This paper analyses the legitimacy and effectiveness of the European Union’s ‘New Approach to Technical Harmonisation and Standards,’ focusing on its reliance on a fragmented, partly privatised network of regulatory intermediaries. It addresses two questions. Firstly, who are these intermediaries, and how does their role vary across the Medical Device Regulation, the General Data Protection Regulation, and the AI Act? Secondly, how do these actors perceive the goals, strengths, and limitations of decentralised and delegated governance compared to more state-centric approaches? Drawing on expert interviews and stakeholder workshops, the paper illustrates how the New Approach delegates standard-setting and compliance tasks to four intermediary groups, which exhibit varying levels of integration across regimes. These intermediaries suggest that while delegation provides benefits such as differentiated roles, improved market flexibility, and enhanced accountability, it also presents challenges such as unrealistic legislative expectations, regulatory rigidity, and high participation costs that affect weaker actors. The paper uses these findings to offer an intermediate and innovative approach to the study of legitimacy. It argues that an expert-based perspective from the viewpoint of regulatory intermediaries – actors who are neither lawmakers nor regulators, who often represent normative approaches to legitimacy, nor regulated organisations and beneficiaries, who often represent subjective approaches to legitimacy – can shed light on the study of the legitimacy and effectiveness of delegated modes of governance, including for digital services. This approach can ensure that delegated assurance regimes and the intermediaries that regulate them are by the people, of the people, for the people, or, at the very least, with the people.
