DIGITALIZATION TASKFORCE - POLICY PAPER 2020 - B20 Saudi Arabia
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
DIGITALIZATION TASKFORCE POLICY PAPER 2020
DIGITALIZATION
CONTENTS
FOREWORD ............................................................................................................................................... 2
EXECUTIVE SUMMARY ........................................................................................................................... 4
INTRODUCTION ........................................................................................................................................ 7
Recommendation 1: Enable and Support Resilient Digital Infrastructure .......................... 8
Recommendation 2: Support the Healthy Development and Adoption of Artificial
Intelligence (AI) .......................................................................................................................................18
Recommendation 3: Lay the Foundations for Smart Cities .................................................... 29
Recommendation 4: Drive Digital Inclusion and Grow Digital Skills .................................. 37
ANNEXURE ...............................................................................................................................................47
Abbreviations............................................................................................................................... 47
Taskforce Engagements ..........................................................................................................49
Distribution of Members ..........................................................................................................49
Taskforce Members ................................................................................................................... 50
1| B 2 0 SAUDI ARABIA – POLICY PAPERDIGITALIZATION FOREWORD Eng. Nasser Sulaiman AlNasser Chair, Digitalization Taskforce Group CEO, stc ‘Transforming for Inclusive Growth’ is the motto of the B20 during the 2020 G20 Presidency. Digitalization offers the potential for this transformation. Digitalization affects every aspect of our lives. It pushes the boundaries of human ability. It can improve production, services, and trade; and help address a wide range of challenges spanning several areas such as healthcare, agriculture, transport, education, climate change, and public governance. However, we have to ensure that benefits of digitalization can be enjoyed by all members of society. Three aspects have to be considered: (i) Access and usage as the digital divide spans multiple dimensions – age, income, gender, and geography; (ii) Enablement as the speed of digital transformation is much faster than earlier technological revolutions, and therefore action is required to prepare everyone for a digital future; and (iii) Multistakeholder-based governance because regulatory frameworks for digital technology and digital interaction are necessary to ensure positive inclusivity. The full potential of digitalization can only be unlocked by the joint efforts of governments and businesses in mitigating some of its inherent challenges. First, in light of the recent COVID-19 crisis, it is now more essential than ever for the G20 to boost investments in digital infrastructure, and to facilitate affordable digital access for all. At the same time, we need to be aware that a more connected world will increase cyberthreats. We need to agree on minimum common international cybersecurity standards, empower individuals and businesses through education, training, and awareness campaigns to prevent, detect, and respond to cyberrisks. Second, decision-makers should optimize Artificial Intelligence (AI) technology and its applications to ensure that its benefits can be enjoyed not merely by a few but by all members of our society. Governments should lead the way by incorporating AI into their services and by emphasizing the role of educational institutions in the delivery of AI courses and programmes. On this journey, the G20 needs to promote the harmonization of national action plans, and the utilization of regulatory sandboxes to facilitate AI advancement in a responsible manner. At the same time, the G20 should stand to mitigate the risk of unfairness in AI outcomes by fostering international initiatives for inclusive AI, and by ensuring data diversity is respected and biases are removed. Third, the G20 should promote the implementation of smart cities, as they offer significant potential for addressing citizens’ challenges such as resource scarcity, supply chain sensitivity, and congestion by leveraging digitization and citizen-centric innovation. The G20 Members should stimulate multistakeholder cooperation to enable the sharing 2| B20 SAUDI ARABIA – POLICY PAPER
DIGITALIZATION of data, expertise, best practice, and a joint infrastructure within clearly defined guidelines. They also need to facilitate the rollout of smart city elements by encouraging collaboration among municipalities at lower levels (example, smart roads, smart buildings, and smart towns) while supporting a global platform to build transparency on investments and infrastructure financing options. Lastly, to increase the social acceptance of smart city technology, the G20 should support public campaigns and engagement initiatives to inform citizens and enable them to contribute to the development of their cities. Lastly, the G20 should tackle the digital skills divide that exacerbates inequalities between countries, locations, gender, socioeconomic status, and age. The G20 should minimize this gap in digital skills by reforming education to build the skills and capabilities of individuals to succeed in the digital world, and by advancing digital learning methods to provide broader access to education. This will not only ensure opportunities can be grasped by all but could also help bridge the gap between job market needs and educational offers, especially when supported by promoting women’s participation in the digital market by offering empowerment programmes and reducing barriers. The G20 needs to address these challenges to boost digital infrastructure while reducing cyberrisks, to expand AI benefits to all, to contribute to the rise of smart cities, and to support the growth of digital skills and equality. If it does, the G20 will go a long way to reaching its goal of empowering people, safeguarding our planet, and shaping new frontiers. I thank the Digitalization Taskforce members and the Knowledge Partner for their excellent contribution to this policy paper. 3| B 20 SAUDI ARAB IA – POLICY PAPER
DIGITALIZATION
EXECUTIVE SUMMARY
Digitalization affects every aspect of our lives. It pushes the boundaries of human ability. It
can improve production, services, and trade; and help address a wide range of challenges
spanning several areas such as healthcare, agriculture, transport, education, climate
change, and public governance. The crisis brought about by the COVID-19 pandemic has
highlighted the paramount importance of ensuring that all the benefits of digitalization
can be enjoyed by all members of the society. Now more than ever, it is imperative to
promote utilization of and access to the Internet, enable digital transformation by
preparing everyone for a digital future, and secure innovation and investment while
protecting data privacy and security. 1
Overview: Policy Actions Needed to Address these Issues
The G20 should enable and support resilient digital
infrastructure (IoT, 5G) by fostering the cybersecurity readiness
Recommendation 1 of individuals, MSMEs, large businesses, and public institutions;
and by promoting investment in human capital in the field of
cybersecurity.
The G20 should enable and support resilient digital infrastructure
by laying the regulatory foundations, boosting investment to
Policy Action 1.1 reduce connectivity gaps, ensuring robust global value chains for
technology, and incentivizing affordable digital access via services,
networks, and devices.
The G20 Members should develop robust, resilient, and joint cyber
strategies against cyberattacks for individuals, MSMEs, businesses,
and governments by adopting principles that foster an ecosystem
Policy Action 1.2 of trust, promoting recommended minimum common
international cybersecurity standards in collaboration with
industry best practices; and providing incentives for businesses
demonstrating cybersecurity readiness.
The G20 Members should promote investment in cybersecurity
human capital and in the protection of communities from
cyberthreats by recognizing the importance of national, regional,
Policy Action 1.3
and global educational platforms, supporting information and
communication campaigns, and supporting a best-of-breed
training curriculum for cybersecurity professionals.
The G20 should support the healthy development and
adoption of AI wherever possible by creating a favourable and
Recommendation 2 trust-inducing regulatory environment; educating businesses,
government, and society on the technology; and advancing AI
benefits for all.
Policy Action 2.1
The G20 should create a favourable and trust-inducing regulatory
environment for the usage of AI and data by harmonizing national
action plans; facilitating cross-border data flow while respecting
†
All amounts expressed in U.S. dollars unless otherwise noted.
4| B 2 0 SAUDI ARABIA – POLICY PAPERDIGITALIZATION
Overview: Policy Actions Needed to Address these Issues
and promoting applicable legal frameworks on data privacy and
security; and supporting regulatory sandboxes for AI applications.
The G20 Members should advance AI benefits for all by
supporting public information campaigns, promoting AI use cases
Policy Action 2.2 in the public sector; encouraging educational courses and
programmes on AI; and fostering international initiatives for
inclusive artificial intelligence.
The G20 should lay the foundations for smart cities to thrive,
Recommendation 3 by supporting the building blocks for and fostering greater
social acceptance of smart cities globally.
To support the key building blocks of smart cities, the G20
Members should support the definition and communication of
what smart cities represent, work towards standard technical
Policy Action 3.1
requirements, and facilitate cross-border data flow while
respecting and promoting applicable legal frameworks on data
privacy and security.
The G20 should work towards increasing the social acceptance of
smart cities by supporting public communication campaigns,
structured participatory processes, and bottom-up initiatives,
Policy Action 3.2
promoting the use of data to meet the population’s need for
smart solutions, and fostering the application of smart city
technology in all relevant fields.
The G20 Members should support municipalities in rolling out
smart city elements by encouraging cooperation on a smaller
scale, supporting a national and global information and
Policy Action 3.3
engagement platform for municipalities, and engaging in private
and public partnerships to facilitate the development of smart
cities.
The G20 should drive digital inclusion and grow digital skills by
overcoming the digital skills divide, supporting and advancing
Recommendation 4
innovative methods for digital education, and providing more
digital job opportunities to women.
The G20 should overcome the digital skills divide by supporting
high quality educational programmes for all, fostering access to
the most affordable technology for all, promoting partnerships to
Policy Action 4.1
create safe digital environments, and accelerating the digitization
of government services including licensing, permitting, tax
collection, and procurement.
The G20 Members should introduce and advance innovative
methods for digital education by reforming education systems to
offer future work skills, encourage credentials and dual
Policy Action 4.2
accreditations tailored to jobs, and develop national digital
education strategies to bridge the gap between job market
requirements and educational offers.
The G20 should promote more digital job opportunities for
Policy Action 4.3
women by increasing awareness of how to reduce barriers, setting
5| B 20 SA UDI A RAB IA – POLICY PAPERDIGITALIZATION
Overview: Policy Actions Needed to Address these Issues
up dedicated initiatives with the private sectors, and establishing
empowerment programmes to foster women’s leadership,
knowledge, and skills in the digital sector.
6| B 20 SAUDI ARAB IA – POLICY PAPERDIGITALIZATION
INTRODUCTION
Digitalization affects every aspect of our lives. It pushes the boundaries of human ability. It
can improve production, services and trade and help address a wide range of challenges
spanning several areas such as healthcare, agriculture, transport, education, climate
change, and public governance. Over 60 percent of global GDP will be digitized by 2022.2
Digitalization also accelerates progress towards the attainment of the Sustainable
Development Goals (SDGs). 103 of the 169 SDG targets can be directly influenced by digital
technologies such as digital access, faster Internet, cloud services, the Internet of Things
(IoT), cognitive technologies, digital reality, and blockchain. 3
The crisis brought about by the COVID-19 pandemic has highlighted the paramount
importance of ensuring that all the benefits of digitalization can be enjoyed by all
members of the society. Three aspects have to be considered especially in light of the
most recent events:
(i) Access and usage: The vast majority of the 3.5 billion people who live within
reach of a mobile network do not use it. However, there are 600 million who still
have no access to the Internet and are therefore unable to directly reap the
digital dividends of online access.4 The digital divide spans multiple dimensions
– age, income, gender, and geography – and, as the Covid-19 crisis has
demonstrated, stable, free, and robust access to the Internet is essential;
(ii) (ii) Enablement: As the speed of digital transformation is much faster than
earlier technological revolutions, urgent action is required to prepare everyone
for a digital future; and
(iii) (iii) Multistakeholder-based governance: Regulatory frameworks are needed
to address concerns over data privacy and security while securing innovation
and investment.
2
WEF (2018), Digital Transformation Initiative
3
GeSI (2019), Global e-Sustainability Initiative
4
ITU (2019), Individuals using the Internet 2005-2019 (website last accessed April 2020)
7| B20 SAUDI ARABIA – POLICY PAPERDIGITALIZATION
Recommendation 1: Enable and Support Resilient Digital
Infrastructure
The G20 should enable and support resilient digital infrastructure (IoT, 5G) by fostering the
cybersecurity readiness of individuals, MSMEs, large businesses, and public institutions;
and by promoting investment in human capital in the field of cybersecurity.
Recommendation 1 contributes to the achievement of SDG 1. Specifically, it contributes
to achieving targets 1.1 and 1.2 by facilitating digital connectivity, which plays a crucial
role in increasing prosperity worldwide: Studies confirm the positive impact of greater
broadband penetration on GDP.5 Additionally, this recommendation contributes to the
achievement of target 1.4 by proposing investment that will reduce connectivity gaps
and incentivize affordable digital access which, in turn, will ensure access to basic
services and appropriate new technology.
This recommendation strongly contributes to the achievement of SDG 9, especially
targets 9.1 and 9.C, by developing a resilient digital infrastructure with an emphasis on
providing affordable and equal digital access for all. It also contributes to the
achievement of targets 9.4 and 9.5 by supporting the upgrading of technological
capabilities in almost all sectors and industries; and by ensuring the spread of digital
technologies to help promote sustainability, cultivate efficiency in resource utilization;
and encourage research and innovation.
Policy Actions
The G20 should enable and support resilient digital infrastructure
by laying the regulatory foundations, boosting investment to
reduce connectivity gaps, ensuring robust global value chains for
technology, and incentivizing affordable digital access via services,
networks, and devices.
The G20 Members should adopt high level principles for a
stable and predictable regulatory environment, building on
Policy Action 1.1 existing global principles, example, ISO/IEC 27000, to lay the
foundations for a global digital infrastructure and convert them
into national legislation.
The G20 should build on national and global action plans to
fully achieve the newly agreed Connect 2030 Agenda and SDGs
as well as to ensure that governments report periodically on
progress to the relevant international organizations, such as
the ITU.
5
ITU (2012), Impact of Broadband on the Economy
8| B 2 0 SAUDI ARABIA – POLICY PAPERDIGITALIZATION
The G20 Members should boost investment in digital
infrastructure, ensuring appropriate public and regulatory
policies to reduce the connectivity and access gaps between
individuals, organizations, and countries in order to ensure
affordable connectivity for all whilst supporting the build-out of
digital networks of robust capacity to handle demand surges
and meet the needs of society in times of greatest need.
The G20 Members should incentivize digital infrastructure
businesses to develop profitable business models and make
digital access more affordable through investment support;
example, tax reduction or tax reliefs to provide digital access for
all.
The G20 Members should develop robust, resilient, and joint cyber
strategies against cyberattacks for individuals, MSMEs, businesses,
and governments by adopting principles that foster an ecosystem
of trust, promoting the recommended minimum common
international cybersecurity standards in collaboration with industry
best practices, and providing incentives for businesses
demonstrating cybersecurity readiness.
The G20 should adopt principles that foster an ecosystem of
trust with identified stakeholders to strengthen cybersecurity
strategies and frameworks to prevent, detect; and respond to
cybersecurity incidents and learn from cyberattacks while
supporting CERT/CSIRT based upon best practices.
Policy Action 1.2 The G20 Members should promote the recommended
minimum common international cybersecurity standards, in
collaboration with industry best practices, by means of a risk-
based approach that includes built-in and by-design
cybersecurity controls, regular and affordable security
assurance testing of technologies, and penalties for not
addressing cybersecurity vulnerabilities; ensuring that those
standards are also implementable for micro, small, and
medium enterprises (MSMEs) to ensure cyber readiness 6.
The G20 Members should provide incentives such as fair and
non-discriminatory tax reliefs for businesses demonstrating
cybersecurity readiness.
The G20 Members should promote investment in cybersecurity
human capital and in the protection of communities from
cyberthreats by recognizing the importance of national, regional,
and global educational platforms; supporting information and
Policy Action 1.3
communication campaigns; and supporting a best-of-breed
training curriculum for cybersecurity professionals.
The G20 should recognize the importance of educational
resources based on best practices for all aspects of
6
For further details, refer to Security in the Digital Economy – Stocktake of Risk Management Practices to
Secure MSMEs in the Digital Economy (2020)
9| B 20 SAUDI ARAB IA – POLICY PAPERDIGITALIZATION
cybersecurity for citizens, businesses, and governments and
support those developments.
The G20 Members should support government information
and communication campaigns outlining the dangers of
cyberattacks and suggesting prevention measures, such as
those of the European Union Agency for Cybersecurity (ENISA)
or the OECD Global Forum on Digital Security for Prosperity.
The G20 should support the involvement of independent
national and international organizations in the certification of
online products and applications to secure the trust of both
consumers and businesses in digital products.
The G20 Members should support a best-of-breed training
curriculum for cybersecurity professionals as well as guidelines
for on-the-job training, and endorse the development of an
international information platform on cybersecurity degrees
and career options.
The G20 should increase awareness of cyber insurance
coverage, and promote a collective understanding of the
challenges and opportunities of cyber risk insurance.
Context
Digital connectivity plays a crucial role in increasing prosperity worldwide: Studies have
confirmed the positive impact of greater broadband penetration on GDP. A study by the
International Telecommunication Union (ITU) stated that for every 10 percent increase in
penetration, GDP grows from 0.25 percent to 1.38 percent.7 GDP growth affects other
macroeconomic factors such as small business growth and job creation. Likewise, there is
a positive relationship between digital technologies and quality of life. Problems in health,
education, basic financial services 8, government services, access to information and
knowledge, traffic, energy, agriculture, resource management, and disaster prevention
can all be helped by the application of digital technologies.9
The number of Internet users is rising constantly. The global digital population rose to
4.1 billion in 2019 from 2 billion in 2010.10 Global online penetration in 2019 was 57 percent,
with North America and Northern Europe both showing Internet penetration rates of 95
percent among their populations. (See Exhibit 1)
7
ITU (2012), Impact of Broadband on the Economy
8
For details on the benefits of giving access to financial services to the unserved and underserved, see B20
Finance and Infrastructure Taskforce Policy Paper (2020), Policy Recommendation 3
9
WEF (2016), Internet for All: A Framework for Accelerating Internet Access and Adoption
10
ITU (2019), Individuals Using the Internet, 2005-2019 (website last accessed April 2020)
10 | B 2 0 SAUDI ARABIA – POLICY PAPERDIGITALIZATION
EXHIBIT 1
Internet Penetration by Region
Internet users to total population, 2019
100%
50%
0%
Americ Africa Europe Asia Oceania
a
Source: ITU, World Bank
The number of cyberthreats grows as the number of digital users increases, and this trend
has become much more significant in light of the COVID-19 pandemic. Governments,
businesses, and citizens are increasingly affected by data breaches, identity theft, and the
disruption of operations and critical infrastructure. Over the past three years, the WEF
Global Risk Report survey identified that cyberattacks and data fraud are perceived to be
one of the top five risks, with 82 percent of respondents expecting the number of
cyberattacks to rise.11 Studies also suggest that cybercrime is costing the world ever more:
$6 trillion annually by 2021, up from $3 trillion in 2015.12 Data breaches are ever larger for
businesses (example, the Yahoo hack affected 3 billion records)13 and public institutions
(example, the Pentagon hack affected 1.8 billion records), with these numbers potentially
underestimating the issue as a large number of cyberattacks remain unidentified or are
not reported. Cyberattacks are also becoming more frequent and complex (example,
WannaCry affected 230,000 computers).14 (See Exhibit 2)
11
WEF (2019), Global Risk Report
12
Cybersecurity Ventures (2019). 2019 Official Annual Cybercrime Report
13
DataLossDB.org and BCG analysis
14
Panda security (2017), PandaLabs Report
11 | B 2 0 SAUDI ARABIA – POLICY PAPERDIGITALIZATION
EXHIBIT 2
Overview of Cyberattacks, 2010-2018
2010 2011 2012 2013 2014 2015 2016 2017 2018
Source: BCG analysis (2019)
Business and government should thus focus on three areas of policy: (i) Enabling and
supporting resilient digital infrastructure; (ii) Developing robust, resilient, and joint cyber
strategies against cyberattacks; and (iii) Expanding awareness of good cyber practice and
hygiene.
Policy Action 1.1
The G20 should enable and support resilient digital infrastructure by laying the
regulatory foundations, boosting investment to reduce connectivity gaps, ensuring
robust global value chains for technology, and incentivizing affordable digital access
via services, networks, and devices.
The increased use of outsourcing, cloud services, and shared services; the increasing
digitization of organizations and value creation; and the many emerging technologies
such as Smart Health and Autonomous Driving put additional strain on the existing
digital infrastructure. For the purpose of this paper, when referring to infrastructure, we
are talking about building out 5G networks and supporting infrastructure for the
deployment of IoT.
Cost-efficient delivery of continuous, high-speed connectivity by telecommunication
providers will be crucial in order to beneficially spread these technologies across society
and overcome the digital divide. As massive investments are needed to enable the new
digital infrastructure; example, for 5G rollout, businesses and investors require not only
stable, streamlined, and predictable regulatory environments but also a framework that
facilitates these substantial investments in fixed and mobile networks. Mobile network
operators are forecasted to spend $1.1 trillion on CAPEX between 2020 and 2025
(excluding spectrum fees). Of this, over 80 percent will be spent directly on the
12 | B 2 0 S A U D I A R A B I A – POLICY PAPERDIGITALIZATION infrastructure required for 5G.15 The G20 Members should lay the foundations for a global digital infrastructure by building on existing global principles; example, ISO/IEC 27000, and aim to convert requirements into national legislation while boosting appropriate funding and developing the investment framework to accelerate the digital transformation of the economy. Since 2015, the G20 Members have made several commitments to support the development of ICTs. In 2015 G20 Presidency, they acknowledged “threats to the security of and in the use of ICTs, risk undermining our collective ability to use the Internet to bolster economic growth and development around the world” and expressed their commitment to “bridge the digital divide” and “promote security, stability, and economic ties with other nations”.16 In 2016 G20 Presidency, the G20 Members declared that, in order “to achieve innovation- driven growth and the creation of innovative ecosystems, [they would] support dialogue and cooperation on innovation, which covers a wide range of domains with science and technology innovation at its core”.17 18 out of 20 countries have fully complied with this commitment.18 A year later in 2017 G20 Presidency, they discussed the need to “ensure all our citizens are digitally connected by 2025 and especially welcome digital infrastructure development in low-income countries and foster favourable conditions for the development of the digital economy”. 19 18 out of 20 countries have fully complied with the latter commitment.20 In 2018 G20 Presidency, they agreed “to maximize the benefits of digitalization and emerging technologies for innovative growth and productivity, promote measures to boost MSMEs and entrepreneurs, bridge the digital gender divide and further digital inclusion, support consumer protection, and improve digital government, digital infrastructure and measurement of the digital economy”.21 17 out of 20 countries have fully complied with this commitment.22 As a significant number of the targets laid down in the ITU Connect 2020 Agenda have been achieved (see Exhibit 3), governments and businesses now need to focus on building national, regional, and global action to achieve the Connect 2030 Agenda for Global Telecommunication/ICT Development and harness the potential of digital infrastructure to contribute towards the SDGs. It hss to be ensured that digitalization does not simply replace traditional businesses, in particular MSMEs, which play an important role in servicing the unconnected. Rather, digitalization should create multiple avenues for growth, including traditional businesses adopting digital tools to become more efficient. The following are common hurdles to digital infrastructure investment experienced by all businesses, especially MSMEs: High capital costs, susceptibility to changes in market 15 GSMA (2020), 5G Moves from Hype to Reality – but 4G Still King 16 G20 Leaders’ Declaration (16 November 2015), Antalya, Turkey 17 G20 Leaders’ Declaration (5 September 2016, ), Hangzhou, China 18 G20 Hangzhou Summit 2016, Final Compliance Report (2017) 19 G20 Leaders’ Declaration (8 July 2017), Hamburg, Germany 20 G20 Hamburg Summit 2017, Final Compliance Report (2018) 21 G20 Leaders’ Declaration (1 December 2018), Buenos Aires, Argentina 22 G20 Buenos Aires Summit 2018, Final Compliance Report (2019) 13 | B 2 0 S A U D I A R A B I A – POLICY PAPER
DIGITALIZATION
conditions, uncertain regulatory environments, negative or low rates of return in rural and
remote areas, and a lack of accurate data for making informed investment decisions. 23
EXHIBIT 3
Progress of Connect 2020 Agenda Goals (Selected Targets), 2020
Target Achievement
Worldwide, 55 percent of households Percentage of connected households has
should have access to the Internet by risen from 53.1 percent last year to 54.8
2020. percent.
4.57 billion people were active Internet
Worldwide, 60 percent of individuals
users as of April 2020, corresponding to
should be using the Internet by 2020.
59 percent of the global population.
In 2019, it is estimated that 86.9 percent
In the developing world, 50 percent of of people living in developed countries
individuals should be using the Internet used the Internet compared with 47
by 2020. percent of individuals living in developing
countries.
Source: UNESCO (website last accessed May 2020), WEF (2020) The gender gap in Internet access: using a
women-centred method, Statista
The G20 Members could help address some of these concerns by: (i) Boosting investment
in digital infrastructure thereby ensuring appropriate public and regulatory policies to
reduce connectivity and access gaps between individuals, organizations, and countries
while supporting the build-out of digital networks of robust capacity to handle demand
surges and meet the needs of society in times of greatest need; and (ii) Reducing the cost
of deployment of new networks and incentivizing digital infrastructure businesses to
develop profitable business models and make digital access more affordable through
investment support; example, tax reduction or reliefs, to provide global digital access for
all. 24
Policy Action 1.2
The G20 Members should develop robust, resilient, and joint cyber strategies against
cyberattacks for individuals, MSMEs, businesses, and governments by adopting
principles that foster an ecosystem of trust, promoting the recommended minimum
common international cybersecurity standards in collaboration with industry best
practices, and providing incentives for businesses demonstrating cybersecurity
readiness.
In 2019 G20 Presidency, the G20 Leaders declared their commitment to “step up efforts to
enhance cyber resilience”.25 This topic will attract further attention in the coming years
because cyberattacks are constantly changing. The object of attack is evolving: while
information theft is the most expensive and fastest rising cybercrime, attacks on
23
OECD (2017), Key Issues for Digital Transformation in the G20
24
For details on how policy-makers can create an international policy environment conducive to strengthening
e-commerce, see B20 Trade and Investment Policy Paper, Policy Action 2.1. and on how they can foster
cooperation and best-practice sharing on cross-cutting issues regarding e-commerce, especially for MSMEs, see
B20 Trade and Investment Policy Paper, Policy Action 2.2
25
G20 Leaders’ Declaration (29 June 2019), Osaka, Japan
14 | B 2 0 SAUDI ARABIA – POLICY PAPERDIGITALIZATION industrial control systems are also on the rise. The consequences of the attacks differ: not only is data being copied, it is also being destroyed and changed. In addition, cyberattack techniques vary; cybercriminals target human behaviour, commercial businesses, and nation-states.26 Business should ensure their cybersecurity strategies are sufficient and up to date. Stakeholders will demand adherence to a set of criteria; example, transparency, strong ethical practices, and a proven track record of adherence to cybersecurity principles that proves the trustworthiness of business environments. These criteria should be developed by national ecosystems fostering collaboration amongst governments, businesses, universities, and research centres to gain a clear understanding of the criteria. Principles that foster an ecosystem of trust with stakeholders are required to address these threats at a single point and unify knowledge on the prevention, management, and deduction of lessons learned from all invested stakeholders; example, governments, businesses, and universities/research centres.27 However, caution must be exercised so that the strategies, frameworks, and policies created do not tie businesses down with compliance and control obligations, but rather focus on harmonized and pragmatic implementation for digital products and solutions. Governments should increase the awareness of security threats amongst all businesses, especially MSMEs as they are typically less well equipped than larger firms with the institutional, managerial, and financial capacity needed to develop and implement appropriate digital risk management practices. The G20 Members can take action along two dimensions here. Firstly, by promoting the recommended minimum common international cybersecurity standards, in collaboration with industry best practices, by means of a risk-based approach that includes built-in and by-design cybersecurity controls, regular and affordable security assurance testing of technologies, and penalties for not addressing cybersecurity vulnerabilities. Secondly, through the provision of incentives such as fair and non-discriminatory tax reliefs for businesses demonstrating cybersecurity readiness. Lastly, increasing IT security spending will not be enough to face the cyberthreats as businesses require more cybersecurity professionals: A shortage of 3.5 million cybersecurity jobs is expected globally by 2021.28 26 Accenture (2019), Cost of Cybercrime 27 For details on how policy-makers can create standards that enhance trust and transparency in the financial technology sector, see B20 Finance and Infrastructure Taskforce Policy Paper (2020), Policy Action 3.2 28 Cybersecurity Ventures (2019), 2019 Official Annual Cybercrime Report 15 | B 2 0 S A U D I ARABIA – POLICY PAPER
DIGITALIZATION
EXHIBIT 4
Outcomes of the Global Cybersecurity Forum
The Global Cybersecurity Forum (GCF) announced two initiatives related to the
protection of children in cyberspace and enabling the role of women in cyber. The GCF
declaration discussed five main actions within the remit of cybersecurity:
i. Promote a thriving cybersecurity industry that fosters innovation and
investment to address evolving cybersecurity risks.
ii. Foster a capable cybersecurity workforce that can respond to the demands
of a technology-centric economy, emphasizing the importance of elevating
the role of Women in Cyber.
iii. Cultivate cyber aware communities, empower key stakeholders, cooperate,
and joint action to combat cybercrimes, focusing on means to raise Safe
Children in the Cyber World.
iv. Enhance global cybersecurity resilience to mitigate cybersecurity risks,
leveraging emerging technologies and public-private partnerships.
v. Advance inclusive cybersecurity capacity building at a global level via
international collaboration, focusing on emerging economies.
Source: Global Cybersecurity Forum Declaration (website last accessed March 2020)
Policy Action 1.3
The G20 Members should promote investment in cybersecurity human capital and in
the protection of communities from cyberthreats by recognizing the importance of
national, regional, and global educational platforms; supporting information and
communication campaigns; and supporting a best-of-breed training curriculum for
cybersecurity professionals.
Considering the fact that businesses are attacked regardless of industry and size, all
businesses need to scale up their cyber protection. In particular, it is the employees that
need to be better informed about and alerted to cybersecurity issues because they are
often the weakest link in the security chain: 72 percent of data breaches are attributed
not to inadequate security technology but to organizational, process, and people
failures.29 Moreover, as more and more global users interact digitally, the cyberrisks
increase. Governments should thus recognize the importance of national and global
educational platforms and campaigns addressing all aspects of cybersecurity. (See Exhibit
5)
Consumers also perceive the increasing cybersecurity threat. Roughly 80 percent of the
people surveyed by the Centre for International Governance Innovation (CIGI) were
worried about their online privacy with over half saying they were more concerned than
they were a year ago. This is partly due to users believing that governments are not doing
enough to safeguard online data. In the survey more than half were worried about their
personal information, with especially low confidence levels being mentioned in North
29
BCG (2017), Building a Cyberresilient Organization
16 | B 2 0 S A U D I A R A B I A – POLICY PAPERDIGITALIZATION
America (38 percent) and the G8 countries (39 percent ).30 Thus, it is important for the G20
Members to support the involvement of independent national and international
organizations in certifying online products to build the trust of consumers and businesses
in digital products, and guide them towards a responsible use thereof.
EXHIBIT 5
ECSM Campaign from ENISA
The European Cybersecurity Month (ECSM) is an awareness campaign aimed at
helping individuals and organizations understand cybersecurity threats, spread best
practices, and encourage them to strengthen their capabilities. The campaign takes
place annually and is promoted by the Directorate-General of the European
Commission, the European Union Agency for Cybersecurity (ENISA) along with another
300+ European partners.
Some objectives of ECSM include: Raising awareness of cybersecurity; enhancing the
understanding of Network and Information Security; protecting Internet users by
promoting safer practices; and enhancing interest with regard to information security
through political and media coordination.
As digital interaction grows globally, cybersecurity threats increase and governments
are therefore required to maximize their educational efforts to promote awareness of
protective cyber measures. The ECSM campaign helps countries protect themselves
from cyberrisks by ensuring that individuals are better informed about safer digital
practices.
Source: ENISA, European Commission
Cyberrisks are particularly grave in the work environment. Businesses should provide
employees with tools and incentives to define and address risks, especially as the new
way of working is becoming more remote and compartmentalized. As unfilled
cybersecurity roles are expected to increase, the G20 Members should promote the
development of an international platform that informs candidates about cybersecurity
career options. Secondly, governments should ensure quality education on cybersecurity
issues; and support a best-of-breed training curriculum for cybersecurity professionals
and guidelines for on-the-job training. Another key factor for increasing cybersecurity will
be the growing adoption of cyber insurance by large businesses, MSMEs, and private
individuals. The governements should explore avenues for promoting the adoption of
cyber insurance where appropriate, and ensure that efficient markets exist for cyber
insurance.
30
CIGI (2019), CIGI-Ipsos Global Survey (website last accessed January 2020)
17 | B 2 0 S A U D I A R A B I A – POLICY PAPERDIGITALIZATION
Recommendation 2: Support the Healthy Development and
Adoption of Artificial Intelligence (AI)
The G20 should support the healthy development and adoption of AI wherever possible
by creating a favourable and trust-inducing regulatory environment; educating
businesses, government, and society on the technology; and advancing AI benefits for all.
Recommendation 2 significantly contributes to the achievement of SDG target 8.1 by
unlocking economic growth and generating productivity gains through the application
of AI, which is expected to add $15 trillion in value to the world economy by 2030. 31 This
recommendation also contributes to target 8.5 as AI promotes productive employment
and decent work for all by reducing menial tasks and increasing efficiency.
In terms of SDG 9, this recommendation can contribute to achieving target 9.2 as AI
technologies have the promising potential for driving inclusive growth and sustainable
development: AI is expected to create 2 million new jobs, thus promoting economic
prosperity.32
Additionally, this recommendation contributes to promoting innovation and
sustainable industrialization, with a focus on achieving targets 9.5 and 9.B by ensuring a
conducive policy environment, and fostering the usage of data and AI technologies to
support research and enable more innovation.
Policy Actions
The G20 should create a favourable and trust-inducing
regulatory environment for the usage of AI and data by
harmonizing national action plans, facilitating cross-border
data flow while respecting and promoting frameworks for the
protection of data privacy and data security, and supporting
regulatory sandboxes for AI applications.
Policy Action 2.1 The G20 should harmonize national AI action plans to
ensure responsible stewardship and implementation of
trustworthy AI based on the voluntary OECD AI principles
endorsed by the G20, and build upon the work of the
OECD AI Policy Observatory to strengthen the
multidisciplinary, evidence-based, and multistakeholder
dialogue around analysis of public policy on AI.
31
Forbes (2019), AI Will Add $15 Trillion To The World Economy By 2030
32
Gartner (2017). Press Release. Gartner Says By 2020, Artificial Intelligence Will Create More Jobs Than It
Eliminates
18 | B 2 0 SAUDI ARABIA – POLICY PAPERDIGITALIZATION
The G20 should promote accountable frameworks for the
protection of data privacy and data safety across nations so
that beneficial uses of AI are preserved while risks of
privacy harm are assessed and mitigated, consistent with
local legal requirements.
The G20 should support regulatory sandboxes for AI
applications to advance public sector regulation and
innovation.
The G20 Members should advance AI benefits for all by
supporting public information campaigns, promoting AI use
cases in the public sector, encouraging educational courses
and programmes on AI, and fostering international initiatives
for inclusive artificial intelligence.
The G20 should support public information campaigns
that communicate the AI uses that meet businesses’ and
society’s needs; example, disease diagnosis, to increase
trust in and support the use of AI.
The G20 Members should show the political will to
implement AI use cases in the public sector with the
support of the private sector, example, the use of an AI
virtual assistant to manage customer calls in social welfare
institutions.
The G20 Members should encourage universities to
elevate AI to a full degree as well as motivate institutions of
secondary and tertiary education to introduce shorter
courses on AI to ensure that sufficiently trained
professionals are available for the research, development,
Policy Action 2.2
and operation of AI applications.
The G20 Members should commit to creating national
learning programmes for employees that convey rules of
ethics and safety to employees using AI applications and
reward employees for their achievements.
The G20 should foster international initiatives for inclusive
AI, not only for businesses developing technology but also
for all those that implement AI so that diversity is
respected and the whole data value chain is based on a
responsible approach, enabling discriminatory biases to be
identified and controlled to drive inclusive growth and
contribute towards a fair and just society.
The G20 should collaborate with the OECD AI Policy
Observatory to define measures that ensure that the
benefits of AI spread into countries and areas of society
that have been disadvantaged in terms of access; example,
women and girls, the elderly and vulnerable groups, rural
regions, developing countries, and MSMEs.
19 | B 2 0 S A U D I A R A B I A – POLICY PAPERDIGITALIZATION
Context
The term AI was used for the first time in 1956 at a conference in Dartmouth College
where all attendees were very optimistic about the future of AI. Huge advances were
made on the topic, however AI only began to really gain momentum in the nineties when
an IBM computer became the first computer to beat a chess champion. Since then, the
speed of AI innovation has picked up rapidly. Although, the application of AI in our
everyday lives still seems quite futuristic, the topic is a key priority for government leaders
and businesses of all sizes as well as for digital consumers. The impact of AI on the
economy will be immense. (See Exhibit 6)
EXHIBIT 6
Impact of AI on the Economy
84% $15.7T 2M
of business leaders in value net new jobs
say AI will provide them with a will be added to the economy will be created in companies
1
competitive advantage by 2030 from AI productivity thanks to AI technologies by
2 3
and consumption effects 2025
4B devices with 1B 95% of customer
voice skills interactions
video cameras
4
are currently in use could be connected to AI by could be managed by AI
5 6
2020 by 2025
Source:
1. MIT Sloan Management Review & BCG (2017). Reshaping Business With Artificial Intelligence. 2. PwC (2017).
Sizing the prize. What’s the real value of AI for your business and how can you capitalise? 3. Gartner (2017).
Press Release. Gartner Says By 2020, Artificial Intelligence Will Create More Jobs Than It Eliminates. 4. Digital
Economy Compass. 5. NVIDIA (2017). NVIDIA Paves Path to AI Cities with Metropolis Edge-to-Cloud Platform
for Video Analytics. 6. Servion (2018). What Makes Emerging Technologies The Future Of Customer
Experience?
Despite the huge potential promised, the advance of AI poses several direct challenges: (i)
Ethical violations; example, privacy or discrimination; (ii) Accidents and the loss of human
life; example, false medical prediction or tampered military systems; (iii) False business
decisions; example, false price prediction; and (iv) Political, financial, and infrastructure
manipulation; example, traffic manipulation causing accidents. AI also harbours indirect
risks, such as the lack of public trust, overregulation and hampering of innovation, and
the unequal distribution of access to technology.
The G20 Members reveal different levels of readiness for facing the challenges posed by
AI. (See Exhibit 7). The key factors of a country’s AI-readiness are: the existence of a
national AI strategy and data protection regulations; data availability and infrastructure;
technology skills; and scope and quality of (digital) public services.33
33
Oxford Insights (2019), Government Artificial Intelligence Readiness Index 2019
20 | B 2 0 S A U D I A R A B I A – POLICY PAPERDIGITALIZATION 21 | B 2 0 S A U D I A R A B I A – POLICY PAPER
DIGITALIZATION
EXHIBIT 7
Government AI Readiness Score
Government AI Readiness Score
Low High
0 10
Source: Oxford Insights (2019) Government Artificial Intelligence Readiness Index 2019
At the 2018 G20 Presidency, the G20 Leaders first committed to continue working on AI.34
A year later, they emphasized the “responsible development and use of AI as a driving
force to help advance the SDGs and realize a sustainable and inclusive society”.35 The
various forms of AI can bring great efficiencies, speed, and intelligence to achieving the
SDGs. Concrete potential effects on SDG targets are still being analyzed.36 The G20 should
continue supporting AI innovations by addressing all risks of AI, especially through the
regulatory environment, informing and educating stakeholders, and spreading the
benefits of AI to all parts of society.
Policy Action 2.1
The G20 should create a favourable and trust-inducing regulatory environment for
the usage of AI and data by harmonizing national action plans, facilitating cross-
border data flow while respecting and promoting applicable legal frameworks on
data privacy and security, and supporting regulatory sandboxes for AI applications.
19 of the G20 Members have introduced national regulations for AI, but not all countries
have taken action to make the most of AI and mitigate the associated risks.37 One
particular risk with cross-border flows38, is the risk of arbitrage between countries due to
34
G20 Leaders’ Declaration (1 December 2018), Buenos Aires, Argentina
35
G20 Leaders’ Declaration (29 June 2019), Osaka, Japan
36
2030 Vision Artificial Intelligence and the Sustainable Development Goals: The State of Play
37
OECD (2019), Artificial Intelligence in Society
38
For more details on cross-border data flows in the context of Finance & Infrastructure and Trade &
Investments, see B20 respective Policy Papers (2020), Policy Actions 3.2 and 2.1
22 | B 2 0 S A U D I A R A B I A – POLICY PAPERDIGITALIZATION
the lack of a level playing field in some jurisdictions.39 Thus, the G20 Members should
create national action plans to monitor the advance of AI in a responsible manner. The
G20 Members and businesses should build on the work of the OECD AI Policy
Observatory to advance the multidisciplinary, evidence-based, and multistakeholder
dialogue around analysis of public policy on AI. (See Exhibit 8)
EXHIBIT 8
OECD AI Principles
In 2019, the OECD identified five complementary value-based principles for the
responsible stewardship of trustworthy AI:
AI should benefit people and the planet by driving inclusive growth,
sustainable development and well-being.
AI systems should be designed in a way that respects the rule of law, human
rights, democratic values and diversity, and they should include appropriate
safeguards like enabling human intervention where necessary, to ensure a fair
and just society.
There should be transparency and responsible disclosure around AI systems to
ensure that people understand and can challenge AI-based outcomes.
AI systems must function in a robust, secure and safe way throughout their life
cycles, and potential risks should be continually assessed and managed.
Organizations and individuals developing, deploying or operating AI systems
should be held accountable for their proper functioning in line with the above
principles.
Source: OECD AI Principles (website last accessed March 2020)
As most AI business models involve cross-border data flow, it is vital that the AI strategies
of the G20 Members include recognized interoperable regulations governing standards
for good data stewardship; example, adherence to data privacy, safety, and sharing
guidelines (example, API-based data access) across nations. Regulations should ensure
that individual data protection laws remain in place while data at a population level,
machine data, and anonymized data is leveraged for training Machine Learning (ML)
algorithms. Regulatory sandboxes are one policy instrument that can be employed to
advance the use of digital tools, and speed up access to these tools for the general public.
Regulatory sandboxes are defined as a “framework allowing innovators, under the
oversight of a regulator, to conduct small-scale short-term testing of their innovations
using live participants, in a controlled, bounded, safeguarded environment under relaxed
regulatory conditions”. More have appeared recently as developed and developing
countries are beginning to experiment with these environments in which innovators can
test new technologies. (See Exhibit 9)
The benefits of regulatory sandboxes include: innovation-friendly signal to the market;
potential for a more seamless path towards deployment of innovation; emphasis of policy
39
For more details on how policy-makers can foster an environment that boosts innovation in financial services,
see B20 Finance and Infrastructure Taskforce Policy Paper (2020), Policy Action 3.1
23 | B 2 0 S A U D I ARABIA – POLICY PAPERDIGITALIZATION
objectives and potential for financial inclusion benefits; potential to enhance regulatory
capacity and innovator knowledge; and reduction of regulatory uncertainty.40
40
Wechsler et. al. (2018), The State of Regulatory Sandboxes in Developing Countries
24 | B 2 0 SAUDI ARABIA – POLICY PAPERDIGITALIZATION
EXHIBIT 9
Overview of Regulatory Sandboxes in the G20 Countries
Regulatory sandboxes have generated interest amongst a variety of regulators and
innovators across the world ever since the first regulatory sandbox was launched in the
UK in 2015. Today, regulatory sandboxes are reported to be live in seven countries in the
G20:
Country Status Regulator/Administrator
Australia Live Australian Securities & Investments
Commission (ASIC)
Canada Live Canadian Securities Administrators (CSA)
China Reported live People’s Government of Ganzhou City
India Report Published Reserve Bank of India (RBI)
Indonesia Live Bank Indonesia
Japan Announced Financial Services Agency (FSA)
South Korea Pilot launched Financial Services Commission (FSC)
Mexico Regulation to establish Banco de México
Russian
Live Bank of Russia
Federation
Saudi Arabia Officially announced Saudi Arabian Monetary Authority
South Africa Being explored South African Reserve Bank (SARB)
UK Live Financial Conduct Authority (FCA)
Office of the Attorney General (Arizona
US Live
State)
Source: Columbia Institute for Tele-Information, Regulatory Sandboxes (website last accessed April 2020)
Policy Action 2.2
The G20 Members should advance AI benefits for all by supporting public information
campaigns, promoting AI use cases in the public sector, encouraging educational
courses and programmes on AI, and fostering international initiatives for inclusive
artificial intelligence.
For AI to work well, it needs to be fed with the required data sources, be embedded
deeply into the processes it aims to support, and be constantly improved via feedback
loops. This requires users of the AI solution to be informed and actively involved in its
design from day one.41 It thus becomes important to inform and educate the general
public. As yet, however, trust in AI is by no means widespread. In a study involving 18,000
respondents, the share of people trusting AI varied from 13 percent in Japan to 70 percent
41
BCG (2019), How to Win with Artificial Intelligence
25 | B 2 0 SAUDI ARABIA – POLICY PAPERDIGITALIZATION
in China.42 Governments and businesses therefore need to join forces to educate the
public on the potential and risks involved in AI. (See Exhibit 10)
EXHIBIT 10
Trust in AI across Countries
China 71 17 12
Saudi Arabia 64 21 15
Mexico 56 23 21
India 50 26 24
Turkey 43 27 30
Argentina 42 26 32
Brazil 41 27 31
Italy 40 32 28
Russia 40 33 27
South Africa 34 25 41
United… 25 28 47
Australia 24 30 46
France 23 31 46
Great Britain 23 29 48
Canada 21 25 54
Germany 21 29 50
South Korea 17 35 48
Japan 13 37 50
Trust AI (36%) Neutral (28%) Distrust AI (36%) 100%
Source: Ipsos (2018), Entrepreneurialism: The Emergence of Social Entrepreneurialism to Compete with
Business Entrepreneurialism: An Ipsos Global Advisor Survey (website last accessed March 2020)
EXHIBIT 11
Case Study of Cancer Detection by AI
Breast cancer is one of the major causes of cancer deaths in women. However, early
detection can considerably increase treatment success rates. Screening
mammography is used to this end. There is much room for improving the accuracy of
the expert interpretation of the screening mammography images in order to detect
breast cancer.
AI is a key lever to improve the accuracy of breast cancer screening as studies
demonstrate its capabilities in medical image analysis. A group of researchers has
developed an AI system to analyze mammography images and detect breast cancer.
The system was tested on around 29,000 women from the UK and the US. It showed
increased accuracy of breast cancer detection in the US by reducing false positives by
5.7 percent and false negatives by 9.4 percent. The results were also positive in the UK;
1.2 percent and 2.7 percent reduction in false positives and false negatives, respectively.
In another independent study, the AI algorithm was able to outperform all six of the
radiologists in detecting breast cancer.
42
Ipsos (2018), Entrepreneurialism: The Emergence of Social Entrepreneurialism to Compete with Business
Entrepreneurialism: An Ipsos Global Advisor Survey (website last accessed March 2020)
26 | B 2 0 S A U D I ARABIA – POLICY PAPERYou can also read
