Normative Research

Normative research, also known as doctrinal research, is a legal research methodology focused on analyzing and interpreting existing legal texts, such as statutes, regulations, and judicial precedents. Its goal is to clarify the meaning and scope of legal rules and determine what the law 'ought to be,' as opposed to empirical research which studies 'what is.' In enterprise risk management, it serves as the foundational step for compliance risk assessment. For instance, when establishing a trade secret protection program aligned with ISO/IEC 27001 (specifically Annex A.5.12 on intellectual property rights), a company must conduct normative research on relevant laws like the US Defend Trade Secrets Act or Taiwan's Trade Secret Act to define what constitutes 'reasonable measures' for protection, ensuring its security policies are legally defensible and effective.

Normative research translates abstract legal requirements into concrete corporate actions. The practical application involves several key steps: 1. **Scoping and Material Collection**: Identify a specific legal risk issue, such as 'How do GDPR's data transfer rules apply to our use of US-based cloud services?' Then, systematically gather all relevant legal materials, including the regulation itself (GDPR Articles 44-50), guidance from data protection authorities, and relevant court rulings. 2. **Doctrinal Analysis**: Analyze the collected materials to interpret key legal requirements and standards. This involves breaking down the legal text to understand obligations for mechanisms like Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs). 3. **Policy and Control Design**: Based on the analysis, develop internal policies, procedures, and technical controls. This could include drafting a data transfer impact assessment (DTIA) template and implementing specific encryption standards for data in transit, thereby operationalizing legal compliance. This process helps achieve near-100% audit pass rates for legal compliance controls.

Taiwan enterprises often face three specific challenges when applying normative research for compliance management: 1. **Rapid Regulatory Changes**: Taiwan's legal landscape, particularly in technology and labor law, evolves quickly. Official administrative rulings (函釋) add layers of complexity. Solution: Implement a regulatory intelligence process, using legal tech tools or external consultants to monitor changes and maintain an up-to-date compliance knowledge base. 2. **Lack of Interdisciplinary Talent**: Effective research requires a blend of legal, technical, and business acumen. Legal teams may not grasp the technical nuances of AI or cloud computing, while engineers may not understand legal liability. Solution: Form cross-functional compliance teams and invest in cross-training programs to bridge the knowledge gap. 3. **Resource Constraints in SMEs**: Small and medium-sized enterprises (SMEs) often lack dedicated in-house legal counsel and the budget for extensive legal analysis. Solution: Leverage industry association resources, utilize government-subsidized consulting programs, and adopt a risk-based approach, prioritizing research on the most critical compliance areas first.

Winners Consulting specializes in normative research for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact