Europe prides itself on leading the charge on large US tech companies. From the General Data Protection Regulation to the Digital Services Act, the Digital Markets Act, the NIS2 Directive, and the Artificial Intelligence Act, its policies promise to safeguard privacy, foster competition, and set global standards.

Yet these noble ambitions often give Google, Amazon, and Meta an edge, piling compliance costs onto smaller firms, startups, and challengers. Instead of dismantling monopolistic power, Europe risks consolidating it – and in ways that are reshaping its digital economy.

When the General Data Protection Regulation came into force in 2018, it set a global benchmark for privacy rights, requiring companies to secure explicit user consent and enforce rigorous data protection measures. The goal was to address big US tech companies’ exploitative data practices while empowering individuals.

But the reality has played out unevenly. Large tech companies, equipped with vast resources and legal teams, adapted. Google implemented a robust compliance framework across its platforms, turning its adherence into a selling point for privacy-conscious consumers. Small firms faced a steeper climb. A paper by three Oxford University economists reveals the privacy regulation’s costs, with SMEs losing 8.5% in profits and small IT firms dropping 12.5%, while tech giants remained largely untouched.

The Digital Markets Act, enacted in November 2022, targets tech gatekeepers, prohibiting self-preferencing and mandating data-sharing to promote competition and fairness. Once again, for many small players, the DMA has proved a double-edged sword.

It requires gatekeepers to establish interoperability standards, which inadvertently place smaller e-commerce platforms at a disadvantage. The small players must make significant investments in technology and compliance, stretching their limited resources. This unintended consequence may increase their reliance on the infrastructure of dominant platforms.

It’s a similar story in digital advertising. Google’s DMA compliance introduced additional browser and search choice screens for Android users, allowing them to select alternative services during device setup. While these measures intend to enhance user choice, they may inadvertently compel smaller ad agencies to integrate with Google’s API systems.

The Artificial Intelligence Act, enacted in August 2024, is Europe’s bold effort to regulate high-risk AI applications such as facial recognition and predictive algorithms. While drafted with best intentions to protect citizen’s rights, its costs are unevenly distributed, creating hurdles that may disproportionately impact startups.

Of course, the big players will not emerge unscathed, and fears are rising of discrimination against US firms. In the ongoing conversation on the EU Code of Conduct, many small companies (essentially European) are exempt from most provisions, while the large providers (essentially US) face full, prohibitive compliance, including revealing security and commercially sensitive information.

Despite desiring to favor European tech, the numbers tell a sobering story. Of the 53 global unicorn startups valued at $10bn or more, 33 hail from the United States, 10 from China, and three from the United Kingdom. Just two are headquartered within the European Union.

This disparity underscores a harsh reality: Europe’s regulatory-heavy environment may be choking its ability to compete. With its startups already struggling to scale in a landscape dominated by American and Chinese giants, the EU’s regulatory zeal –however well-intentioned – threatens to stifle innovation.

Europe’s dependence on US tech firms for critical infrastructure poses significant geopolitical risks. For example, Microsoft’s dominance in providing compliant solutions with EU cybersecurity regulations raises questions about Europe’s ability to maintain strategic autonomy.

As talent relocates to the US or China, Europe risks losing its edge in emerging technologies such as AI and quantum computing. A shrinking ecosystem of startups and SMEs also reduces diversity in innovation, making Europe less competitive and more reliant on entrenched players.

A balanced regulatory environment is required. While frameworks like the cybersecurity NIS2 Directive already classify entities as “Essential” or “Important,” further tailoring is needed. Tiered compliance obligations, scaled to company size, would allow small firms to meet critical requirements without shouldering them with disproportionate burdens.

Regulatory sandboxes, such as those proposed under the AI Act, represent a promising step. They need to expand beyond AI to include a broad swath of digital platform businesses, allowing startups to test algorithms or interoperability measures without incurring excessive costs.

Funding mechanisms like Horizon Europe and the Digital Europe Programme already play a key role in supporting digital innovation, but accessibility remains an issue, particularly for under-resourced regions. Application processes needed to be simplified. Policymakers must strengthen stakeholder engagement, ensuring that SMEs and startups have a meaningful voice in shaping regulations. While public consultations are a standard EU practice, specific advisory panels for smaller firms could make these processes more representative.

Regional disparities should also be addressed. Initiatives like technical assistance hubs or university partnerships could train SMEs in countries like Romania and Bulgaria to navigate regulations and adopt cost-effective compliance strategies.

Although Europe’s regulatory ambitions are critical to holding tech accountable, they must not come at the expense of innovation, competition, or regional development. By adopting tiered compliance frameworks and supporting SMEs, Europe can foster a digital economy that empowers all players – not just the giants.

Anda Bologa is a non-resident Fellow with the Digital Innovation Initiative Program at the Center for European Policy Analysis (CEPA).  The Barcelona Centre for International Affairs recognized Anda as one of the ’35 under 35′ tech leaders. During her tenure at the European Union Delegation to the United Nations, she was responsible for high-level negotiations on artificial intelligence resolutions and the United Nations Global Digital Compact. A Fulbright scholar, Anda holds Master of Laws degrees in Information Technology Law and Intellectual Property Law from Fordham University and in International Arbitration from Bucharest University, along with a master’s degree from the College of Europe.

Bandwidth is CEPA’s online journal dedicated to advancing transatlantic cooperation on tech policy. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.

The post Europe’s Rules Boomerang: Strengthen, Not Tame Tech Giants appeared first on CEPA.