I. Introduction
Europe is at a crossroads. While the global hegemony that it enjoyed into the 20th century continues to erode, the continent remains an important—albeit diminished—source of economic output, productivity, innovation, and technology.[1] European policymakers have expressed growing alarm in recent years that the continent’s weak economic dynamism and productivity may lead it to fall further behind global leaders like the United States and China.[2] Against this backdrop, the next decade will be of pivotal importance: can Europe reclaim its place at the technological frontier, or will the coming years seal Europe’s fate as a spent force that can no longer compete on the global stage?
These fears were reflected in a recent report on European competitiveness written by former Italian Prime Minister and European Central Bank (ECB) President Mario Draghi (“Draghi Report”).[3] The report painted a sobering picture of a competitiveness and innovation gap that, unless promptly addressed, is expected to only compound Europe’s decline over the coming years and decades.[4] According to the report:
Across different metrics, a wide gap in GDP has opened up between the EU and the US, driven mainly by a more pronounced slowdown in productivity growth in Europe. Europe’s households have paid the price in foregone living standards. On a per capita basis, real disposable income has grown almost twice as much in the US as in the EU since 2000.[5]
These challenges likely have multiple causes. The Draghi Report identifies several contributing factors, including high energy costs, fragmented capital markets, unfavourable conditions for venture-capital investment, low startup activity, and overregulation. To date, European policymakers have acknowledged some of these issues and expressed an at least nominal commitment to address them. For instance, fostering home-grown startups is a key goal of the current EU administration and a priority under the recently unveiled Competitiveness Compass (“Compass”).[6] At the same time, the EU has aimed to position itself as a leader in digital rulemaking, enacting a series of pioneering regulations—including the Digital Markets Act (DMA), Digital Services Act (DSA), Data Act (DA), and Artificial Intelligence Act (AI Act)—that are known collectively as the “Digital Package”.[7] According to Ursula Von der Leyen, who in July 2024 renewed her mandate as president of the Commission until 2029, these new regulations are needed to create “A Europe fit for the Digital Age”.[8]
Unfortunately, it appears these two pillars of the EU’s industrial policy—expansive digital regulation and startup promotion—may be working at cross purposes or, worse still, reinforcing each other in misguided directions. The Draghi Report suggests a correlation between overregulation and poor economic performance, including EU startups’ limited ability to scale. Moreover, the EU’s focus on promoting startups over fostering innovation itself reflects a misplaced emphasis on who drives innovation, rather than on innovation outcomes. This approach risks stifling progress by neglecting valuable contributions from other sources, including large firms and established incumbents—a misstep that could paradoxically deprive startups of the very innovations upon which they often build.
Indeed, R&D investments and productivity tend to increase with size,[9] and large tech firms are among the most productive and innovative segments of the modern economy.[10] This reality challenges the narrative that policymakers should focus primarily on facilitating innovation from tech startups (“TSUs”).[11] Large firms also often provide vital exit strategies for digital-market startups, many of which are formed with acquisition explicitly in mind.[12] Foreclosing this avenue risks deterring the creation of TSUs in the first place, in addition to forfeiting the benefits that acquisition by an incumbent may yield, such as access to superior managerial capabilities,[13] greater scale, and the integration of the TSU’s innovative projects into the acquirer’s “ecosystem”.[14]
Some of the EU Digital Package’s regulations aim to hobble large players under the misguided premise that hindering incumbents would automatically elevate TSUs.[15] But in the complex net of competitive and cooperative relations that characterize the digital economy,[16] disruptions to the central digital platforms can harm the many firms that depend on them for cumulative and generative innovation. For example, when a TSU is acquired by a DMA-designated “gatekeeper”, it must automatically comply with the DMA. This means the gatekeeper is required to share certain competitive advantages and is restricted in its ability to expand into additional markets.[17] This, in turn, can affect a TSU’s ability to scale, as well as the investments it can hope to receive from gatekeepers. To the extent that the DMA deprioritizes economic efficiency and consumer welfare, reducing a platform’s attractiveness—such as through a deprecated user experience or diminished convenience[18]—may also harm the business prospects of startups that depend on it.[19]
This approach, and the underlying political and regulatory zeal against “Big Tech” that underpins it, is likely to conflict with key pillars of the Draghi Report. Where the report emphasizes strong support for startups and for small and medium-size enterprises (SMEs), its primary concern is with removing the obstacles that prevent companies from scaling to compete globally.[20] In other words, size is seen as vital to the EU’s competitiveness strategy. As the report finds:
The lack of a true Single Market also prevents enough companies in the wider economy from reaching sufficient size to accelerate adoption of advanced technologies. There are many barriers that lead to companies in Europe to “stay small” and neglect the opportunities of the Single Market.[21]
Further:
However, there is a close link between the size of companies and technology adoption. Evidence from the US show that adoption rises with firm size for all advanced technologies. Likewise, while in 2023 30% of large businesses in the EU had adopted AI, only 7% of SMEs had done the same. Size enables adoption because larger companies can spread the high fixed costs of AI investment over greater revenues, they can count on more skilled management to make the necessary organisational changes, and they can deploy AI more productively owing to larger data sets.[22]
Against this backdrop, this paper examines whether and to what extent the EU’s goals of fostering startups and regulating digital markets align, as well as the role that promoting digital startup activity and investment has played in the design of the Digital Package. The Draghi Report called for an impact assessment of the effect of regulations on small companies,[23] an area where it finds the Commission has traditionally fallen short.[24] Echoing similar concerns, fellow former Italian Prime Minister Enrico published a similar report mere months before the Draghi Report (“Letta Report”), which found that SMEs and deep-tech startups were disproportionately hampered by regulation, bureaucratic red tape, and overlapping and overly complex rules.[25]
Our analysis reveals mixed degrees of attention paid to TSUs in the design of the Digital Package. In fact, the impact assessments of key legislation like the DMA, Data Act, and AI Act at times appear to overlook the effects these regulations would have on startups. This omission is particularly problematic for several reasons:
- European policymakers have widely cited these measures as essential to promote startup activity;
- There is growing anecdotal evidence to suggest that these regulations may harm startups; and
- A robust body of empirical research demonstrates that digital regulations like the General Data Protection Regulation (GDPR) have contributed to increased market concentration and a decline in startup investment.
Thus, while startup creation was and remains a clear goal for European policymakers (and a key weakness identified in the Draghi Report), the actual consideration that the Digital Package gives to TSUs may not be commeasure with those policy commitments. This could mean two either that the Digital Package was not intended to primarily or significantly benefit tech startups or, alternatively, that EU policymakers incorrectly assumed the Digital Package would make everyone better off, including TSUs. The former highlights a seeming contradiction between EU leaders’ public rhetoric and the real motivations driving the enactment of digital regulations. The latter suggests a faith-based assumption that digital regulations would benefit TSUs that has proven unsupported by the impact assessments.
This lack of focus on TSUs fails to align with either EU policymakers’ strong rhetoric or the priorities outlined in the Compass. It is also unlikely to effectively address the concerns raised in the Draghi Report regarding the relationship between regulation and innovation.
If tech startup growth is a key component of the Digital Age, as EU policymakers have repeatedly claimed, failing to adequately consider how the Digital Package will affect TSUs—as well as innovation from other sources—could ultimately serve to make Europe unfit for the Digital Age, pushing the continent even further from the technological frontier.
II. Why Tech Startups Are Relevant for the Digital Package
Given the absence of a unified EU definition for TSUs, this paper will draw from common understandings of the term employed in the literature. Startups and scaleups are generally understood as recently established entities focused on new technological developments, often relying on collaboration, open systems, and networks. They are characterized by innovative business models, scalable products or services, significant investment needs, equity-based capital structures, rapid growth potential, and ambitions to scale. They also tend to have a high tolerance for risk, rely heavily on intangible assets (such as data and intellectual property), and employ a small but highly skilled workforce.[26] Accordingly, in this paper, “TSU” will be used as a shorthand for small, young, and innovative firms with growth potential in digital markets—commonly referred to as startups or scaleups.
There are three key reasons why the EU’s Digital Package should not overlook TSUs. First, there is a strong policy push to strengthen TSUs in Europe. This is underpinned by a sense that startup activity is a driver of a healthy economy, a sentiment evident in the Draghi report.[27] Second, evidence suggests that regulation can negatively affect investment and startup activity. It would thus be reasonable to expect the Digital Package to be sensitive to the potential chilling effects of regulation on startups and innovation, including TSUs. Third, there have been indications that EU regulations—including the Digital Package—have already hindered startup activity. For instance, there is emerging evidence the DMA may have harmed the online-advertising industry, which often serves as a key source of revenue for tech startups. In short, there are important reasons for the Digital Package to be cognizant of startup activity.
A. The Policy Push for TSUs in Europe
EU leaders have long called for a focus on TSUs and their exceptional needs. According to France Digitale’s Manifesto for the 2024 European Elections (“France Digitale Manifesto”) and the European Parliament’s Joint Motion for a Resolution on the State of the SME Union (“SME Resolution”),[28] these include access to high-quality data; high levels of collaboration; open systems and interoperability; the need to attract significant investment; the ability to manage rapid growth; and minimal regulatory burdens. These needs require specific attention.
Both the France Digitale Manifesto and the SME Resolution call for establishing a coherent European definition of startups distinct from the existing definition of SMEs, as many startups do not fit the definition of an SME. This would not only enable targeted action more responsive to TSUs’ needs (on such topics as compliance burdens, visas, funding, and public procurement) but would also address the exclusion of TSUs with more than 250 employees from certain relevant European programs—notably, the accelerator program.[29]
The EU Recommendation on the Definition of Micro, Small, and Medium-Sized Enterprises (2003/361/EC) defines SMEs based on headcount and turnover thresholds. [30] While all startups qualify as small or medium-sized businesses, the reverse is not necessarily true: not all SMEs are startups. Indeed, there is a vast difference between a typical family-owned small company and a technology startup. This is not to say that, at the margin, one of these activities necessarily contributes more to economic growth and competitiveness than the other. Rather, the issue is that the type of activity that policymakers typically want to protect and encourage is narrower than what the SME label encompasses.
The lack of a unified legal definition in the EU, or a consensus on which key components should be included or which methodologies should be applies, makes it difficult for European regulations to consider the specific interests of such a distinct group of SMEs; it also constitutes the first hurdle in formulating coherent EU-wide TSU policies.[31] Moreover, it undermines the effectiveness of existing policies intended to foster startup growth.[32]
A charitable explanation for this oversight is that the lack of a unified TSU definition is a byproduct of “tech” vernacular, which is itself rife with opaque terms such as “scaleup”, “unicorn”, “digital entrepreneur”, or “nascent competitor”, which can be vague, overlapping, and sometimes used interchangeably. Conversely, the oversight could also indicate that European policymakers have been less focused on promoting TSUs than their policy pronouncements might suggest, especially given the general proclivity for definitions and categorizations in the EU.
In support of the latter interpretation, France Digitale—the largest startup association in Europe—has argued that European TSUs and their investors “don’t get the same recognition and support of their counterparts in America and Asia, which makes their development more complex and hampers their competitiveness”. France Digitale also contends that “more than a third of the Commission’s impact assessments do not provide enough details on the needs of SMEs” and that, despite dialogue with policymakers, “these discussions are not always translated into efficient measures”. Amid what it characterizes as challenging investment conditions over the past five years, France Digitale claims that “Europe has focused on establishing the regulatory framework for the twin green and digital transition, rather than on promoting innovation”.[33]
A recent Stripe survey of digital startups regarding the key challenges they face[34] found that respondents report “the intended benefits [of the EU’s initiatives to improve the regulatory environment] are not yet being felt on the ground. Eighty-three percent of startups believe policymaking is geared toward incumbents and want policymakers to focus on changes that will save them time and money, so they can make the most of limited resources”.
France Digitale has called for additional measures to address these shortcomings, including regulatory “breathing space” to allow TSUs to comply with new regulations. The group proposes extending protections for TSUs beyond the 12 months found in the DSA and Data Act, and broadening the moratoria on burdens imposed on TSUs to include companies’ efforts to comply with prior regulations.[35] As France Digitale member and software-as-a-service company (SaaS) Mirakl argued, the next European Commission (EC) mandate (2024-2029) should allow TSUs “time to comply with the previous regulations before introducing new constraints that will not ensure a level playing field with the American and Asian tech players”.[36]
France Digitale also highlighted the sharp decline in EU M&A activity in 2023.[37] It emphasized the need to find alternative ways to attract investors and support growth to mitigate potential negative impacts on innovation in Europe. It called for fostering a European exit culture by exploring alternatives to existing market exit strategies; and it identified the recruitment of skilled personnel as the top challenge for most TSUs.[38]
The SME Resolution similarly put forward proposals to foster European startups, including using startups’ innovation to promote EU competitiveness and to achieve climate targets. The Parliament likewise called for a formal legal definition of TSUs. The SME Resolution argued that such EU policy must consider TSU interests in minimizing regulatory compliance burdens, as well as pragmatic suggestions to expand TSUs’ access to public and private capital, public procurement, and the talent pipeline.[39]
While the SME Resolution does not touch on digital market competition, per se, Parliament expressed in its Innovation Resolution that it was “of the view that regulatory mechanisms must adapt to and evolve in sync with technological advancements and market shifts to uphold competitiveness and innovation, especially in relation to European start-ups”.[40] The Innovation Resolution also called on the European Commission and EU member states to foster a European-led ecosystem of marketplaces for non-personal data.[41]
For its part, the Commission has itself vowed to foster the growth of TSUs. New Commissioners, for example, have a mandate to implement the Draghi Report’s recommendations, which highlight TSUs’ importance in reigniting growth and achieving technological leadership.[42] In particular, the report highlights inconsistent and restrictive regulations that have bogged down European startups, especially their ability to scale.[43] The report also details problems EU startups have experienced in attracting capital, noting that 61% of global funding for AI startups goes to U.S. companies, 17% to Chinese companies, and just 6% to those in the EU.[44]
Among the Draghi Report’s proposed remedies is to create an “Innovative European Company” statute that would provide a single digital identity valid throughout the EU.[45] This proposal underscores that the report views inconsistent laws as an impediment to fostering startups in the EU. “Innovative European Companies” would have access to harmonized legislation concerning corporate law and insolvency, as well as a few key aspects of labour law and taxation.[46] But in line with France Digitale’s observations, the report also proposes that:
The EU should carry out a thorough impact assessment of the effect of digital and other regulation on small companies, with the aim of excluding SMEs from regulations that only large companies are able to comply with.[47]
The Draghi Report offers this suggestion is made in the context of helping “inventors to become investors” by supporting the transition from invention to commercialization, which the report identifies as one of the EU’s primary comparative weaknesses. Elsewhere, the Draghi Report is more direct in asserting that digital regulations could hinder TSUs and other innovative companies, finding that “we continue to add regulatory burdens onto European companies, which are especially costly for SMEs and self-defeating for those in the digital sectors”.[48] The report also notes that regulatory barriers “to scaling up are particularly onerous in the tech sector, especially for young companies”.[49] Further, the report finds that:
EU regulation imposes a proportionally higher burden on SMEs and small mid-caps than on larger companies, yet the EU lacks a framework to assess these costs. About 80% of Commission Work Programme items are relevant to SMEs but only around half of impact assessments substantially focused on these companies. The EU also lacks a commonly agreed definition of small mid-caps and readily available statistical data.[50]
In her “Political Guidelines for the Next European Commission”,[51] Commission President Ursula von der Leyen stressed the need to allow EU TSUs to scale. The guidelines document asserts that:
European companies and start-ups should not be forced to look at the United States, Asia or other markets to finance their expansion. They should be able find what they need to grow here in Europe too.[52]
A key means to help small companies grow and scale is to simplify relevant regulations and alleviate the TSUs’ bureaucratic burden.[53] Indeed, an overarching theme of the Political Guidelines is making business easier by creating a simpler, more coherent legal framework is an overarching theme of Von der Leyen’s Political Guidelines.[54] Accordingly, they recommend that:
Each Commissioner will be tasked with focusing on reducing administrative burdens and simplifying implementation: less red tape and reporting, more trust, better enforcement, faster permitting.[55]
The guidelines frame this as a general principle, rather than one meant to apply solely to TSUs. They do, however, appear to recognize that startups and small firms may be disproportionately harmed by the burden of complying with a heavy and overlapping regulatory load.[56] These themes were carried through to the mission letters issued to the new EU commissioners (Mission Letters)[57] and the more recent Compass document.[58]
The Compass, in particular, identifies innovative, disruptive startups as key to European competitiveness.[59] It also highlights concerns raised in the Draghi Report, such as the difficulties startups face in scaling, overcoming regulatory barriers, and accessing capital. [60] In response, the Compass proposes a series of measures, among which is a dedicated startup and scaleup strategy that proposes to “address the obstacles that are preventing new companies from emerging and scaling up”.[61] The strategy would include innovation support and a “28th legal regime” meant to harmonize and simplify applicable rules.[62]
The principles underlying these recent policy statements can also be found in a wide range of past EU policies related to TSUs. These policies have traditionally focused on access to investment capital, creating innovation networks, and building capacity. Some examples include the Start-Up and Scale-Up Initiative (SSI) from 2016, which sought to provide a supportive ecosystem that would help TSUs access capital;[63] the European Fund for Strategic Investments (EFSI), which mobilizes private investment in strategic projects;[64] 2021’s Startup Europe project, which looked to strengthen networking opportunities for “deep tech”;[65] the New European Innovation Agenda (2022), which focused on funding scaleups in order to create regional “innovation valleys”, develop a solid talent base, and improve policymaking tools;[66] the European Innovation Council (EIC), whose 2023 work programme included more than €1 billion in funding for startups with breakthrough ideas to help bring their innovations to market;[67] and the recently created European Tech Champions Initiative (ETCI) Fund of Funds, which commits more than €3.75 billion to support European high-tech companies with late-stage growth capital.[68]
Despite these efforts, however, there remain concerns among the EU’s TSU community. In response to the Commission’s 2023 New European Innovation Agenda and roadmap for startup growth, for example, Stripe published a report exploring whether proposed changes in European policy and regulation addressed key TSUs challenges. It noted that:
The intended benefits [of the EU’s initiatives to improve the regulatory environment] are not yet being felt on the ground. Eighty-three percent of startups believe policymaking is geared toward incumbents and want policymakers to focus on changes that will save them time and money, so they can make the most of limited resources.[69]
It is not surprising that stakeholders continue to argue for the EU to adopt more coherent startup and scaleup strategies.[70] As the Draghi Report noted, many European entrepreneurs:
Prefer to seek financing from US venture capitalists and scale up in the US market. Between 2008 and 2021, close to 30% of the “unicorns” founded in Europe — startups that went on to be valued at over USD billion — relocated their headquarters abroad, with the vast majority moving to the US.[71]
Consistent with these concerns, the European Parliament’s Innovation Resolution [72] called for a range of capacity-building measures that would focus on more traditional needs. But even as it called for comprehensive strategies to deploy innovation enabled by startups, the report suggested that the EU lacks such strategies. Furthermore, if the Innovation Resolution reflects policies that European startups would wish to see prioritized, it is notable that Parliament did not see the Digital Package as the means to achieve those goals. Possible explanations include either that the package fails to address more fundamental challenges that TSUs face, or that it does not provide TSUs with specific opportunities.
B. Evidence that Regulation Can Harm Startups
Regulating digital markets has been a major focus of the EU’s efforts over the past five years. But the Draghi Report, the Letta Report, the Compass, and several other recent policy statements all suggest that EU regulation can be a hurdle for TSUs. The Draghi Report even called for regulators to exercise “self-restraint” and consider “doing less”.[73] The Letta Report adds that the EU’s heavy, “risk-averse” regulatory framework imposes an “unsustainable” burden on startups (e.g., compliance costs for a typical SME in sectors like business services can reach up to €10,000[74]); which the report in turn identifies as a principal hurdle for the future of the Single Market:
Moreover, the tendency – present at all levels in Europe and among Member States following the economic and financial crisis – towards a risk-averse regulatory approach has led to a surplus of overlapping regulations, creating legal uncertainty and imposing substantial compliance costs. This scenario has adversely affected the business environment and economic activities, hitting SMEs the hardest. Thus, addressing these regulatory challenges is not merely a task of reform but a crucial necessity to unlock the full potential of the Single Market.[75]
Indeed, a mounting body of evidence suggests that these fears are not misplaced, and that regulation can lead to significant inefficiencies and unintended consequences. For example, while the EU’s General Data Protection Regulation (GDPR) was designed to strengthen data privacy, empirical studies find that it has had significant unintended effects on competition and startup innovation. [76] A study by Jian Jia, Ginger Zhe Jin, and Liad Wagman finds that, within a year of the GDPR’s enforcement, European tech startups experienced a 26.1% drop in monthly venture-funding deals compared to their U.S. counterparts.[77]
This decline in investment was not just a short-term shock. Follow-up analysis by the same authors shows a persisting reduction in the number of funding deals for nascent European tech ventures relative to U.S. counterparts through at least 2020.[78] This contraction in venture-capital investment appears to have been most acute for data-driven startups, as well as new and early-stage startups (ages zero to three years).[79] Business-to-consumer (B2C) businesses also saw more marked declines in the EU.[80] These findings suggest that the GDPR’s compliance burdens—from costly consent requirements to data-handling obligations—disproportionately deterred investment in young, data-centric firms, which are precisely the sorts of startups that European policymakers elsewhere seek to foster.
There is also evidence that the GDPR has disproportionately favoured incumbent firms, thereby increasing market concentration. A study by Garrett A. Johnson, Scott K. Shriver, and Samuel G. Goldberg found that, immediately after the GDPR took effect, websites curtailed their use of third-party digital tools and advertising vendors, dropping many smaller ad-tech providers. The result was a 15% reduction in overall web-technology vendors used for EU visitors and a 17% increase in market concentration among those service providers.[81] In practice, the GDPR prompted websites to rely more on a few large vendors—notably, those owned by Google and Facebook—with resources to comply with the new rules, while cutting ties with smaller analytics and advertising firms:
Google-owned vendors grow from 28.8% to 31.9% of site-vendor pairs in the short run, and Facebook grows from 3.4% to 3.6%.[82]
As Michal S. Gal and Oshrit Aviv put it:
The GDPR limits competition and increases concentration in data and data-related markets, and potentially strengthens large data controllers. It also further reinforces the already existing barriers to data sharing in the EU, thereby potentially reducing data synergies that might result from combining different datasets controlled by separate entities.[83]
These findings were echoed in an empirical study by Chinchih Chen, Carl B. Frey, and Giorgio Presidente, which concludes that:
The GDPR had the unintended consequence of harming the profitability of companies targeting European consumers through the cost channel. Technology firms experienced a 2.1% decline in profits, but not in sales. The GDPR increased extra expenses, added to firms’ wage bills, and accelerated patenting in GDPR-related technology fields. The main burdens have been borne by smaller companies.[84]
Likewise, a paper by Yu Zhao, Pinar Yildirim, & Pradeep K. Chintagunta found that the GDPR led to increased online friction, a growing disparity between large and small firms, and a less-competitive environment.[85] They conclude that:
For policy-makers, our results highlight the unintended consequences of GDPR on consumers and firms. For firms, the post-GDPR environment is anticompetitive as smaller firms see reduced consumer traffic, while for larger domains, both consumer visits and consumer checkouts increase relative to the non-EU benchmark. The higher cost of compliance for smaller domains may have exacerbated the inequality between large and small domains, as evident from the differential effects of GDPR on domain traffic and e-commerce checkout volumes.[86]
These empirical patterns underscore a key unintended consequence: privacy regulation may inadvertently entrench incumbent firms, who can comply at-scale, while raising obstacles for startups that lack similar compliance resources. Indeed, this is consistent with the alarm raised by the Draghi Report, which similarly identifies the GDPR as one of the regulations that has hindered EU companies due to its fragmented implementation.[87] The Draghi Report also cites the GDPR as an example of how compliance burdens, complexity, and inconsistencies among overlapping regulations—such as the GDPR and the AI Act—can undermine advancements in artificial intelligence.[88]
Beyond its effects on investment and competition, some authors have found indications that the GDPR has also slowed innovation output. Rebecca Janssen, Reinhold Kesler, Michael E. Kummer, and Joel Waldfogel identify a “lost generation” of apps in the EU mobile ecosystem following GDPR’s implementation. Using data on 4.1 million Google Play apps, they estimate the GDPR led approximately one-third of existing apps to exit the EU market, and the rate of new app entries fell by roughly half in the subsequent quarters:
When it took effect, GDPR precipitated the exit of over a third of available apps; and following its enactment, the rate of new entry fell by 47.2 percent, in effect creating a lost generation of apps.[89]
The authors show these changes led to significantly less consumer choice and lower usage, effectively reducing consumer surplus by roughly one-third relative to a no-GDPR scenario.[90] In their words:
Whatever the benefits of GDPR’s privacy protection, it appears to have been accompanied by substantial costs to consumers, from a diminished choice set, and to producers from depressed revenue and increased costs.[91]
Other studies reinforce this theme. Klaus M. Miller, Julia Schmitt, and Bernd Skiera find that the GDPR depressed user engagement on websites and that more popular sites lost fewer users, suggesting the regulation diverted activity to dominant platforms:
Our results show that the GDPR negatively affected online usage per website on average; specifically, weekly visits decreased by 4.88% in the first 3 months and 10.02% after 18 months post-enactment. At the 18-month mark, these declines translated into average revenue losses of about $7 million for e-commerce websites and nearly $2.5 million for ad-based websites. Nonetheless, the GDPR’s impact varied across website size, industry, and user origin, with some large websites and industries benefiting from the regulation. Notably, the largest 10% of websites pre-GDPR suffered less, suggesting that the GDPR has increased market concentration.[92]
Together, these empirical studies paint a consistent picture: The GDPR’s well-intended privacy safeguards inadvertently slowed startup innovation and market entry, while diminishing competitive dynamism. The evidence of fewer new firms, reduced product offerings, and users consolidating toward larger providers highlights a key tradeoff: stringent data protection can, and often does, come at the expense of competition and innovation. Policymakers in other areas should weigh these costs against the purported privacy benefits, as the GDPR experience demonstrates how sweeping regulation may create barriers to entry or encourage market exit among small tech firms.
The voices against the GDPR have recently gotten louder, following the EU’s “crusade against overregulation” in light of the Draghi Report.[93] The Commission is now reportedly exploring ways to scale back a law widely regarded as one of “Europe’s most complex pieces of legislation by the technology sector”.[94] The anticipated simplification package would ease reporting requirements for organizations with less than 500 people.[95] As Politico has reported:
For small and cash-strapped businesses, the reams of documentation the GDPR asks companies to produce has long been a gripe. Justice Commissioner Michael McGrath said the key takeaway from a review of the GDPR last summer “is the need for greater support [for] businesses, especially SMEs, in their compliance efforts.”[96]
The regulations that make up the EU’s Digital Package could produce adverse effects similar to those seen with the GDPR. Economic theory suggests that there are reasons to believe the higher compliance costs associated with digital regulations may particularly hamper nascent firms and dampen entrepreneurs’ incentives to pursue new ventures.
For example, building on the political momentum of the GDPR, the EU recently enacted the DMA and DSA, which aim to promote fair competition and safer online spaces, respectively.[97] The DMA targets large online “gatekeeper” platforms with ex-ante obligations—e.g., requiring interoperability and limits on self-preferencing—to ensure “contestable and fair” digital markets in which smaller competitors can thrive. The DSA updates rules for online intermediaries and content moderation, seeking to protect users while harmonizing responsibilities across platforms.
Because both acts are recent, these is not yet much rigorous empirical analysis of their outcomes. EU officials predict these regulations will open new opportunities for startups and scaleups by curbing the allegedly exploitative practices of Big Tech. For instance, the Commission asserts that, under the DMA, “innovators and technology start-ups will have new opportunities to compete… without having to comply with unfair terms and conditions” imposed by dominant platforms.[98]
By seeking to prevent gatekeepers from abusing their market power (e.g., by unfairly blocking access to data or markets), the DMA seeks to level the playing field and enable nascent firms to reach users on more meritocratic terms. Similarly, the DSA’s backers argue that clearer liability and transparency rules for online services will increase trust and safety, which could benefit emerging companies in the long run by improving the online environment for all businesses.
Many observers caution, however, that these new regulations also introduce hurdles for startups, echoing some patterns seen with GDPR. Because the DMA squarely targets the business models of Big Tech firms, there is concern about indirect effects on the startup ecosystem that interacts with those “gatekeepers”. One worry is that restricting large platforms’ behaviour might reduce important avenues for startups, such as acquisitions or platform partnerships.
Venture investors note that many startups see acquisition by a major tech company as a common exit strategy. Thus, if the DMA makes large firms more hesitant or constrained in acquiring emerging competitors (see, e.g., Art 14 DMA), the pool of venture capital and startup valuations in Europe could decline, as investors may anticipate a more difficult path to profitable exits.[99]
The DMA might also stifle TSUs by making gatekeepers’ platforms less attractive to users—such as by, e.g., limiting gatekeepers’ ability to restrict access to the platform. This could degrade platforms’ incentives to innovate and their ability to curate content in ways that maximize the platform’s total value to users.[100] In addition, the DMA’s cumbersome privacy requirements might also reduce competition—not just in advertising, but across the board. As Carmelo Cennamo and Juan Santaló contend:
It does not look like too much of a stretch to assume that the DMA implementation may have similar distortive effects in the targeted advertising markets benefitting some gatekeepers while castigating others. The risk is that in between, the real casualties will be the SMEs (and their direct-to-consumer model). Apps/webpages that have a larger user base can indeed better monitor consumer behavior and offer targeted advertising with a higher ROI than apps with a smaller user base. Overall, this may reinforce the competitive advantage of big players (with direct access to consumer’s data) at the expense of smaller ones. Note hence that the unintended effect of the DMA may be to consolidate the dominant position of big established platforms instead of making digital markets more contestable.[101]
A report from the Center for Strategic and International Studies (CSIS) similarly notes that, while the EU intends the DMA to help European tech firms scale up, “a regulatory disabling of U.S. tech giants… could lead to perverse and unintended consequences for European businesses”, potentially benefiting “European incumbents and subsidized Chinese competitors” more than EU startups.[102]
In short, unless the DMA is carefully calibrated, it might protect competitors rather than competition, inadvertently favouring firms that are already mid-sized or well-connected over scrappy young innovators.
For the DSA, the potential burden of compliance is a key concern. The DSA imposes obligations (such as faster removal of illegal content, audits of algorithms, and new transparency requirements) that scale up with a platform’s size (with the most stringent rules for “Very Large Online Platforms”). Even so, smaller startups fear the DSA could add complex compliance costs at-odds with their limited resources. Early commentary has stressed that, if not designed with proportionality, the DSA might force startups to divert precious time and money into content moderation and legal compliance instead of innovation. As a recent GLOBSEC report argued:
The new legislation could add extra hurdle for startups, which will have to deal with complex rules regarding illegal content, regardless of their size and resources. As a result, they would not be able to focus on their core business and grow at the desired pace.[103]
For example, a young platform may struggle if it is expected to “monitor or filter all content users upload” or meet short takedown deadlines across EU jurisdictions.[104] Such requirements could slow a startup’s ability to scale, especially if they need to rapidly hire compliance staff or implement costly filtering technology.
Advocates for startups have therefore argued for graduated obligations and a “sandbox” approach to ensure that new ventures can grow without being immediately crushed by regulatory overhead. It remains to be seen how the DSA will be enforced in practice, but the principle of proportional enforcement will be crucial. As one observer noted, “small startups shouldn’t be penalized just because they don’t have the content monitoring resources of companies like Google or Facebook”.[105]
A common theme in analysing the GDPR, DMA, and DSA is that regulations often have unintended consequences. Empirical studies strongly suggest that well-intentioned regulations can inadvertently hinder competition and innovation, particularly affecting startups and new market entrants. Europe’s experience with the GDPR should serve as a cautionary tale. While it strengthened users’ privacy rights, it also coincided with a decline in venture-capital investment, fewer new market entrants, and increased concentration in various digital sectors.
Startups, which often drive disruptive innovation, appear to have been the most negatively affected by the GDPR, given their reliance on data-driven business models and dependence on external capital.[106] That policymakers did not anticipate these outcomes illustrates the tradeoffs inherent in digital market regulation.[107] As Gal and Aviv observed, the GDPR was enacted with little attention to its potential competitive side effects, which “may well constitute an unintended and unheeded welfare-reducing consequence”.[108]
Unintended effects can include not only dampened startup activity, but also shifts in competitive dynamics that favour the very incumbents that regulations seek to rein in. Large tech firms often have compliance departments and diversified data assets that allow them to adapt to new rules relatively unscathed, while a two-person startup would face a much higher relative cost. This dynamic was evident when GDPR’s implementation drove many small ad-tech vendors out of the European market, reinforcing the dominance of Google and Facebook’s ad services.[109] In the long run, such compliance-driven market concentration can reduce consumer choice and slow the pace of innovation, as fewer new firms attempt to challenge incumbents.[110]
Similar concerns are now being raised about the cumulative impact of the EU’s new digital regulations—the DMA, DSA, and AI Act—on Europe’s startup ecosystem. Many in the tech community stress vigilance to avoid repeating the GDPR’s pitfalls. Surveys of investors already indicate anxiety. For example, most European venture capitalists foresee that expansive regulatory regimes could make EU startups less competitive on the global stage. According to American Edge Project:
General Data Protection Regulation (GDPR) led to less investment in startups after 2018. Newer regulation such as potential AI rules and the Digital Markets Act (DMA) exacerbate that state of affairs; for instance, it is likely that the recently passed AI legislation will require costly and protracted updates to carve out certain exceptions for some businesses.[111]
Academic research on incentives for innovation also suggests that, if exit opportunities (like acquisitions) are curtailed or compliance costs rise, venture funding and entrepreneurship could shift to less regulated jurisdictions.[112] Ultimately, the challenge for regulators is to strike a balance: safeguarding consumer interests without inadvertently stifling the agile competition that startups provide. The competitive and innovative vitality of digital markets hinges on getting this balance right.
The literature underscores that regulatory interventions must be coupled with careful monitoring and periodic evaluation. If evidence shows a rule is unduly harming startup formation or investment, policymakers may need to adjust thresholds, provide exemptions for small firms, or offer guidance and support to reduce the burden. The EU’s bold regulatory moves will require ongoing assessment to ensure that “fair and open” markets[113] materialize in practice—delivering not only compliance by big platforms, but also more room for Europe’s next generation of startups to grow and compete.
III. Tech Startups’ Place in the EU’s Digital Package
Given the pitfalls of EU digital regulations discussed in the previous section, the question arises whether the Digital Package makes any concessions to TSUs or acknowledges the need to simplify rules and reduce their regulatory burden, as emphasized in the Draghi Report. Such acknowledgements would be a sign that policymakers were cognizant of, and took measures to avert, the sorts of unintended consequences discussed above.
In this section we survey the impact statements for the rules that comprise the EU’s Digital Package, which reveal varying degrees of acknowledgment and interest on the part of the regulations’ drafters for the position of TSUs. The following sub-sections assess each of the Digital Package’s regulations individually.
A. Digital Markets Act
The DMA has primary objectives, which are set out in Art. 1:
To ensure contestability and fairness for the markets in the digital sector in general, and for business users and end users of core platform services provided by gatekeepers. Contestability relates to “the ability of undertakings to effectively overcome barriers to entry and expansion and challenge the gatekeeper on the merits of their products and services.[114] (emphasis added)
“Fairness”, in turn, relates to:
…an imbalance between the rights and obligations of business users where the gatekeeper obtains a disproportionate advantage. Market participants … should have the ability to adequately capture the benefits resulting from their innovative or other efforts.[115]
Overall, the obligations placed on the DMA’s designated gatekeepers are intended to lower entry barriers into the incumbents’ core and adjacent markets, thereby making it easier for TSUs to compete. The DMA aims to create new opportunities for TSUs to monetize products and services when on gatekeeper platforms by ensuring increased visibility in search rankings or product listings; enhanced ability to improve products and services through user consent, data portability, and interoperability to key services and access to APIs;[116] and to ensure better terms and conditions.[117]
One European SME lobby group noted:
For innovative SMEs, the DMA will finally create the space and level playing field they need to be competitive … For business users, this would mean being able to offer their services without being forced to comply with unfair terms and conditions forcing them to innovate according to the rules dictated by the gatekeepers.[118]
EU policymakers have frequently cited startups as key beneficiaries of the DMA. At the same time, however, the DMA’s substantive provisions do not meaningfully address TSUs. One possible exception is the act’s the high quantitative thresholds, which effectively exempt most companies—including TSUs—from the obligation to comply with the DMA. Unlike “gatekeepers”, TSUs are not required to share their infrastructure, resources, investments, or competitive advantages with third parties.
Another possible exception is Art. 14, which requires gatekeepers to inform the European Commission of any planned merger or acquisition involving a core platform service—or, indeed, any other services that enable data collection.[119] Art. 14 DMA also requires the Commission to inform national competition authorities of such transactions. The Commission can also claim jurisdiction over such transactions from a national competition authority, regardless of either the transaction value or the target company’s turnover, by triggering the referral mechanism in Art. 22 of the EU Merger Regulation.[120] This includes circumstances in which the Commission “invites” national authorities to make such a referral.
While none of the DMA’s provisions include elements expressly specific to TSUs, Art. 53 DMA establishes that, when evaluating whether the law’s aims have been achieved, the European Commission must assess not only whether regulated markets are contestable and fair, but also the impact “on business users, especially SMEs, and end users”.
The Commission’s impact assessment for the DMA (DMA IA) likewise offered little in the way of specific focus on TSUs, but it did state that “an ex ante measure which explicitly seeks to address unfair contract terms and prevent foreclosure, should provide benefits to a multitude of small businesses and start-up companies, and in turn to their employees and customers”.[121] The DMA IA further opined that SMEs would benefit from the law creating a more “innovative and competitive business environment”. The impact assessment concluded that the benefits flowing to SMEs, startups, and consumers were likely to substantially exceed the measure’s costs of the measure. David J. Teece and Henry J. Kahwaty, however, characterized these conclusions as little more than conjecture, unsupported by academic research or empirical analysis and “inconsistent with many tenets of the literature on the management of innovation”.[122]
For its part, the EU Council credits the DMA with “promoting innovation and a fairer online platform environment for technology start-ups” and “[making] it easier for smaller companies and start-ups to enter the digital market, innovate and compete”.[123] Recital 8 of the DMA offers claims that the regulation will make the economy (in general) and consumers (in particular) better off, even as it explicitly disavows economic efficiency and consumer welfare as relevant factors in delineating permissible and impermissible conduct.[124]
Claims that the DMA will benefit startups more likely reflects politically expedient language, rather than a firm legal commitment or a cognizable antitrust harm. In this way, they are typical of EU policy documents. The Commission’s Annual Reports on Competition Policy, for example, often make broad claims that competition policy has contributed to all or most of the EU’s strategic goals and priorities.[125]
Of course, the DMA could have gone further. Various provisions in the act acknowledge SMEs’ specific interests,[126] despite the lack of provisions that specifically promote those interests. There is likewise a paucity of Commission documents detailing how the DMA would foster the needs of TSUs, as distinct from the interests of other players. [127] While it is asserted that TSUs will benefit from the opportunities the DMA would create, on the question of how much weight their interests should be granted relative to end users, business users, competitors, or consumers, the DMA is silent.
Perhaps the answer can be found in the DMA’s measures of success: the yardsticks used to measure the DMA’s effects could reveal what outcomes the new regulation seeks to achieve.[128] But what makes measuring the DMA’s impact on TSUs difficult is that the act does not dictate any specific market outcome. As Director-General of Competition Olivier Guersent has noted: “DMA obligations create opportunities rather than prescribe market outcomes”.[129] In other words, once gatekeepers comply with their DMA obligations, they are not, in principle, responsible for competitors’ or users’ decisions. Guersent further noted that:
The scale of the impact of DMA will also depend on the take up of the newly created opportunities by market players, and/or the switching by end-users to alternative service providers.[130]
This is consistent with the DMA’s review provision (Art. 53). The article focuses on assessing the law’s impact against its original objectives, which were to ensure contestability and fairness for core-platform-services users and competitors. Alas, improvements in contestestability would need to be measured to be accounted for, and the law ostensibly fails to prescribe any particular outcomes. An additional difficulty in measuring fairness and contestability is that entry and expansion are affected by factors well beyond the gatekeepers’ control—such as, e.g., access to capital or skilled labour.[131]
B. Digital Services Act
The DSA imposes obligations on very large online platforms to actively mitigate illegal activities and the spread of harmful products.[132] The act covers online intermediaries and platforms such as marketplaces, social networks, content-sharing platforms, app stores, and online travel and accommodation platforms. According to the European Commission, the DSA’s goals are to foster innovation, growth, and competitiveness, and to facilitate “the scaling up of smaller platforms, SMEs and start-ups”.[133]
The Commission’s DSA impact assessment (DSA IA) concluded that the regulations “are expected to have a positive impact on competitiveness, innovation and investment in digital services, in particular European Union start-ups and scale-ups proposing platform business models” and that “the legal certainty provided by the intervention would likely encourage investments in European Union companies”.[134] The European Parliament also noted that ex-ante regulatory remedies on the largest online platforms had “the potential to open up markets to new entrants, including SMEs, entrepreneurs, and start-ups, thereby promoting consumer choice and driving innovation beyond what can be achieved by competition law enforcement alone”.[135]
To date, however, it appears that the DSA’s primary benefit for startups is that microenterprises and small enterprises are excluded from compliance obligations.[136] This follows from the DSA IA, which noted that:
Legal burdens [resulting from national regulation of online platforms and online intermediaries at national level] create new barriers in the internal market and lead to high direct and opportunity costs, notably for SMEs, including innovative start-ups and scale-ups. This leads to a competitive advantage for the established very large platforms and digital services, which can more easily tackle higher regulatory compliance costs, and further limits the ability of newcomers to challenge these large digital platforms.[137]
To avoid imposing disproportionate burdens on smaller firms, Art. 15(2) DSA excludes microenterprises and small companies that provide intermediary services from the annual content-moderation reporting obligation. Similarly, Art. 29 DSA exempts these firms from obligations to enable consumers to conclude distance contracts with traders. Art. 19 DSA adds additional exemptions, such as setting up an effective internal-complaint-handling system.[138]
The DSA also extends the exemptions to relatively small enterprises that provide online platforms and have scaled to the point that they no longer qualify as microenterprises or small enterprise under Recommendation 2003/361/EC. Under Art. 19 DSA, such entities continue to benefit from the exemptions for 12 months following the loss of that status (unless they are designated as very large online platforms under Art. 33 DSA). Extending the period during which companies can retain SME status aims to address startups’ concerns about losing protection if they scale up.[139]
As with the DMA, the European Commission is required in its formal evaluation to review scope of DSA obligations on small enterprises and microenterprises.[140] But the DSA goes further than the DMA in requiring the Commission to undertake (by 18 February 2027) a separate and targeted impact assessment of the DSA “on the potential effect of this Regulation on the development and economic growth of small and medium-sized enterprises”.[141] One could therefore argue that the DSA is more sensitive to TSUs’ needs in that it addresses two of their core concerns: compliance costs and the dynamic nature of the transition from startup to scaleup, on the one hand, and requiring the Commission to conduct an SME-specific review, on the other. By contrast, this language is lacking in the DMA.
C. The Data Act
The EU’s Data Act[142] aims to facilitate the seamless transfer of valuable nonpersonal or industrial data within the EU by creating a legal framework on permissible data sharing. It includes several provisions specifically related to SMEs, including microenterprises and startups. This is especially noteworthy, as high-quality data is a critical resource for startups and SMEs to better understand both their own products or services and their customers. The Data Act notes that:
In sectors characterised by the presence of microenterprises, small enterprises and medium-sized enterprises … there is often a lack of digital capacities and skills to collect, analyse and use data, and access is frequently restricted where one actor holds them in the system or due to a lack of interoperability between data, between data services or across borders.[143]
The Data Act also notes that “start-ups, small enterprises … struggle to obtain access to relevant data”.[144] The Data Act therefore aims to “facilitate access to data for those entities, while ensuring that the corresponding obligations are as proportionate as possible to avoid overreach”. [145]
Among the Data Act provisions specific to microenterprises or small enterprises are that the various B2C and B2B data-sharing obligations outlines in Chapter 2[146] do not apply to data generated through the use of connected products manufactured or designed by a microenterprise or small enterprise, or related services provided by such enterprises.[147] Recital 41 clarifies that: “Given the current state of technology, it would be overly burdensome on microenterprises and small enterprises to impose further design obligations in relation to connected products manufactured or designed, or the related services provided, by them”.[148]
As with the DSA, a 12-month grace period is applied to enterprises that have grown from a microenterprise or small enterprise to a medium-sized enterprise, thus allowing them to adjust and prepare before facing market competition for services related to the connected products. This period is not available, however, where a newly medium-sized enterprise has a large investor.
Art. 9, which covers compensation principles for making data available, limits costs for data recipients that are SMEs (as well as not-for-profit research organizations). Such firms and organizations can only be asked to pay for costs directly related to making the relevant data available—i.e., the costs necessary for formatting, dissemination, and storage (per Art. 9(2)(a)). Following Recital 49, this is necessary “to protect SMEs from excessive economic burdens which would make it commercially too difficult for them to develop and run innovative business models”.
Recital 49 also recognizes that there may be “directly related costs” attributable to tailoring data to specific SME requests, such as the costs of necessary technical interfaces, software, and connectivity required on a permanent basis by the data holder.[149] Recital 51 stresses the need for price transparency and requires the data holder to provide sufficiently detailed information to the SME for the calculation of the compensation to ensure that the data holder’s compensation request is reasonable.[150] While 12-month grace period excludes medium-sized entities, thereby benefiting startups and scaleups, the provisions concerning costs do also cover medium-sized enterprises.
The Data Act also imports the “gatekeeper” notion from the DMA and excludes designated gatekeepers from benefiting from the act’s data-access rights on the basis that “[s]uch inclusion would also likely limit the benefits of this Regulation for SMEs, linked to the fairness of the distribution of data value across market actors”.[151]
Art. 15 Data Act, concerning entities with an “exceptional need to use data”, allows public-sector and certain European Union entities (the Commission, European Central Bank, and various EU bodies) to access data when performing their duties in public-emergency situations. Under Art. 20(1)(a), access to such data is generally to be provided free of charge. The Data Act acknowledges that these data-access provisions create a burden on businesses, including microenterprises and small enterprises. Thus, the obligation to provide data in public-emergency situations is limited to those circumstances in which public-sector or EU bodies have exhausted all other means at their disposal to obtain such data “in a timely and effective manner under equivalent conditions” (Art. 15(1)(b)(ii)) and Recital 63).
Art. 20(2) Data Act allows for limited compensation in circumstances not covered by Art. 20(1)(a), but for most entities, this would apply only for nonpersonal data and where technical and organizational costs were incurred to comply with the request—e.g., the costs of anonymization, pseudonymization, aggregation, and/or technical adaptation, plus a “reasonable margin”. Art. 20(3) does, however, note that the fair-compensation requirements “shall also apply where a microenterprise and small enterprise claims compensation for making data available” to public-sector or EU bodies, as the obligation to provide data “might constitute a considerable burden” for these smaller entities.[152]
In addition, the Data Act also aims to create a framework for customers to effectively switch between different cloud-services providers. On the latter point, the impact assessment for the Data Act Impact (DA IA) notes that: “SMEs and start-ups would be the greatest beneficiaries from an intervention on cloud switching, as users of cloud and edge services but also as providers of such services”.[153] This is, the DA IA asserts, because regulatory intervention to facilitate cloud switching across the EU would most benefit high-tech SMEs and startups, given the technical problems associated with a lack of standardization (e.g., application portability). In addition, according to the DA IA, “the smaller, often EU-native providers of cloud and edge services will benefit most” from intervention on cloud switching, because they generally lack the resources to move their digital assets to new platforms, as these often use proprietary standards.[154]
Chapter IV of the Data Act makes certain contract terms related to data access unenforceable. Among the areas where this would apply are terms governing contractual liability and remedies for breach or termination of data-related obligations “unilaterally” imposed by one of the parties—e.g., terms that exclude or limit the liability or the remedies, or that grant the exclusive right to determine whether the data supplied data conform with the terms of the contract. As explained in Recital 58, the Data Act seeks to prevent the exploitation of contractual imbalances that “harm all enterprises without a meaningful ability to negotiate the conditions for access to data, and which may have no choice but to accept take-it-or-leave-it contractual terms”.[155]
Recital 111 calls on the Commission to help enterprises draft and negotiate contracts and develop nonbinding model contractual terms, which “should be primarily a practical tool to help in particular SMEs to conclude a contract”.[156] This provision stems from the public-consultation finding that “microenterprises and SMEs ranked ‘unfair contract terms’ second amongst the main difficulties for companies when requesting access to data” and that “contractual imbalances between data holders and data requestors affect, in particular, SMEs and start-ups”.[157]
The scope of the Data Act’s SME provisions is based on the European Parliament’s SME Recommendation definition. A lingering question is whether the rights and obligations contained within the Data Act would be materially different if the SME Recommendation included a specific definition of startup, as called for by various EU bodies. TSUs clearly have different needs than other SMEs, including access to high-quality data; their high levels of collaboration, open systems, and interoperability; and the expectation that continued rapid growth will require significant investment. The Data Act does include provisions to address some of these issues—e.g., excluding microenterprises and small enterprises from data-sharing obligations, minimizing the cost of acquiring data, and providing a 12-month grace period after a microenterprise or small enterprise grows to a medium-sized enterprise. But whether these are provisions are sufficient is another matter altogether.
Of course, the Data Act should be seen in the broader context of the EU’s 2020 European Strategy for Data[158], of which it is one pillar, as is the Data Governance Act. The Strategy for Data recognizes that data “is an essential resource for start-ups and small and medium-sized enterprises (SMEs) in developing products and services”, given existing market imbalances in firms’ access to and use of data. The strategy does provide some relief for TSUs, most notably in making more public data accessible.
Interestingly, the European Parliament’s recent calls for action to support European SMEs do not focus on the Digital Package. For example, in discussing market access and competition, the Parliament did not touch on digital market competition per se, but noted that it was “of the view that regulatory mechanisms must adapt to and evolve in sync with technological advancements and market shifts to uphold competitiveness and innovation, especially in relation to European start-ups”.[159] The only notable reference was one that called on the Commission to “ensure the harmonised and effective implementation of recent digital regulations”. The Parliament also called on the Commission and member states to foster a European-led ecosystem of marketplaces for nonpersonal data.[160]
D. The Artificial Intelligence Act
The EU’s AI Act[161] applies obligations to providers and users of artificial-intelligence systems, with the goal of balancing AI innovation with ensuring that AI systems are ethical and trustworthy, and that they respect EU values and fundamental rights. The act prohibits the implementation and use of AI systems that present unacceptable risks; permits the use of AI systems that present high risks, subject to compliance with specific requirements and obligations; and allows the use of limited-risk systems subject to transparency obligations. By establishing a regulatory framework for AI systems, the AI Act aims to provide legal certainty and enhance the deployment of trustworthy AI solutions.
Given their important role in the European innovation ecosystem, the AI Act aims to safeguard the interests of startups and SMEs.[162] As the Draghi Report notes, between 2008 and 2021, there were 147 “unicorns” founded in Europe—i.e., startups valued at more than $1 billion. But of these, 40 relocated their headquarters abroad, with the vast majority moving to the United States.[163] The report found that “the lack of growth potential in Europe is particularly relevant for tech-based innovative ventures, and even more so for deep tech ones”, adding that 61% of total global funding for AI startups goes to U.S. companies, 17% to those in China, and just 6% to those in the EU.[164]
The Commission’s impact assessment for the AI Act (AI IA) offers several salient points relevant to these issues. It recognizes, for example, that “without a clear legal framework, start-ups and developers working in this field will not be able to attract the required investments. Similarly, without certainty on applicable rules and clear common standards on what is required for a trustworthy, safe and lawful AI, developers and providers of AI systems and other innovators are less likely to pursue developments in this field”.[165] In particular, the AI Act highlighted the fragmented regulatory landscape across the AI single market as a key problem. The impact assessment noted that:
The impact of this increasing fragmentation is disproportionately affecting small companies. This is because large companies, especially global ones, can spread the additional costs for operating across an increasingly fragmented single market over their larger sales, especially when they already have established a dominant position in some markets. Meanwhile, SMEs and start-ups which do not have the market power or the same resources may be deterred from entering the markets of other Member States and thus fail to profit from the single market. This problem is further exacerbated since big tech players have not only a technological advantage but also exclusive access to large and quality data necessary for the development of AI.[166]
The AI Act creates compliance burdens, including for TSUs, but it also contains measures and protections intended to benefit TSUs.[167] The act’s TSU-specific provisions include:
- Recital 73 notes the importance of taking the interests of small-scale providers and users of AI systems into account, with an emphasis on capacity building and setting appropriate conformity-assessment fees. For example, given translation-related costs, the recital proposes that EU member states should chose documentation language “which is broadly understood by the largest possible number of cross-border users”.
- The act promotes regulatory sandboxing schemes to experiment with various AI applications. Recital 72 states: “Regulatory sandboxes should be widely available throughout the Union, and particular attention should be given to their accessibility for SMEs, including startups”. Recital 72 also notes that “The objectives of the regulatory sandboxes should be to foster AI innovation by establishing a controlled experimentation and testing environment in the development and pre-marketing phase with a view to ensuring compliance of the innovative AI systems with this Regulation and other relevant Union and Member States legislation; to enhance legal certainty for innovators and the competent authorities’ oversight and understanding of the opportunities, emerging risks and the impacts of AI use … and to accelerate access to markets, including by removing barriers for small and medium enterprises (SMEs) and start-ups”.
- 55 requires member states to grant eligible small-scale providers and startups priority access to AI regulatory sandboxes. It also promotes applying the AI Act in ways tailored to the needs of small-scale providers and users. These would include support for capacity-building efforts; facilitating networking among small providers, users, and other innovators; and encouraging SMEs to participate in the development of standards. Finally, it asserts that small-scale providers’ specific interests and needs should be considered when a relevant national body sets fees for conformity assessment, reducing those fees proportionately to the TSU’s size and the size of the market.
- The Council and Parliament agreed to a new Art. 55a that would permit certain derogations for specific operators—notably, that qualifying microenterprises (as defined by SME Recommendation 2003/361) may fulfil elements of the quality-management system under Art. 17 in order “to ensure proportionality considering the very small size of some operators regarding costs of innovation”.[168] The article directs the Commission to develop guidelines specifying how microenterprises could fulfil the elements of the quality-management system in this simplified manner. In developing guidelines, the article directs the Commission to consider microenterprises’ needs without affecting the overall level of protection provided by the AI Act or the compliance requirements for high-risk AI systems.
- 71 AI Act requires EU member states to set out rules on penalties—including administrative fines—for infringement of the act, as well as to ensure that they are properly and effectively implemented. Art. 71 notes that such penalties must be effective, proportionate, and dissuasive, but that such penalties “shall take into account the interests of SMEs including start-ups and their economic viability”.
- Finally, under new Art. 34a, the relevant “notified bodies” responsible for administering the AI Act at the national level—such as verifying conformity by high-risk AI systems—should avoid imposing unnecessary burdens on providers. This is to include taking due account of their size, the sector in which they operate, their structure, and the degree of complexity of the AI system in question. It further establishes that “[p]articular attention shall be paid to minimising administrative burdens and compliance costs for micro and small enterprises as defined in Commission Recommendation 2003/361/EC”.
The Commission’s January 2024 Communication on Boosting Startups and Innovation in Trustworthy Artificial Intelligence[169] offered a broader TSU policy framework around the AI Act, laying out the “actions and investments in 2024 that will help startups and industries in Europe fulfil their potential of becoming global frontrunners in trustworthy advanced AI models, systems and applications”. The communication focused on six principal areas of action:
- To facilitate access to European supercomputers that can accelerate the training of AI models (“AI factories”) to “bolster the leadership of European startups and stimulate the emergence of competitive AI ecosystems in the Union”.[170] This would include access to data storage, given the prohibitive expense of large commercial cloud-computing resources;
- To facilitate access to high-quality data, leveraging the Data Act and accelerating the development of Common European Data Spaces;
- To support trustworthy AI solutions;
- To strengthen the EU’s generative-AI talent pool;
- To promote the widespread uptake and use of generative-AI applications, notably by public bodies; and
- To encourage public and private investment in AI startups and scaleups, leveraging existing instruments like the European Innovation Council and InvestEU that are designed to de-risk and crowd-in private investors.
The framework’s objective is to ensure sufficient investment in the training of AI models, to accelerate the deployment of advanced AI solutions, and to scale up European TSU activities in ways that would enable them to become globally competitive. The communication stresses the Commission’s desire to empower AI TSUs to compete “confidently” on the global stage.[171]
The Commission also published a staff working document (SWD) that sets out an EU initiative on the next technological transition on Web 4.0 and virtual worlds.[172] The SWD notes that: “Web 4.0 SMEs and start-ups in the EU are also faced with a fragmented ecosystem, which leads to challenges in establishing collaborations, sharing knowledge and best practices within the sector. The lack of awareness and visibility of actors along the value chains is a major issue for cooperation. This hinders innovation and leads to other difficulties such as finding the right partner to set up consortia for calls, an issue particularly relevant for securing EU funding. Addressing these issues would build stronger collaborations across hubs and borders”.[173]
The framework proposes a broad range of measures to support AI startups and innovation, including a proposal to provide privileged access to the network of European high-performance computers, reconfigured for rapid machine learning and training large general-purpose AI models. It also envisions the launch of AI factories to support the development, testing, evaluation, and validation of large-scale AI models. These facilities would serve as one-stop shops for AI startups to create advanced AI models and applications.
In addition, the framework proposes that financial support will be provided through EU instruments like Horizon Europe and the Digital Europe Programme, mobilizing about €4 billion in additional public and private investment by 2027. It received a cautious welcome from the EU startup community.[174]
IV. The EU’s Digital Package: What’s in It for Tech Startups?
What we notice in reviewing the EU’s Digital Package is a very mixed bag for TSU interests—bearing in mind that what TSUs need, at a bare minimum, is a reduced compliance burden. This may explain why TSU lobbyists do not generally focus on the recent package of European digital regulations, nor have they often found it necessary to touch on topics related to those regulations.
A. The Digital Markets Act
While the specific interests of SMEs are acknowledged in various parts of the DMA, there are no provisions that would specifically promote the interests of SMEs, let alone startups or entrepreneurs. As discussed in Section III, the principal provision related to designated gatekeepers’ obligations vis-à-vis TSUs is laid down in Art. 14 DMA, though it remains unclear whether that provision will have the intended effect of encouraging the emergence and expansion of TSUs.
Pursuant to Art. 14 DMA, designated gatekeepers must inform the Commission of any intended merger or acquisition involving a gatekeeper’s core platform services—or, indeed, any other services in the digital sector or that entail the collection of data. Art. 14 DMA’s obligation to furnish information to the Commission, coupled with the requirement that the Commission inform national competition authorities of such transactions, effectively allows the EU to seek jurisdiction over the merger no matter how low the transaction value or turnover of the target company. The obligation is enabled through a broad reading of the referral mechanism in Art. 22 of the EU Merger Regulation,[175] under which the Commission can “invite” national authorities to refer mergers with a national scope to the Commission’s jurisdiction.
Assuming Art. 14 remains in place following the European Court of Justice’s Illumina/Grail ruling, which curtailed the Commission’s ability to review mergers that fall below the national-notification thresholds,[176] the Commission’s 2021 Guidance on Art. 22 offers insight into how it might approach a review initiated under Art. 14 DMA.
The Commission’s guidance notes an increase in acquisitions of companies that generate little or no turnover, which it asserts “appear[s] particularly significant in the digital economy, where services regularly launch with the aim of building up a significant user base and/or commercially valuable data inventories, before seeking to monetise the business”.[177] The Commission also provided an illustrative list of cases that will normally be appropriate for a referral under Art. 22, including cases where the undertaking “is a start-up or recent entrant with significant competitive potential that has yet to develop or implement a business model generating significant revenues (or is still in the initial phase of implementing such business model)”. Other relevant considerations include circumstances in which the target is an important innovator; is conducting potentially important research; provides key inputs for others; or has access to significant assets, such as data or intellectual-property rights.[178]
The DMA’s transaction-notification requirements should be seen in the context of concerns about a supposed trend toward rising concentration in digital markets and active acquisition strategies by larger digital players that are alleged to include seeking to buy “promising, innovative start-ups”. As Viktoria H.S.E. Robertson has noted, “[w]hile many observers have dubbed these ‘killer acquisitions’, these are often more like zombie acquisitions: the innovation of the start-up is not killed off, but incorporated into the powerful digital platform”.[179]
In any event, some commentators have speculated that, given these new powers, the Commission may be expected to review more mergers in the digital sector.[180] Indeed, the Commission noted in its SWD on the EU initiative on Web 4.0 and virtual worlds that:
While there are many SMEs and start-ups that are developing innovative and creative technology, the global market is dominated by a small number of large companies accountable for most developments. It is quite common practice that SMEs and start-ups in the EU are acquired by non-EU bigger players, formally removing EU companies from the overall ecosystem. This phenomenon prevents companies from growing and scaling-up in the EU and further exacerbates the challenges linked to accessing funding.[181]
Art. 14 DMA would thus appear intended to limit acquisitions by gatekeepers, in a bid to encourage the independent expansion of homegrown (European) TSUs. This approach could backfire, however, and end up stifling the same TSUs it aims to foster. For example, in the context of TSUs active in the AI space, Tomada suggests that mergers and acquisition between TSUs and larger players should be encouraged “so that the established businesses can buy out or absorb the small-business innovative activity thereby taking over all related conformity requirements and responsibilities”.[182]
It has also been suggested that the anticompetitive threat of so-called “killer acquisitions” in digital markets has been greatly exaggerated[183] and, furthermore, that such transactions are often procompetitive.[184] Recent policy statements indicate that the Commission holds a different view.[185]
Emblematic of the tension between startups’ exit strategies and proposals for an enhanced merger-control regime was a 2020 French parliamentary debate to consider amendments to the French competition act’s merger-review provisions.[186] The amendments would have granted power to the French competition authority to designate certain large players as being of “structural” importance. Thereafter, such players would be required to inform the authority of any planned transaction, including those below existing merger thresholds. In the event the authority were to investigate a transaction and express serious concerns, while there would still be an in-depth review, a presumption of anticompetitive effect would apply. The company would have had the burden to disprove the presumption and demonstrate the procompetitive nature of the transaction. The law did not come into effect only because it was superseded by the DMA.
The French parliamentary debate offers some insight into the thinking that underpins the desire to have gatekeeper-like firms undergo closer scrutiny of their transactions. During the debate, Cédric O—the secretary of state to the minister of the economy responsible for digital affairs—discussed broader concerns related to startups.[187] He bemoaned the lack of startup growth and investment in Europe, compared to the United States and China, and acknowledged that much was left to be done for startups to be able to achieve. O further argued that France and Europe needed to create the fiscal, regulatory, and investment conditions that would allow new champions to emerge: “our very own Google and Facebook”.[188] The startup question was thus considered an issue of economic sovereignty for the French government. This was the context to grant the competition authority more powers to prohibit “predatory acquisitions” by “certain platforms”—i.e., non-European, mostly U.S.-based firms.
The secretary argued that a key question for French startups was their market-exit strategy, noting that 90% of startups in the digital economy were ultimately subject to takeovers. He recognized that, if Europe’s global ecosystem was to grow, there was little choice in the short and medium term but see digital startups bought by foreign buyers, partly because large European incumbents are rarely acquisitive. O noted that, while many regret that French startups are often bought out by U.S. companies, he also regretted that he could not force French companies to buy them back. O also suggested encouraging these startups to be listed on the stock exchange.
The French government proposed a bill to limit French startups’ exit strategies, knowing that acquisition is one of the principal methods upon which startups and their investors rely.[189] Indeed, many TSUs and startups are created with the specific goal of being acquired by an incumbent.[190] Yet the French government did not propose how to fill the investment gap that would be created if the usual acquirers were prohibited or disincentivized from offering an exit strategy.
The EU’s approach with the DMA appears to hinge on the same questionable assumption—namely, that inhibiting acquisitions of EU startups is the optimal strategy to nurture their growth. This stance, however, risks eliminating a crucial exit strategy for these startups, which could ultimately undermine their ability to thrive in the competitive global market.
The Draghi Report underscores a pressing requirement for EU TSUs: increased investment and better access to capital. By restricting acquisition opportunities, the DMA might inadvertently stifle investor interest and diminish the potential for these startups to scale and become European TSUs. Instead of fostering a robust ecosystem for innovation, such regulations could lead to the opposite outcome—reducing the number of successful European TSUs capable of competing on a global scale. In this sense, it seems that the DMA is more concerned with hobbling gatekeepers than enhancing TSUs.[191]
B. The Digital Services Act
The DSA does not contain substantive TSU-focused provisions. Indeed, the European Parliament argued for specific measures to protect smaller players and proposed that:
The DSA should put forward a proposal for a new separate instrument aiming at ensuring that the systemic role of specific online platforms will not endanger the internal market by unfairly excluding innovative new entrants, including SMEs, entrepreneurs and start-ups, thereby reducing consumer choice.[192]
This was not, however, taken up in the final text.
The DSA’s main TSU focus is to shield microenterprises and small enterprises from disproportionate compliance burdens—such as, e.g., the annual content-moderation reporting obligation for intermediary service providers and online-platform service providers. There is consensus that startups and their investors must have the ability to assess regulatory costs, given that such costs can be prohibitive, with legal risks having “a chilling effect on investment and [ability to] dissuade businesses from expanding and growing in the single market-ups”.[193]
The DSA extends these exemptions to TSUs that have scaled up beyond the definition of microenterprise or small enterprise for 12 months following the loss of that status, thereby acknowledging TSUs’ tendency for “hyper-growth”. It is likely that a formal TSU definition would help the Commission to provide even more responsive protections for scaling TSU, which might include an exemption beyond the 12-month time horizon. It might therefore seem that the DSA is a step in the right direction, although the lack of focus or legal definition continues to hamper TSU interests.
Moreover, it has been argued that “The DSA still operates with complex compliance obligations that will heighten entry barriers in comparison with other parts of the world” and that the additional operational costs imposed by European digital regulations could result in TSUs choosing non-EU states to establish their business (an “innovation-cooling effect”), thereby depriving European users of the latest digital solutions and platform services. [194]
C. The Data Act
Like the DSA, the Data Act contains several provisions specifically responsive to TSU needs, including reduced compliance and cost burdens on SMEs, microenterprises, and startups. This includes TSUs, as data recipients would only be asked to pay data providers for costs directly related to making data available.
The Data Act offers further protections to TSUs as data providers, making contractual terms unilaterally imposed on them unenforceable. This provision follows in the wake of SMEs and microenterprises ranking unfair contract terms as second among the major difficulties they face when requesting access to data. The Data Act also excludes SMEs from various data-sharing obligations considered overly burdensome. In addition, TSUs are entitled to fair compensation if obliged to provide data to certain public bodies under the “exceptional need” provision (whereas other data providers receive only limited compensation). While this is welcome, it is notable that, as France Digitale member Mirakl, noted: “every new digital legislation is costing us a million euro, obliging us to do a trade-off between compliance and innovation”.[195]
As with the DSA, TSUs remain covered by the SME definition for 12 months after they grow beyond that category. But as France Digitale noted, TSUs’ tendency for “hyper-growth” means that they can quickly find themselves facing the requirement to abide by the same standards as larger established companies without having the capacity or maturity to manage such compliance burdens.[196]
D. The AI Act
In its provisions prioritizing TSUs’ access to national AI sandboxes, building AI capacity, requiring sensitivity to TSU interests when codes of conduct are developed, and showing sensitivity to costs and fine levels, the AI Act goes well beyond the other acts in the EU’s Digital Package. The AI Act permits certain derogations or simplifications for qualifying TSUs and reduces conformity-assessment fees for small-scale providers. Administrative bodies are asked to avoid placing unnecessary burdens on TSUs, and any penalties imposed must consider TSUs’ interests and their economic viability (although the latter merely reflects the principle of proportionality).
Yet the AI Act is not devoid of criticism. Tomada believes the act’s regulatory-compliance requirements for running high-risk AI systems will pose particular challenges for TSUs, and that “both the administrative and organisational costs and the time required to undergo the conformity assessment procedure may hinder the process from ideation to deployment, and this can be particularly challenging for small scale businesses”.[197] Cristiano Codagnone and Linda Weigl posit that the AI Act will create more obstacles for innovative SMEs than for large incumbents. [198] They highlight “the impression that there is an excessive reliance on regulation without a thorough appraisal of the costs imposed on businesses to deal with administrative burden, conformity tests, and audits” on TSUs.[199]
Tomada also notes that the act’s provisions to support TSUs “may not be sufficient for comprehensively supporting the business in undergoing the entire cumbersome procedure that will enable its product or service to reach the market”.[200] In addition, a considerable penalty or risk thereof “may well cause the business to fail or even impede their access to the market”.[201] She predicts that the act’s failure to address a range of TSU-specific concerns will likely mean that “small-businesses will likely keep being discouraged from deploying their AI innovations in light of the risks of considerable penalties and liability they still may face”.[202]
The EU’s AI Continent Action Plan, published in April 2025, recognizes the need to simplify rules to enable startups to scale and grow—especially the AI Act.[203] Among the measures proposed are an AI Act Service Desk, specifically to serve the needs of smaller AI-solution providers and deployers by offering practical advice to understand and comply with the act;[204] a public consultation to identify areas where regulatory uncertainty might hinder the development and adoption of AI, particularly for smaller companies;[205] and other simplification measures meant to streamline procedures and facilitate compliance (e.g., templates, webinars, guidance, etc.).[206]
It is apparent from these measures that the Commission is aware that compliance with the AI Act may divert significant resources from TSUs and stifle their development. Whether the simplification measures contemplated in the AI Continent Action Plan will ultimately work is an open question. But the fact that the Commission is already seeking to ease the regulatory burden on startups less than a year after the act’s adoption suggests that EU regulators are not only aware of this burden but acknowledge its potentially serious impact. Conversely, it also suggests that these tradeoffs are given insufficient consideration during the inception stages of major European regulations.
V. Conclusion
This white paper explores whether the EU’s recent package of digital regulations responds to TSUs’ needs. The answer appears to be that there is a high level of heterogeneity, with some acts attempting to address TSU-specific concerns and others barely acknowledging them.
One aspect that the acts in the Digital Package have in common is that they all generally provide some carveouts for SMEs to assuage their regulatory and compliance burdens. These range from the DMA only applying to large “gatekeepers” to the more comprehensive pro-startup provisions laid down in the AI Act. Of course, the more targeted a regulation is to a particular sector or sectors—as in the case of the AI Act—the easier it is for the European Commission to develop provisions that support TSUs.
Despite the various TSU-related carveouts, European policy regarding startups and innovation more generally continue to be undermined by the Digital Package’s many contradictions. These both hinder coherent efforts to support SMEs and increase compliance burdens for TSUs and other firms, all of which may harm competition, investment, and innovation. Likewise, despite some attempts in the Digital Package to acknowledge TSUs’ needs, there remain several areas where the EU is failing, and where adjustments will be necessary to address the concerns outlined in the Draghi and Letta reports.
First, the need for an agreed-upon legal definition of TSUs is obvious. This would allow for tailored exceptions to be developed that support TSUs’ specific needs. This is not a new concern, nor can it necessarily be set out in sectoral regulation; rather, it may deserve its own instrument.
Second, there is a need for the European Commission to more rigorously consider the specific perspectives and structural constraints of TSUs in its impact assessments. The impact assessments supporting the Digital Package are highly inconsistent in their focus on TSUs. Teece and Kahwaty, for instance, argue that the DMA IA’s conclusion that the benefits to SMEs, startups and consumers would substantially outweigh the costs was largely speculative.[207] This may reflect the fact that TSU interests are not always a genuine priority, despite frequent policy statements claiming otherwise.
Third, the TSU exemptions or exceptions across the Digital Package are often timid and fail to fully address TSUs’ core concerns, such as the distraction and cost compliance burdens created by the EU’s complex matrix of digital regulation. In addition, where primary legislation may not be the best vehicle to address other concerns—such as capacity-building support or easier access to procurement markets—they should be provided via flanking measures, as we see in the AI context. This should happen as a matter of course, and in parallel to the development of the regulatory framework.
Finally, there is a case to be made that TSU growth is a symptom, rather than the cause, of thriving tech industries. If true, this constitutes a further indictment of the impact assessments that led up to key pieces of European legislation. These assessments often appear to overlook important tradeoffs inherent to economic regulation, such as reduced investment and increased barriers to entry. These obstacles undermine not just the TSUs that policymakers otherwise seek to protect but also the broader industry, where many players of varying sized may be important sources of competition or innovation.
In conclusion, while European policymakers have consistently voiced a strong commitment to fostering the growth of TSUs, the design of the EU’s Digital Package—comprising the DMA, DSA, Data Act, and AI Act—demonstrates a mixed and often insufficient consideration for their specific needs and constraints. This lack of tailored attention is compounded by evidence from the Draghi Report and academic literature clearly demonstrating that misguided or excessive regulations can impose significant compliance burdens and have a chilling effect on investment. As seen in the experience with the GDPR, this limits startups’ ability to scale and hinders further innovation.
Among the crucial insights highlighted by the Draghi Report was one often overlooked in the policy focus on small companies: size matters for performance, innovation, and ultimately, European competitiveness. To the extent that the Digital Package imposes burdens on large companies and, through compliance costs and potentially restricted exit opportunities, increases the hurdles for tech startups to grow beyond a certain size, it could inadvertently run counter to the stated goal of fostering competitive European firms and reclaiming a leading position at the technological frontier.
[1] See, e.g., Frederik Erixon, Oscar Guinea, & Oscar du Roy, Keeping Up with the US: Why Europe’s Productivity Is Falling Behind, Eur. Cent. Int. Polit. Econ. (2024), at 1, https://ecipe.org/publications/keeping-up-with-the-us-why-europes-productivity-is-falling-behind. (According to the report, “[t]he European Union stands at a crossroads. For decades, the EU’s productivity growth has consistently lagged the United States, leading to slower growth in living standards and decline in global economic power”. This is due to lower R&D investment, weaker intangible capital growth, and slower business dynamism, which together hinder innovation and technology adoption. Additionally, despite being more open to trade, the EU attracts less foreign direct investment, which has limited access to global technological advancements).
[2] Mario Draghi, The Future of European Competitiveness: A Competitiveness Strategy for Europe — Part A, Eur. Comm’n (9 September 2024), at 12, https://commission.europa.eu/document/download/97e481fd-2dc3-412d-be4c-f152a8232961_en. (“Yet growth in the EU has been slowing, driven by weakening productivity growth, calling into question Europe’s ability to meet its ambitions… EU economic growth has been persistently slower than in the US over the past two decades, while China has been rapidly catching up. The EU-US gap in the level of GDP at 2015 prices has gradually widened from slightly more than 15% in 2002 to 30% in 2023, while on a purchasing power parity (PPP) basis a gap of 12% has emerged”.)
[3] Id.
[4] Id.
[5] Id., at 5.
[6] A Competitiveness Compass for the EU, Eur. Comm’n (29 January 2025), https://commission.europa.eu/document/download/10017eb1-4722-4333-add2-e0ed18105a34_en. See also, e.g., Ursula von der Leyen, Opening Speech by President von der Leyen at the European Innovation Council Launch Ceremony, Eur. Comm’n (24 March 2021), https://ec.europa.eu/commission/presscorner/detail/fr/speech_21_1241. (Von der Leyen described the rationale of the European Innovation Council: “With our European Innovation Council, we make EUR 10 billion available until 2027: We fund small- and medium-size companies with high risk but also with high potential. We support innovative researchers that have ideas for the next breakthrough technology. And we offer coaching, matchmaking and support them to set up a business. The European Innovation Council is also part of our answer to the equity-funding gap in Europe. Currently, many European start-ups cannot find the risk capital they need. Experts estimate that this funding gap is as large as EUR 70 billion. Our new EIC Fund is a good start. It alone brings EUR 3 billion to the table. With the EIC Fund, the Commission is for the first time investing directly in start-ups and SMEs”).
[7] Kai Zenner, J. Scott Marcus, & Kamil Sekut, A Dataset on EU Legislation for the Digital World, Bruegel (16 November 2023) https://www.bruegel.org/dataset/dataset-eu-legislation-digital-world.
[8] A Europe Fit for the Digital Age, Eur. Comm’n (2024) ?https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age_en.
[9] See Anne Marie Knott & Carl Vieregger, Reconciling the Firm Size and Innovation Puzzle, 31 Org. Sci. 477 (2020). (Finding that “both R&D spending and R&D productivity increase with firm size. Thus, large firms seem to be acting rationally in their increasing R&D investments, as one would expect”). The classic study of the subject remains Joseph A. Schumpeter, Capitalism, Socialism, and Democracy (1942).
[10] See Robert Armstrong & Ethan Wu, What Big Tech Antitrust Gets Wrong: An Interview with Herbert Hovenkamp, Financ. Times (19 January 2024) https://www.ft.com/content/4eec8bc3-c892-4704-ae66-a4432c6d4fd7. (“With Big Tech, we’re looking at probably the most productive part of the economy. The rate of innovation is high. They spend a lot of money on R&D. They are among the largest patent holders”). For instance, in 2023, Amazon topped the list of R&D spending at $85.6 billion, followed by Alphabet (Google) at $45.4 billion, Meta at $38.5 billion, Apple at $29.9 billion, and Microsoft at $27.2 billion. Brian Buntz, Top 30 R&D Leaders of 2023: Big Tech Spending Hits new Heights, R&D World (17 June 2024), https://www.rdworldonline.com/top-30-rd-spending-leaders-2023-big-tech-firms-hit-new-heights.
[11] Knott & Vieregger, supra note 9.
[12] Geoffrey A. Manne, Samuel Bowman, & Dirk Auer, Technology Mergers and the Market for Corporate Control, 86 Mo. L. Rev. 1048, 1066-67 (2022).
[13] Id., at 1055.
[14] See, e.g., Jacques Cre?mer, Yves-Alexandre de Montjoye, & Heike Schweitzer, Competition Policy For The Digital Era Final Report, Eur. Union (2019), at 117-118, https://op.europa.eu/en/publication-detail/-/publication/21dc175c-7b76-11e9-9f05-01aa75ed71a1/language-en.
[15] See, e.g., Geoffrey A. Manne, Lazar Radic, & Dirk Auer, Regulate for What? A Closer Look at the Rationale and Goals of Digital Competition Regulations, 22 Berkeley Bus. L.J. 201 (2025).
[16] See, e.g., Sara Guidi, Innovation Commons for the Data Economy, 2 Dig. Soc. 30, 31 (2023).
[17] For example, Arts 5(7) and (8) DMA restrict gatekeepers from tying or bundling their core platform services with other services; Art 6(5) DMA prohibits gatekeepers from favouring their own products or services.
[18] Dirk Auer, The Broken Promises of Europe’s Digital Regulation, Truth Mark. (12 March 2024), https://truthonthemarket.com/2024/03/12/the-broken-promises-of-europes-digital-regulation.
[19] Manne et al., supra note 15, at 249 et seq.
[20] Draghi, supra note 2, at 7, 12, 30, 33.
[21] Id., at 30.
[22] Id.
[23] Id., at 33.
[24] Id., at 69. (“EU regulation imposes a proportionally higher burden on SMEs and small mid-caps than on larger companies, yet the EU lacks a framework to assess these costs. About 80% of Commission Work Programme items are relevant to SMEs but only around half of impact assessments substantially focused on these companies. The EU also lacks a commonly agreed definition of small mid-caps and readily available statistical data”).
[25] Enrico Letta, Much More Than a Market, Eur. Council (Apr. 2024), available at https://www.consilium.europa.eu/media/ny3j24sm/much-more-than-a-market-report-by-enrico-letta.pdf.
[26] For a full exploration, see European Startup Scoreboard – Feasibility Study 4, Eur. Comm’n (2023), https://op.europa.eu/en/publication-detail/-/publication/70fe2318-fb72-11ed-a05c-01aa75ed71a1/language-en (“Feasibility Study”).
[27] Mario Draghi, The Future of European Competitiveness: A Competitiveness Strategy for Europe — Part B, Eur. Comm’n (9 September 2024), at 232, 242, 247, available at https://commission.europa.eu/document/download/ec1409c1-d4b4-4882-8bdd-3519f86bbb92_en?filename=The%20future%20of%20European%20competitiveness_%20In-depth%20analysis%20and%20recommendations_0.pdf (e.g., the proposals to improve the innovation ecosystem begin with “a better financing environment for disruptive innovation, start-ups and scale-ups”).
[28] Joint Motion for a Resolution on the State of the SME Union (RC-B9-0346/2023), Eur. Parl. (2023) https://www.europarl.europa.eu/doceo/document/RC-9-2023-0346_EN.html.
[29] European Innovation Council (EIC) Accelerator, Eur. Comm’n, https://eic.ec.europa.eu/eic-accelerator_en (last visited 28 May 2025).
[30] Commission Recommendation 2003/361/EC, 2003 O.J. (L 124), Eur. Comm’n (2003), at 36, available at https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2003:124:0036:0041:en:PDF.
[31] See also Letizia Tomada, Start-Ups and the Proposed EU AI Act: Bridges or Barriers in the Path from Invention to Innovation?, 13 J. Intell. Prop. Info. Tech. & Elec. Com. L. 53 (2022). (The Commission, presumably aware of this conceptual shortcoming, recently launched an initiative to harmonize definitions related to startups, scaleups and deep-tech innovation, publishing the results of its Feasibility Study for a European Startup Scoreboard in 2023. The feasibility study found that certain key concepts in the startup ecosystem lack definitional coherence and “…the only concepts present in all categories of sources are startups and scale-ups”). See European Commission, supra note 26.
[32] For example, see Commission Communication on A New European Innovation Agenda, COM(2022) 332 final, Eur. Comm’n (5 July 2022), available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52022DC0332; see also Commission Staff Working Document Accompanying the Commission Communication on A New European Innovation Agenda, Eur. Comm’n (5 July 2022) at 187, available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52022SC0187; Spain Drives Technological Entrepreneurship Leadership in Europe, La Moncloa (19 October 2023), https://www.lamoncloa.gob.es/lang/en/gobierno/news/Paginas/2023/20231019_esna-meeting.aspx; European Parliament Resolution of 14 December 2023 on Increasing Innovation, Industrial and Technological Competitiveness Through a Favourable Environment for Start-Ups and Scale-Ups (2023/2110(INI)), Eur. Parl. (14 December 2023), Points 1-4, available at https://www.europarl.europa.eu/doceo/document/TA-9-2023-0480_EN.html.
[33] EU 2024-2029: For a Competitive, Innovative and Sustainable Europe, France Digitale’s Manifesto for the 2024 European Elections, France Digitale (December 2023), available at https://media.francedigitale.org/app/uploads/prod/2023/11/28111529/France-Digitale-2024-European-Manifesto-web-1.pdf.
[34] European Tech Voices, Stripe (July 2022), available at https://assets.ctfassets.net/fzn2n1nzq965/as5AW9rw46xEysdTl9Ie8/19b71550059812fcbe2a78b2c2b438f7/Stripe-European_Tech_Voices.pdf.
[35] France Digitale, supra note 33.
[36] Id.
[37] Id.
[38] Id.
[39] Parliament’s SME Resolution, supra note 28, at paras. (i), 48 and 49.
[40] Parliament’s Innovation Resolution, supra note 32, para 36.
[41] Id., para 38.
[42] Draghi, supra note 27.
[43] Draghi, supra note 2, at 6. (“The problem is not that Europe lacks ideas or ambition. We have many talented researchers and entrepreneurs filing patents. But innovation is blocked at the next stage: we are failing to translate innovation into commercialisation, and innovative companies that want to scale up in Europe are hindered at every stage by inconsistent and restrictive regulations”).
[44] Id., at 79.
[45] Draghi, supra note 27, at 254.
[46] Id.
[47] Draghi, supra note 2, at 33.
[48] Id., at 8.
[49] Id., at 30.
[50] Id., at 69.
[51] Ursula von der Leyen, Europe’s Choice: Political Guidelines for the Next European Commission 2024–2029, Eur. Comm‘n, (18 July 2024), available at https://commission.europa.eu/document/download/e6cd4328-673c-4e7a-8683-f63ffb2cf648_en?filename=Political%20Guidelines%202024-2029_EN.pdf.
[52] Id., at 11.
[53] Id., at 7.
[54] Id. (“We need to make business easier and faster in Europe…I will make speed, coherence and simplification political priorities in everything we do”).
[55] Id.
[56] Id., at 6. (“We need a new momentum to complete the Single Market in sectors like services, energy, defence, finance, electronic communications and digital. This will allow our companies – especially our small and medium-sized enterprises (SMEs) – to scale up and make the most of the market”).
[57] Ursula von der Leyen, Mission Letter to Ekaterina Zaharieva, (17 September 2024), at 5, available at https://commission.europa.eu/document/download/130e9159-8616-4c29-9f61-04592557cf4c_en?filename=Mission%20letter%20-%20ZAHARIEVA.pdf (“I would like you to develop an EU start-up and scale-up strategy that improves the framework conditions for start-ups and scale-ups”).
[58] Von der Leyen, supra note 6.
[59] Id., at 4. (“The Draghi report shows that productivity growth is the result of a combination of two forces: disruptive innovation brought about by new, dynamic start-ups challenging incumbents”).
[60] Id.
[61] Id.
[62] Id., at 4-5.
[63] European Commission, Europe’s Next Leaders: The Start-Up and Scale-Up Initiative, Eur. Comm’n (22 November 2016), at 733, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2016%3A733%3AFIN.
[64] Regulation 2015/1017, of the European Parliament and of the Council of 25 June 2015, 2015 O.J. (L 169) 1 (EU).
[65] Startup Europe: Strengthening Networking for Deep Tech Scaleups and Ecosystem Builders, Eur. Comm’n, https://digital-strategy.ec.europa.eu/en/policies/startup-europe (last visited 28 July 2025).
[66] European Commission, A New European Innovation Agenda, Eur. Comm’n (5 July 2022), at 332, https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13437-A-New-European-Innovation-Agenda_en.
[67] The European Innovation Council approved €1 billion in funding for 159 deep-tech startups in its first year. See European Innovation Council (EIC), Eur. Comm’n, https://eic.ec.europa.eu (last visited 28 July 2025).
[68] Launch of New Fund of Funds to Support European Tech Champions, Eur. Invest. Bank (13 February 2023), https://www.eib.org/en/press/all/2023-056-launch-of-new-fund-of-funds-to-support-european-tech-champions.
[69] Stripe, supra note 34, at 11.
[70] EU Startup and Scaleup Strategy: A Roadmap for European Tech Leaders, France Digitale (15 May 2025), available at https://media.francedigitale.org/app/uploads/prod/2025/03/14182410/France-Digitale-EU-Startup-and-Scaleup-Strategy-.pdf.
[71] Draghi, supra note 2, at 2; see also id., at 25-6. (“The lack of growth potential in Europe is particularly relevant for tech-based innovative ventures, and even more so for deep tech ones. For example, 61% of total global funding for AI start-ups goes to US companies, 17% to those in China and just 6% to those in the EU. For quantum computing, EU companies attract only 5% of global private funding compared with a 50% share attracted by US companies”).
[72] European Commission, supra note 32, at para 20.
[73] Draghi, supra note 2, at 18. (“There are still other areas where the EU should do less, applying the subsidiarity principle more rigorously and showing more ‘self-restraint’. It will also be crucial to reduce the regulatory burden on companies. Regulation is seen by more than 60% of EU companies as an obstacle to investment, with 55% of SMEs flagging regulatory obstacles and the administrative burden as their greatest challenge”).
[74] Letta, supra note 25, at 107.
[75] Id., at 120. (In addition, the report finds that: “The dynamism and efficiency of the Single Market are currently being significantly impeded by a complex web of challenges, primarily due to the excessive regulatory burden and bureaucratic red tape. These issues have not only created an intolerable barrier to the effective implementation of Single Market rules but have also severely undermined business competitiveness, particularly for small and medium-sized enterprises… This over-regulation places significant additional costs on businesses, proving unsustainable for SMEs and inadvertently favouring non-European companies that are not bound by the same stringent rules”).
[76] For a short overview of this literature, see Adam Thierer, GDPR & European Innovation Culture: What the Economic Evidence Shows, Medium (5 February 2023). https://medium.com/@AdamThierer/gdrp-european-innovation-culture-what-the-economic-evidence-shows-b19d2309de07#:~:text=websites%20internationally,and%20vendor%20concentration%20dissipate%20by. For an overview of research concerning privacy laws, more generally, see William Rinehart, What Is the Cost of Privacy Legislation?, Cent. Growth Oppor. (17 November 2022), https://www.thecgo.org/benchmark/what-is-the-cost-of-privacy-legislation.
[77] Jian Jia, Ginger Zhe Jin, & Liad Wagman, The Persisting Effects of the EU General Data Protection Regulation on Technology Venture Investment, Antitrust Source (June 2021), at 2, https://www.americanbar.org/content/dam/aba/publishing/antitrust-magazine-online/2021/june-2021/jun2021-jia.pdf#:~:text=time%2C%20through%202020,As%20a. (“[A]fter the GDPR’s rollout, the number of monthly financing deals for EU technology ventures declined by 26.1 percent compared to their U.S. counterparts”).
[78] Id., at 1. (“Using venture investment data, we examine how the regulation may have affected investments in European technology ventures over time, through 2020. Our findings indicate a persisting reduction in the number of investment deals in nascent European technology ventures following the implementation of the legislation in comparison to technology ventures in the United States. As a result, policymakers considering tighter data regulations should weigh these costs against the potential benefits”).
[79] Id., at 4-5. (“We find evidence that the negative effect from the GDPR on EU technology venture investment persists 2.5 years after the rollout of the GDPR, although the magnitude of the effect is decreasing over time. EU technology firms, relative to their U.S. counterparts, experienced an average decline of 21.51 percent in their number of venture investment deals”). See also at 2-3. (“The negative effects are larger in the 6-month period immediately after the GDPR’s rollout in 2018, but some of them are sustained in 2019. Furthermore, the analysis suggested that such negative effects are more pronounced for younger ventures, consumer-facing ventures, earlier funding rounds, and for technology ventures that are more reliant on data”).
[80] Id., at 5. (“We also find that consumer-facing (B2C) ventures incur larger declines than business-facing (B2B) ventures. This difference between B2C and B2B ventures is potentially because consumer-facing products have more exposure to the regulation”).
[81] Garrett A. Johnson, Scott K. Shriver, & Samuel G. Goldberg, Privacy and Market Concentration: Intended and Unintended Consequences of the GDPR, 69 Mgmt. Sci. 5695, 5696 (2023).
[82] Id., at 5708.
[83] Michal S. Gal & Oshrit Aviv, The Competitive Effects of the GDPR, 16 J. Comp. L. & Econ. 349, 352 (2020).
[84] Chinchih Chen, Carl B. Frey, & Giorgio Presidente, Privacy Regulation and Firm Performance: Estimating the GDPR Effect Globally, 62 Econ. Inquiry (2024): 1074, 1075 (2024).
[85] Yu Zhao, Pinar Yildirim, & Pradeep K. Chintagunta, Privacy Regulations and Online Search Friction: Evidence from GDPR (Marketing Science Institute Working Paper Series Report No. 23-141, 2023).
[86] Id., at 15.
[87] Draghi, supra note 2, at 69.
[88] Draghi, supra note 27, at 79.
[89] Rebecca Janssen, Reinhold Kesler, Michael E. Kummer, & Joel Waldfogel, GDPR and the Lost Generation of Innovative Apps, (National Bureau of Economic Research Working Paper 30028, 2022), at 2.
[90] Id.
[91] Id.
[92] Klaus M. Miller, Julia Schmitt, & Bernd Skiera, The Impact of the General Data Protection Regulation (GDPR) on Online Usage Behavior, arXiv (18 November 2024), at 1, https://arxiv.org/abs/2411.11589.
[93] Ellen O’Regan, Europe’s GDPR Privacy Law Is Headed for Red Tape Bonfire Within “Weeks”, Politico (3 April 2025), https://www.politico.eu/article/eu-gdpr-privacy-law-europe-president-ursula-von-der-leyen. (“Europe’s most famous technology law, the GDPR, is next on the hit list as the European Union pushes ahead with its regulatory killing spree to slash laws it reckons are weighing down its businesses”).
[94] Id.
[95] Id.
[96] Id.
[97] Regulation 2022/1925 of the European Parliament and of the Council of 14 September 2022 on Contestable and Fair Markets in the Digital sector and Amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act), 2022 O.J. (L 265) 1; Regulation 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and Amending Directive 2000/31/EC (Digital Services Act), 2022 O.J. (L 277) 1.
[98] The Digital Markets Act: Ensuring Fair and Open Digital Markets, Eur. Comm’n https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/digital-markets-act-ensuring-fair-and-open-digital-markets_en (last visited 15 May 2025).
[99] See, e.g., Geoffrey A. Manne, Invited Statement of Geoffrey A. Manne on House Judiciary Investigation Into Competition in Digital Markets (17 April 2020), at 44, available at https://laweconcenter.org/wp-content/uploads/2020/04/Manne_statement_house_antitrust_20200417_FINAL3-POST.pdf. (“There is little evidence for ‘killer acquisitions’ in digital markets, and it would be nearly impossible to identify which acquisitions are ‘killer’ before the fact. Acquisitions are often investors’ and founders’ ‘exit strategy,’ and the evidence suggests that deterring acquisitions in tech would chill investment in startups and harm innovation”); Statement of Scott Kupor, Competition and Consumer Protection in the 21st Century: FTC Hearing #3 Day 1: Multi-Sided Platforms, Labor Markets, and Potential Competition, FTC Transcript 183 (15 October 2018), (“[L]arge players play a significant role as acquirers of venture-backed startup companies, which is an important part of the overall health of the venture ecosystem”); La Actual Propuesta Sobre DMA Impacta Negativamente en el Ecosistema Europeo de Startups, Asociación Española de Startups, https://asociacionstartups.es/la-actual-propuesta-sobre-dma-impacta-negativamente-en-el-ecosistema-europeo-de-startups (last visited May 15, 2025), (“Net VC numbers could plunge in Europe for a period still to be estimated, as the impact of the DMA on the ecosystem and the uncertainty it can generate keeps under assessment. The impact could be greater and deeper in more risk-averse investment models such as corporate ventures and regular M&A”).
[100] Carmelo Cennamo & Juan Santaló, Potential Risks and Unintended Effects of the New EU Digital Markets Act (Open Internet Governance Institute Paper Series No. 4, February 2023), available at https://www.esade.edu/ecpol/wp-content/uploads/2023/02/AAFF_EcPol-OIGI_PaperSeries_04_Potentialrisks_ENG_v5.pdf.
[101] Id., at 11.
[102] Meredith Broadbent, Implications of the Digital Markets Act for Transatlantic Cooperation, Cent. Strateg. Int. Stud. (15 September 2021), https://www.csis.org/analysis/implications-digital-markets-act-transatlantic-cooperation.
[103] Will the Digital Services Act Help Startups Succeed?, GLOBSEC (16 July 2020) https://www.globsec.org/what-we-do/commentaries/will-digital-services-act-help-startups-succeed.
[104] Id.
[105] GLOBSEC, supra note 103.
[106] Thierer, supra note 76.
[107] Jia, Zhe, & Wagman, supra note 77. (“Data regulation, however, entails tradeoffs. On the one hand, consumers who value privacy and the ability to more readily exercise control over their data could benefit from enhanced data regulation. On the other hand, these same consumers may also encounter new market conditions that they do not like, such as higher prices or fewer innovations. Indeed, data regulations increase firms’ compliance costs, and existing economic theories also show that compliance costs can disproportionately impact nascent firms and dampen entrepreneurs’ incentives to pursue innovations as new ventures. Because these economic costs can reduce profitability, they may also affect the ability of new, innovative companies to receive funding from investors”).
[108] Gal & Aviv, supra note 83.
[109] Johnson, Shriver, & Goldberg, supra note 81, at 5695. (“The week after the GDPR’s enforcement, website use of web technology vendors falls by 15% for EU residents. Websites are more likely to drop smaller vendors, which increases the relative concentration of the vendor market by 17%. Increased concentration predominantly arises among vendors that use personal data such as cookies, and from the increased relative shares of Facebook and Google-owned vendors, but not from website consent requests”).
[110] Thierer, supra note 76.
[111] American Innovation Under Siege: Venture Capital Data Reveal Risks From Rising Global Regulatory Overreach, Am. Edge Proj. (March 2024), at 8, available at https://americanedgeproject.org/wp-content/uploads/2024/04/AEP-and-PitchBook-Study-March-2024.pdf.
[112] Id., at 7.
[113] European Commission, supra note 98.
[114] DMA, recital 32.
[115] DMA, recital 33.
[116] The DMA IA does touch apps developers, many of whom may be TSUs who would benefit directly from Apple’s App Store being designated as a core platform service. The DMA IA notes at 27 that: “We have also calculated that, if the commission charged by the Apple App Store is excessive and those charges were reduced by half (from 30% to 15%), this could increase EU consumer surplus by €490m if the benefits are passed onto consumers through lower prices, or create the potential for additional investment and innovation by app developers”.
[117] For example, fair ranking (art. 6(5)); restrictions on gatekeepers using data generated by business users on their platforms—e.g., when business users seek to develop competing apps or services (art. 6(2)); data-portability provisions allowing end users to port their data from gatekeeper platforms (art. 6(9) & (10)), thus enabling end users to move their data to competitors and for business users to secure “free of charge… effective, high-quality, continuous and real-time access to, and use of, aggregated and non-aggregated data” generated by their apps, “giving competitors & new entrants a chance to capture new demand”;[117] access to anonymized “ranking query click & view” data (art. 6(11)) from gatekeeper search engines, assisting new search engines to improve their performance.
[118] Eleonor Bonel, New Rules for Digital Markets: A Roadmap to the Digital Markets Act, Eur. Digit. SME Alliance (7 July 2022), https://www.digitalsme.eu/new-rules-for-digital-markets-a-roadmap-to-the-digital-markets-act.
[119] DMA, art. 14(1): “A gatekeeper shall inform the Commission of such a concentration prior to its implementation and following the conclusion of the agreement, the announcement of the public bid, or the acquisition of a controlling interest”. One of the DMA’s revolutions was to grant the Commission power under art. 18 to, for a limited time, prohibit gatekeepers from collecting data or entering any concentration in the digital sector. This remedy is likely to be exceptional, as it can only be applied in the event of a finding of systemic noncompliance and must both proportionate and necessary to maintain or restore fairness and contestability.
[120] Council Regulation (EC) No 139/2004 of 20 January 2004 on the Control of Concentrations Between Undertakings (the European Commission Merger Regulation), 2004 O.J. (L 24) 1.
[121] The Commission’s Impact Assessment for the Digital Services Act sees the DMA as particularly relevant for innovative startups and scaleups. See Commission Staff Working Document, Impact Assessment Accompanying the Proposal for a Regulation on a Single Market for Digital Services (Digital Services Act), SWD(2020) 348 final (15 December 2020), https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52020SC0348. (“The Digital Markets Act intervention focuses on large online platforms, which have become gatekeepers and whose unfair conduct in the market may undermine the competitive environment and the contestability of the markets, especially for innovative start-ups and scale-ups”).
[122] David J. Teece & Henry J. Kahwaty, Is the Digital Markets Act the Cure for Europe’s Platform Ills? Evidence From the European Commission’s Impact Assessment, in The Economics and Regulation of Digital Markets 5 (Frank Fagan & James Langenfeld eds., 2023).
[123] See Digital Markets Act, Eur. Council, https://www.consilium.europa.eu/en/policies/digital-markets-act (last visited 18 January 2025).
[124] DMA, recitals 10, 23.
[125] See, e.g., Annual Competition Report 2024, Eur. Comm’n (25 April 2024), at 2, available at https://competition-policy.ec.europa.eu/document/download/12ef50fd-eee5-43f1-b81b-ac014b226bdc_en?filename=annual-competition-report_2024_report_part1_en.pdf (“[T]he European Commission…and its Directorate General for Competition continued to develop EU competition policy to achieve the objectives of a green, digital, and resilient European economy, as well as to actively enforce competition rules” (emphasis added)); Annual Competition Report 2023, Eur. Comm’n (6 March 2024), at 2, https://op.europa.eu/en/publication-detail/-/publication/53a4d34f-f3f6-11ef-b7db-01aa75ed71a1. (“EU competition policy was one of many tools successfully used for the continued crisis response, the economic recovery, as well as delivering on the green and digital transitions” (emphasis added)).
[126] For example, recital 68 notes that “the Commission should publish online a link to the non-confidential summary of the [gatekeeper’s compliance] report, as well as all other public information based on information obligations under this Regulation, in order to ensure accessibility of such information in a usable and comprehensive manner, in particular for small and medium enterprises (SMEs)”. Art. 9 also required that the Commission take SME interests into account when it considers whether to suspend the application of specific DMA obligations in exceptional circumstances that are beyond the gatekeeper’s control.
[127] Eoghan O’Neill, EU’s Digital Markets Act: Opportunity Engine for Startups, Eur. Comm’n (December 2023), available at https://assets-global.website-files.com/60143b5f4bfa6c7e7f2266fb/657f926d3ca04deb2fffc368_2023%20DMA%20-%20startup%20opportunity%20engine%20(Dublin).pdf.
[128] See Giuseppe Colangelo & Alba Ribera Martinez, The Metrics of DMA’s Success, 1 Eur. J. Risk. Reg. 20-21 (2024), (Arguing that “although contestability and fairness are the proclaimed protected legal interests, they do not represent the outcomes the EU legislator aimed to embed in the Regulation”. The DMA’s success must instead be measured against its real goals, which are “market modelling, openness, neutralizing competitive advantages, and enhancing transparency”).
[129] Olivier Guersent, Keynote Speech at the Annual CRA Brussels Conference, Eur. Comm’n (6 December 2023), available at https://competition-policy.ec.europa.eu/system/files/2023-12/20231206_CRA_conference_Olivier-Guersent_speech.pdf.
[130] Id.
[131] Letizia Tomada, Start-ups and the Proposed EU AI Act: Bridges or Barriers in the Path from Invention to Innovation?, 13 J. Intell. Prop. Info. Tech. & ELEC. Com. L. 53 (2022).
[132] Regulation 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act), 2022 O.J. (L 277) 1.
[133] The Digital Services Act: Ensuring a Safe and Accountable Online Environment, Eur. Comm’n, available at https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/digital-services-act_en (last visited 22 April 2025).
[134] Commission Staff Working Document, Impact Assessment Accompanying the Proposal for a Regulation of the European Parliament and of the Council on a Single Market for Digital Services (Digital Services Act) and amending Directive 2000/31/EC, SWD (2020) 348 final (15 December 2020), para 182.
[135] European Parliament Resolution of 20 October 2020 with Recommendations to the Commission on the Digital Services Act: Improving the Functioning of the Single Market (2020/2018 (INL)), para 73.
[136] The European Parliament took note of the need for specific measures to protect smaller players and proposed that “the DSA should put forward a proposal for a new separate instrument aiming at ensuring that the systemic role of specific online platforms will not endanger the internal market by unfairly excluding innovative new entrants, including SMEs, entrepreneurs and start-ups, thereby reducing consumer choice”. Id., Annex VII.
[137] DSA IA, supra note 134, at 23.
[138] Others include involvement in dispute resolution (art. 21) and “trusted flaggers” (art. 22); a suspension process for manifestly illegal content (art. 23); reporting obligations for providers of online platforms (art. 24); obligations to avoid deceiving or manipulating the recipients of their service (Art. 25); transparency of online advertising (art. 26); transparency on recommender systems (Art. 27); and obligations to put in place measures to protect minors (art. 28). Under art. 24(3), however, micro or small enterprises may still have to provide information on EU average monthly active users if requested by the established digital-services coordinator or the European Commission.
[139] See Brussels, 28.9.2021 SWD(2021) 279 Final Commission Staff Working Document Evaluation of Recommendation of 6 May 2003 Concerning the Definition of Micro, Small and Medium-Sized Enterprises (2003/361/EC), SWD(2021) 280 final. The Commission also noted, however, that: “Problems related to operating cross-border and access to finance are actually bigger obstacles preventing SMEs from scaling-up than the loss of the SME status”.
[140] DSA, art. 91(2)(d).
[141] DSA, art. 91(1).
[142] Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on Harmonised Rules on Fair Access to and Use of Data and Amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828, 2023 O.J. (L 2854) 1 (Data Act).
[143] Data Act, recital 3.
[144] Data Act, recital 40, referring to SMEs as defined in art. 2 of the Annex to Commission Recommendation 2003/361/EC (SMEs), Op. Cit.
[145] Id.
[146] Notably, the obligation to make product data and related service data accessible to the user (art. 3); the rights and obligations of users and data holders with regard to access, use, and making available product data and related service data (art. 4); the user’s right to share data with third parties (art. 5); and third parties’ obligations when receiving data at the request of the user (art. 6). Microenterprises or small enterprises are covered, so long as they do not have a business partner that holds more than 25% of their capital or voting rights (excluding public and venture-capital investors, “business angels” or, with some limits, universities and nonprofit research centres and institutional investors).
[147] Per art. 3 of the Annex to Recommendation 2003/361/EC. Op. Cit.
[148] Data Act, recital 41.
[149] Data Act, recital 49.
[150] Data Act, recital 51.
[151] See art. 5(3) and recital 40.
[152] Data Act, recital 75.
[153] Commission Staff Working Document, Impact Assessment Accompanying the Proposal for a Regulation of the European Parliament and of the Council on Harmonised Rules on Fair Access to and Use of Data (Data Act), SWD (2022) 34 final (23 February 2022), 56.
[154] Id.
[155] Data Act, recital 58.
[156] Data Act, recital 111.
[157] European Parliament, supra note 153, at 18.
[158] Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A European Strategy for Data COM(2020)66 final (19 February 2020).
[159] European Parliament, supra note 135, para 36.
[160] Id., para 38.
[161] Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 Laying Down Harmonised Rules on Artificial Intelligence and Amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act), 2024 O.J. (L 1689) 1.
[162] Tomada, supra note 131.
[163] Draghi, supra note 2.
[164] Id., at 29-30.
[165] Commission Staff Working Document, Impact Assessment Accompanying the Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, SWD (2021) 84 final, pt. 1 (21 April 2021), at 23.
[166] Id., at 26.
[167] See Ian Mundell, The Ecosystem: Start-ups Give Cautious Welcome to Artificial Intelligence Innovation Package, Science Business (13 February 2024), https://sciencebusiness.net/news/ai/ecosystem-start-ups-give-cautious-welcome-artificial-intelligence-innovation-package.
[168] New recital 74a.
[169] Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Boosting Startups and Innovation in Trustworthy Artificial Intelligence, COM (2024) 28 final (24 January 2024).
[170] Id., at 4.
[171] Id.
[172] Commission Staff Working Document Accompanying the Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, An EU Initiative on Web 4.0 and Virtual Worlds: A Head Start in the Next Technological Transition, SWD (2023), 250 final, pt. 1 (11 July 2023), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52023SC0250.
[173] Id., at 17.
[174] Mundell, supra note 166.
[175] Council Regulation (EC) No 139/2004 of 20 January 2004 on the Control of Concentrations Between Undertakings (the European Commission Merger Regulation), 2004 O.J. (L 24) 1.
[176] Joined Cases C-611/22 P and C-625/22 P, Illumina and Grail v. Commission, ECLI:EU:C:2024:677. (Finding that the Commission had overstepped its authority by accepting referral requests under art. 22 from national competition authorities that did not have jurisdiction to review the merger under their own national laws).
[177] Communication from the Commission, Guidance on the Application of the Referral Mechanism Set Out in Article 22 of the Merger Regulation to Certain Categories of cases, 2021 O.J (C 113) 1, 2 para 9, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52021XC0331%2801%29.
[178] Id., para 19.
[179] Viktoria H.S.E. Robertson, The Future of Digital Markets in a Post-DMA World, 44 Eu. Comp. L. Rev. 447 (2023).
[180] See, e.g., Christophe Carugati, Which Mergers Should the European Commission Review Under the Digital Markets Act?, Bruegel Policy Brief (9 December 2022), https://www.bruegel.org/policy-brief/which-mergers-should-european-commission-review-under-digital-markets-act. Indeed, the European Parliament’s lead committee reviewing the DMA proposed an amendment to the merger provisions. While not ultimately adopted, the proposed amendment signalled concerns about gatekeeper M&A strategies. See Report on the Proposal for a Regulation on Contestable and Fair Markets in the Digital Sector (Digital Markets Act), A9-0332/2021 Amendment 5, Eur. Parl. (15 December 2021), https://www.europarl.europa.eu/doceo/document/A-9-2021-0332_EN.html. (“Systematic mergers and acquisitions should have a clear and legal threshold to put an end to killer acquisitions where big companies buy start-ups and growing companies in order to suppress any possible competition. A special attention should be given to takeovers in important sectors such as health, education, defence and financial services”).
[181] European Commission, supra note 171, at 3.2.
[182] Tomada, supra note 31, at 65.
[183] Marc Ivaldi, Nicolas Petit, & Selcukhan Unekbas, Killer Acquisitions: Evidence from EC Merger Cases in Digital Industries (TSE Working Paper No.13-1420 1, 2023), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4407333. (“Pursuant to the theory of killer acquisitions, some of these cases should have led to reduced competition. Focusing on publicly available information through financial disclosures, our analysis suggests that no transaction was followed by the disappearance of the target’s products, a weakening of competing firms, and/or a post-merger lowering or absence of entry and innovation. Skepticism about the killer acquisitions theory should prevail”); Jonathan Barnett, “Killer Acquisitions” Reexamined: Economic Hyperbole in the Age of Populist Antitrust, 3(1) Chi. Bus. L. Rev. 39, 39 (2024). (“A review of the relevant body of evidence finds that these widely-held views concerning incumbent/startup acquisitions rest on meager support, confined to ambiguous evidence drawn from a small portion of the total universe of acquisitions in the pharmaceutical market and theoretical models of acquisition transactions in information technology markets”).
[184] Id., Ivaldi, Petit, & Unekbas, at 26-29. (Finding that, in six cases of potential “killer acquisitions”, output increased, and concluding that “[i]n summary, in very few cases, a merger appeared to have been followed by a weakening, let alone a killing, of competition. The competitive landscape post-merger remained vibrant in most cases, invalidating one key condition required for the killer acquisition theory to be plausible”); id., Barnett, at 39, 70-83.
[185] See, e.g., Statement on Competition Policy in the Digital Sector, Eur. Comm’n (10 May 2024), https://ec.europa.eu/commission/presscorner/detail/de/statement_24_4525. (“A company with limited turnover may still play a significant competitive role on the market, as a start-up with significant potential, or as an important innovator. Killer acquisitions seek to neutralize small but promising companies as a possible source of competition”); Lewis Crofts, Tackling Killer Acquisitions Is Most Compelling Concern, EU’s Ribera Says, MLex (15 October 2024), https://www.mlex.com/mlex/dealrisk/articles/2321350/tackling-killer-acquisitions-is-most-compelling-concern-eu-s-ribera-says (indicating that Commissioner for Competition Teresa Ribera views the acquisitions of startups by “big tech” firms as one of the EU’s most pressing competition concerns).
[186] The Autorité Publishes Its Contribution to the Debate on Competition Policy and the Challenges Raised by the Digital Economy, Autorité de la Concurrence (February 2020), https://www.autoritedelaconcurrence.fr/en/communiques-de-presse/autorite-publishes-its-contribution-debate-competition-policy-and-challenges.
[187] Comptes Rendus de la Commission des Affaires Économiques, Audition de M. Cédric O, secrétaire d’État chargé du numérique (22 January 2020), https://www.senat.fr/compte-rendu-commissions/20200120/ecos.html#toc2.
[188] Id.
[189] See, e.g., Barnett, supra note 182, at 39 (“[T]he emergent regulatory and scholarly consensus fails to take into account the rich body of evidence showing the critical function played by incumbent/startup acquisitions in supplying a monetization mechanism that induces venture-capital investment and promotes startup entry in technology markets. The prospect of an acquisition transaction in the case of technical and commercial success generally promotes innovation and competition by providing a transactional device that expands startups’ access to the capital inputs required to undertake R&D and the commercialization services required to convert R&D outputs into commercially viable products. At the same time, these acquisitions enable incumbents to access the specialized innovation capacities of smaller firms”); see also at 72 (“incumbents in technology markets regularly acquire emerging firms, and emerging firms regularly seek to be acquired by incumbents, principally because this constitutes an efficient mechanism for executing the innovation and commercialization process… Rather than representing a presumptively anticompetitive strategy to extinguish competitive threats, incumbent/startup acquisitions are best construed as part of a broader set of transactional mechanisms that firms use to efficiently execute the innovation and commercialization process in response to competitive forces”).
[190] Id., at 77 (finding that, following the investments made by acquiring companies in scaling and integrating targets, “it is no surprise that smaller firms would seek to be acquired by large platforms that can offer these powerful commercialization capacities and accelerate monetization of a target’s innovation assets”).
[191] On this point, see Manne, Radic, & Auer, supra note 15 (arguing that one of the central goals of ex-ante digital competition rules like the DMA is to level gatekeepers downward); Colangelo & Ribera, supra note 138 (arguing that the DMA is intended to neutralize gatekeepers’ competitive advantages); and Oles Andriychuk, Do DMA Obligations for Gatekeepers Create Entitlements for Business Users?, 11 J. Antitrust Enforc. 123,126-129 (2023), (arguing that the nature of the DMA’s obligations is punitive).
[192] European Parliament, supra note 136.
[193] DSA IA, supra note 135, at 24.
[194] Bala?zs Hohmann & Bence Kis Kelemen, Is There Anything New Under the Sun? A Glance at the Digital Services Act and the Digital Markets Act from the Perspective of Digitalisation in the EU, 19 Croat. Y.B. Eur. L. Pol’y. 225 (2023).
[195] EU 2024–2029: France Digitale’s Manifesto for the 2024 European Elections, France Digitale (December 2023), at 6, available at https://media.francedigitale.org/app/uploads/prod/2023/11/28111529/France-Digitale-2024-European-Manifesto-web-1.pdf.
[196] Id., at 26.
[197] Tomada, supra note 31, at 61.
[198] Cristiano Codagnone & Linda Weigl, Leading the Charge on Digital Regulation: The More, the Better, or Policy Bubble? 2 Digital Soc’y 1 (2023), https://doi.org/10.1007/s44206-023-00033-7.
[199] Id., at 17.
[200] Tomada, supra note 31, at 64.
[201] Id., at 61.
[202] Id., at 65.
[203] Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, AI Continent Action Plan COM (2025) 165 final, https://digital-strategy.ec.europa.eu/en/library/ai-continent-action-plan.
[204] Id., at 21.
[205] Id., at 22.
[206] Id.
[207] Teese & Kahwaty, supra note 122.
