Close Sidebar
COPYRIGHT © PROFESSIONAL EVALUATION AND CERTIFICATION BOARD 2021 ALL RIGHTS RESERVED
Now Reading
Building Tech Legal Frameworks That Enable Innovation
Search for content, post, videos
Search for content, post, videos

Building Tech Legal Frameworks That Enable Innovation

September 1, 2025

With the rapid advancement of technology, both governments and businesses are confronted with the complex challenge of developing legal frameworks that enable and even foster innovation. This challenge is particularly evident in Europe, where businesses are facing an increasing volume of complex digital regulations imposed by European authorities. Last September, Mario Draghi, former European Central Bank chief, asserted that “innovative companies that want to scale up in Europe are hindered at every stage by inconsistent and restrictive regulations.” This article explains why this challenge matters and proposes a few strategies to address it.

The European Case

The future of Europe’s competitiveness largely depends on closing the innovation gap with the U.S. and China. Currently, among leading companies in software and internet, EU firms represent just 7 percent of research and development (R&D) expenditure, compared with 71 percent for the U.S. and 15 percent for China. Among leading companies producing technology hardware and electronic equipment, the EU accounts for only 12 percent of R&D expenditures as compared with 40 percent for the U.S. and 19 percent for China. Closing such a gap entails accelerating technological and scientific innovation, improving the transition from innovation to commercialization, removing obstacles that prevent innovative companies from growing and securing financing, and making concerted efforts to address skills gaps.

The primary reason for the EU’s slower productivity growth in comparison to the U.S. is its lag in the digital revolution. Europe is less successful in creating tech companies, adopting digital services, and investing in digital innovation research and development. Europe has focused largely on mid-tech development and investments, such as the automotive industry, rather than on high-tech sectors, such as software and tech hardware.

Contributing factors include limited ability to use digital data as a production asset, inadequate private investment in startups, but also high regulatory compliance costs.

Legal Barriers

Strict digital regulations in the EU are not the sole cause of the innovation gap with the U.S. and China. However, the growing number of EU digital regulations creates challenging obstacles—such as creating large datasets for AI training purposes—for companies, especially those just getting their start. Draghi finds that Europe claims to favor innovation, but … continue[s] to add regulatory burdens onto European companies, which are especially costly for small and medium enterprises (SMEs) and self-defeating for those in the digital sectors. More than half of SMEs in Europe flag regulatory obstacles and the administrative burden as their greatest challenge.” In other words, the way the EU approaches tech regulation harms its companies more than it helps them. 

Draghi identifies five ways in which regulatory barriers constrain economic growth.

  1. Complex and costly procedures across fragmented European national systems discourage inventors from filing for intellectual property rights, hindering young companies from leveraging the EU single market.
  2. Extensive tech regulations, with approximately 100 laws and over 270 regulators, hinder innovation by enforcing precautionary measures that dictate business practices to prevent future risks.
  3. Digital companies are discouraged from doing business across the EU through subsidiaries due to differing regulations and multiple regulatory agencies. This issue is coupled with the challenge of national governments and authorities exceeding the minimum requirements set by EU legislation when incorporating it in their domestic law.
  4. Constraints on data storage and processing—such as the General Data Protection Regulation’s (GDPR’s) strict requirements that personal data may be processed only on the basis of limited lawful bases; collected only for specified, explicit, and legitimate purposes; and kept for only as long as necessary for such purposes—result in substantial compliance expenses and impede the development of extensive, integrated datasets essential for training AI models. This fragmentation places European companies at a competitive disadvantage compared to the U.S., which relies on the private sector to amass large datasets, and China, which can use its central institutions for data aggregation.
  5. Multiple different national rulesin public procurement increase costs for cloud providers. 

The Way Forward

Considering the various ways regulatory barriers constrain economic growth, some possible strategies for building tech legal frameworks that enable and possibly foster innovation are as follows.

  • Slow Down

A key priority should be to moderate the pace of digital regulations. This involves carefully adjusting how quickly and extensively new regulations are introduced in the digital space, especially in areas like AI, to ensure that innovation is not stifled by overly rapid regulatory changes. Achieving this balance is challenging. The need to regulate digital technologies is often genuine and pressing. Regulating too early can be counterproductive, while regulating too late may prove ineffective. Therefore, finding the right timing is essential. The pace of digital transformation has likely never been higher, but regulators need time to fully understand the technologies they aim to govern and to identify appropriate regulatory options through intensive exchanges with businesses and researchers. One interim approach, while awaiting the adoption of hard law, could be to develop soft law instruments, combined with effective industry engagement and constructive oversight.

  • Less Is More

Moderating the pace of digital regulation does not mean eliminating regulations altogether; instead, it emphasizes implementing fewer, more effective rules. Soft law should not replace hard law but should serve as a tool to develop better digital regulations that address the right issues. For instance, as the EU AI Act focuses on regulating AI-generated content, emerging questions around regulating AI actions performed by AI agents are becoming increasingly relevant. Therefore, slowing down should lead to fewer, but more appropriately tailored, regulations.

  • More Consistency

One priority is to simplify digital regulations by eliminating overlapping rules. For example, the EU should consider eliminating regulatory overlaps with the AI Act to avoid penalizing EU companies engaged in advanced AI development. This is mainly because EU law on the protection of personal data, privacy, and the confidentiality of communications, such as the GDPR, will apply to the processing of personal data in connection with the AI Act.

  • More Uniformity

Sometimes, rules adopted at one level must be implemented and/or supplemented at another level. In such cases, a lack of uniformity can also constitute a legal barrier to innovation. This situation is frequently observed in Europe, though it is not limited to this region. For example, while the GDPR has largely harmonized data protection laws across all EU countries, it has not achieved uniformity in certain areas. For instance, despite the GDPR allowing the use of patient data for health research, the implementation has been inconsistent across member states, hindering the industry from fully utilizing the available electronic data. For years, European national data protection authorities have adopted diverging interpretations on key data protection concepts. This is not over yet. And it does not help.

  • More Guidance

Ambiguity in key digital regulations can deter innovation by creating legal uncertainty. It is important for the relevant authorities to issue clear guidance and technical standards to help companies navigate compliance. The EU is increasingly moving in this direction; however, this remains challenging. For example, the guidance provided by the European Data Protection Board in the context of the GDPR is sometimes controversial or, at the very least, unhelpful. When it comes to technical standards, ongoing efforts at the EU level under the AI Act demonstrate that developing such standards is no easy task. Most importantly, this must be done in a timely manner and in close coordination with industry, which should contribute to these efforts for the common good as well as its own interests.

  • Risk-Based Approach

A major challenge with digital regulations, particularly in Europe, is that they sometimes apply the same rules to very different types of organizations. For instance, most GDPR requirements cover both large technology companies and startups or small businesses. In contrast, the AI Act introduces a tiered system that classifies AI systems by risk level, enabling differentiated regulatory treatment. This approach helps prevent low-risk innovation from being stifled, while ensuring strict oversight of high-risk applications.

  • Better Rules for Enforcement

Enforcement should adhere to shorter timelines with more stringent compliance processes. Critics have argued that this was lacking under the GDPR, which led the European Commission to propose new legislation to enhance cooperation among data protection authorities.

  • Embed Innovation Incentives into Regulation

Lawmakers can also design rules that actively promote innovation. For example, under the AI Act, EU Member States must have operational regulatory AI sandboxes to provide a controlled environment for innovation, supporting the development, training, testing, and validation of AI systems under regulatory supervision for a limited period before their placement on the market or entry into service. Over the past years, the sandbox approach has gained considerable traction across the EU as a means of helping regulators address the development and use of emerging technologies in a wide range of sectors, including fintech, transport, energy, telecommunications, and health. Hopefully, this trend will persist.

  • Support Small Players

Another strategy is to specifically support SMEs. For example, the AI Act does this by granting those with a registered office or branch in the EU priority access to regulatory sandboxes, organizing targeted awareness-raising and training activities on the application of the AI Act tailored to their needs, using dedicated channels of communication to provide advice and respond to queries about the implementation of the AI Act, and facilitating their participation in the standardization development process. Likewise, both the GDPR and the AI Act provide very limited derogations for small players.

A Brighter Future?

There is no inherent antagonism between digital regulation and innovation. In fact, well-designed regulatory frameworks can enable and even actively foster innovation by providing clarity, trust, safety, and a level playing field. The key lies in applying thoughtful strategies to ensure that digital regulations evolve in step with technological progress. Hopefully, the suggestions in this article offer a few useful ways to move in that direction.

Itsiq Benizri

Itsiq Benizri is a counsel at WilmerHale Brussels. He focuses his practice on EU AI, data protection, and cybersecurity law. Mr. Benizri advises clients on all compliance issues, including global compliance programs and internal procedures. He has also been involved in several high-profile judicial and administrative proceedings. His experience covers a broad set of sectors, including social media, IT and cloud computing, communications, banking, energy, chemicals, transport, automotive, gaming, pharma, food and beverage, sports, media, pharmaceuticals, and cosmetics. Mr. Benizri is qualified as a Certified Information Privacy Professional (CIPP/E) by the International Association of Privacy Professionals (IAPP) and is a member of this association. He is a graduate of the College of Europe, the European University Institute, and the Brussels School of Artificial Intelligence. You can reach him at: https://www.wilmerhale.com/en/people/itsiq-benizri

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts