To echo the point that has been alluded to...
As I was reading, there was a growing concern in my mind over the consideration of a 'universal' (I would posit, 'cumbersome') standards set that could apply or be strapped across several industries in common. Rather than a generic form with a great many useful regulations or practices, we may end up with a checklist of 'do this, not this' instead - which seems to be out of scope for what the topic of 'regulation' should really entail.
Gary mentioned that regulation should embody the enabling of people who operate within best practices and governance to be allowed to continue to do what they are already doing well without substantially-increased operational burden.
Offenders however, the worst of the worst - security and sanity threats to the user/customer base - should be stopped and corrected: 'No, you are not doing that correctly - here is an industry-standard set of evaluated, tried, tested, and proven methods for how to do it the right way going forward.'
Regulation, for whatever it's worth, should be imposed with the intention of protection and preservation, not for the purpose of elitism or any ulterior motive, should it not?