Europe Embarks on a New Technology Regulation Wave

Big changes are coming as Europe moves toward digital empowerment by 2030. Governments are building frameworks for the regulation of emerging technologies to protect consumers and companies while promoting innovation and digital leadership. What impact will the drive toward technology sovereignty have on BigTech providers, buyers, and investors? Read on for the latest in our series on technology sovereignty.  

In our last blog, we explored the emerging and growing focus on technology sovereignty in the United Kingdom and Ireland (UK&I) and European markets. Let’s continue our discussion of this important topic.

The focus on Europe’s data sovereignty is back in the spotlight as a result of new European Union (EU) rules to limit big online platforms’ market power. The risk of global cyber-attacks by Russia as retaliation against Ukraine also has made this an issue to watch.

Europe’s latest moves for technology regulation are not in isolation. Representatives from business, politics, and science from Europe and around the globe have already been working together since 2019 to create a federated and secure data infrastructure through the GAIA-X initiative.

With data security, privacy, and technology sovereignty becoming key issues for the region, Europe is setting up new regulatory frameworks to protect consumers and companies, while trying to ensure a competitive market and encouraging innovation.

What does the Digital Markets Act (DMA) entail?

Under consideration by the European Commission, the DMA intends to ensure a higher degree of competition in the European Digital Markets, by preventing large companies from abusing their power and by allowing new players to enter the market.

Beyond the hyperbole that surrounds any technology regulation, the DMA provisions include:

  • New regulations on BigTech companies providing “core platform services” that are most prone to unfair business practices, such as social networks or search engines. These companies that have a market capitalization of at least €75 billion or annual revenue of €7.5 billion are considered gatekeepers
  • To be designated as gatekeepers, these companies must provide services such as browsers, messengers, or social media, which have at least 45 million monthly end users in the EU and 10,000 annual business users
  • Sizable messaging services (such as WhatsApp, Facebook Messenger, or iMessage) will have to open up and interoperate with smaller messaging platforms, if users ask, promoting more choice
  • Combining personal data for targeted advertising will only be allowed with explicit user consent from the gatekeeper. Similar to instant messaging, allowing users to freely choose their browser, virtual assistants, or search engines will be required
  • If a gatekeeper does not comply with the rules, they can receive fines of up to 10% of total worldwide turnover in the preceding financial year and 20% for repeated infringements. Companies who systematically violate the regulations could be banned from acquiring other companies for a certain period

In addition to DMA, the EU reached a consensus on the Digital Services Act (DSA) in April, which focuses on setting up a standard for the accountability of online platforms regarding illegal and harmful content. If voted into law, the DSA will apply across the EU within fifteen months or from January 1, 2024, whichever is later. Meanwhile, the DMA likely will go into effect next summer.

The battle for sovereignty and security is just getting started

While these acts are significant steps in Europe’s focus on curbing the perceived monopolistic power of BigTech, they are part of larger movements such as:

  • A growing global reckoning exists around BigTech companies that control multiple industries, such as enterprise cloud computing, consumer-oriented economies, and media and advertising, to name a few. Complicating this further is the way their roles (especially social platforms such as Meta, Twitter, etc.) are evolving into digital town squares, and the subsequent impact on democracy, free speech, and bullying
  • Most BigTech companies originated in North America but are now global businesses. There’s a degree of circumspection in how Europe views this shift in innovation and control and reining it in. These acts are a natural successor to Europe’s previous foray into data protection through the General Data Protection Regulation (GDPR), which came into force in 2018. It subsequently inspired other acts globally, including the California Consumer Privacy Act (CCPA)
  • The region’s increasingly fragile geopolitics is creating new implications for cyberwarfare and rogue state actors, fueling the desire to shore up digital resilience. We can also expect this to have a knock-on effect on other regions (the US is considering similar steps and Australia took measures to regulate the relationship between BigTech and traditional media, to name a few)

We expect this conversation on the regulation of emerging technologies to evolve and shape the future of technology spending and strategies in the region.

Implications of technology regulation for the European ecosystem

Owing to these triggers and the broader conversation around technology regulation, sovereignty, and BigTech reach, we expect the following three implications for buyers, providers, and investors in the European technology space:

  • Buyers should include sovereignty requirements in sourcing decisions: We are starting to see enterprise buyers of technology and services embed sovereignty of the tooling and service providers they choose in RFPs. Expect this to continue and become a hygiene factor for technology providers to showcase in the sourcing process
  • Establish regional market partnerships: BigTech companies are smart and understand they can’t be upstaged overnight. They are already establishing partnerships and tweaking their business model to ensure compliance with the evolving European regulatory environment. Look for more partnerships with specific players in the region to play by these rules (for instance, Google Cloud and T-Systems partnering on cloud sovereignty in the region). IT service providers will also train more people on BigTech technologies as a result
  • Look beyond sovereignty-washing: As with any big shift and trend, new and existing competitors to BigTech will latch on to this market theme. We foresee more press releases announcing the amped up focus on sovereignty. Investors, buyers, and partners should look beyond this marketing hype and truly understand how these firms are solving these issues. For instance, are they embedding sovereignty at the application or data layer? Where does the data reside, and who owns it? Answering these questions can help buyers spot the real innovators

We anticipate a floodgate of activities as we approach implementation timelines in the next 12-18 months. This will create a one-time discontinuity in the market and result in additional spending on compliance. However, market participants will be wise to consider the long-term impact of technology regulation in Europe on their strategies.

To discuss further, please reach out to [email protected] or contact us.

You can also tune in to our webinar, Discover 5 Ways to Transform Your Workforce and Location Strategy Amid Global Uncertainties, for key insights and strategies that global talent leaders can use to readjust their workforce strategies.

Subscribe to our monthly newsletter to get the latest expert insights and research.

How can we engage?

Please let us know how we can help you on your journey.

Contact Us

"*" indicates required fields

Please review our Privacy Notice and check the box below to consent to the use of Personal Data that you provide.