Research Programs
More
What are you looking for?
Showing Latest Publications
TOTM The government does not need to burn books when it can threaten licenses. Why bother with an inquisitor’s bonfire when a regulator’s raised eyebrow can . . .
The government does not need to burn books when it can threaten licenses. Why bother with an inquisitor’s bonfire when a regulator’s raised eyebrow can do the trick?
That is the modern First Amendment problem. Censorship no longer arrives only as an outright ban. More often, it comes dressed as “oversight,” “public interest,” or “compliance”—all perfectly respectable words, right up until they become tools of political pressure.
Recent actions by the Federal Communications Commission (FCC) against Disney-owned ABC have sparked a high-stakes legal fight. This is not merely a technical dispute over “equal time” rules or corporate diversity policies. It points to a troubling pattern of censorship by proxy: government officials leaning on private actors to suppress or reshape speech the government disfavors.
By pushing back, ABC is defending more than its own editorial independence. It is helping hold the line for the “marketplace of ideas.”
Read the full piece here.
TOTM Consumer protection often begins with a simple question: Can the consumer walk away? If the answer is no—because switching is hard, data are locked up, . . .
Consumer protection often begins with a simple question: Can the consumer walk away? If the answer is no—because switching is hard, data are locked up, markets are fragmented, or new competitors cannot enter—then the problem is not just weak consumer protection. It is weak competition.
That is the frame for a deceptively basic question: How should consumer-financial law foster a stronger competitive environment?
The question arises from the Consumer Financial Protection Bureau (CFPB) Taskforce’s report on federal consumer-financial law, published in January 2021. Chapter 8 of the report’s first volume emphasized a point too often lost in consumer-protection debates: competition is not separate from consumer protection. In many markets, competition is consumer protection.
When consumers can choose among rival providers, switch accounts, transfer their data, compare prices, and obtain credit from lawful new entrants, they are less vulnerable to poor service, excessive pricing, and exclusion. When law fragments markets, raises fixed compliance costs, or shields incumbents from competition, consumers often end up with fewer choices, not better protection.
The Taskforce drew on an earlier warning from the National Commission on Consumer Finance, which argued in 1972 that “fractionalized” legislation and regulation should be reviewed to ensure both free entry by firms and fair treatment of consumers. That warning has aged unfortunately well.
Developments since 2021—in law, regulation, litigation, and scholarship—do not support a simple call for more regulation. They point instead toward better regulation: rules that reinforce competitive markets rather than displacing them. The most promising reforms are structural and market-reinforcing: clearer allocations of federal and state authority, greater legal certainty for fintech-bank partnerships, workable consumer-data portability, improved credit-information systems, and more disciplined agency analysis of competitive effects.
That emphasis also echoes the CFPB Taskforce report. As Chapter 6 of that report explained:
Market-reinforcing regulation refers to regulatory action designed to “promote competition and consumer choice so that consumers can find those products that they think are best for themselves and their families.” Market-reinforcing regulation is consistent with the disclosure-based regulatory strategy of the past several decades that is designed to help markets function and to satisfy consumer demand more effectively by enabling consumers to shop more easily among competing product providers. It also includes vigorous prosecution of fraud, deception, and other unlawful practices that undermine consumer choice.
Market-reinforcing regulation refers to regulatory action designed to “promote competition and consumer choice so that consumers can find those products that they think are best for themselves and their families.”
Market-reinforcing regulation is consistent with the disclosure-based regulatory strategy of the past several decades that is designed to help markets function and to satisfy consumer demand more effectively by enabling consumers to shop more easily among competing product providers. It also includes vigorous prosecution of fraud, deception, and other unlawful practices that undermine consumer choice.
That description remains as accurate as ever.
TOTM Meta’s Incognito Chat is interesting not because it promises privacy, but because it makes privacy expensive. It limits what Meta can know, what Meta can . . .
Meta’s Incognito Chat is interesting not because it promises privacy, but because it makes privacy expensive. It limits what Meta can know, what Meta can monetize, and what Meta can hand over later. That is what makes the announcement worth taking seriously.
Meta has launched Incognito Chat with Meta AI, a way to talk to an artificial intelligence assistant on WhatsApp and the Meta AI app under privacy guarantees that, as Mark Zuckerberg puts it, are “similar to how end-to-end encryption means no one can read your conversations, even Meta or WhatsApp.” The system runs server-side AI inference—meaning the AI processes requests on remote servers rather than on your device—inside a hardware-isolated environment known as a trusted execution environment (TEE). In principle, that means even Meta cannot inspect users’ chats. Meta pairs that architecture with stateless processing, anonymous routing, and at least partially verifiable transparency measures.
Two design tradeoffs deserve attention because, in my view, Meta made the right call on both. First, the architecture makes personalized advertising harder. Second, it constrains trust-and-safety systems that depend on human review of flagged conversations. Both choices will draw criticism—from inside the company and from outside advocates of broader monitoring powers. Both are worth defending before the inevitable pressure campaign begins.
I have argued previously that hardware-backed confidential computing offers the most credible path to combining frontier-grade AI capabilities with meaningful data security. I have also argued that voluntary technical self-restraint by AI providers strengthens the case for legal protections for AI conversations. Incognito Chat is the first major consumer AI product that, at least on its face, appears to satisfy both halves of that argument.
My initial reaction, then, is simple: more of this, please—and from every provider.
TOTM If you have been near anyone under the age of 15 in the past year, you may have heard the phrase “six seven” shouted with . . .
If you have been near anyone under the age of 15 in the past year, you may have heard the phrase “six seven” shouted with great conviction and no discernible content. It usually comes with a hand gesture. It means, as best anyone can tell, absolutely nothing. That is the joke: a number pair masquerading as communication, repeated so often that the repetition becomes the point.
In Brussels, Article 6(7) of the Digital Markets Act (DMA) has begun to suffer a similar fate. The DMA is the European Union’s flagship law for regulating large digital platforms, which it calls “gatekeepers.” Article 6(7) is supposed to require those gatekeepers to make certain hardware and software features interoperable—that is, usable by rival services—while still allowing them to protect security, privacy, and system integrity.
Increasingly, though, the provision gets invoked with great solemnity in every new specification proceeding the European Commission opens, while its actual content keeps shifting to mean whatever the Commission needs in a given case. The trajectory of enforcement—from Apple’s iOS connected-devices proceedings last year to the current Google Android artificial-intelligence (AI) proceedings—suggests the Commission increasingly treats Article 6(7) less like a legal text with an internal structure and more like a slogan: interoperability now, for everyone, on whatever terms the Commission prefers.
That is unfortunate, because Article 6(7) is not a blank check. It has two distinct halves. The provision requires gatekeepers to provide “effective interoperability with, and access for the purposes of interoperability to, the same hardware and software features” enjoyed by their own services. But it also expressly permits integrity measures that are “strictly necessary and proportionate.” Recital 50 of the DMA confirms that integrity-preserving measures are a legitimate part of implementing Article 6(7), not a loophole to be sheepishly apologized for after the fact.
Properly read, the provision establishes a balancing test, not a maximalist openness mandate. “Effective” does not mean “identical,” and “identical” does not mean “unlimited.”
The Commission’s enforcement to date has steadily read the second half of the provision out of existence. The result is weaker security, less inter-platform competition, and a regulatory tool that increasingly puts a thumb on the scale in the rapidly unfolding generative-AI race, often to the detriment of European consumers.
TL;DR TL;DR Background: As detailed in a recent ICLE issue brief, American freight railroads are safer today than at any point in history. Yet, since the . . .
Background: As detailed in a recent ICLE issue brief, American freight railroads are safer today than at any point in history. Yet, since the 2023 East Palestine derailment, Congress has repeatedly reintroduced the Railway Safety Act, which would impose prescriptive federal mandates on an already improving sector.
But… The act rests on a flawed premise. It would mandate sweeping new rules without requiring cost-benefit analysis, putting it at odds with established federal policy. Its rigid specifications would risk discouraging the innovation that has driven decades of safety gains, while its most visible provisions appear driven more by special interests less than evidence on safety.
Moreover… The status quo already delivers much of what the act promises. The Federal Railroad Administration’s (FRA) collaborative advisory process, voluntary industry initiatives, and market-driven investment have produced measurable safety gains without a change in the law. A performance-based framework that sets measurable safety targets and lets railroads decide how to meet them would preserve those gains and encourage continued innovation. The Railway Safety Act would replace this adaptive system with a rigid statutory mandate likely to do more harm than good.
The Railway Safety Act responds to a real tragedy, but targets a shrinking problem. Over the past two decades, train accident rates per million train-miles have fallen by more than 38%, hazardous-materials train accident rates are down at least 61%, and employee on-duty fatalities reached an all-time low in 2023. Bureau of Labor Statistics data likewise show that rail transportation compares favorably with air transportation, warehousing, and urban transit for workplace safety.
Much of this progress comes from voluntary, industry-led investment. Class I railroads deployed roughly 1,000 additional wayside detectors, lowered bearing-temperature alert thresholds, adopted predictive analytics, and expanded first-responder access to real-time railcar data, all within months of the East Palestine accident.
Codifying what industry has already done, but at higher cost and with less flexibility, would not improve safety. It would add compliance burdens to an already improving baseline, with marginal benefits unlikely to justify the costs.
The act’s core defect is structural: It mandates sweeping federal rulemakings without requiring agencies to show that benefits justify costs. That approach departs from Office of Management and Budget Circular A-4 and the cost-benefit discipline reaffirmed by Executive Order 14192. Even if analysis showed that costs would exceed benefits, the statute would still require the agency to proceed.
The stakes are real. The detector-spacing provision alone could cost $1.1 to $2.2 billion. Positive Train Control—a comparable 2008 mandate—cost roughly $10 billion to $15 billion. To justify spending at that scale, the act would need to prevent tens of thousands of incidents, or thousands of severe derailments, over a decade. Given current trends, neither scenario is realistic.
Recent macroeconomic work reinforces the point. A 5% increase in federal regulatory restrictions on freight transportation raises unit shipping costs by 0.8% to 2.3% and reduces shipment volumes by 1.4% to 4.1%, with effects that compound over time. These are persistent constraints on innovation-driven growth, not one-time adjustment costs.
The act includes prescriptive federal standards for detector spacing, thresholds, and data protocols; uniform inspection requirements; and rigid tank-car deadlines. A federal rule written today would codify 2026-era technology and, given the FRA’s multiyear rulemaking timelines, likely be obsolete before it takes effect.
But that technology is already changing. Distributed fiber-optic sensing, LiDAR-based infrastructure monitoring, acoustic bearing detectors, machine vision portals, and IoT-enabled remote condition systems are in deployment or pilot phases.
Positive Train Control offers the cautionary tale. Congress mandated PTC in 2008, locking in a technical specification before the system had matured. Implementation required repeated deadline extensions and foreclosed potentially superior alternatives. The act’s detector and tank-car provisions risk repeating that mistake.
No provision better illustrates the act’s evidentiary gap than the two-person crew mandate. In 2019, the FRA concluded that it “cannot provide reliable or conclusive statistical data” on whether one-person crews are safer or less safe than multi-person crews. The agency’s 2024 reversal introduced no new statistical evidence and rested instead on qualitative judgments about redundancy.
A statutory mandate would override collective bargaining and strip railroads of the flexibility to match staffing to route conditions, traffic density, and available technology. Its primary effect would be to preserve employment levels—a legitimate goal in some contexts, but one better addressed through bargaining than through federal safety law.
The act’s compliance costs would not fall evenly. Fixed federal standards impose roughly the same per-mile burden on a high-density Class I mainline as on a rural short-line carrier moving far less traffic.
Minnesota’s legislatively mandated 2026 Wayside Detector System Study modeled three detector-spacing scenarios across nearly 1,000 miles of Class II and Class III track. In each case, recurring operating costs exceeded quantified safety benefits, producing a negative net impact over 10 years. A targeted approach would support short lines through existing funding programs, rather than impose unfunded mandates beyond their financial capacity.
The regulatory-design literature distinguishes among technology-based regulation, which specifies means; performance-based regulation, which specifies ends; and management-based regulation, which requires firms to design systems to meet defined goals. Performance- and management-based approaches generally outperform prescriptive mandates because they preserve flexibility and reward efficient solutions.
For freight rail, that means setting measurable targets and letting railroads decide how to meet them. A performance-based framework would align incentives with outcomes, encourage technological progress, and direct scarce resources toward the highest-return safety investments.
Freight rail safety is improving. The policy challenge is to sustain and accelerate that progress—not to react reflexively to high-profile incidents with mandates that risk doing the opposite: imposing large, certain costs in pursuit of uncertain and unquantified benefits.
For more on this topic, see the ICLE issue brief “The Wrong Track: How the Railway Safety Act Risks Derailing Innovation” by Kristian Stout and Subiksha Ramakrishnan.
Presentations & Interviews ICLE Senior Scholar Lazar Radic joined the In Conversation With IPR & Competition Law podcast for a wide-ranging discussion on whether generative AI is driving . . .
ICLE Senior Scholar Lazar Radic joined the In Conversation With IPR & Competition Law podcast for a wide-ranging discussion on whether generative AI is driving competition, collusion, or innovation in rapidly evolving digital markets. Radic explored how competition law and intellectual property frameworks are grappling with issues such as Big Tech’s control over data and compute infrastructure, AI partnerships, algorithmic collusion, creators’ rights, and emerging regulatory approaches from the Federal Trade Commission and the European Commission. Audio of the full episode is embedded below.
Regulatory Comments I. Introduction The International Center for Law & Economics (ICLE) appreciates the opportunity to respond to the European Commission’s consultation on proposed measures specifying Alphabet’s . . .
The International Center for Law & Economics (ICLE) appreciates the opportunity to respond to the European Commission’s consultation on proposed measures specifying Alphabet’s obligations under Article 6(7) of the Digital Markets Act (DMA). On 27 April 2026, the Commission adopted preliminary findings proposing measures Alphabet must implement to comply with the interoperability obligation for Google Android features relevant to providers of artificial-intelligence (‘AI’) services.[1]
The proceedings target a defined set of features grouped into four categories: (i) invocation, (ii) context, (iii) actions on apps and the operating system, and (iv) access to resources. The Annex to the preliminary findings also sets out 13 feature-specific measures, alongside a horizontal set of ‘measures for all features’ governing ecosystem-wide implementation, user consent, integrity, eligibility, equal effectiveness, free-of-charge access, documentation, technical assistance, future updates, reporting, and waivers.[2]
Article 6(7) DMA requires designated gatekeepers to provide third parties with ‘effective interoperability with, and access for the purposes of interoperability to, the same hardware and software features’ available to the gatekeeper’s own services, subject only to integrity measures that are ‘strictly necessary and proportionate’.[3] Google Android was designated a core platform service in September 2023. These proceedings therefore represent a significant early application of Article 6(7) to AI-facing operating-system features.
These comments address the proposed measures from two perspectives. First, the measures, as currently framed, do not appear well-targeted to the empirical realities of AI use on mobile devices or to the competitive dynamics of the upstream AI-assistant market. Requiring Google to dismantle a key source of Android product differentiation risks softening competition between Google and leading AI providers, such as OpenAI and Anthropic, under the guise of promoting intra-Android rivalry.
Second, the proposed measures do not adequately account for the security and integrity tradeoffs that arise when third parties receive system-privileged access to ambient sensor data, on-device databases, screen-automation APIs, and background-execution channels. The Commission’s narrow interpretation of the integrity provision in Article 6(7) risks leaving both Google and end users with insufficient flexibility to manage emerging security risks.
Against this backdrop, two questions become central. First, does mobile in fact constitute a critical gateway for AI services such that intervention at the Android layer is justified? Second, even if it does, how are the proposed remedies likely to affect competition in the AI-services market itself?
The answers to both questions cast doubt on the Commission’s approach. Current evidence suggests that users still access AI services predominantly through desktop browsers and browser-based interfaces, rather than through mobile-device integrations. That weakens the factual basis for treating Android as an indispensable gateway for AI-assistant providers.
At the same time, the proposed measures risk reshaping competition in ways the preliminary findings do not fully confront. To the extent the remedies limit Google’s ability to integrate Gemini deeply into Android, they may weaken rather than strengthen rivalry in AI services. The measures would reduce one of the principal ways Google can compete against specialist AI firms, while simultaneously granting equivalent system access to rivals that already hold leading positions in the market.
This creates a potential tension between the DMA’s twin objectives of fairness and contestability. Measures intended to expand intra-platform access may, in practice, reduce inter-firm competition in AI services overall.
The DMA’s application turns on whether the relevant core platform service constitutes an ‘important gateway for business users to reach end users’.[4] The preliminary findings invoke that premise by observing that ‘around 60 per cent of mobile users in Europe own a Google Android smart mobile device’ and concluding that ‘mobile devices powered by Google Android represent a crucial gateway for providers of stand-alone AI services to reach end users’. That conclusion does not automatically follow from Android’s share of mobile devices. The relevant question is not whether Android is a popular operating system in the abstract, but whether mobile devices serve as a critical channel through which providers of stand-alone AI services reach end users.
The available evidence suggests that AI services remain disproportionately desktop-centric. Google’s own AI offering illustrates the point. In October 2025, Gemini recorded roughly 813 million monthly desktop sessions, compared with 369 million on mobile devices—a desktop-to-mobile ratio exceeding two-to-one.[5] Industry analyses indicate similar usage patterns across leading AI services.[6] AI firms currently build user engagement primarily through browser-based and desktop interfaces, rather than through mobile-device integrations.
That pattern reflects the nature of current AI-assistant use cases. Activities such as research, drafting, coding, and long-form querying typically involve sustained-attention workflows that users perform on larger screens. Mobile interactions, by contrast, remain shorter and more intermittent.
These figures weaken the empirical basis for treating Google Android as an ‘important gateway’ for AI services in the manner suggested by the preliminary findings. End users currently access AI services predominantly through other channels, most notably desktop browsers. This does not call Android’s gatekeeper designation into question more broadly. It does, though, counsel caution. Given current AI-usage patterns, the Commission’s limited enforcement resources may be better directed elsewhere.
Even if Android constitutes a meaningful distribution channel for AI services, the proposed measures should still be assessed in light of their likely effect on competition in the AI-services market itself. The most recent industry data indicate that Gemini is not the market leader in AI-assistant usage. ChatGPT reportedly accounted for roughly 70 per cent of EU AI-chatbot usage in April 2026.[7] Claude, meanwhile, has captured substantial enterprise and developer demand, with an estimated $14 billion annualised revenue run-rate by February 2026 and adoption by eight of the Fortune 10.[8] In the market targeted by the proposed measures, Google is therefore the challenger, not the incumbent.
That distinction matters because the proposed measures threaten one of the principal ways Google differentiates its AI offering. As the Commission itself recognises, Google’s AI strategy relies on a vertically integrated stack that spans chips (Tensor and TPU), cloud infrastructure (Google Cloud), foundation models (the Gemini family), platform integration (Search, Maps, Calendar, Gmail, YouTube, and Photos), and distribution channels (Android, Chrome, and Google Play). Deep system-level integration with Android—including wake-word reservation, on-device database access through the default-assistant role, AI Core preferential RAM access, and structured App Functions—is one of the few mechanisms through which Google can translate that integrated stack into a differentiated end-user experience capable of competing with the specialist offerings of leading AI labs.
Requiring Google to reduce that integration to the level available to third-party applications may promote intra-Android rivalry. It may also deprive Google of a key means of competing against OpenAI and Anthropic. The likely effect would not necessarily be a more competitive AI-assistant market overall, but a softer one in which the trailing integrated competitor cannot compete on the basis of its comparative strengths. This raises a potential tension within the DMA’s dual objectives. Measures intended to promote fairness through intra-platform competition may simultaneously reduce contestability by weakening inter-firm rivalry in AI services.
The likely beneficiaries further reinforce this concern. The firms best positioned to take immediate advantage of equal access to wake-word detection, screen automation, App Functions, AI Core, and ambient sensor data are the companies that already lead the global AI-assistant market, including OpenAI and Anthropic, alongside well-resourced firms such as Microsoft, Meta, and major Chinese model providers. In practice, the remedies risk transferring competitive advantages from the trailing integrated operator of the Android platform to dominant specialist AI firms. That outcome sits uneasily with the DMA’s contestability rationale, which ordinarily targets entrenched market leaders rather than reinforcing their position.
This concern is not merely theoretical. A close functional analogue emerged in connection with Meta’s integration of its AI assistant into WhatsApp. In October 2025, Meta amended its WhatsApp Business Solution Terms to restrict the provision of general-purpose AI-assistant services through the WhatsApp Business API, while preserving the preferential in-platform position of Meta AI. The Italian Competition Authority subsequently adopted interim measures requiring Meta to suspend the policy. The European Commission opened formal proceedings in December 2025, and other authorities launched parallel investigations. The remedies under consideration would require Meta to allow third-party AI assistants to operate on equivalent terms to Meta AI within the platform.
At a high level, the policy objective resembles that of the present proceedings: protecting AI competition on widely used consumer platforms. The practical effect, though, may again be to remove a differentiating integration that Meta could otherwise use to compete with leading AI providers. Taken together, the two cases suggest a broader pattern. Enforcement actions nominally aimed at promoting AI competition on major digital platforms may instead require Google and Meta to grant equivalent system access to the very firms—OpenAI, Anthropic, and others—that already lead the AI-assistant market.
The proposed measures, taken together, would grant third-party AI services access to an unusually broad and sensitive set of system capabilities. In practical terms, the Annex would require Alphabet to provide third parties with access, on terms ‘equally effective’ to those available to Google’s own services, including:
Each capability raises substantial security and privacy concerns on its own. Taken together, they create an attack surface qualitatively different from anything Article 6(7) has previously been used to open.[9] The Apple iOS specification decisions adopted in March 2025 concerned comparatively bounded connectivity functions, such as NFC, Bluetooth pairing, Wi-Fi accessory configuration, and notification forwarding.[10] By contrast, the measures proposed here concern continuous ambient audio and video capture, cross-application access to device-level data layers, and agentic control over other applications. In the wrong hands, such capabilities could facilitate mass surveillance, credential exfiltration, and unauthorised transactions.
Article 6(7), properly interpreted, does not require unconditional openness. The provision expressly permits ‘strictly necessary and proportionate’ measures to ensure interoperability does not compromise the integrity of the operating system or its features. Recital 50 likewise recognises integrity protections as a legitimate component of Article 6(7) compliance. The relevant question, therefore, is not whether integrity measures are permissible, but how they should be scoped so as not to nullify interoperability obligations while still recognising that greater openness can materially increase security risks.
The proposed measures nonetheless interpret the security and integrity exceptions narrowly. Section 5.3 of the Annex requires any integrity measure to be ‘duly justified’ and based on ‘transparent, objective, precise, and non-discriminatory conditions’ that also apply to Google’s own services. It further requires ‘objective and verifiable evidence showing the existence and magnitude of the integrity risk’, proof of the measure’s effectiveness, and the possibility of ‘independent verification’ not ‘exclusively within the gatekeeper’s control’.[11]
Applied together, these requirements substantially constrain the most natural response to genuinely novel security risks: declining to expose highly sensitive capabilities until the threat landscape becomes better understood. By definition, emerging harms rarely produce ‘objective and verifiable’ evidence ex ante.
Three concerns with the current framework deserve particular attention. First, the requirement for ‘objective and verifiable evidence’ sits uneasily with established security-engineering practice. Many successful security architectures rely on conservative assumptions about adversarial behaviour, rather than waiting for demonstrated exploitation. A framework that treats the absence of proven past harm as evidence against precaution risks undermining the very safeguards that make modern operating systems secure.
Second, the requirement that integrity measures apply equally to Google’s own services compresses the available design space in ways that may ultimately harm users. On paper, symmetry appears attractive. In practice, Google differentiates between first-party services and third-party applications across multiple trust dimensions, including code-signing provenance, internal security review, contractual relationships with OEMs, and the company’s ability to revoke access rapidly if problems emerge. The Annex would nonetheless require any restriction imposed on third parties to apply equally to Google’s own services, regardless of those trust differences.
That creates a stark binary choice: either Google extends highly sensitive capabilities to third parties on equal terms, or it withdraws those capabilities from its own services entirely. The former may create unacceptable security risks. The latter would reduce consumer welfare by degrading—or preventing access to—innovative features.
Third, the Annex underestimates the interaction between interoperability mandates and the EU’s own data-protection framework. Mandated openness may place gatekeepers in tension with their parallel obligations to protect user data. This concern is especially acute where Google would need to provide third-party AI services with concurrent access to data stored on-device by first-party applications such as Gmail, Calendar, and Photos.
User consent alone does not fully resolve that tension. Consent frameworks that produce formal parity at the system level may still generate meaningful asymmetries in user understanding where one party is a globally recognised platform and the other is a newly installed third-party application.
The Commission’s proposed measures face two fundamental problems.
First, the preliminary findings do not adequately account for the broader competitive effects of the remedies in AI services themselves. Current evidence suggests that AI usage remains heavily desktop-centric, which weakens the premise that Android presently functions as an indispensable gateway for AI-assistant providers. More importantly, Google is not the dominant player in the AI-assistant market. It is a trailing integrated competitor attempting to challenge specialist firms such as OpenAI and Anthropic through deep integration across hardware, software, cloud infrastructure, and distribution.
The proposed measures would weaken one of Google’s principal channels of differentiation while simultaneously extending equivalent system access to rivals that already lead the market. In practice, the remedies risk protecting intra-Android rivalry at the expense of broader inter-firm competition in AI services. The parallel proceedings concerning Meta AI and WhatsApp underscore the point. Taken together, the cases suggest an emerging enforcement pattern in which vertically integrated platform operators must open key integration points to specialist AI firms that already occupy leading market positions.
Second, the proposed measures interpret the integrity exception in Article 6(7) too narrowly. The capabilities covered by the Annex—including ambient sensor access, centralised on-device databases, always-on wake-word detection, agentic screen automation, system-level AI resources, and expanded background execution—create security and privacy risks materially different in scale and kind from those addressed in prior Article 6(7) proceedings. Yet the framework for integrity protections has narrowed correspondingly.
The Annex’s insistence on ‘objective and verifiable’ evidence of harm risks preventing gatekeepers from responding prudently to emerging threats before those threats materialise. That approach sits uneasily with established security-engineering principles, which frequently rely on precautionary assumptions precisely because novel attack vectors are difficult to demonstrate ex ante. Likewise, the requirement that restrictions apply identically to Google’s own services disregards meaningful differences in trust, accountability, and security oversight between first-party and third-party applications.
The likely result is one of two undesirable outcomes. Either the Android ecosystem becomes materially less secure for European users, or Google responds by withdrawing or degrading advanced AI functionality across the platform in order to avoid asymmetric obligations. Early DMA implementation in other contexts already points toward the risk of this kind of defensive levelling-down.
The Commission should therefore reconsider three aspects of the proposed measures. First, it should reassess whether extensive intervention at the Android layer represents a prudent use of enforcement resources given current AI-usage patterns. Second, it should evaluate more explicitly the cross-market consequences of the remedies for competition in AI services, including their asymmetric effects on Google relative to the market leaders. Third, it should recalibrate the integrity framework to preserve meaningful room for genuine security protections, including temporary restrictions on particularly sensitive functionalities where the risks remain uncertain or rapidly evolving.
In short, the Commission should give equal weight to both halves of Article 6(7): openness and integrity. Effective DMA enforcement should promote competition without undermining security, innovation, or rivalry in the AI markets that matter most to European consumers.
[1] Eur. Comm’n, Case DMA.100220, Alphabet—Google Android (AI) (2026).
[2] Eur. Comm’n, Case DMA.100220, Annex (Draft Measures), Google Android Interoperability (2026), https://digital-markets-act.ec.europa.eu/document/download/bb7151ff-5d0a-420e-abaa-a2bdbfd30c26_en?filename=DMA.100220%20-%20Annex%20%28draft%20measures%29%20-%20Google%20Android%20-%20interoperability.pdf [hereinafter Annex].
[3] Regulation 2022/1925 of the Eur. Parl. & of the Council of 14 Sept. 2022 on Contestable & Fair Markets in the Digital Sector (Digital Markets Act), art. 6(7), 2022 O.J. (L 265) 1.
[4] Regulation 2022/1925, supra note 3, art. 3(1)(b) (defining a core platform service as an important gateway for business users to reach end users).
[5] Elton Chan, 30+ Google Gemini Statistics for 2026: Usage, Market Share, Growth, & Performance, SecondTalent (21 Apr. 2026), https://www.secondtalent.com/resources/google-gemini-statistics.
[6] How Desktop & Mobile Influence AI Search Traffic Referrals, Passionfruit (10 Nov. 2025), https://www.getpassionfruit.com/blog/how-desktop-and-mobile-influence-ai-search-traffic-referrals.
[7] AI Chatbots—Market Share Europe, StatCounter, https://gs.statcounter.com/ai-chatbot-market-share/all/europe (last visited 12 May 2026).
[8] Anthropic, Press Release, Anthropic Raises $30 Billion in Series G Funding at $380 Billion Post-Money Valuation (12 Feb. 2026), https://www.anthropic.com/news/anthropic-raises-30-billion-series-g-funding-380-billion-post-money-valuation.
[9] Mikolaj Barczentewicz, Opening Pandora’s Interface: AI Assistants and the DMA, Truth on the Mkt. (14 Apr. 2026), https://truthonthemarket.com/2026/04/14/opening-pandoras-interface-ai-assistants-and-the-dma.
[10] Eur. Comm’n, Case DMA.100203, Apple iOS (Features for Connected Physical Devices) (2025).
[11] Annex, supra note 2, ¶¶ 125–131, 138–142.
TOTM The traditional domain of law & economics is the courtroom, the legislature, and the administrative agency. But in their 1994 article, “Raid or Trade? An . . .
The traditional domain of law & economics is the courtroom, the legislature, and the administrative agency. But in their 1994 article, “Raid or Trade? An Economic Model of Indian-White Relations,” Terry Anderson and Fred McChesney took the theoretical tools developed to explain modern legal disputes and set out to settle a wider continent.
When European settlers arrived in North America, they brought royal charters granting them ownership of vast tracts of land. Almost immediately, they encountered numerous Indian tribes that could credibly claim control over those same lands. Faced with these conflicting claims, both parties had to decide whether to press their claims or abandon them. If they pressed, they then had to decide whether to exchange the land peacefully or fight it out.
Contrary to the popular narrative, Indian-white relations were not violent from first contact. History is complex, but the general pattern is that Indian-white relations began fairly peacefully and worsened over time. At first, Indian tribes often appeared inclined to drop ownership claims in the face of settler intrusion. When Indians did press a claim, the typical result was peaceful negotiation and exchange. Anderson and McChesney show that, from the Founding era to about 1830, treaties between Indians and whites were frequent, while battles were few and far between. As the American frontier moved farther west, the dominant mode of settling disputes shifted to warfare.
Why did Indian-white relations move from the peaceful interactions symbolized by the first Thanksgiving to the Massacre at Wounded Knee? Or, as Anderson and McChesney put it: “If both sides prefer settlements to violence, what caused the increasing resort to warfare between Indians and whites?” More broadly, under what conditions might Europeans have settled North America more peacefully?
ICLE Issue Brief Executive Summary Payment-card networks are two-sided platforms that create value by connecting cardholders and merchants. Interchange fees—the small amounts retained by cardholders’ banks when payment . . .
Payment-card networks are two-sided platforms that create value by connecting cardholders and merchants. Interchange fees—the small amounts retained by cardholders’ banks when payment cards are used—serve as balancing payments that help optimize participation on both sides of the market. Networks therefore set differentiated interchange fees that vary by card type, transaction channel, merchant category, geography, and whether the transaction is domestic or cross-border. Those differences reflect real variation in cost, fraud risk, demand, and transaction value.
Many governments have imposed price controls on interchange fees, compressing those differentials and impairing networks’ ability to balance the two sides of the market. The consequences are well documented: reduced card rewards, higher cardholder or account fees, higher interest margins, limited pass-through of merchant savings to consumers, and diminished investment in payment innovation. Consumers bear much of the harm, but merchants may suffer as well.
This issue brief focuses on a less-studied effect: the application of interchange-fee caps to cross-border card payments. Cross-border transactions are costlier and riskier than domestic transactions because they involve higher fraud rates, currency-conversion costs, cross-jurisdictional compliance, and more complex processing and settlement. When regulators apply caps calibrated to domestic conditions to foreign-card transactions, they create a mismatch between issuer revenue and issuer cost.
That mismatch can lead issuers to tighten authorization criteria, increasing the likelihood that legitimate cross-border transactions will be declined. Industry evidence showing materially lower authorization rates for cross-border payments than for domestic ones is consistent with that mechanism.
The harm is especially acute for high-value tourism spending and cross-border e-commerce. Both depend heavily on cards, including credit and premium cards, and both involve transaction types that carry higher fraud and authorization risks. Cross-border interchange caps therefore threaten not only issuer economics, but also consumers’ ability to transact and merchants’ ability to complete sales. The paper concludes that policymakers should exempt cross-border transactions from interchange-fee-cap regimes or, at minimum, adopt separate, higher caps that reflect the genuine incremental costs those transactions impose.
Payment cards are integral to modern economies. Over the past several decades, card networks have transformed how consumers buy goods and services, replacing cash and checks with faster, safer, and more convenient electronic payments. The growth of cross-border e-commerce and international travel has extended that transformation across national borders, making payment cards a central medium for international consumer transactions.
Governments around the world have increasingly intervened in the pricing of payment-card services by imposing price controls on interchange fees—the small amounts retained by cardholders’ banks when consumers use payment cards. Regulators typically justify these caps by claiming that interchange fees are “too high” and that lower fees would benefit merchants and, ultimately, consumers. The economic literature shows why that claim is incomplete at best.[1]
Payment-card networks are two-sided platforms that serve both cardholders and merchants. Platform efficiency and welfare depend not only on the total level of fees, but also on how those fees are allocated between the two sides of the market.[2] Interchange fees operate as balancing payments, enabling networks to subsidize participation on the more price-sensitive side—typically cardholders—while recovering more of the system’s costs from the side with less elastic demand.[3]
The theoretically optimal interchange fee varies across jurisdictions, card types, merchant categories, transaction channels, and domestic versus cross-border transactions. Those differences reflect variation in fraud risk, demand elasticities, issuer costs, regulatory obligations, and the value each side derives from network participation. In practice, network-set interchange fees can only approximate the optimal schedule. But rigid price controls make that approximation worse. A cap calibrated for domestic debit-card transactions at grocery stores is unlikely to fit cross-border credit-card transactions at hotels. No regulator has the information needed to set the right fee for every transaction type.
This informational problem has both static and dynamic consequences. Interchange-fee caps compress differentiated fee schedules, distort the allocation of costs and benefits between merchants and cardholders, and predictably induce issuers to recover lost revenue through reduced rewards, higher account fees, and diminished cardholder benefits. They also weaken incentives to invest in fraud detection, tokenization, real-time authorization infrastructure, and other payment technologies that are especially important for cross-border transactions. And when caps apply unevenly across network models, they can distort competition by pushing consumers, merchants, and fintech firms toward less-regulated products or organizational forms.
This issue brief focuses on a dimension of interchange-fee regulation that has received too little attention: the application of interchange-fee caps to cross-border transactions. Cross-border card payments are inherently more costly and risky than domestic payments. They involve higher fraud rates, currency-conversion costs, additional processing and settlement costs, and compliance with multiple regulatory regimes. When regulators calibrate interchange caps to domestic cost structures, they create a systematic mismatch between the revenue issuers receive and the costs they bear on cross-border transactions.
That mismatch grows when the caps apply to transactions by foreign cardholders whose issuers operate under cost structures, fraud environments, and competitive conditions different from those the regulator considered. At the margin, the predictable result is more declines of legitimate cross-border transactions—a prediction consistent with industry evidence showing materially lower authorization rates for cross-border payments than for domestic ones.
Payment networks do not set a single, uniform interchange fee. Instead, they maintain complex fee schedules that vary across multiple dimensions, including card type (debit versus credit, standard versus premium, consumer versus commercial), transaction channel (point-of-sale versus online, card-present versus card-not-present), merchant category, and whether the transaction is domestic or cross-border. These distinctions reflect differences in costs, risks, and demand conditions across transaction types.
The distinction between debit and credit cards illustrates the point. Interchange fees fund a range of cross-side subsidies—benefits provided to cardholders and financed, in part, by merchant-paid fees. For credit cards, those subsidies include rewards programs, such as cashback, points, and miles; the interest-free grace period between purchase and repayment; and issuers’ assumption of default and collection risk.
For debit cards, interchange revenue has historically funded rewards programs and enabled banks to offer free or low-cost checking accounts to consumers with lower balances. In effect, interchange revenue cross-subsidizes account holders who might otherwise be unprofitable to serve. When governments impose price controls on debit-card interchange fees, banks often respond by curtailing rewards programs, increasing checking-account fees, and raising minimum-balance requirements for free accounts.[4]
Credit-card transactions generally impose higher costs on issuers than debit-card transactions because they involve extending credit, guaranteeing zero liability for fraud, and providing more substantial cardholder benefits. Credit-card interchange fees therefore tend to exceed debit-card interchange fees. Premium and commercial cards typically carry even higher fees because they offer enhanced benefits, such as travel insurance and extended payment terms, that attract high-spending cardholders whose transactions merchants especially value.
Cross-border transactions also typically carry higher interchange fees than domestic transactions. That differential reflects measurable cost differences. Cross-border transactions involve currency-conversion risk, higher fraud rates, compliance with multiple regulatory regimes, and additional processing and settlement costs. Higher interchange fees compensate issuers for those incremental costs and help ensure that networks can authorize transactions that might otherwise be uneconomic to process.
When regulators impose interchange-fee price controls, they compress the differentiated fee structures that payment networks have developed to balance costs and incentives across heterogeneous transaction types. The European Union’s Interchange Fee Regulation (IFR), for example, caps consumer debit-card interchange fees at 0.20% and consumer credit-card interchange fees at 0.30% of transaction value for both domestic and intra-European Economic Area (EEA) cross-border transactions.[5] Those caps sit far below pre-regulation interchange fees, which ranged from roughly 0.5% to more than 2%, depending on card type, jurisdiction, and transaction characteristics. Most important for present purposes, the IFR eliminates the cross-border differential.
The core problem is informational. Regulators cannot know the “optimal” interchange fee because it depends on variables that differ across jurisdictions, card types, merchant categories, and transaction channels. Payment networks have spent decades refining interchange-fee schedules to account for those differences. Price controls—and especially rigid caps—replace that flexible system with an arbitrary ceiling. Any fee above the cap disappears, limiting networks’ ability to calibrate fees to differing transaction conditions.
The problem becomes more acute in cross-border transactions. A price control designed around domestic conditions in one country may roughly reflect that country’s costs, competitive dynamics, and consumer preferences. Applying the same cap to transactions involving foreign cardholders creates a larger mismatch. Foreign issuers operate under different cost structures, face different fraud risks, and serve consumers with different spending patterns. In many cases, the regulated fee will fall below both the issuer’s domestic interchange rate and the higher costs associated with cross-border authorization and settlement.
Economic models of payment networks as two-sided markets underscore these risks. Rong Ding and Julian Wright, for example, analyze interchange fees in a framework that allows platforms to differentiate pricing across merchants and jurisdictions.[6] They find that restricting such differentiation through a single interchange fee can reduce welfare because it removes an important mechanism for aligning prices with heterogeneous costs and benefits. Price controls do not necessarily eliminate fee differentiation altogether, although very low caps may do so. Even where some differentiation remains, however, price controls substantially constrain networks’ ability to price efficiently and are therefore likely to generate the distortions Ding and Wright identify.
The theoretical literature also predicts compensating behavior throughout the payments ecosystem. Because issuing banks depend in part on interchange revenue, price controls predictably lead them to adjust other prices and expenditures. Banks may increase annual card fees, reduce rewards, scale back insurance and ancillary benefits, or reduce investment in innovation.[7]
The empirical evidence strongly supports those predictions. In our 2022 review paper, Geoffrey Manne, Todd Zywicki, and I document that, in every jurisdiction that has imposed interchange-fee price controls—including the European Union, Australia, Spain, and the United States—issuing banks responded with some combination of reduced card rewards, higher annual card fees, increased checking-account fees, and higher interest margins. At the same time, merchants generally did not meaningfully pass through their savings to consumers.[8]
Interchange-fee price controls do more than reallocate costs between cardholders and merchants. They also affect long-term investment and innovation in payment systems. Interchange revenue funds not only cardholder rewards, but also issuer investments in fraud detection, tokenization, real-time authorization infrastructure, and other technologies that benefit both sides of the market.[9] When regulators compress that revenue, issuers have fewer resources and weaker incentives to invest in such improvements.
Several important payment-card technologies emerged specifically to address cross-border transaction problems and may not have been developed absent the ability to monetize those investments through interchange revenue. For example:
Markus Reisinger and Hans Zenger show that interchange caps set at the level of the “tourist test”—the point at which a hypothetical merchant is indifferent between accepting a card payment or cash—produce investment levels below the social optimum.[13] Such caps fail to account for the dynamic benefits of innovation financed by interchange revenue. In our review paper, we similarly document slower investment in payment technologies in jurisdictions that imposed interchange-fee price controls.[14]
Price controls also redirect innovation toward regulatory arbitrage rather than consumer welfare, security, speed, or product quality. The Durbin Amendment illustrates the point. The law capped debit-card interchange fees only for issuers with more than $10 billion in assets, while exempting smaller issuers. That structure created a regulatory wedge.
Despite possessing greater scale, infrastructure, compliance capacity, and data resources, covered banks became less attractive partners for fintech firms because interchange caps limited their ability to recover investments in product development, rewards, fraud prevention, and customer acquisition. Fintech firms therefore structured new debit-card and banking products through partnerships with smaller, Durbin-exempt banks, which could sustain higher interchange revenue than comparable programs issued by covered institutions.
The result was a distortion in both the direction and organization of innovation. Entrepreneurs and investment capital flowed toward exempt-charter structures and product designs that preserved interchange economics, rather than toward the partnerships or technologies that otherwise would have been most efficient, secure, or valuable to consumers.
These innovation effects are especially important in cross-border transactions, where fraud-prevention and real-time authorization costs are highest. If interchange revenue cannot sustain continued investment in those systems, the quality and security of cross-border payment processing will deteriorate over time. That dynamic would compound the direct effects of fee compression on authorization rates.
Interchange-fee price controls can shift demand across payment networks, in addition to compressing issuer revenue. Where regulators primarily cap four-party schemes, consumers who value rewards programs and premium-card benefits have incentives to migrate toward less-regulated alternatives, especially three-party cards, where those benefits remain more sustainable.
Australia provides a useful example. Following the country’s initial interchange-fee reforms, three-party cards and companion-card arrangements gained market share. That share later declined after regulators extended comparable restrictions to American Express companion-card structures.[15] The European Union saw a similar pattern. Under the IFR, co-branded American Express products initially enjoyed a relative advantage over regulated four-party schemes. That advantage narrowed after the European Court of Justice held in 2018 that certain co-branded and agent-issued three-party products also fell within the interchange-cap regime.[16]
The broader implication is that interchange-fee price controls distort not only pricing, but also competition among network models. As the Durbin Amendment experience illustrates, such regulation encourages substitution toward less-regulated products and organizational forms, rather than competition based on efficiency, security, or consumer value.
Cross-border card payments have grown rapidly with international tourism and e-commerce, but they remain inherently more costly and risky than domestic transactions. They involve currency-conversion and exchange-rate risk, overlapping regulatory and anti-money-laundering obligations, more complex settlement procedures, and substantially higher fraud exposure.
Those differences matter for interchange regulation. Caps calibrated to domestic conditions are unlikely to cover the higher costs of foreign-card transactions, increasing the risk that issuers will decline legitimate cross-border payments at the margin.
Cross-border card payments have grown rapidly alongside the expansion of international tourism and e-commerce—and, in many respects, have helped enable both. The Federal Reserve reports that, in 2022, U.S.-issued cards were used for 7.5 billion cross-border transactions totaling $470 billion, while foreign-issued cards were used for 2.7 billion transactions in the United States totaling $180 billion.[17] Globally, Visa reported 15% growth in cross-border volume in fiscal year 2025 across 258 billion total transactions, while Mastercard reported 18% growth in cross-border volume across 175 billion switched transactions.[18] Together, these figures reflect the continued expansion of international card usage.
Figure 1 shows that global outbound cross-border card volume has more than tripled over the past decade.
SOURCE: Author’s estimate (see note for details)[19]
Cross-border card transactions impose several costs beyond those associated with domestic payments, including currency-conversion and exchange-rate risk, compliance with multiple regulatory and anti-money-laundering regimes, and more complex settlement procedures. Fraud, however, is the single largest additional cost driver. Multiple authoritative data sources show that fraud rates on cross-border card transactions substantially exceed domestic fraud rates, although the scale of the disparity varies across jurisdictions.
European Union. The disparity is especially pronounced in the euro area. The European Central Bank’s 2023 report on card fraud in the Single Euro Payments Area (SEPA) found that, between 2016 and 2021, cross-border transactions accounted for only 10% to 11% of total card-transaction value, but generated 63% to 65% of total fraud losses by value.[20] The joint ECB-European Banking Authority 2025 Report on Payment Fraud suggests that those proportions have remained similar or may have increased.[21]
Australia. AusPayNet data for 2024 show total card fraud losses of A$899 million, of which A$495.5 million—roughly 55%—involved Australian-issued cards used overseas. Card-not-present (CNP) fraud accounted for A$454 million of those overseas losses. Fraud involving foreign-issued cards used in Australia added another A$87 million.[22]
These data show that cross-border card transactions generate fraud costs several times higher than domestic transactions on a per-transaction basis. An interchange-fee cap calibrated to domestic fraud costs will therefore tend to undercompensate issuers for cross-border transactions, creating incentives to restrict authorization of higher-risk foreign transactions.
The preceding sections establish two key points: Interchange fees help balance two-sided payment markets, and the efficient fee varies by card type, transaction channel, and geography. Cross-border transactions also carry higher costs than domestic transactions, especially fraud costs.
This section connects those points to transaction authorization. When regulators cap interchange fees for cross-border transactions, they compress the revenue issuers use to offset higher fraud, compliance, currency-conversion, and settlement costs. That mismatch can make marginal cross-border transactions uneconomic to approve, especially in card-not-present channels, higher-risk merchant categories, and transactions involving unfamiliar foreign acquirers.
The result is predictable: Issuers have stronger incentives to tighten authorization criteria, increasing the risk that legitimate cross-border transactions will be declined. Industry evidence showing materially lower authorization rates for cross-border payments is consistent with that mechanism.
Each time a cardholder attempts a purchase, the issuing bank must decide in real time whether to authorize the transaction. Authorization means accepting potential fraud liability, funding the transaction in the case of credit cards, and bearing the processing costs of clearing and settlement. The issuer’s incentive to approve the transaction depends on whether expected marginal revenue—principally the interchange fee—exceeds expected marginal cost. If it does, authorization has a positive expected return. If not, the issuer faces a marginal loss.
For domestic transactions, local issuers can adapt to price-controlled interchange fees by adjusting other fees and expenses. Cross-border transactions are different. Fraud costs are several times higher than domestic levels, and issuers typically set interchange fees based on their own domestic conditions plus an additional amount to cover cross-border liabilities. A price control set by a foreign jurisdiction will therefore often fall short of the issuer’s costs.
The European Union illustrates the problem. The IFR caps interchange fees at 0.20% for debit cards and 0.30% for credit cards. Yet the European Central Bank’s 2021 data—the most recent comparable data available—show that cross-border transactions accounted for roughly 11% of card-transaction value but 63% of fraud losses by value.[23] That implies an average fraud-loss rate for cross-border transactions roughly 14 times that of domestic transactions. A 0.30% interchange fee on a €100 cross-border credit-card transaction yields only €0.30, which must cover elevated fraud risk, currency-conversion costs, cross-jurisdictional compliance, international settlement complexity, and cardholder benefits such as rewards and insurance.
One likely issuer response is to tighten authorization criteria for transactions where the shortfall is greatest: cross-border transactions, especially card-not-present transactions, higher-risk merchant categories, and purchases involving unfamiliar foreign acquirers. The issuer cannot recover the lost interchange revenue from the merchant, with whom it has no direct relationship. Nor can it easily recover the shortfall from the cardholder at the point of sale. In the short run, the issuer’s only realistic margin of adjustment is the authorization decision itself.
Over time, issuers may also seek to recover lost revenue through other channels, including annual fees, interest charges, and reduced cardholder benefits.
No public dataset isolates the specific contribution of interchange-fee caps to cross-border decline rates—a gap in the empirical literature that warrants further study. But industry evidence consistently shows that cross-border transactions face substantially higher decline rates than domestic transactions. Payment processors and gateway aggregators regularly report materially higher authorization rates for domestic payments than for cross-border payments.[24]
Several factors drive that gap. Higher fraud risk on cross-border transactions triggers more conservative issuer-authorization algorithms. Currency mismatches between the cardholder’s home currency and the transaction currency can raise flags in automated fraud-detection systems. Issuer unfamiliarity with foreign acquirers and merchants can also reduce the confidence score assigned to a transaction.
Interchange-fee caps intensify these pressures. When caps compress the interchange revenue available to offset the higher costs of cross-border authorization, the issuer’s expected return on marginal cross-border transactions turns negative earlier in the risk distribution. As a result, transactions that would have been authorized under market-determined interchange fees may be declined under a capped regime. All else equal, jurisdictions that cap interchange fees should therefore see a wider authorization gap between domestic and cross-border transactions than jurisdictions that do not.
Research by Checkout.com and Oxford Economics found that merchants lose between 1% and 2.1% of revenue to false declines—legitimate transactions that issuer fraud-screening systems erroneously reject—and that cross-border payment complexity exacerbates the problem.[25]
The costs of cross-border interchange-fee caps do not fall evenly. They are most likely to affect transactions where issuer costs, fraud risk, and transaction values are highest—especially tourism spending and cross-border e-commerce.
Both categories rely heavily on card payments, including credit and premium cards, and often involve either foreign-card-present or card-not-present transactions. Those are precisely the transactions most vulnerable to tighter authorization standards when interchange-fee caps compress issuer revenue.
The result is more than a marginal inconvenience. In tourism, false declines can disrupt travel, cost merchants high-value sales, and damage the customer experience. In e-commerce, they can translate into significant lost commerce, with smaller merchants likely bearing a disproportionate share of the burden.
The U.N. World Tourism Organization estimates that global tourism receipts reached $1.6 trillion in 2024.[26] Surveys suggest that tourists strongly prefer card payments, which offer greater convenience and lower risk than cash.[27] Except for domestic tourists, travelers with local bank accounts, or transactions acquired in the cardholder’s home jurisdiction—such as prepaid hotel bookings—tourism-related card payments are generally cross-border transactions.
Higher-value tourism spending often occurs on credit cards, including premium cards that offer rewards, no foreign-transaction fees, travel protections, and purchase protection.[28] When interchange-fee price controls apply to those transactions, they reduce issuers’ ability to recover the higher costs associated with international payments, including fraud risk, cross-jurisdictional compliance, and settlement complexity. Intra-European Economic Area transactions offer the clearest example because the EU’s IFR subjects them to the same caps as domestic transactions. The likely effect is not that every such transaction becomes uneconomic, but that margin compression increases pressure to tighten authorization for higher-risk transactions at the margin.
That friction falls directly on tourists, who are more likely to experience card declines, and on tourism-dependent merchants, who lose sales and may suffer reputational harm from the poor customer experience associated with declined transactions.
Given consumers’ strong preference for using cards abroad, a large share of the roughly $1.6 trillion in annual tourism spending likely occurs through card payments. Even a modest increase in decline rates would therefore translate into billions of dollars in lost commerce.
The welfare loss is likely larger for premium-card holders, who are disproportionately high spenders and thus among the tourists whose spending generates the greatest economic benefit. A declined $2,000 hotel booking or $500 restaurant bill imposes a much greater economic loss than a declined $20 transit fare.
In 2024, eMarketer projected that global retail e-commerce would reach $7.5 trillion in 2026.[29] UNCTAD, meanwhile, estimated that cross-border transactions accounted for 25% of retail e-commerce in 2019. If that share remains similar, cross-border e-commerce would total roughly $1.9 trillion.[30]
A very large share of those transactions are card-not-present (CNP) payments, which carry inherently higher fraud risk and trigger more conservative issuer-authorization policies. The European Central Bank reports that CNP fraud accounted for €1.28 billion of the €1.53 billion in total euro-area card fraud in 2021.[31] Online fraud losses have also risen rapidly: Juniper Research estimates that global e-commerce fraud losses grew from $17.5 billion in 2020 to $56 billion in 2025, a compound annual growth rate of more than 26%.[32]
When interchange-fee caps reduce the revenue issuers receive for authorizing CNP cross-border transactions, while fraud costs continue to rise, issuers rationally tighten authorization standards. That means accepting fewer marginal transactions where the fraud probability is elevated. The result is a higher decline rate in cross-border e-commerce, where every transaction is simultaneously CNP, cross-border, and subject to interchange-fee compression.
With cross-border e-commerce valued at roughly $1.9 trillion, even small increases in decline rates caused by interchange-fee compression would represent substantial losses in foregone commerce.
These losses also have distributional consequences. Smaller merchants, which often lack the technical sophistication to deploy advanced fraud-prevention tools or maintain relationships with multiple acquirers, are likely to face higher decline rates than large platforms that can negotiate bespoke authorization arrangements.
The evidence assembled here points to several conclusions with direct policy relevance.
First, the differentiated structure of interchange fees is not merely an artifact of market power. It reflects the heterogeneous costs, risks, and demand characteristics of different transaction types. Uniform caps compress those differences and remove a key instrument of efficient price discrimination in two-sided markets, with predictable negative consequences for transaction volume and welfare.
Second, cross-border interchange-fee caps impose costs that differ in kind and scale from domestic price controls. Higher fraud rates, currency-conversion costs, and regulatory-compliance burdens make cross-border transactions more expensive to authorize and settle. Caps applied to those transactions are therefore likely to do greater harm than domestic caps, including by increasing decline rates and harming both consumers and merchants.
Cross-border caps may also distort competition among network models. Four-party card issuers—such as Visa and Mastercard issuing banks—may respond by reducing jurisdiction-specific benefits on affected transactions, including rewards accrual, fee waivers, or approval rates. Those changes could make capped-jurisdiction transactions less attractive to cardholders and increase the relative appeal of less-regulated three-party products, such as American Express and Discover.
Third, policymakers should pay particular attention to the disproportionate impact on high-value tourism and e-commerce transactions. Tourism provides a critical source of foreign-exchange earnings for many economies, and payment frictions directly reduce tourist spending. Cross-border e-commerce expands market integration and consumer access to global goods and services. Regulatory interventions that impede these transactions impose costs well beyond the payment system itself.
Fourth, policymakers considering interchange-fee regulation should exempt cross-border transactions or, at minimum, establish separate and higher caps that reflect the cost differences documented here. The European Union’s decision to apply the same cap to intra-EEA cross-border transactions as to domestic transactions—while leaving extra-EEA transactions uncapped—creates an incoherent regime. It penalizes intra-European trade while failing to address the higher costs of transactions involving non-EEA cards.
Fifth, regulators should proceed cautiously before extending interchange-fee caps to card types or transaction categories that remain unregulated. The U.S. experience with the Durbin Amendment shows that even a narrowly targeted debit-card cap can produce significant distortions. Extending caps to credit cards, as some legislative proposals would do, would compress the remaining unregulated margin that helps the system absorb the costs of premium services, fraud prevention, and cross-border processing.
Interchange fees are the critical balancing mechanism in two-sided payment-card markets. Their differentiated structure—varying by card type, transaction channel, merchant category, and geography—reflects real differences in cost, risk, and demand across heterogeneous transactions. Price controls that compress those differences impair that balancing function, with especially serious consequences for cross-border payments.
This issue brief has shown that cross-border card transactions carry higher costs and face higher decline rates than domestic transactions. The gap between capped interchange fees and the actual cost of cross-border processing creates systematic pressure on issuers to tighten authorization standards, particularly for higher-risk transactions. These are not abstract welfare losses. They mean real purchases not made, real sales not completed, and real tourists and online shoppers denied the seamless payment experience modern card networks were built to provide.
Put differently, price controls on cross-border interchange fees become, at the margin, restrictions on cross-border commerce. They function as a form of de facto export restriction on suppliers of export-oriented consumer goods and tourism services.
They also create cross-border transfers with no democratic mandate. Issuers that authorize transactions subject to foreign price-controlled interchange fees effectively transfer value to acquiring banks—and perhaps indirectly to merchants—in the regulating jurisdiction, at the expense of their own cardholders. That dynamic raises the risk of retaliation by jurisdictions whose issuing banks are subject to foreign interchange caps.
The contagion risk is compounded by regulatory benchmarking. Once some jurisdictions cap cross-border interchange, other regulators may treat those controlled rates as evidence of the “market” level. That can produce a downward ratchet divorced from the heterogeneous costs of fraud, compliance, settlement, card type, merchant category, and transaction channel.
If such tit-for-tat responses spread, the consequences for cross-border credit-card payments could be severe. A single jurisdiction’s cap may induce issuers to absorb losses at the margin, impose destination-specific foreign-transaction fees, tighten authorization rules, or reduce cardholder benefits. If many jurisdictions follow suit, the result would not be a series of isolated local transfers. It would be a cumulative erosion of the global revenue base that funds cross-border card acceptance, fraud prevention, travel benefits, and reliable authorization.
Under those conditions, issuers would have stronger incentives to deny marginal transactions, impose destination-specific fees, withdraw premium benefits in capped jurisdictions, or steer cardholders toward less-regulated payment channels. The apparent local saving would come at the cost of a less reliable and less innovative cross-border payments system, with losses borne not only by issuers and cardholders, but also by the merchants that depend on high-value tourism and cross-border e-commerce.
The evidence strongly supports treating cross-border interchange-fee caps as a particularly costly form of price control. Regulators seeking to reduce merchant costs should consider alternatives—such as enhanced transparency requirements, tax incentives, interoperable real-time payment systems, or other programs to encourage digital-payments adoption and acceptance—that do not artificially compress the interchange-fee differentials on which efficient two-sided card markets depend.
At minimum, regulators should explicitly carve cross-border transactions out of any interchange-fee-cap regime or subject them to separate, higher caps that reflect the genuine incremental costs those transactions impose.
[1] Julian Morris, Todd Zywicki & Geoffrey Manne, The Effects of Price Controls on Payment-Card Interchange Fees: A Review and Update, Int’l Ctr. for L. & Econ. (2022), https://laweconcenter.org/wp-content/uploads/2022/03/Payments-2021-Lit-Review.pdf; Jean-Charles Rochet & Jean Tirole, Platform Competition in Two-Sided Markets, 1 J. Eur. Econ. Ass’n 990 (2003).
[2] Julian Wright, Optimal Card Payment Systems, 47 Eur. Econ. Rev. 587 (2003).
[3] A large body of economic literature—beginning with Baxter’s seminal 1983 contribution and later developed by Rochet and Tirole, Wright, and others—shows that, when payment networks set interchange fees, those fees generally reflect each side’s relative costs and demand elasticities. William F. Baxter, Bank Interchange of Transactional Paper: Legal and Economic Perspectives, 26 J.L. & Econ. 541 (1983); Jean-Charles Rochet & Jean Tirole, Two-Sided Markets: A Progress Report, 37 RAND J. Econ. 645 (2006).
[4] Morris, Zywicki & Manne, supra note 1, at 8–15 (documenting the decline in debit-card rewards and free checking after interchange-fee caps). See also Todd J. Zywicki, Geoffrey A. Manne & Julian Morris, Price Controls on Payment Card Interchange Fees: The U.S. Experience, Mercatus Ctr., George Mason Univ., Working Paper No. 14-18 (2014), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2446080; Vladimir Mukharlyamov & Natasha Sarin, Price Regulation in Two-Sided Markets: Empirical Evidence from Debit Cards, J. Fin. Econ. (2025), https://www.sciencedirect.com/science/article/pii/S0304405X25001023.
[5] Regulation (EU) 2015/751 of the European Parliament and of the Council of Apr. 29, 2015, on Interchange Fees for Card-Based Payment Transactions, arts. 3–4 [hereinafter IFR], https://eur-lex.europa.eu/eli/reg/2015/751/oj/eng.
[6] Rong Ding & Julian Wright, Payment Card Interchange Fees and Price Discrimination, 65 J. Indus. Econ. 39 (2017).
[7] Wright, supra note 2; Julian Wright, The Determinants of Optimal Interchange Fees in Payment Systems, 52 J. Indus. Econ. 1 (2004); Richard Schmalensee, Payment Systems and Interchange Fees, 50 J. Indus. Econ. 103 (2002).
[8] Morris, Zywicki & Manne, supra note 1, at 3–5.
[9] Julian Morris, The Hidden Wealth of Payment Cards: How Innovations in Payments Transform Society, Truth on the Mkt. (Dec. 19, 2024), https://truthonthemarket.com/2024/12/19/the-hidden-wealth-of-payment-cards-how-innovations-in-payments-transform-society.
[10] EMVCo, Overview of EMVCo, https://www.emvco.com/about-us/overview-of-emvco (last visited Apr. 20, 2026).
[11] EMVCo, EMV® 3-D Secure, https://www.emvco.com/emv-technologies/3-d-secure (last visited Apr. 20, 2026).
[12] Mastercard, Dynamic Currency Conversion (DCC) Performance Guide—Merchant Edition (Nov. 11, 2024), https://www.mastercard.com/content/dam/mccom/shared/business/support/rules-pdfs/DCC-Guide-2025-Merchant-Version.pdf.
[13] Markus Reisinger & Hans Zenger, Interchange Fee Regulation and Service Investments, 66 Int’l J. Indus. Org. 40 (2019), https://www.sciencedirect.com/science/article/abs/pii/S0167718719300311.
[14] Morris, Zywicki & Manne, supra note 1.
[15] Reserve Bank of Austl., Payments System Board Annual Report 2016, at 19 (2016); Reserve Bank of Austl., Payments System Board Annual Report 2020, at 17 (2020). See also Julian Morris, Todd J. Zywicki & Geoffrey A. Manne, The Effects of Price Controls on Payment-Card Interchange Fees: A Review and Update 30–31, Int’l Ctr. for L. & Econ. (2022); Julian Morris, Geoffrey A. Manne, Ian Lee & Todd J. Zywicki, Punishing Rewards: How Clamping Down on Credit Card Interchange Fees Can Hurt the Middle Class 22–23, Macdonald-Laurier Inst. (Nov. 2017).
[16] Case C-304/16, Am. Express Co. v. Lords Comm’rs of Her Majesty’s Treasury, ECLI:EU:C:2018:66, ¶¶ 53–61 (Feb. 7, 2018); Press Release No. 12/18, Court of Justice of the Eur. Union, A Three Party Card Scheme Involving a Co-Branding Partner or an Agent Is Subject to the Same Restrictions as Those Applicable to Four Party Schemes with Respect to Interchange Fees (Feb. 7, 2018).
[17] Bd. of Governors of the Fed. Reserve Sys., The Federal Reserve Payments Study: 2024 Update (Nov. 2024), https://www.federalreserve.gov/paymentsystems/2024-November-The-Federal-Reserve-Payments-Study.htm.
[18] Visa Inc., Annual Report for Fiscal Year 2025 (2025); Mastercard Inc., Supplemental Operational Performance 2023Q4–2025Q4 (2026).
[19] The 2024 figure is anchored to Datos Insights’ estimate that global outbound cross-border card volume reached $4 trillion in 2024, up 21% year over year. Earlier figures are back-cast using the average of Visa’s constant-dollar cross-border-volume growth and Mastercard’s local-currency cross-border-volume growth as an industry proxy. The network universe follows Nilson’s global brand-card universe: Visa, UnionPay, Mastercard, American Express, JCB, and Discover/Diners Club. This is not an audited all-network time series.
[20] European Central Bank, Report on Card Fraud in 2020 and 2021 6 (2023), https://www.ecb.europa.eu/pub/pdf/cardfraud/ecb.cardfraudreport202305~5d832d6515.en.pdf (last visited Apr. 9, 2026) [hereinafter ECB Card Fraud Report].
[21] European Banking Authority, 2025 Report on Payment Fraud, EBA-REP-2025-40, at 11 (2025) (while the report does not provide precise figures, the bar chart in Chart 1a suggests the trend continued).
[22] AusPayNet, Payment Fraud Statistics: 1 January 2024–31 December 2024 (2025), https://www.auspaynet.com.au/resources/fraud-statistics.
[23] ECB Card Fraud Report, supra note 20, at 15.
[24] See, e.g., Worldpay, How To Accept Payments Internationally, https://www.worldpay.com/en/insights/articles/how-to-accept-payments-internationally (last visited Apr. 20, 2026).
[25] Checkout.com & Oxford Economics, High-Performance Payments: The Hidden Billion-Dollar Opportunity 6, 10 (2023) (finding that merchants lose 1–2.1% of revenue to false declines, with cross-border complexity serving as a key driver).
[26] U.N. World Tourism Org., World Tourism Barometer, Vol. 23, No. 1 (2025).
[27] Discover Global Network, 3 Travel Payment Trends Shaping the Way Travelers Spend in 2025 (2025) (reporting that most consumers planned to use credit cards (68%) and debit cards (52%), rather than cash, for personal travel expenses, and that 46% of travelers sometimes, often, or always abandon purchases when merchants do not accept their preferred credit card); Tim Zawacki, Travel Perks Continue to Drive Premium Credit Card Uptake, Survey Finds, S&P Glob. Mkt. Intel. (Apr. 12, 2022) (reporting survey evidence that 52% of annual-fee credit-card holders identified travel-related perks as the cards’ most important feature); American Express, 2025 Global Travel Trends Report 4 (2025) (reporting that 66% of global respondents said combining credit-card rewards with other loyalty benefits provides “the best value for international trips,” and that 61% of surveyed Millennials and Gen Z use credit cards to maximize travel rewards).
[28] See Visa Inc., How Travel Trends Are Reshaping Global Payments (2023), https://corporate.visa.com/en/sites/visa-perspectives/trends-insights/how-travel-trends-are-reshaping-global-payments.html (noting that payment cards are the most commonly used payment method for international travel); Mastercard, Inside the Wealthy’s Playbook: How the Affluent Are Mastering Their Money (2024), https://www.mastercard.com/news/ap/en-hk/newsroom/press-releases/en-hk/2024/inside-the-wealthy-s-playbook-how-the-affluent-are-mastering-their-money-with-financial-gymnastics (observing that affluent consumers disproportionately use credit cards for high-value and overseas purchases); American Express, Global Travel Trends Report (2023), https://www.americanexpress.com/en-au/travel/discover/get-inspired/global-travel-trends-en-au (reporting that consumers value credit-card rewards and benefits in international travel); see also JPMorgan Chase & Co., Chase Sapphire Reserve® Card Benefits, https://creditcards.chase.com/rewards-credit-cards/sapphire/reserve; American Express, Platinum Card® Benefits, https://www.americanexpress.com/us/credit-cards/card/platinum (describing travel-related benefits, including no foreign-transaction fees, travel insurance, and purchase protection).
[29] Arielle Feger, Worldwide Ecommerce Sales to Break $6 Trillion, Make Up a Fifth of Total Retail Sales, eMarketer (Mar. 19, 2024), https://www.emarketer.com/content/worldwide-ecommerce-sales-break-6-trillion.
[30] U.N. Conf. on Trade & Dev. (UNCTAD), Estimates of Global E-Commerce 2019 and Preliminary Assessment of COVID-19 Impact on Online Retail 2020, Technical Note on ICT for Development No. 18 (2021), https://unctad.org/system/files/official-document/tn_unctad_ict4d18_en.pdf (estimating that cross-border transactions accounted for 25% of retail e-commerce).
[31] ECB Card Fraud Report, supra note 20, at 6.
[32] Juniper Research, Press Release, Fraudulent E-Commerce Transactions to Surpass $131bn by 2029 (Feb. 3, 2025).
