Cybersecurity & Tech Foreign Relations & International Law States & Localities

Is Europe About to Slow the Pace on Digital Regulations?

Itsiq Benizri, Ekaterina Fakirova
Tuesday, November 26, 2024, 10:00 AM
Evaluating Mario Draghi’s report claiming that the EU’s extensive digital regulations are adversely affecting Europe’s competitiveness. 
Mario Draghi (Photo: European Parliament/Flickr, https://www.flickr.com/photos/european_parliament/6435497475, CC BY-NC-ND 2.0)

Published by The Lawfare Institute
in Cooperation With
Brookings

“How have you managed to tame Big Tech?” asked Sen. Elizabeth Warren (D-Mass.) on a visit to the European Parliament in October 2023. In recent years, most businesses, including U.S. companies, have been confronted with a growing number of demanding European digital regulations with extensive extraterritorial effects. Now, influential European voices are asking: Has this gone too far? Could these rules and regulations be undermining Europe’s competitiveness? Mario Draghi, former European Central Bank chief, raised these concerns in a report in September. He asserted that the European Commission’s “legislative activity has been growing excessively” in recent years and that “innovative companies that want to scale up in Europe are hindered at every stage by inconsistent and restrictive regulations.” Whether and to what extent Draghi’s report will influence the new European Commission following the upcoming European elections remains unknown. 

Our take? It might not have the impact some are hoping for. Draghi’s report is somewhat late—it was published three months after the EU elections, which bolstered far-right parties that would oppose implementing his recommendations. In any case, the new European Commission is expected to continue the previous commission’s legislative agenda and has announced plans to further regulate the tech industry, focusing on interface designs.

Super Mario’s Mission

Draghi’s key role in various positions within the EU makes his assessment especially significant. Draghi, who is also known as “Super Mario,” is an esteemed Italian economist, banker, and former politician with notable contributions to both European and global financial sectors. His influence in Europe is marked by his leadership roles in prominent financial institutions and his guidance of economic policy during critical periods. Draghi is particularly recognized for his tenure as president of the European Central Bank, where he played a pivotal role in managing the eurozone through the European debt crisis and Brexit. 

In July 2012, Super Mario made his most famous speech—which is often cited as one of the most important turning points in the eurozone’s recovery. Draghi’s remarks featured one main message: that he was willing to do “whatever it takes” to preserve the euro currency. Draghi also served as prime minister of Italy in the aftermath of the coronavirus pandemic and served as chair of the Financial Stability Board and governor of the Bank of Italy. Draghi is regarded by top EU leaders as a stabilizing force during difficult times in Italy and Europe—he’s the person the EU relies on in times of crisis. And the president of the European Commission, Ursula von der Leyen, is well aware of his reputation.

In 2023, von der Leyen tasked Draghi with preparing a report on Europe’s future competitiveness. The report was to include recommendations to address economic challenges and strengthen Europe’s position globally. In her 2023 State of the Union speech, von der Leyen explained that she gave that mission to Draghi because “Europe will do‘ whatever it takes’ to keep its competitive edge.

Super Mario’s Diagnosis

Draghi’s report explains that the future of Europe’s competitiveness largely depends on closing the innovation gap with the U.S. and China. Currently, among leading companies in software and internet, EU firms represent just 7 percent of research and development (R&D) expenditure, compared with 71 percent for the U.S. and 15 percent for China. Among leading companies producing technology hardware and electronic equipment, the EU accounts for only 12 percent of R&D expenditures as compared with 40 percent for the U.S. and 19 percent for China. Closing such a gap—according to Draghi—entails accelerating technological and scientific innovation, improving the transition from innovation to commercialization, removing obstacles that prevent innovative companies from growing and securing financing, and making concerted efforts to address skills gaps.

Draghi points out that the primary reason for the EU’s slower productivity growth in comparison to the U.S. is its lag in the digital revolution. Europe is less successful in creating tech companies, adopting digital services, and investing in digital innovation research and development. Contributing factors include high regulatory compliance costs, limited ability to use digital data as a production asset, and inadequate private investment in startups. Due to its limited industrial dynamism, insufficient innovation and investment, and slow productivity growth, Europe finds itself in what leading European economists term “the middle technology trap.” In other words, Europe has focused largely on mid-tech development and investments, such as the automotive industry, rather than on high-tech sectors, such as software and tech hardware. In the U.S., high-tech industries—mostly software & computer services and pharmaceuticals & biotechnology—account for 85 percent of business R&D spending. In the EU, by contrast, mid-tech industries—especially the automotive industry—account for roughly 50 percent of such spending, a much higher share for mid-tech industries than in the U.S.

While Draghi stops short of directly opposing digital regulation, he does insist that the growing number of EU digital regulations creates challenging obstacles—such as creating large datasets for AI training purposes—for companies, especially those just getting their start. Draghi finds that Europe claims to favor innovation, but … continue[s] to add regulatory burdens onto European companies, which are especially costly for [small and medium enterprises (SME)] and self-defeating for those in the digital sectors. More than half of SMEs in Europe flag regulatory obstacles and the administrative burden as their greatest challenge.In other words, the way the EU approaches tech regulation harms its companies more than it helps them. 

Draghi identifies five ways in which regulatory barriers constrain economic growth. First, complex and costly procedures across fragmented European national systems discourage inventors from filing for intellectual property rights, hindering young companies from leveraging the EU single market. Second, the EU’s extensive tech regulations, with approximately 100 laws and over 270 regulators, hinder innovation by enforcing precautionary measures that dictate business practices to prevent future risks. Third, digital companies are discouraged from doing business across the EU through subsidiaries due to differing regulations and multiple regulatory agencies. This issue is coupled with the challenge of national governments and authorities exceeding the minimum requirements set by EU legislation when incorporating it in their domestic law. Fourth, constraints on data storage and processing—such as the General Data Protection Regulation’s (GDPR’s) strict requirements that personal data may be processed only on the basis of limited lawful bases; collected only for specified, explicit, and legitimate purposes; and kept for only as long as necessary for such purposes—result in substantial compliance expenses and impede the development of extensive, integrated datasets essential for training AI models. This fragmentation places European companies at a competitive disadvantage compared to the U.S., which relies on the private sector to amass large datasets, and China, which can use its central institutions for data aggregation. And fifth, multiple different national rules in public procurement increase costs for cloud providers. 

To address these issues, Super Mario calls for simplified regulations and harmonized enforcement across the EU. According to Draghi, this approach should particularly apply to the GDPR, which provides enhanced protection and rights to individuals concerning the processing of their personal data and places significant restrictions on the way organizations manage this data. While the GDPR has largely harmonized data protection laws across all EU countries, Draghi points out that it has not achieved uniformity in certain areas. For instance, despite the GDPR allowing the use of patient data for health research, the implementation has been inconsistent across member states, hindering the industry from fully utilizing the available electronic data. What’s more, the implementation of the Digital Markets and Services Acts, aimed at ensuring fair digital competition and combating online illegal content, should avoid replicating the administrative complexities and legal ambiguities associated with the GDPR, as European national data protection authorities continue to adopt diverging interpretations on key data protection concepts. Enforcement should adhere to shorter timelines with more stringent compliance processes. Critics have argued that this was lacking under the GDPR, which led the European Commission to propose new legislation to enhance cooperation among data protection authorities. Additionally, the EU should consider eliminating regulatory overlaps with the AI Act—which provides for EU-wide rules on data quality, transparency, human oversight, and accountability—to avoid penalizing EU companies engaged in advanced AI development. This is mainly because EU law on the protection of personal data, privacy, and the confidentiality of communications, such as the GDPR, will apply to the processing of personal data in connection with the AI Act.

False Hope?

Draghi’s recommendations on digital issues significantly diverge from the European Union’s appetite for technology regulations. It is no surprise that the tech industry has welcomed these recommendations. Tesla CEO Elon Musk, for example, who publicly clashed with former EU Commissioner Thierry Breton, said that “Draghi’s critique is accurate” and called for “a thorough review of EU regulations to eliminate unnecessary rules and streamline activity in Europe would revitalize growth and strengthen competitiveness.” DigitalEurope, a leading trade association for the tech industry in Europe, expressed support for Draghi’s vision “to break Europe free from the vicious cycle of low innovation, investment, and commercialization.” 

But will Draghi’s recommendations lead to real change, or are they just false hope? If the past is prologue, then the later seems more likely. This is not the first instance where a prominent EU figure has issued an extensive strategic report for the EU. For example, in 2010, Mario Monti, another former Italian prime minister, EU commissioner, and well-regarded academic, released a report that proposed a strategy to protect the EU single market from economic nationalism, expand it into new growth areas, and build consensus around it. Monti’s recommendations were never followed through, with the report still gathering dust on a shelf. Other reports, however, did have significant impacts on the EU, such as the 1989 Delors report, which played a pivotal role in leading to the European monetary union. Whether Draghi’s report is a game changer or another forgotten report within the EU’s archives remains to be seen. There are three factors that will likely determine the fate of Draghi’s report. 

The first element is timing. Although Draghi’s report was initially scheduled for June, prior to the European Parliament elections or the setting of the European Commission’s political guidelines, its publication afterward reduced the potential impact of the report, as it was not a focal point of the election discussions.

The second factor is the lack of strong political will to initiate changes in Europe. This can be attributed to the relative weakening of national governments following the European elections, which have led to government crises in Germany and France, the largest and most important EU countries. The increasing influence of far-right parties throughout Europe is anticipated to prompt multiple EU member states to prioritize domestic political agendas and safeguard national economic interests rather than present an ambitious strategic plan for the EU.

Third, even if the EU were to slow the pace on new digital regulations, this would be mainly due to the significant amount of legislation that has already been adopted, such as the Digital Markets and Services Acts, the Data Act, or the AI Act. In addition, the previous commission initiated several proposals that are currently in progress, such as a proposal for in-vehicle data regulation, ePrivacy regulation to provide specific data protection rules in electronic communications, a possible directive on AI liability, and the Cyber Resilience Act, which introduces new cybersecurity requirements for digital products’ design, development, production, and marketing. The new commission also plans to propose a Digital Fairness Act to strengthen consumer rights, particularly regarding dark patterns (interface designs that influence consumer decisions) and addictive design (functionalities that encourage continuous use of a service). In short, even if the EU decelerates the implementation of new digital regulations, it will not completely halt the introduction of new regulations.

***

In his report, Draghi articulated a critical message: Europe stands at a pivotal moment and must take decisive action. The EU is hindered by fragmentation, regulatory barriers, excessive regulation, limited access to capital, and poor coordination—all contributing to persistent underinvestment. Draghi cautioned that addressing these issues would require—among other measures—moderating the pace of digital regulations. This does not imply an absence of regulations but rather a focus on fewer, more effective regulations. While Draghi’s recommendations aim to enhance Europe’s performance in the digital transformation, their implementation will inevitably affect U.S. businesses, which would likely welcome a reduction in far-reaching EU regulations that escalate their regulatory burden and compliance requirements.


Itsiq Benizri is a counsel at WilmerHale Brussels, where he focuses his practice on EU AI and data law. Mr. Benizri regularly represents clients in several cutting-edge data protection appeals before the EU Courts. He is qualified as an AI Governance Professional (AIGP) and Certified Information Privacy Professional (CIPP/E) by the International Association of Privacy Professionals (IAPP).
Ekaterina Fakirova is a legal consultant at WilmerHale Brussels, where she focuses on antitrust and privacy matters. She holds an LL.M. degree from the University of Pennsylvania, with a concentration on IP and technology Law. She was a director of the AI Foresight Initiative at Penn Carey Law School.

Subscribe to Lawfare