In line with contemporary understanding of the state based on the rule of law, law is practically the only means available to a state by which it can and is entitled to order human behaviour. At the same time, the state as a sovereign entity is competent to decide on the area of human reality that it wishes to regulate by legal rules. Likewise, it is for the state itself to decide what the respective (normative) order should look like in its ideal.
This article concentrates on the ordering by rules of the internal security of a state as an absolutely important area of practical reality. In adopting this emphasis, we are interested less in the content of the respective legal rules than we are in the problems related to the application of the principles of better regulation where the ordering of the area of internal security is concerned. The subject matter is of vital importance for Estonia as the ministries responsible for internal security and the respective legal regulation—the so-called internal security law—are facing certain difficulties in meeting the requirements set forth by the principles of better regulation. *1
The authors are of the opinion that better regulation, or, primarily, following of the requirements of better regulation does not replace but rather complements political decision-making. It is precisely because of that supportive function that the link between the main instruments touching upon the area of internal security policy in Estonia and the implementation of the respective policies has to be recognised. As indicated above, this implementation is possible only by and with the aid of legal rules and other utterances of law. Approaching the problem from that perspective, one can establish the necessary connection between that contained in the instruments of internal security policy (i.e., concepts, measures, means of governance, etc.), and the principles of better regulation in the legislative process at both national and EU level. *2
In this article, the essence of better regulation, the main features of internal security in the context of the actual state of internal security of Estonia, and the implementation side of better regulation with an emphasis on the internal security policy instruments of Estonia shall be discussed.
In the last few decades, governments in most well-developed Western countries have made increasing efforts to improve the quality of legislation by means of various ‘better regulation’ (hereinafter referred to as the BR) programmes. *3 Better regulation as a concept lacks a universal definition and therefore serves as an umbrella term to cover a myriad of initiatives, such as deregulation, reducing the administrative burden, improving the quality of impact assessment, reducing the quantity of legislation, and simplification. *4
According to C. Radaelli, better regulation is a process addressing the whole life cycle of the regulations, laying down general rules for determination, assessment, enforcement, implementation, and ex post assessment of legal rules. Consequently, the guidelines for better regulation may embrace a vast array of measures, including simplification of administrative procedures, consolidation of legal acts, alleviation of the administrative burden, use of market-friendly alternatives, risk-based review, funds allocated for rule-making, standards for consultation of interest groups, assessment of the sustainability of the existing as well as of the new regulation, and ex post review of the effects. Of the elements of the better regulation ‘package’, regulatory impact analysis (hereinafter referred to as the RIA) has to be regarded as the most important. *5
RIA is a set of procedures to be followed in order to appraise regulation. It can be used both ex ante (i.e., at the stage of policy formulation, to appraise proposals) and ex post. It typically revolves around the steps of problem definition, the identification of a range of options, consultation, the classification of costs and benefits, a plan for monitoring and review, and the choice of an option on the basis of certain decision-making criteria (such as cost-effectiveness, minimisation of the administrative burden, cost–benefit analysis ratios, or thresholds). *6
The fact that RIA has been considered the most important element of BR programmes might be explained by the strong instrumental view of legislation, which is the predominant way of understanding the role and functions of regulation for politicians, within governmental bureaucracies, and also for most stakeholders. First and foremost, legal regulations are simply understood as means for those in power to achieve the desired goals. Therefore, the outcome of regulation is currently perceived as the basic issue, linked to the quality of legislation, and not, for example, the question of the legitimacy and justification of the government for intervening in the behaviour of ordinary people or companies. *7 But it also has strong potential in terms of evidence- based policy, accountability, and transparency of policy formulation processes. RIA is a general procedure applicable to a large number of initiatives, from proposals for new legislation coming from the government to departmental/ministerial regulation (such as statutory instruments in the UK) and rule-making delegated to independent agencies.
In most countries, the RIA is carried out by the government, not by Parliament, but MPs and also state audit offices, interest groups, etc. outside Parliament are among the users of RIA-related information, since it assists in describing the socio-legal problems, alternatives, and consequences of policy and legislation. It should also be noted that discussions of RIA are only beginning to rise from governmental to parliamentary level as far as parliamentary functions, such as representation, legislation, and supervision of the executive power, are concerned. *8
In pursuit of reaching the ultimate goal of uniform quality in legislation at the national, regional, and international level, drafters and commentators in both the civil and common law systems have turned to compilations of principles of drafting that could lead to consistently successful legislation. *9 On the international scene of regulation, the Organisation for Economic Co-operation and Development (hereinafter referred to as the OECD) has since the beginning of the 1990s had the leading role in enhancing principles and ideas of BR and quality standards for regulation. The OECD has been able to collect experiences and research data from its member countries, on the basis of which it has formulated programmes, recommendations, and policy guidebooks for the member countries for the successful adoption and implementation of RIA. *10
In the European Union, the subject matter of better regulation began being considered more intensely after the analysis carried out by the OECD in the area of regulatory reforms in the Member States *11 , and the Lisbon (European Council) Summit where the high-level advisory group chaired by M. Mandelkern (hereinafter referred to as the Mandelkern Group) was formed. The Mandelkern Group Report, serving as the first agreement aimed at better regulation on the European Union level, includes seven recommendations aimed at achieving better regulation: 1) considering the full range of options regarding policy implementation; 2) regulatory impact assessment; 3) consultation with interested parties; 4) simplification; 5) better access to regulation; 6) dealing with the respective supporting structures and co-ordination, and 7) effective implementation of European regulation. *12
Newer Member States have been encouraged, and indirectly requested, to pass legislation on drafting laws as a means of responding to the European Commission’s insistence that implementation of the acquis for the purposes of accession means correct implementation of EU law with national transposition measures of good quality. *13
In Estonia, the training and other development measures to build the conditions needed for better regulation and regulatory impact assessment were initiated in co-operation with the OECD in 1998. *14 Given the experience of OECD and EU Member States in the 1990s, there is no reason to think that good law-making and governance practices will start to function without political commitment in regulatory policy, methodological guidelines, systematic training, and basic surveillance mechanisms. *15 To respond to those problems and to harmonise the processes and terminology of impact assessment, the concept of regulatory impact analysis was developed at national level in Estonia by the Ministry of Justice in 2007–2009 and the Development Plan for Legal Policy until 2018 was adopted by the Riigikogu (Parliament) on 23 February 2011. It should be emphasised that now Estonia belongs to the OECD family of better regulation. *16
But why should politicians, civil servants, and different stakeholders be interested in better regulation? One potential function of BR programmes and quality standards for legislation could be that following them increases the legitimacy and acceptance of the proposed rules. *17 These, in turn, are preconditions for a state based on the rule of law. The legitimacy of rules is especially crucial in internal security policy because here the rules directly constrain people’s constitutional rights. *18 It is worth mentioning here that many of the security-related policy documents described below emphasise the importance of the rule of law in Estonia. Therefore, if a gap exists between the principle of rule of law and actual better regulation measures (impact assessment, civic engagement, simplification, etc.), it indicates serious problems in governance, because without regulatory impact assessment information, it is difficult to talk about knowledge-based and responsible law-making and public administration. *19
Jyrki Tala points out another risk is BR—namely, that genuine, formal decision-makers in the law-making process (the politicians) are left almost completely outside any BR activities:
The borderline between law drafters and policy planners on the one hand and the political decision makers, responsible principally to their electors on the other, is sharply maintained. Of course, the courts are also left outside the scope of BR measures, when developing the content of the legal system by means of decisions in single cases. *20
Correspondingly, the man on the street, often the main target of the regulation, obviously has very little say in those processes. *21 Thus bad implementation and bad judicial application may interfere with the results of BR. The extent of the margin for incorrect implementation and judicial application is directly linked to the quality of the draft legislation, of course, but it is possible that the error in the draft may be attributed to a fault in the content of the policy pursued or in the calculations in the regulatory impact assessment made for the allocation of resources for implementation. *22
In most European countries, the analytical information on social, budgetary, economic, environmental, and administrative objectives and impacts of proposed legislation has to be given in an explanatory memorandum (in note or letter form) accompanying the draft law. The explanatory memorandum on the draft law is (and indeed has to be) a normatively structured legal document that includes the results of socio-legal impact assessment and public consultations. *23 If the draft law is not accompanied by impact assessment documentation, the legislator cannot vow and declare that the new law is in conformity with the rule of law or the constitutional norms.
Even more, if the target groups and effects on their lives are not specified in the memoranda, the EU better regulation assessment principles cannot be applied. The Mandelkern Group Report’s principles describe a comprehensive overall approach with a set of seven core principles: necessity, proportionality, subsidiarity, transparency, accountability, accessibility, and simplicity. *24 In Estonia, those principles are further supplemented by legality, legal certainty, openness, and responsibility. *25
The same applies a fortiori to internal security regulations, for the reasons described above.
And, naturally, the task of analysing the impact of legislation would go partly uncompleted if it were not followed by specific activities to enhance the quality of legislation by various methods (such as simplification and/or codification). *26 For example, the UK Better Regulation Task Force, which was set up in 1997, recommends that a rolling programme of simplification be developed to identify regulations that can be simplified, repealed, reformed, and/or consolidated. *27 Regulators should undertake more frequent and better post-implementation reviews of regulation. Such reviews should assess whether the measure is working as expected, whether the costs and benefits are as predicted, whether there have been unintended consequences, and whether there is scope for simplification. The results of these reviews should feed in to future policymaking and simplification proposals. *28 The authors of this article have similar considerations in mind concerning the internal security law in Estonia. That will be discussed in the next two parts of this contribution.
Before any system can be developed, the definitions in it must be agreed upon. Definitions are decisive for any system because only after clarification of the definitions can norms be arranged in a uniform system. *29
Defining internal security itself has proved to be a difficult task. It traditionally referred to the territorial state and its geographic borders beyond which ‘inner’ should become ‘outer’ and where security is traditionally one-dimensional, as military security. *30 Olivier Brenninkmeijer states that security priorities have now shifted. They encompass the prevention of crime and of illegal transnational trafficking and smuggling, the control of clandestine migration, and the fight against urban juvenile delinquency. *31
The European Security Research and Innovation Forum (hereinafter referred to as the ESRIF) stated in its final report that, on one hand, its role was not to define security policy but, on the other, it aims for a common understanding of security, research, and innovation to support a more harmonised approach. *32 The report further assures that ‘the ESRIF took a holistic approach to security, taking the widest definition of security and examining how that can be achieved regarding society itself and the freedoms we want to maintain or enhance’. *33
The Internal Security Strategy for the European Union gives an overall definition: ‘In this context EU internal security means protecting people and the values of freedom and democracy, so that everyone can enjoy their daily lives without fear.’ *34 The strategy also emphasises the importance of a broad-based approach to the concept of security:
The concept of internal security must be understood as a wide and comprehensive concept which straddles multiple sectors in order to address these major threats and others which have a direct impact on the lives, safety, and well-being of citizens, including natural and man-made disasters such as forest fires, earthquakes, floods and storms. *35
Defining internal security through threats posed to people and measures taken to avoid these threats is quite common. All of the Estonian policy documents on security that are mentioned below take this approach. Internal security is not defined precisely; rather, a number of threats, activities, or actors are listed and analysed. The Internal Security Strategy also attempts to concretise the concept by describing the measures encompassed in it. A horizontal dimension of security is described: ‘to reach an adequate level of internal security in a complex global environmental requires the involvement of law‑enforcement and border-management authorities, with the support of judicial co‑operation, civil protection agencies and also of the political, economic, financial, social and private sectors, including non-governmental organisations’; also, there is a vertical dimension: ‘international co-operation, EU-level security policies and initiatives, regional co-operation between Member States and Member States’ own national, regional and local policies.’ *36
The notion of security, particularly as related to the expression ‘internal security’, has become increasingly diversified also in the sense of both the overall security that the state offers to society and the feeling of personal safety of the citizen. It contrasts with what used to be major security concerns of both state and citizen—namely, external aggression by a foreign power. Rather than that, internal security is now considered to encompass such diverse issues as economic security, the prevention of all forms of crime and violence, and social security. *37
The vice-chancellor of the Ministry of the Interior, Erkki Koort, categorises a problem as being part of internal security if a certain act brings with it danger to people’s life and health. *38 In today’s Europe, those acts are considered to consist of terrorism, serious and organised crime, drug trafficking, cyber-crime, trafficking in human beings, sexual exploitation of minors and child pornography, economic crime and corruption, trafficking in arms, and cross-border crime. *39 As we can see, many of those cannot be considered merely internal threats. This might be one of the reasons it is so hard to separate the ‘internal’ from ‘external security (i.e., security from defence) and give a clear definition to both. As the internal security strategy action plan states, ‘[i]nternal security cannot be achieved in isolation from the rest of the world, and it is therefore important to ensure coherence and complementarity between the internal and external aspects of [EU] security’. *40
Three common factors can be found in the attempts made to define internal security: 1) it must be seen as a wide and comprehensive concept; 2) it cannot be looked at separately from the ‘outer’ security, and 3) it involves an increasingly diversified situation. Regardless of such specification, a uniform definition clearly has not formed yet.
In the view of the authors of this contribution, better regulation is especially important in the field of internal security. Rules concerning people’s security, their rights and obligations toward a state, and infringements of their constitutional rights must be very clear and thoroughly analysed. We will now turn to some of the key policy documents of Estonian internal security in order to find out whether or not they embrace the concept of better regulation. Policy documents are analysed because they form the basis for ministerial measures in internal security—including legislation, planning, and allocation of funds. If better regulation is not included on that level, it cannot be transformed into knowledge-based draft legislation procedures, adequate laws, or an effective internal security policy.
We can find some minor pieces of comparative research on implementation of better regulation tools in the field of internal security regulation and regulatory management. Three policy documents are analysed here. The analysis focuses on whether and to what extent better regulation guidelines are related to the concept of internal security policy and to its objective and methods. *41
The National Security Concept of the Republic of Estonia (2004) specifies that:
Estonia’s Internal Security Policy encompasses the functions of the state’s internal security agencies and the general structure of the system as well as participation in activities ensuring international security. The main functions of the Internal Security Policy, for achieving the goal of the National Security Policy, are the ensuring of domestic stability and the protecting and saving of human lives.
The importance of government based on the rule of law is also emphasised, but the policy process and better regulation concept as a precondition for a sustainable policy process is not mentioned in the document. *42
The Main Guidelines of Estonia’s Security Policy Until 2015 develops this policy further and ‘specifies the standard principles, vision, directions and long-term effect-based objectives of the security policy—principles which must be adhered to, and objectives which must be facilitated by the public sector, non-profit sector and the private sector’. Three policy planning phases are described in the definition of security policy―development, improvement, and implementation of legal acts; development plans and activity plans with the aim of preventing threats to public order; and, in cases of a suspected threat, ascertaining and eliminating them. *43
This is amended by the definition of security:
[A] social state of affairs which is created with the help of many, which allows individuals to feel protected, and which ensures a truly safe living environment by reducing the probability of hazardous situations as well as enhancing the ability to react to threats and alleviate the damage caused by realisation of the threat.
The generally accepted principles of involvement of stakeholders and public consultations are also stressed as a method for preventing deviant behaviour, which is a positive step toward better regulation. *44 Some guidelines for impact assessment, involvement, and better regulation are specified in the implementation-related parts of the policy document, but their emphasis remains on the implementation of said policy itself, not its quality as a whole.
The Development Plan for the Ministry of the Interior for 2011–2014 states that the field of internal security encompasses the creation of an internal security policy that is composed of crisis management, rescue, migration, border guard, law enforcement, and criminal justice policies and also internal security education.
Better regulation concepts and activities are not included in the body of this document, in spite of the fact that more ‘effective and transparent processes’ are foreseen as one of the objectives of it. However some of the concepts—e.g., consultations, risk analysis, and administrative burden—are mentioned in the annexes (‘Overview of the current situation’) to the document. *45
The analysis confirms that better regulation guidelines are not systematically integrated with the concept or development measures for internal security policy. They are, however, occasionally mentioned in annexes or background information. Unlike equivalent work of many other ministries in Estonia, the Development Plan of the Ministry of Interior does not include a special portion on organisational development measures, where better regulation guidelines usually belong.
Therefore, it is too early at this stage to speak about systematic implementation of better regulation guidelines in the context of internal security. Some significant improvements have been made in recent years, but the importance of the quality and sustainability of the whole policy process is still not emphasised enough.
The question of institutional analysis is this: At what level do the factors precluding the implementation of better regulation principles in internal security policy exist? In connection to Estonia, three observations can be made: 1) There are no international obstacles, and the better regulation programmes apply to Estonia; *46 2) Estonia took a step closer to the countries leading the OECD by approving the Development Plan for Legal Policy on 23.2.2011; *47 and 3) the application of better regulation principles depends greatly on the choices made by vice-chancellors and departments, and on their values, work routines, and understandings of the better regulation policy. *48
It seems therefore that political commitment in relation to the principles of good legislation is one of the most important conditions for introducing the methods of RIA. To be useful, impact assessment should be institutionally linked to decision-making and the creation of laws. The White Paper on European Governance (2001) also raises the important question of political will: ‘Carrying these actions forward does not necessarily require new Treaties. It is first and foremost a question of political will.’ *49
Another problem worth mentioning is the absence of a consistent definition of internal security policy in Estonia, which probably precludes effective communication between the political-administrative and operational management and also affects consultation with target groups. This could lead to much worse results when action is needed urgently.
Correspondingly, the actual laws of internal security cannot be of the best possible quality. Mapping of Estonian regulations in the field of internal security reveals that there are roughly 150 relevant laws in force today. *50 This is an overwhelming quantity in light of the fact that almost all of these laws have ‘lower’ (implementing) acts as well. This mass of laws and regulations taken as a whole is deemed the law of internal security today, but such situations are not new or recently developed. As French scholar E. Catta states, many deficiencies exist in the laws of virtually every state today. Chief among these are overabundance (usually it is unclear how many laws there are in any given state), pileup of laws (usually the legislator does not summarise former laws or abolish the contradicting, excessive, or expired and therefore useless text), and instability (many laws or even paragraphs are changed several times in a year). *51 All of these deficiencies seem to be found in Estonian internal security law.
Problems such as these can be solved through the better regulation instruments enumerated above. Along with these instruments, Catta suggests a few practical steps: 1) compilation: the grouping of texts by subject area, or in chronological order; 2) consolidation: amendments being inserted in the initial law to achieve a uniform and up‑to-date work; and 3) codification: use of the previous two solutions to classify norms and integrate them by areas of law. *52
The Development Plan of the Ministry of the Interior for 2011–2014 and the Main Guidelines for Estonia’s security policy until 2015 foresee the codification in the area of crisis management. *53 But it is of vital importance to map out the whole internal security area before work is started on codifying a specific part of it. If an overall analysis is not conducted, the codification will probably have gaps and contradictions in it.
In light of the imperfections described above that internal security law faces, the authors suggest systematising this field of law. Systematising objective law is not merely a technical task. Systematisation of legal provisions creates and develops the system of concepts that frames all legal thinking—including clarification of the content of legal provisions. In its final stage, systematisation of objective law is an essential tool in implementing the rule of law as an idea in applied form. It is, therefore, not correct to reduce codification as a traditional element of systematising legal provisions to mere compilation of a code from different parts of a legal order or set of laws. *54 The aim in codification is, above all, to create legal certainty and clarity by making it easier for those applying the law to find the necessary regulation and providing a more general view of the applicable law. *55
The Development Plan of the Ministry of Justice of the Republic of Estonia that applied until 2005 stipulated as one of the main functions of the ministry the correspondence of laws to society’s expectations. To that end, the development plan provided for preparations for so-called codification plans. The document included observations of the idea of, need for, and methods of codification, along with recommendations on how to codify Estonian law. *56 Unfortunately, the development plan for the next period did not include such codification plans.
The French doctrine of codification prescribes four types of codification: reformatory codification, codification of constant law, consolidation, and compilation. In the context of this article, the second type of codification proves interesting and may even be feasible in connection with internal security law. Codification of constant law is aimed at gathering and structuring objective law as it is, not as it should be. An overview is made of the current state of affairs that paves the way to necessary reforms. *57 This is systematic codification that is thematic; i.e., systems of law as well as laws and regulations that belong to the same subject field are organised in a code. A homogenous and well-integrated collection must be achieved without gaps and superficiality. *58 Constant law is, above all, valid, applicable law. If deficiencies exist in the law (overabundance, pileup, instability, etc.), it could be very hard to find out what constant law is. *59
If the systematisation of internal security law reveals that such a uniform field of law indeed exists, common denominators in each law should be pointed out and a ‘General Part’ formed for internal security law.
A subtle connection exists between what is contained in the instruments of internal security policy (i.e., concepts, measures, means of governance, etc.) and the principles of better regulation in the legislative process. But analysis of the quality of draft regulations and the excessive number of laws in the field of internal security gives evidence of a lack of both ex ante and ex post systematic regulatory impact assessment.
Owing to the fact that implementation of the common principles of the Main Guidelines of the Security Policy as well as attainment of the objectives is supervised by the Ministry of the Interior, the authors offer some suggestions that could be included in the development plans in the future:
1) Regulatory impact assessment guidelines should be drafted for the development plans and laws in the field of internal security, to increase the analytical and administrative capacities of the ministries concerned.
2) In connection with the excessive quantity of laws in force in the field of internal security, an integral analysis should be conducted before any new laws are drawn up. Comprehensive systematisation and/or partial codification of law in force should be considered.
3) Training for civil servants should be conducted before drafting and adoption of any new laws on internal security.
In this contribution, the authors have been able to take only a glimpse at the given problem but, nonetheless, hope they have demonstrated that the connection between internal security policy and better regulation deserves further research.