remain largely undefined.

It is also highly likely that the responsibilities of the various players involved in the governance of the Metaverse will evolve. Nowadays, in the Web 2.0 era, we are faced with highly centralised systems. It is technically the online services providers, also known as "intermediaries", via their moderation and "Trust & Safety" [[["In the context of content moderation, Trust & Safety is a set of principles (usually developed, applied, and updated by the Trust & Safety team) aimed at regulating the behaviour of users of an online platform and preventing them from publishing content that would breach the platform's guidelines”. Source : WebHelp, «Trust & Safety : pourquoi est-ce essentiel et comment le mettre en œuvre correctement?»: https://webhelp.com/fr/news/trust-and-safety-pourquoi-est-ce-important-et-comment-le-mettre-en-oeuvre-correctement]]], policies, and via their Terms & Conditions, who decide, within the limits set by the law, what is acceptable or not on their platforms. However, the Metaverse is not destined to become a space controlled solely by a few dominant players. On the contrary, a multitude of metaverses and hence owners of immersive spaces should be able to emerge. In Horizon Worlds, for example, a third-party company could create its own space, in which it sets its own rules. As is the case in immersive worlds that have been in use for several decades now, such as Second Life, there would be several layers of responsibilities and rules: a technical layer, covering what the source code allows or does not allow in terms of actions; a layer managed by the operator of the metaverse; a layer managed by the owner of the specific world in that metaverse; and above all that, the law (see “A Metaverse-proof legal framework”).

The ambition of a multi-stakeholder, agile, holistic approach should be to move towards a more effective allocation of responsibilities across various layers, so that they can be implemented more effectively.

Renaissance Numérique encourages the next European Commission to embrace this approach and to facilitate the establishment of agile, multi-stakeholder governance mechanisms to organise the rights and duties of all stakeholders in tomorrow's internet.