Information and communication technology (ICT) sectors have always involved regulation, much of which arises outside traditional command-and-control government structures. Traditional regulation aims to fill a 'governance gap' left by market players and other self-interested stakeholders; as markets evolve it is appropriate to consider rebalancing responsibilities. Self- and co-regulation responds to many of the same issues and offers some advantages over traditional arrangements — and some new risks. The evaluation and design (or facilitated evolution) of new regulatory structures further requires new methods of ex post and ex ante assessment. This paper places these developments in the European policy context, considers existing varieties of arrangements, analyses the conditions for their success and failure, and derives impact assessment guidelines that take self- and co-regulation into account.