Spotlight

1.    Statement of Interest

1.1 The International Center for Law & Economics (“ICLE”) is a non-profit, non-partisan global research and policy center, devoted to building the intellectual foundations for sensible, economically grounded public policy. ICLE promotes the application and use of law and economics methodologies to inform complex judicial and regulatory debates, and possesses longstanding, well-recognised expertise in the evaluation of competition laws and policy, and their relationship with intellectual property rights. The scholars affiliated with ICLE include leading experts in competition law and economics from prominent universities and research institutions across the world.

1.2 The present appeal raises questions of significant public importance concerning the proper interpretation of fair, reasonable, and non-discriminatory (“FRAND”) obligations, the role of collective licensing platforms in the innovation ecosystem, and the appropriate scope of judicial intervention. In particular, the issue before the Supreme Court is whether “the courts of England and Wales have jurisdiction to determine disputes as to what licence terms are fair, reasonable and non-discriminatory at the request of an implementor rather than a patent owner, where the licence is offered by an intermediary as part of a pool or platform of patents?”.

2.    Executive Summary

2.1 ICLE respectfully submits that the Appellant’s attempt to extend FRAND obligations to the collective licensing rates offered by patent pools or platforms is legally unfounded, economically unsound and would generate significant adverse consequences for efficient licensing structures. As these submissions explain:

2.1.1 Judicial rate-setting for pools or platforms threatens the viability of pro-competitive licensing structures. Properly structured pools or platforms reduce transaction costs, mitigate royalty stacking, and speed licensed technology diffusion. Imposing FRAND-style obligations on these entities would increase legal uncertainty and undermine the very efficiencies they are designed to deliver, consequently risking chilling their very formation.

2.1.2 FRAND obligations are strictly bilateral and do not bind patent pools or platforms. The ETSI undertaking is a bilateral, patent-holder commitment that applies only to the individual patent owner and its affiliates. It does not extend to non-owner pool administrators, such as Avanci. Consequently, courts may, where necessary, assess FRAND at the level of individual patent owners, but there is no legal basis for imposing FRAND obligations on a pool or platform operator.

2.1.3 Implementers are not without recourse. Pools or platforms offer a voluntary, efficiency-enhancing licensing option. Implementers remain fully entitled to seek bilateral FRAND licences from individual patent owners and, if necessary, to litigate against any patentee that fails to offer FRAND terms.

2.1.4 Market forces discipline pool or platform rates. Because bilateral FRAND licensing and judicial scrutiny thereof remain available, the pool or platform’s collective licensing rate is inherently competitively disciplined. This built-in safeguard negates the need for judicial rate setting at the pool or platform level.

3.    Introduction

3.1 The Appellants, Tesla Inc. and Tesla Motors Limited (collectively, “Tesla”), urge this Court to extend the contractual obligations incumbent upon individual patent owners to encompass standard licensing rates offered by the Avanci 5G Platform, an intermediary platform over which those individual owners have no direct control.[1]

3.2 Tesla contends, in error, that because the platform offers a standard rate and it claims bilateral licensing is impracticable[2], the pool or platform licence is effectively immune from scrutiny absent proactive judicial rate-setting.[3]

3.3 ICLE respectfully submits that the Appellants’ perspective that patent pool or platform rates should be open to “scrutiny” by the Court, at the request of the implementer, fundamentally misapprehends the economic function of patent pools or platforms, the strict contractual privity of FRAND undertakings, and the market mechanisms that inherently discipline collective licensing rates. Exposing pro-competitive aggregation mechanisms, such as patent pools or platforms, to such potential litigation burdens and extra uncertainty, risks deterring companies from undertaking the creation of these highly beneficial, transaction-cost-reducing business arrangements[4].

3.4 Subjecting pool or platform operators to direct FRAND obligations (which they, themselves, never entered into)—would deter the formation and maintenance of such entities. Owners of standard-essential patents (“SEPs”) contribute their patents to a collective licensing pool or platform because they consider the expected return to be at least as favourable as the returns available through bilateral licensing, particularly when transaction costs of bilateral licensing are taken into account. Industry experience confirms that the difference is marginal, with many large portfolio holders already preferring bilateral licensing.[5] Imposing the prospect of judicial rate-setting on pool or platform operators would materially influence this marginal difference by introducing the risk that a court, at the initiative of any individual implementer, could set a collective licensing rate, which may result in a lower overall return than could be achieved through bilateral licensing.[6] This, in turn, would create meaningful uncertainty for all parties involved: SEP holders would struggle to calculate the costs and benefits of licensing via pools or platforms; pool or platform operators would face more complicated negotiations with those SEP owners (as the rate they can charge becomes more uncertain); and implementers would need to determine whether to license at the pool or platform’s market rate versus holding out in the hope of lower judicially-decided rates for the pool or platform.

3.5 Moreover, extending FRAND obligations to pool or platform operators would impose significant additional legal overhead and management costs on the very intermediaries whose raison d’être is to reduce transaction costs, thereby undermining the efficiency gains that justify pooling in the first place.[7] At the margin, prospective pool or platform operators would face heightened litigation exposure and regulatory burden, making the formation of new pools or platforms less commercially viable and discouraging SEP owners from participating in existing ones.

3.6 The application of the error-cost framework[8]—a foundational concept in modern competition law designed to maximise consumer welfare and reduce the likelihood of counterproductive regulatory interventions, legal rules and standards—is central to the analysis presented herein. There is a significant risk that extending FRAND obligations to patent pool or platform operators, rather than confining them strictly to the individual SEP owners who made the underlying contractual undertaking, may hinder efficient licensing and, therefore, innovation and consumer welfare.

3.7 ICLE therefore takes the position that the majority of the Court of Appeal correctly concluded that FRAND obligations do not unilaterally subject a non-signatory pool or platform operator to the court’s jurisdiction for collective rate-setting.

4.    The Economic Imperative to Preserve Patent Pools

4.1 As Avanci explained before the Court of Appeal, a court-declared licence and rate for the Avanci 5G Licence risks the unravelling of the platform in its entirety as “the patentees (who executed the MLMA knowing the terms of the 5G Licence) were under no obligation to stay, there was no guarantee that the patentees would continue to participate in the 5G Platform in the future. A possible outcome was that the entire 5G Platform would collapse…”.[9] It is ICLE’s position that the collapse of patent pools or platforms would carry significant downstream consequences, given the central economic role such entities play in reducing licensing frictions and enabling efficient

licensing of standardised technologies. As explained in paragraph 3.4 above, the industry would revert to bilateral licensing, thus raising costs and delaying licensing of standardised technology.

4.2 That risk must be understood against the broader economic rationale for the formation, preservation, and protection of patent pools or platforms. Academic research and empirical evidence consistently show that patent pools or platforms designed around complementary technologies, such as the Avanci 5G Platform, can solve important market frictions that might otherwise stifle downstream production and hinder the widespread licensed diffusion of standardised technologies.[10]

4.3 Standard-setting organisations (“SSOs”) develop complex technological standards that require the use of hundreds, often thousands, of complementary patented technologies. In extreme cases, this uncoordinated pricing may lead to a phenomenon known as “royalty stacking”[11], where the cumulative burden of individual royalties becomes significantly more than licensing through a pool or platforms as the number of patent holders grows.[12] By integrating the licensing functions of the complementary SEP owners, the pool or platform coordinates royalties across all contributors. That, in turn, increases joint profits of SEP owners while simultaneously lowering the aggregate royalty rate for all the patents, leading to lower overall prices for downstream implementers and ultimately consumers.[13]

4.4 Patent pools or platforms generate significant systemic efficiencies by reducing transaction costs. In the automotive sector’s transition to cellular connectivity, implementers face the prospect of obtaining licences to tens of thousands of patents held by dozens of different owners.[14] The bilateral licensing of SEPs requires extensive, multiple negotiations, the evaluation of large global portfolios, the retention of specialised technical and legal counsel. None of this is impossible or economically unviable, but it does make patent pools or platforms a highly attractive alternative option. These pools or platforms offer a comprehensive “one-stop-shop” convenience. In practical terms, the pool or platform is a commercially convenient alternative to bilateral licensing: it packages coverage that would otherwise require multiple negotiations.

4.5 Economic literature and available evidence consistently indicate substantial transaction cost savings generated by pooling arrangements, which facilitate the rapid licensing of emerging technologies into entirely new markets.[15] There is also a vast body of economic literature showing how patent pools or platforms have, throughout history, facilitated the licensed diffusion of new technologies.[16]

4.6 The pro-competitive character of properly structured patent pools or platforms is also widely recognised by policymakers. The United States Department of Justice (“DoJ”) evaluated the Avanci 5G Platform prior to its launch, issuing a Business Review Letter in July 2020 which concluded that the platform was “unlikely to harm competition”.[17] The DoJ explicitly identified the substantial transaction cost savings generated by providing a unified licensing solution for vehicle manufacturers and declined to impose its own assessment on the pool or platform rate, noting that there is no single correct way to calculate a reasonable royalty and that each patent holder would independently decide whether the pool’s terms comported with its own individual commitments.[18] In short, the experience to date suggests that properly structured pools or platforms have been highly successful at catalysing widespread licensing where the bilateral alternative would be more burdensome and costly.

5.    The Non-Transferability of FRAND Undertakings

5.1 The Appellants assert that FRAND undertakings made by individual patent owners must legally constrain the licensing offers made by the patent pool or platform.[19] This argument relies on a flawed conflation of bilateral contractual obligations with voluntary, market-driven collective licensing arrangements. Such undertakings are, however, strictly bilateral obligations binding the declarant alone and not the downstream pool or platform operator. The obligation to license SEPs on specific, encumbered terms arises from the intellectual property rights policies of SSOs and/or competition law.

5.2 In the case of the European Telecommunications Standards Institute (“ETSI”), this obligation is governed by Clause 6.1 of the institutional policy, which operates under French law as a stipulation pour autrui—a specific form of contract made by a promisor for the distinct benefit of a third-party beneficiary.[20] Under this framework, the declarant irrevocably commits to the SSO that it is prepared to grant irrevocable licences to its essential rights on specific terms to any implementer seeking to practise the standard.[21]

5.3 SSO policies are silent on the subject of patent pools or platforms and collective licensing. Clause 6.1 imposes binding legal obligations strictly on the individual declarant and its corporate affiliates.[22] As a result, there is no justiciable standard by which to evaluate a collective pool or platform rate where the FRAND obligation is with respect to a bilateral licence and rooted in ETSI clause 6.1 (a stipulation pour autrui).

5.4 Pools or platforms are not themselves bound by FRAND. There is no contractual term, statutory duty or competition-law obligation requiring a pool or platform’s rate to be FRAND, nor is there any interpretative mechanism within ETSI that extends the FRAND undertaking to licensing agents. Consequently, there is no legal basis on or criterion by which to assess a pool or platform’s rate.

5.5 A supplementary provision, Clause 6.1bis, operates to ensure that the commitment travels with the patent itself in the event of a transfer of ownership, legally binding any subsequent “successors-in-interest.”[23] However, a patent pool or platform operator is not (i) an individual declaration or a corporate affiliate of an individual declaration, nor (ii) a successor-in-interest. The pool or platform operator does not acquire legal title or equitable ownership of the underlying patents. It acts merely as a non-exclusive licensing agent possessing circumscribed authority to offer a standard portfolio licence on behalf of its contributing members.

5.6 Because the pool or platform operator functions exclusively as a licensing agent, the underlying contractual obligation remains solely vested in the individual patent owners.

5.7 Academic critiques of standard-setting frameworks have noted that existing policies do not stipulate that transferring or granting licensing authority to an agent results in the encumbrance moving with that authority.[24] Consequently, there is no basis for an implementer to claim a breach by a pool or platform operator. The pool or platform itself has made no declarations to the SSO, has signed no contracts with the organisation, and is completely unbound by the stipulation pour autrui.

5.8 The Court of Appeal’s recent judgment in Tesla v. InterDigital and Avanci reflects this position.[25] The majority concluded, correctly in ICLE’s opinion, that the FRAND undertaking does not oblige patent owners to license their portfolios on a collective basis, nor does it subject the pool or platform operator to the Court’s jurisdiction for rate-setting.[26]

5.9 Lord Justice Phillips observed that, on any sensible interpretation of the contractual arrangements with ETSI, patent owners have emphatically not agreed to license their SEPs on a collective basis with other SEP owners, whether on FRAND terms or otherwise.[27] He notes that “the undertaking clearly and distinctly creates an obligation on individual owners to licence the patent family of their declared SEPs, but it cannot be interpreted as extending to include licensing a portfolio which includes many SEPs owned by other organisations altogether”.[28]

5.10 Lady Justice Whipple forcefully reinforced this point, noting that the Master Licence Management Agreement governing patent pools or platforms explicitly separates the SEP owner’s individual undertakings from the distinct commercial deal struck to offer a packaged pool or platform licence.[29] The pool or platform represents a wholly different commercial offering, presented as an optional alternative to bilateral negotiations.

5.11 FRAND undertakings guarantee an implementer licensed access to the specific underlying technology on FRAND terms. What they do not do is guarantee implementers the right to demand a heavily discounted bulk licence from third parties under the guise of contractual enforcement. If an implementer desires the convenience of a pool or platform licence, it must accept the commercial terms offered by the pool or platform. If it desires a licence on FRAND terms, it retains the right to obtain one from the individual SEP owner.

6.    Patent Pool or Platform Rates Controlled by Market Forces

6.1 Even if the FRAND undertakings made by SEP owners were somehow applicable to patent pool or platform operators (which they are not), economic theory shows that, when bilateral licences remain available, patent pool or platform rates are continually disciplined by market forces and, therefore, highly competitive. Accordingly, there is no need for the Court to assess or set rates at the patent pool or platform level, as the Appellants urge.

6.2 Tesla maintains that Avanci’s $32 rate is not FRAND because it is offered on a non-negotiable, “take it or leave it” basis, and therefore escapes meaningful commercial negotiation.[30] However, this position is not correct, as patent pools or platforms face strong competitive pressure precisely because bilateral licensing agreements remain available, as required by the competition laws of almost all major jurisdictions.

Pools or Platforms are Substitutes for Bilateral Licensing

6.3 Because pool or platform members retain the right to license their SEPs bilaterally, the pool or platform licence and individual bilateral licensing serve as alternative routes to the same licensed access for the downstream implementer. As economic literature on strategic substitutes demonstrates, pool or platform pricing is therefore disciplined by the competitive constraint of independent licensing.[31]

6.4 In this case, an automotive manufacturer seeking the licensing necessary to implement the 5G connectivity standard can obtain it through two avenues: (i) it can purchase the comprehensive “one-stop-shop” licence from the centralised patent pool or platform, or (ii) it can invest the necessary time, capital, and administrative resources to assemble individual bilateral licences from each independent SEP owner. Because these two avenues are functional substitutes: any change in the cost, terms, or attractiveness of one necessarily affects the rates that can be negotiated for the other.

6.5 This dynamic effectively puts a practical ceiling on the price a patent pool or platform can sustainably charge. In other words, a patent pool or platform operator cannot sustainably charge a royalty rate higher than the sum of available bilateral alternatives minus the efficiency the pool or platform creates. If the pool or platform attempts to

extract a supra-competitive rate, rational licensees will seamlessly pivot to their “outside option” and negotiate individual deals with the SEP owners, who remain legally and contractually bound by their FRAND commitments to license their portfolios on FRAND terms. In a world where those SEP owners are bound to license bilaterally at FRAND rates, no patent pool or platform operator can profitably charge a rate that is not competitive.

6.6 This presumption that patent pool or platform rates are competitive is further reinforced by empirical economic research.[32] Indeed, the jointly optimal rate for the patent pool or platform is necessarily lower than the sum of the independent bilateral rates, even before accounting for transaction cost efficiencies. Empirical evidence from major pool or platform operators confirms this theoretical prediction, demonstrating that aggregate pool licensing costs can routinely be significantly lower than the aggregate cost of corresponding bilateral licences negotiated individually.[33]

Independent Licensing as a Competition Law Safeguard

6.7 Economic research demonstrates that a handful of safeguards are sufficient to ensure that pool or platform pricing remains competitive. Chief among these is the preservation of the right to independent licensing.

6.8 Because individual SEP owners maintain the absolute right to license their portfolios bilaterally, the pool or platform must present an offering that is objectively more attractive than the bilateral alternative to survive. Because the bilateral alternative is strictly governed by standard-setting obligations, the pool or platform rate is structurally and permanently capped by reference to the benchmark of the figure that would represent the aggregate of the royalties that would be paid under the bilateral licences for the patents in the pool or platform. Therefore, the pool or platform rate itself must be viewed by courts and regulators as presumptively efficient.

6.9 This simple finding is widely understood and enforced by major competition authorities around the world, who heavily scrutinise whether this vital outside option is preserved when competition authorities evaluate the formation of patent pools or platforms. Indeed, as noted in paragraph 4.6 above, in the United States, the DoJ concluded that the Avanci platform was unlikely to harm competition and identified the preservation of independent licensing as one of the primary, non-negotiable safeguards against anti-competitive effects.[34] The agency found no evidence whatsoever of agreements restricting independent licensing outside the platform, thereby allowing the strategic substitute mechanism to function freely and efficiently.[35]

6.10 From a policy standpoint, this means it is entirely sufficient for judicial review to be available only to assess whether the rates applied by individual patent owners are FRAND. Because standalone bilateral SEP licensing is a substitute for pools or platforms, potential judicial review of bilateral licensing rates is sufficient to guarantee pool or platform rates remain competitive.

6.11 In short, economic evidence demonstrates that there is no need for a court to proactively assess or dictate rates at the patent pool or platform level, as the Appellants urge the Court to do here.

7.    Addressing the Appellants’ Assertions and the Error-Cost Framework

7.1 When viewed through this legal and economic framework, the arguments advanced by the Appellants fail.

7.2 Tesla assert that they are left without recourse when faced with Avanci’s standard rate, but this alleged asymmetry is an illusion. Tesla retains the unfettered right to approach InterDigital—and every other individual SEP owner within the platform—to ask for an individual bilateral licence on FRAND terms. If an individual SEP owner refuses to negotiate, or demands an exorbitant rate, Tesla may then bring a proactive declaratory judgment action against that specific patentee. Indeed, the courts in the United Kingdom have recently confirmed that implementers can take active steps to seek out the licences they need. As the Court of Appeal held in InterDigital v Lenovo, a willing licensee “does not sit back and wait for demands from SEP licensors” but rather “takes active steps to seek out the licences that it needs.”[36] The Appellants’ refusal to utilise this alternative bilateral avenue does not generate the right to force a judicial rate-setting exercise upon the entire voluntary pool or platform. As the majority in the Court of Appeal correctly recognised, there is simply no recognised legal standard against which the pool or platform’s collective rate can be judged[37].

7.3 Furthermore, the non-negotiability of a pool or platform’s published rate is not an indicator of market abuse or evasion of commercial norms; it is a necessary feature of transaction-cost economics. Avanci achieves system-wide efficiencies precisely by offering a standardised, “one-size-fits-all” commercial package. Requiring Avanci to negotiate bespoke, individualised rates potentially with every single implementer would significantly reduce the transaction-cost savings the platform was created to achieve and hence potentially defeat Avanci’s value proposition.

7.4 Ultimately, accepting the Appellants’ arguments could risk imposing significant costs on the global innovation economy. Subjecting a voluntary patent pool or platform to the prospect of global judicial rate-setting based on the flawed premise that a non-negotiable uniform rate is somehow inherently suspicious represents a severe false positive. It improperly infers anti-competitive harm from conduct that is provably pro-competitive. As explained throughout these submissions, the formation of patent pools or platforms (i) reduces the threat of royalty stacking and (ii) saves on transaction costs, which accelerates the diffusion of licensed standard-essential technologies. Because the patent pool or platform lacks market power—owing to the constant competitive discipline imposed by independent bilateral licensing—there is no economic justification for subjecting them to the prospect of judicial rate-setting.

7.5 The error-cost framework teaches that false positives in antitrust—interventions that burden pro-competitive conduct—are particularly costly because they are largely irreversible. Markets can self-correct against under-enforcement, but cannot recreate efficient arrangements once the prospect of judicial intervention has deterred them from forming.[38] Establishing a precedent that potentially subjects pool or platform rates to FRAND adjudication would create a permanent litigation overhang that depresses pool or platform formation. The Appellants’ position thus invites the kind of irreversible institutional change the error-cost framework is designed to guard against—one whose principal casualties would be the very implementers and consumers who benefit from efficient collective licensing.

7.6 Penalising an efficient patent pool or platform by potentially subjecting its standard rate to protracted litigation (often involving multiple jurisdictions) undermines the vital incentive structures that encourage intellectual property holders to aggregate their complementary technologies in the first place. If pool or platform operators face the constant threat of having their meticulously balanced, standardised rates rewritten by courts at the behest of individual implementers, the incentive to form these pools or platforms will be significantly weakened.

7.7 Patent pools or platforms are vital, market-based, solutions. Regulating them through an overly rigid application of bilateral standard-setting obligations threatens to dismantle these aggregations. Attempts by the Appellants artificially to expand jurisdiction to capture patent pool or platform operators must therefore be firmly rejected.

[1] See Tesla’s Grounds of Appeal ¶¶8, 17-27 (UKSC/2025/0058); Tesla, Inc. v. IDAC Holdings, Inc. [2025] EWCA Civ 193 (“CA Judgment”), ¶¶ 9–11, 95(Arnold LJ).

[2] CA Judgment ¶¶2, 95 –“… Tesla allege that, as a matter of commercial reality, the only licence of UK SEPs covered by the Avanci 5G Platform which can be FRAND is a global platform licence of the kind offered by Avanci as agent for the SEP owners because negotiating bilateral licences with more than 65 SEP owners is impracticable. Tesla also allege that, in reality even if not formally, most members of the Avanci 5G Platform rely upon the availability of a licence under that platform as fulfilling their FRAND obligations.”

[3] See Tesla’s Written Case ¶¶8, 11.

[4] Avanci’s Skeleton Argument before the Court of Appeal (CA-2024-001749) (“Avanci CoA Skeleton”), ¶2 – “… Avanci arrived at the pricing and other terms of the 5G Licence after extensive discussions with potential licensors and licensees, with a view to devising an optional joint licence that would be commercially attractive to the majority of SEP holders and the majority of automobile manufacturers.”

[5] Josh Lerner & Jean Tirole, Efficient Patent Pools, 94 Am. Econ. Rev. 691 (2004); Gustav Brismark, Mattia Fogliacco, Carter Eltzroth, Matteo Sabattini & Richard Vary, Overview of SEPs, FRAND Licensing and Patent Pools, Les Nouvelles 57 (Mar. 2023).

[6] The most instructive empirical analogy is the 2015 revision to IEEE’s patent policy, which restricted SEP owners’ access to injunctive relief and narrowed the definition of reasonable royalty rates. Following that change, negative Letters of Assurance—in which patent owners declined to commit to licensing on RAND terms—rose to 77% of all Wi-Fi LOAs filed between January 2016 and June 2019. The DOJ itself subsequently urged IEEE to reconsider whether changes were needed to promote full participation in standard-setting, and IEEE reversed the key elements of the 2015 policy in 2022. U.S. Dep’t of Justice, Supplement to the Business Review Letter to IEEE (Sept. 10, 2020); David L. Cohen, The IEEE 2015 Patent Policy—A Natural Experiment in Devaluing Technology (2019). The lesson from that policy intervention may have relevance in this case, where the expected returns to SEP owners from a particular licensing channel may be reduced, leading to those owners redirecting their patents elsewhere.

[7] Giuseppe Colangelo, Finding an Efficiency-Oriented Approach to Scrutinize the Essentiality of SEPs: A Survey, 18 J. Intell. Prop. L. & Prac. 502 (2023) (emphasising that assessments imposed on pooling arrangements must avoid excessive costs that could discourage participation in the licensing process).

[8] See Frank H. Easterbrook, The Limits of Antitrust, 63 Tex. L. Rev. 1 (1984). The error-cost framework was further developed in the US Supreme Court’s antitrust jurisprudence. See Brooke Grp. Ltd. v. Brown & Williamson Tobacco Corp., 509 U.S. 209 (1993); Verizon Commc’ns Inc. v. Law Offices of Curtis V. Trinko, LLP, 540 U.S. 398, 414 (2004).

[9] Avanci CoA Skeleton, ¶9.

[10] Ashish Arora, Andrea Fosfuri & Alfonso Gambardella, Markets for Technology: The Economics of Innovation and Corporate Strategy (MIT Press 2001) (demonstrating that technology licensing markets enable specialisation between upstream innovators and downstream producers, accelerating the rate of technological change); Daniel F. Spulber, How Patents Provide the Foundation of the Market for Inventions, 11 J. Competition L. & Econ. 271 (2015) (providing evidence that patent licensing facilitates technology transfer and that well-functioning markets for intellectual property are essential to the diffusion of innovation); David J. Teece, Profiting from Technological Innovation: Implications for Integration, Collaboration, Licensing and Public Policy, 15 Research Pol’y 285 (1986) (establishing that the ability to appropriate returns through licensing is a central determinant of firms’ incentives to invest in R&D). For evidence that inefficient licensing directly harms innovation incentives, see Bowman Heiden & Justus Baron, The Economic Impact of Patent Holdout, 38 Harv. J.L. & Tech. 638 (2024); Kirti Gupta & Urška Petrov?i?, Evidence of Systematic “Patent Holdout”, 38 Berkeley Tech. L.J. 575 (2023).

[11] As Galetovic, Haber, and Levine have demonstrated, the predicted consequences of royalty stacking—stagnant quality-adjusted prices and suppressed innovation—have failed to materialise in SEP-reliant industries. To the contrary, industries heavily reliant on SEPs, such as smartphones, personal computers, and audio-visual equipment, exhibit the fastest quality-adjusted price declines in the U.S. economy. See Alexander Galetovic, Stephen Haber & Ross Levine, An Empirical Examination of Patent Holdup, 11 J. Competition L. & Econ. 549, 551 (2015). Similarly, Auer and Morris have argued that the standardisation ecosystem is characterised by emergent private-ordering mechanisms—including FRAND undertakings, repeat interactions among participants in SSOs, inter-platform competition among SDOs, and, crucially here, patent pools or platforms. These mechanisms substantially mitigate the scope for the opportunistic pricing. These institutional safeguards mean that individual SEP owners rarely, if ever, behave as unconstrained independent monopolists. See Dirk Auer & Julian Morris, Governing the Patent Commons, 38 Cardozo Arts & Ent. L.J. 291 (2020). See also Justus Baron et al., Empirical Assessment of Potential Challenges in SEP Licensing (European Commission 2023) (finding no discernible evidence that patent owners are systematically overcharging implementers or that FRAND disputes are undermining innovation and standard adoption).

[12] Mark A. Lemley and Carl Shapiro, Patent Holdup and Royalty Stacking, 85 Texas Law Review 1991 (2007); Carl Shapiro, Navigating the Patent Thicket: Cross Licenses, Patent Pools, and Standard Setting, in 1 Innovation Policy and the Economy 119 (2001), at 121–25.

[13] Lerner & Tirole, supra footnote 5, at 696 (Proposition 1 shows that a pool of complementary patents reduces aggregate royalties while increasing total licensor profits).

[14] CA Judgment, ¶1, 18 (noting over 65 SEP owners together owning more than 170,000 SEPs declared to the 5G standard on the Avanci 5G Platform).

[15] Robert P. Merges & Michael Mattioli, Measuring the Costs and Benefits of Patent Pools, 78 Ohio St. L.J. 281 (2017) (presenting the first empirically-based estimate of pool or platform transaction cost savings and finding that pools or platforms can save hundreds of millions of dollars relative to bilateral licensing counterfactuals); see also Statement of Facts and Issues, ¶¶11–12 (noting the rapid adoption of the Avanci 5G Platform by more than 65 SEP owners and 31 vehicle manufacturers); CA Judgment, ¶95 (Arnold LJ recording Avanci counsel’s observation of a “stark difference” between the orderly licensing Avanci achieved in the automotive sector and the “licensing debacle” in the mobile phone sector where no comparable pool exists).

[16] Gavin Clarkson and Joshua Newberg, Blunt Machetes in the Patent Thicket: Modern Lesson from the History of Patent Pool Litigation in the United States Between 1900–1970, 22 Journal of Technology Law & Policy 1 (2017); Adam Mossoff, The Rise and Fall of the First American Patent Thicket: The Sewing Machine War of the 1850s, 53 Arizona Law Review 165 (2011); Richard J. Gilbert, Antitrust for Patent Pools: A Century of Policy Evolution, Stanford Technology Law Review 3 (2004).

[17] U.S. Department of Justice, Business Review Letter Re: Avanci 5G Platform (28 July 2020) at 2-3 (“DoJ Business Review Letter”) – “After soliciting input from a range of stakeholders in the automotive and telecommunications industries, including potential licensors and licensees, conducting an independent review, and considering our prior guidance and reviews of other patent pools, we conclude that, on balance, Avanci’s proposed 5G Platform is unlikely to harm competition.”.

[18] Id. at 21 – “There is no single correct way to calculate a reasonable royalty in the FRAND context.”

[19] See Tesla’s Grounds of Appeal, ¶¶16–18.

[20] CA Judgment, ¶ 9.

[21] ETSI, Intellectual Property Rights Policy, cl. 6.1.

[22] Id.

[23] ETSI, Intellectual Property Rights Policy, cl. 6.1bis.

[24] See Jorge L. Contreras, A Brief History of FRAND: Analyzing Current Debates in Standard-Setting and Antitrust Through a Historical Lens, 80 Antitrust L.J. 39, 67–68 (2015).

[25] See CA Judgment, ¶222–242 (Phillips LJ), ¶243–255 (Whipple LJ).

[26] Id. ¶228–231, 248–251.

[27] Id. ¶228.

[28] Id.

[29] Id. ¶249.

[30] CA Judgment, ¶2 – “Tesla complain that Avanci has only offered a flat rate of $32 per vehicle for such a licence on a non-negotiable basis. Tesla contend that this rate far exceeds a FRAND rate.”; Tesla’s Written Case ¶5.2 – “The members were, according to the evidence, presented with the rate on a “take it or leave it” basis.”

[31] Jeremy I. Bulow, John D. Geanakoplos & Paul D. Klemperer, Multimarket Oligopoly: Strategic Substitutes and Complements, 93 J. Pol. Econ. 488 (1985) (establishing the foundational framework for analysing strategic substitutes in oligopoly settings).

[32] See Merges & Mattioli, supra footnote 15.

[33] Id.

[34] DoJ Business Review Letter at 11–13.

[35] Id. at 13.

[36] InterDigital Technology Corp v Lenovo Group Ltd [2024] RPC 24, ¶205.

[37] CA Judgment, ¶235.

[38] Frank H. Easterbrook, The Limits of Antitrust, 63 Tex. L. Rev. 1, 2–3, 15 (1984).

INTEREST OF AMICI CURIAE[1]

Amici curiae are former government officials with significant experience enforcing federal antitrust laws on behalf of the United States Department of Justice and/or the Federal Trade Commission. Amici are leading voices in the antitrust field; they have testified as experts before Congress, taught at top-tier educational institutions, published leading antitrust articles, and been cited in federal antitrust decisions.

In their capacity as former enforcement officials—and as antitrust practitioners, academics, and economists—amici have a substantial interest in the consistent enforcement, coherent interpretation, and predictable application of antitrust laws. Background details for each of the amici are set forth in an Addendum to this brief.

INTRODUCTION AND SUMMARY OF ARGUMENT[2]

The Supreme Court recently emphasized that “caution is key” “[w]hen it comes to fashioning an antitrust remedy.” NCAA v. Alston, 594 U.S. 69, 106 (2021). Caution is necessary because even well-intentioned judicial remedies can have unintended anticompetitive consequences that undermine the purpose of our antitrust laws. As a result, “markets are often more effective than the heavy hand of judicial power when it comes to enhancing consumer welfare.” Id.

Here, the panel failed to heed that caution when it “recommend[ed] some possible courses of action to the district court regarding an appropriate commission or fee limitation on remand.” Op. 41. Specifically, the panel suggested that Apple may recover only the direct costs of implementing linked-out purchases, even if a higher commission would not be “prohibitive.” Op. 40; see id. at 41-42. If left uncorrected, the panel’s dicta could deny Apple compensation for its enormous investments in developing the App Store and other benefits to developers.

The panel’s statements at pages 41-42 of its opinion run counter to principles of sound antitrust enforcement. That language improperly seeks to micromanage private business dealings, despite clear evidence that courts are ill-equipped to regulate prices and that their doing so can chill innovation by reducing and even eliminating businesses’ ability to earn a return on innovations. If the panel opinion remains intact, it risks discouraging Apple and other technology companies from innovating, in contravention of the public interest.

ARGUMENT

THE PANEL’S PROPOSED “COURSES OF ACTION” ARE INCONSISTENT WITH ANTITRUST PRINCIPLES

The panel allowed Apple to charge some commission on linked-out purchases. Op. 36-40. But it held that Apple must set the commission at some unspecified rate that is not “prohibitive” and suggested that a commission should cover only Apple’s direct costs in facilitating such purchases. See Op. 41-42. The panel stated that a commission should be “based on the costs that are genuinely and reasonably necessary for [Apple’s] coordination of external links for linked-out purchases, but no more.” Id. at 41. And it further suggested that Apple may only receive “compensation for the use of its intellectual property that is directly used in permitting Epic and others to consummate linked-out purchases.” Id. at 41-42. The panel erred in seeking to micromanage Apple’s charging of commissions for linked-out purchases.

A.     Antitrust Courts Should Avoid Dictating Businesses’ Prices and Terms of Dealing

“As a general rule, businesses are free to choose the parties with whom they will deal, as well as the prices, terms, and conditions of that dealing.” Pac. Bell Tel. Co. v. lifeLine Commc’ns, Inc., 555 U.S. 438, 448 (2009). For that reason, the Sherman Act “does not restrict the long recognized right” of a “private business[] freely to exercise [its] own independent discretion as to parties with whom [it] will deal.” United States v. Colgate & Co., 250 U.S. 300, 307 (1919). Nor does the Sherman Act mandate that a private business charge only a “fair” or “reasonable” price. Town of Concord v. Bos. Edison Co., 915 F.2d 17, 25 (1st Cir. 1990) (Breyer, J.). To the contrary, “possession of monopoly power, and the concomitant charging of monopoly prices” is “not unlawful” and “is an important element of the free-market system[,]” because “[t]he opportunity to charge monopoly prices-at least for a short period-is what attracts ‘business acumen’ in the first place.” Verizon Commc’ns Inc. v. Law Offices of Curtis V. Trinko, LLP, 540 U.S. 398, 407 (2004).

Those principles accord with “the fundamental national values of free enterprise and economic competition that are embodied in the federal antitrust laws.” FTC v. Phoebe Putney Health Sys., Inc., 568 U.S. 216, 225 (2013). If firms were compelled to “share the source of their advantage” or to charge less than the market would accept, then they would have reduced incentives to invest. Trinko, 540 U.S. at 407-08. Critically here, intrusive judicial remedies can be particularly damaging to “technological markets, where innovation ‘is essential to economic growth and social welfare’ and ‘an erroneous decision will deny large consumer benefits.” FTC v. Qualcomm Inc., 969 F.3d 974, 991 (9th Cir. 2020); cf. Phillip E. Areeda and Herbert Hovenkamp, Antitrust Law: An Analysis of Antitrust Principles and Their Application, § l739f4(C) (2d ed. 2017) (“[I]nte11ectua1 property is often characterized by large upfront costs, and the IP holder must earn enough to cover these as well as marginal costs.”) .

The foregoing principles also reflect that “judges make for poor ‘central planners’ and should never aspire to the role.” Alston, 594 U.S. at 103. “[A]s generalists, as lawyers, and as outsiders,” courts should remain cognizant of “their limitations” when “trying to understand intricate business relationships,” id. at 106-“especially in technology markets,” Qualcomm, 969 F.3d at 990. Judges should “avoid direct price administration” in particular because it is largely impossible to “determine a ‘fair price”‘ “without acting like a rate-setting regulatory agency, the rate-setting proceedings of which often last for several years.” Town of Concord, 915 F.2d at 25. Indeed, “[t]he reasonable price fixed today may through economic and business changes become the unreasonable price of tomorrow.” United States v. Trenton Potteries Co., 273 U.S. 392, 397 (1927) (cleaned up).

B.     The Panel Opinion Improperly Seeks to Dictate Apple’s Prices and Terms of Dealing

The panel opinion’s proposed “course[] of action” for remand is inconsistent with these established principles. Op. 41. That portion of the opinion micromanages granular details of Apple’s dealings with developers, and it appears to restrict Apple’s commissions on linked-out purchases to its direct costs—even if a commission that would adequately compensate Apple for the use of its intellectual property would not be “prohibitive.” Id. at 40-42. The panel took these steps even though Apple’s specific practices for outside-app purchases have hardly been scrutinized, let alone deemed unlawful.

To be sure, the panel modified certain aspects of the district court’s order and did not accept the district court’s complete ban on commissions. Op. 40-41. But the panel’s recommended “courses of action” on remand raise problems of their own. As Apple explains—and as Epic has represented—the panel opinion could be read to bar all commissions above a de minimis level, disregarding the value of Apple’s innovation and intellectual property and effectively restoring the district court’s zero-commission rule. See id. at 41-42, see Pet. 1-2, 6-7. That is precisely the type of “direct price administration” that “antitrust courts normally avoid.” Town of Concord, 915 F.2d at 25.

Moreover, the panel opinion raises serious administrability concerns. In setting a permissible commission rate, it is far from clear how Apple—or a court—should determine which costs are “genuinely and reasonably necessary,” or which intellectual property is “directly used, in facilitating linked-out purchases. Op. 41-42. As one example, the App Store provides visibility and distribution services for the apps it features—must the costs of developing the App Store somehow be apportioned to all apps in this calculus? And costs change frequently—does a permissible commission rate suddenly become “prohibitive” when Apple reduces one cost involved in purchases? The panel offers no guidance, and its amorphous direct costs standard only underscores the extent to which “identifying the proper price, quantity, and other terms of dealing” is “a role for which [courts] are ill suited.” Trinko, 540 U.S. at 408.

If left intact, the panel’s proposed approach could force Apple to share the fruits of its labor with developers at little to no cost (and with no commensurate gain). Millions of consumers and developers benefit from the App Store, and Apple incurred significant costs to develop it. Apple monetizes the App Store through its commissions, and no clear alternative monetization structure exists, especially given the wide variety of developers who use the App Store. And in particular, restrictions on outside-app purchases are necessary to prevent freeriding and to allow Apple to earn a return on its substantial investments in its intellectual property and other benefits for developers.

Courts and antitrust enforcers have long understood the dangers of forced-sharing remedies like the one that the panel opinion appears to envision here. Such obligations are in “tension with the underlying purpose of antitrust law, since [they] may lessen the incentive for the monopolist, the rival, or both to invest in … economically beneficial facilities.” Trinko, 540 U.S. at 407-08. There is no “guarantee that firms will undertake the investment necessary to produce complex technological innovations knowing that any competitive advantage deriving from those innovations will be dissipated by the sharing requirement.” AT&T Corp. v. Iowa Utils. Bd., 525 U.S. 366, 429 (1999) (Breyer, J., concurring in part and dissenting in part). That is why “[e]ven a monopolist generally has no duty to share (or continue to share) its intellectual or physical property with a rival.” Novell, Inc. v. Microsoft Corp., 731 F.3d 1064, 1074 (loth Cir. 2013) (Gorsuch, J.). Thus, whether viewed as price setting or compulsory sharing, the panel’s apparent approach to commissions is antithetical to the goals and principles of antitrust law. For that reason, the relief envisioned by the panel opinion would be contrary to “the public interest.” Winter v. Nat. Res. Def. Council, 555 U.S. 7, 32 (2008).

The panel opinion could also have important practical consequences. Apple made significant investments to create the iPhone and develop the iOS ecosystem. Forcing Apple to give developers access to its intellectual property without adequate compensation invites free riding and discourages the type of “risk taking that produces innovation and economic growth.” Trinko, 540 U.S. at 407. Those consequences are not limited to Apple alone-any would-be developer may rationally decide not to invest in new technology with no clear path to monetizing it. And when the law discourages innovation, the ultimate losers are consumers. See Gorlick District. Ctrs., LLC v. Car Sound Exhaust Sys., Inc., 723 F.3d lol9, 1026 (9th Cir. 2013) (observing that “free-riding could ultimately hurt consumers”).

CONCLUSION

For the foregoing reasons, this Court should grant Apple’s rehearing petition.

[1] No party or party’s counsel authored this brief in whole or in part, and no one other than amici and their counsel has made a monetary contribution to this briefs preparation and submission. Cooley represents Apple in other unrelated matters, and some amici may be affiliated with firms that similarly represent Apple in other unrelated matters.

[2] Unless otherwise indicated, all internal citations and quotations are omitted.

Interest and Independence of Amicus Curiae

The amici are present or former academics and former government enforcers. The  Appendix lists their names and affiliations. The amici share an interest in the development of antitrust law and the proper application of summary judgment principles in Sherman Act conspiracy cases. All parties consented to the filing of this brief. No party’s counsel authored any part of the brief, and only the amici and their counsel contributed funds for the preparation or submission of the brief.

Introduction

“The dizzying increase in fuel prices associated with the OPEC oil embargo of 1973 had a severe impact on the trucking industry.” Cent. Forwarding, Inc. v. ICC, 698 F.2d 1266, 1268 (5th Cir. 1983). The Interstate Commerce Commission (ICC), which regulated the industry, responded with rate increases, and when oil prices spiked much higher in 1979, the ICC responded with fuel surcharges. See id. at 1268–69.

Defendants adopted fuel surcharges (hereinafter, FSCs) in 2000. Trucks and trains use the same fuel, but trains are more efficient. Appellants observe that “everything changed in 2003.” Brief for Plaintiffs-Appellants (Pl. Br.) 1. Indeed, the “most remarkable surge in the price of oil since 1979 occurred between mid-2003 and mid-2008 with the WTI [West Texas Intermediate crude] price climbing from $28 to $134 per barrel.” Christiane Baumeister & Lutz Kilian, Forty Years of Oil Price Fluctuations: Why the Price of Oil May Still Surprise Us, J. Econ. Persps., Winter 2016, at 139, 147. The underlying data was before the district court. Dep’t of Energy, Energy Info. Admin., Cushing, OK WTI Spot Price, www.eia.gov/dnav/pet/hist/RWTCD.htm.

Plaintiffs alleged a conspiracy among Defendants relating to their use of FSCs, and they argue that the conspiracy can be inferred from circumstantial evidence. But Defendants had to act as fuel prices rose, and the obvious action was aggressive use of escalators tied to the price of oil—their FSCs. As the district court concluded, Defendants did not act simultaneously or in remarkably similar ways, and their actions were consistent with the pursuit of independent self-interest.

Appellants argue that Defendants’ use of FSCs in 2003 was “nothing like” what came before, and that this alone raises “a triable question about concerted action.” Pl. Br. 50–51. But fuel price increases beginning in 2003 were “nothing like” what came before. The necessity of decisive action and the rationality of the action taken amply support the district court’s conclusion that the evidence did not tend to exclude the possibility that Defendants acted independently.

Summary of Argument

1. The district court faithfully applied precedent demanding evidence from which a reasonable jury could find the inference of a conspiracy more attractive than the alternative inference of independent action. The court determined that a reasonable jury could not infer that Defendants conspired.

Erratic and rapidly rising fuel prices provided “a strong basis for the inference of independent action.” Op. 77. Consequently, a reasonable jury could not infer conspiracy from some similarities in Defendants’ FSCs and some conversations between pairs of Defendants touching on FSCs. Conspiracy can be inferred from marketplace conduct only with actions contrary to independent self-interest. Plaintiffs did not show that anything about Defendants’ FSCs was contrary to their independent self-interest.

2. The district court did not grant summary judgment because of an absence of unusual parallelism. The court concluded that the nature and extent of parallelism did not itself support the inference of conspiracy, and then went on to meticulously examine Plaintiffs’ other evidence and argument, and the record as a whole.

The district court did not explain Defendants’ FSCs as “mere interdependent” conduct, but rather as rational independent action.

The district court did not ignore “plus factors,” but rather required evidence that tends to exclude the possibility of independent action. Ticking a few “plus factor” boxes does not assure that a reasonable jury could find the inference of a conspiracy more attractive than the alternative inference of independent action.

Argument

I. The District Court Correctly Applied the Proper Summary Judgment Standard

Plaintiffs alleged that Defendants engaged into a conspiracy relating to

their FSCs, in violation of Section 1 of the Sherman Act. After many years of litigation, the district court granted Defendants’ motion for summary judgment. Appellants submit that the court departed from “bedrock summary-judgment principles,” Pl. Br. 30, but Appellants misstate those principles and mischaracterize the district court’s ruling.

A. The District Court Applied the Proper Standard

Appellants fault the district court for demanding that Plaintiffs’ evidence “make the inference of a conspiracy more ‘attractive’ than the alternative inference of independent action.” Pl. Br. 30–31, quoting Op. 35. But this articulation of the summary judgment standard is fully consonant with bedrock principles articulated by the Supreme Court.

In Matsushita, the Supreme Court held that “conduct as consistent with permissible competition as with illegal conspiracy does not, standing alone, support an inference of antitrust conspiracy. To survive a motion for summary judgment or for a directed verdict, a plaintiff seeking damages for a violation of § 1 must present evidence that tends to exclude the possibility that the alleged conspirators acted independently.” Matsushita Elect. Indus. Co. v. Zenith Radio Corp., 475 U.S. 574, 588 (1986) (citations and internal quotation marks omitted).

In Twombly the Supreme Court reiterated that, at “the summary judgment stage a § 1 plaintiff ’s offer of conspiracy evidence must tend to rule out the possibility that the defendants were acting independently.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 554 (2007).

The district court accurately articulated the standard of Matsushita and Twombly. Op. 34–37. Among other things, the court observed that “Matsushita simply demands that the nonmoving party’s inferences be reasonable in order to reach a jury, in light of the alternative inferences and economic realities.” Op. 36, see Matsushita, 475 U.S. at 588.

For guidance on which inferences are reasonable, the district court referred to a pre-Matsushita decision by this Court requiring that “plaintiffs’ evidence must make the inference of a conspiracy more ‘attractive’ than the alternative inference of independent action.” Op. 35, citing Fed. Prescription Serv., Inc. v. Am. Pharm. Ass’n, 663 F.2d 253, 267 (D.C. Cir. 1981) (“inference of conspiracy . . . is warranted only when a theory of rational, independent action is less attractive than that of concerted action”).

In that case, this Court rejected the trial court’s conspiracy finding. The Court held that the trial court clearly erred in finding a conspiracy on the basis of parallel conduct that was not a kind that “could only make sense in the context of ” a conspiracy, but rather could “be persuasively explained by the exercise of rational, independent judgment.” Fed. Prescription, 663 F.2d at 267.

Appellants wrongly assert that Federal Prescription’s “less attractive” formulation demands proof of the underlying claim just to get the opportunity to prove it at trial. Pl. Br. 30. It does nothing of the kind. What it demands is evidence that would permit a reasonable trier of fact to find a conspiracy, which is exactly what Matsushita demands.

The district court did what it was required to do. “If the defendant in a run-of-the-mill civil case moves for summary judgment or for a directed verdict based on the lack of proof of a material fact, the judge must ask himself not whether he thinks the evidence unmistakably favors one side or the other but whether a fair-minded jury could return a verdict for the plaintiff on the evidence presented.” Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 252 (1986). The court asked that question, and the answer was no.

B. The District Court Applied the Standard Correctly

“[A]ntitrust law limits the range of permissible inferences from ambiguous evidence in a § 1 case.” Matsushita, 475 U.S. at 588. But “Matsushita demands only that the nonmoving party’s inferences be reasonable in order to reach the jury.” Eastman Kodak Co. v. Image Tech. Servs., Inc., 504 U.S. 451, 468 (1992). And Appellants argue that “inferences of collusion . . . are entirely permissible here.” Pl. Br. 37.

In carefully reviewing the evidence, the district court was not, as Appellants argue, “usurping the jury’s role.” Pl. Br. 31. The district court applied the Matsushita standard and granted summary judgment because “a reasonable jury could not conclude” that Defendants’ actions relating to their FSCs were “the result of a conspiracy.” Op. 37.

Contrary to Appellants’ claim, the district court did not draw “improper inferences” in concluding that “Defendants’ focus on FSCs was driven by erratic and rapidly rising fuel prices.” Pl. Br. 43–44. Uncontroverted government data demonstrated “erratic and rapidly rising fuel prices.” With occasional ebbs, oil prices doubled between the Spring of 2003 and the Summer of 2005, and then doubled again by the Summer of 2008. Dep’t of Energy, Energy Info. Admin., Cushing, OK WTI Spot Price, www.eia.gov/dnav/pet/hist/RWTCD.htm.

The district court was amply justified in concluding that erratic and rapidly rising fuel prices gave Defendants “a rational business motivation for aggressively pursuing higher FSCs.” Op. 70 (capitalization altered). And the court rightly observed that “an independent business justification for the defendants’ behavior makes inferring the requisite illegal conspiratorial agreement for a Sherman Act section 1 violation more difficult.” Op. 70.

Appellants argue that the evidence of Defendants’ meetings nevertheless could support a reasonable inference of conspiracy. Pl. Br. 46–50. But the district court carefully reviewed the evidence and concluded that “none of the meetings relied on by plaintiffs aid them in making plausible an inference of conspiracy.” Op. 120. Defendants “had a few meetings and a handful of sporadic communications where FSCs may have merely come up, though not contemporaneously to any change in defendants’ conduct or the context of creating an agreement.” Op. 152.

The district court correctly concluded that the mere fact of the meetings was not a permissible basis for inferring conspiracy. Op. 105–07, 152. Pairs of Defendants communicated because they partnered in numerous “interline” movements. Op. 7–8. Interline movements were quite important because Defendants CSX and NS operated in the East, while Defendants BNSF and UP operated in the West. Op. 6.

Appellants point to a May 2003 meeting at which NS and UP allegedly agreed that “it would be a positive outcome if all roads had the same process in the eyes of our customers.” Pl. Br. 49–50. The district court observed that the meeting occurred shortly after NS and UP announced FSC formulas and there was no evidence of parallel action following the meeting, which “undercuts any inference” of conspiracy. Op. 115–16.

Appellants point to a July 2003 meeting between BNSF and NS, several months after the conspiracy’s alleged onset, discussing a “potential industry position” on FSCs. Pl. Br. 48–49. Appellants ignore the district court’s observation that discussing a “potential” position “suggests that none was extant already” and thus “undermines plaintiffs’ alleged conspiracy.” Op. 119.

Appellants argue that the “district court read Matsushita to require that Plaintiffs show inter-Defendant pricing dialogues tethered to ‘simultaneous’ (or ‘near-simultaneous’) and ‘unusual’ lockstep pricing actions across all Defendants.” Pl. Br. 35. The district court did no such thing. Instead, it carefully examined the evolution of Defendants’ FSCs for any parallelism from which a reasonable jury could have inferred a conspiracy. Op. 42–69.

Nor did the district court fall into the “trap” of “considering Plaintiffs’ conspiracy evidence piecemeal,” as Appellants argue. Pl. Br. 45. Judge Posner identified this “trap” but observed that “zero plus zero equals zero.” In re High Fructose Corn Syrup Antitrust Litig., 295 F.3d 651, 655 (7th Cir. 2002). The district court rightly concluded that most of Plaintiffs’ evidence was a “zero,” and it concluded that “all of plaintiffs’ evidence together” did “not tend to exclude the inference of independent action.” Op. 150.

The district court recognized that the “ultimate inquiry . . . is a holistic one,” Op. 150, because the whole of Plaintiffs’ circumstantial evidence could be greater than the sum of its parts, Op. 40–41, 149–50. And the court concluded that the evidence, “evaluated cumulatively,” did not tend to exclude the possibility of independent action. Op. 151. Appellants disparage the district court’s holistic assessment of the evidence but identify no synergy in the evidence that the district court overlooked. Pl. Br. 46–47.

Viewing the evidence as a whole, the court concluded that it did not tend to exclude the possibility of independent action, “especially given the strong showing made by defendants that they acted in their unilateral self-interest.” Op. 151. “[T]here is no reason to infer that [Defendants] had agreed among themselves to do what was only natural anyway.” Twombly, 550 U.S. at 566.

C. The Missing Plus Factor Is Action Against Self-Interest

“A plaintiff may establish a conspiracy under Section 1 of the Sherman Act by circumstantial evidence such as inferences drawn from the behavior of the alleged co-conspirators.” Kreuzer v. Am. Acad. of Periodontology, 735 F.2d 1479, 1487–88 (D.C. Cir. 1984). “Such an inference may only be drawn, however, when an alleged conspirator has acted contrary to his own independent interest.” Id. at 1488.

Kreuzer is consistent with Matsushita and Twombly. Recapitulating the holding of Matsushita, Twombly observed that conduct “consistent with conspiracy” is of no avail to plaintiffs opposing summary judgment if it is “just as much in line with a wide swath of rational and competitive business strategy unilaterally prompted by common perceptions of the market.” Twombly, 550 U.S. at 554. Thus, marketplace conduct supports an inference of conspiracy only when it is contrary to unilateral self-interest.

“Where the conduct of an alleged co-conspirator is in its own economic self-interest only if the other alleged co-conspirators follow suit, there is strong circumstantial evidence of a conspiracy.” Honey Bum, LLC v. Fashion Nova, Inc., 63 F.4th 813, 823 (9th Cir. 2023). Put another way, conspiracy can be inferred from “perilous” conduct, which cedes business unless rivals respond in a parallel fashion and thus bypass opportunities to gain business. Kleen Prods. LLC v. Ga.-Pac. LLC, 910 F.3d 927, 937–38 (7th Cir. 2018).

Parallel conduct supported an inference of conspiracy in Interstate Circuit, Inc. v. United States, 306 U.S. 208, 221–22 (1939). “Key to Interstate Circuit’s conspiracy finding was its determination that each distributor’s decision to accede to Interstate’s demands would have been economically self-defeating unless the other distributors did the same.” In re Ins. Brokerage Antitrust Litig., 618 F.3d 300, 331 (3d Cir. 2010).

Appellants argue that Defendant’s FSCs during the period of alleged conspiracy “were a significant break from the surcharges of the past.” Pl. Br. 25. But fuel prices indisputably soared; Defendants had powerful self-interested reasons to act in response; and aggressive use of FSCs was an obvious and sensible action. Appellants do not argue that breaking from the past was “perilous” or unwarranted by circumstances.

“Here, detailed evidence of each defendant’s internal debates and analyses . . . demonstrates independent decision-making and logical, self-interested business justifications for the choices each defendant made.” Op. 77, see Op. 139–43. Appellants identify no factual dispute as to whether either the construction of Defendant’s FSCs or the expansion of their coverage was consistent with independent self-interest.

II. The Amici Provide No Sound Basis for Reversing the Grant of Summary Judgment

A. The District Court Did Not Demand Unusual Parallelism

Amicus curiae States and the American Antitrust Institute mistakenly assert that the district court granted summary judgment on the basis that Plaintiffs could not show unusual parallelism. Brief for the District of Columbia and 22 States as Amicus Curiae in Support of Appellants (St. Br.) 15–19; Brief of the American Antitrust Institute (AAI) in Support of Plaintiffs-Appellants and Reversal (AAI Br.) 5–13, 16–17.

Circumstantial proof of a price-fixing conspiracy entails inference from conduct, especially parallel prices and parallel price movements. See, e.g., Am. Tobacco Co. v. United States, 328 U.S. 781, 804–05 (1946); High Fructose, 295 F.3d at 654. In ruling on summary judgment, a court determines what inferences a reasonable jury could draw from the conduct documented in the record within the context of the other evidence.

“Parallel behavior of a sort anomalous in a competitive market” supports an inference of conspiracy. In re Text Messaging Antitrust Litig., 782 F.3d 867, 870 (7th Cir. 2015). And parallel conduct can support an inference of conspiracy if “inconsistent with that to be expected from each party individually pursuing his own interest.” Kreuzer, 735 F.2d at 1487.

The State and AAI amici argue that the district court erred by asserting: “Parallel conduct . . . requires pricing decisions so ‘unusual,’ they could not be expected from an ordinary competitive market.” Op. 48, quoted by St. Br. 15–16; AAI Br. 5, 14. The court’s phrasing was not ideal, but it correctly described parallelism that would support an inference of conspiracy. See Twombly, 550 U.S. at 556 n.4 (“[C]omplex and historically unprecedented changes in pricing structure made at the very same time by multiple competitors, and made for no other discernible reason, would support a plausible inference of conspiracy.” (internal quotation marks omitted)).

The amici do not question the district court’s conclusion that a reasonable jury could not infer conspiracy from the details and evolution of Defendants’ FSCs. Op. 42–69. The amici argue instead that the court erred by treating the absence of unusual parallelism as a sufficient basis for granting summary judgment. St. Br. 15–19, 24; AAI Br. 5–6, 11, 14, 16, 19–20. But the court did not do that. After concluding that no parallels in Defendants’ FCSs could support an inference of conspiracy, the court devoted nearly 100 pages to exhaustively reviewing all the other evidence.

Amicus AAI alone argues that parallel conduct is a “threshold” trivially crossed because Defendants’ small numbers made their actions “invariably parallel.” AAI Br. 5, 7–9, 13. And once the threshold was crossed, AAI argues that “the district court should have ended its inquiry into parallel conduct.” AAI Br. 7. AAI’s authority for the threshold notion is a pleading decision. Mosaic Health, Inc. v. Sanofi-Aventis U.S., LLC, 156 F.4th 68 (2d Cir. 2025), cited at AAI Br. 5–6, 13. And AAI asserts that the district court “raise[d] the bar for pleading.” AAI Br. 5.

In ruling on summary judgment, the court was tasked with determining whether the evidence “tends to exclude the possibility that the alleged conspirators acted independently.” Matsushita, 475 U.S. at 588 (internal quotation marks omitted). The nature and extent of parallelism unquestionably was relevant. See, e.g., Twombly, 550 U.S. at 553, 556 n.4.

B. The District Court Did Not Rely on “Mere Interdependence”

On the authority of a single article, the academic amici argue that courts systematically err in evaluating circumstantial evidence of collusion by assuming that all parallel conduct could be due to “mere interdependence.” Brief of Amicus Curiae Antitrust Law and Economics Professors in Support of Plaintiffs-Appellants and Reversal (Acad. Br.) 2–4, 7–8.

But the district court did not explain Defendants’ aggressive use of FSCs as “mere interdependence,” and the academic amici offer scant support for the charge that the “‘mere interdependence’ assumption runs throughout” the court’s opinion. Acad. Br. 8; see AAI Br. 20 (“The district court’s analysis also rests on an economically incorrect assumption that interdependence necessarily explains supracompetitive pricing in an oligopoly.”).

The district court observed that Defendants’ actions were “not completely independent but rather interdependent.” Op. 72. Defendants’ FSC formulas were public, and the court noted the attention that Defendants paid to each others’ formulas. Op. 78–94. As the court acknowledged, interdependent competitors always take account of each others’ actions. Op. 36, 38–39.

Interdependent competitors sometimes act in parallel. Op. 39–44. And the district court noted that Defendants sometimes emulated one another’s FSC formulas. Op. 78–79 (CSX emulated BNSF), 82–83 (UP emulated BNSF), 89, 91 (NS emulated CSX). But the district court did not rely on “mere interdependence” to explain why all four Defendants’ began aggressively pursuing FSCs in 2003.

The district court carefully examined the record and concluded that the “detailed evidence of each defendant’s internal debates and analyses as each one considered when and how to change its FSCs demonstrates independent decision-making.” Op. 77 (emphasis added), see id. 139–40. In other words, the court concluded that Defendants’ pursuit of FSCs was a “rational and competitive business strategy unilaterally prompted by common perceptions of the market.” Twombly, 550 U.S. at 554.

C. Plus Factors Do Not Tend to Exclude the Possibility of Independent Action

While appellants mention “plus factors” in passing, Pl. Br. 26, 34, 35, the academic amici focus on them, Acad. Br. 6–8, 14–23. Citing only “plus factors,” the academic amici claim that “more than enough evidence exists for a reasonable juror to infer an agreement.” Acad. Br. 27. As a practical matter, the amici argue that summary judgment in antitrust conspiracy cases is a box-ticking exercise and that Plaintiffs ticked the necessary boxes.

Unlike recent appellate decisions, the academic amici do not analyze “plus factors” in the context of Matsushita and Twombly. The amici do not explain why particular “plus factors” necessarily “show that the inference of conspiracy is reasonable in light of the competing inference[] of independent action.” Matsushita, 475 U.S. at 588.

The academic amici baselessly argue that the district court held that “multiple long-established plus factors are no longer valid.” Acad. Br. 7–8. The notion of “long-established plus-factors” is problematic at the start because “plus factors” are not fixed and invariant. Actions and background facts become “plus factors” when, in a particular context, they “make the inference of rational independent choice less attractive than that of concerted action.” Lum v. Bank of Am., 361 F.3d 217, 230 (3d Cir. 2004).

Citing Twombly, the Ninth Circuit explained that “plus factors are economic actions and outcomes that are largely inconsistent with unilateral conduct but largely consistent with explicitly coordinated action.” In re Musical Instruments & Equip. Antitrust Litig., 798 F.3d 1186, 1194 (9th Cir. 2015); see also In re Publ’n Paper Antitrust Litig., 690 F.3d 51, 62 (2d Cir. 2012) (“Plus factors” are “circumstances” that, “when viewed in conjunction with the parallel conduct, would permit a fact-finder to infer a conspiracy”).

The district court conducted a holistic analysis of the evidence, as the academic amici and AAI advocate. Acad. Br. 25–27, AAI Br. 12. But the court’s holistic analysis, unlike that advocated by the amici, faithfully applied the Matsushita standard. Applying that standard, the court correctly concluded that Plaintiffs’ purported “plus factors” were insufficient.

Rather than treat Plaintiffs’ purported “plus factors” as boxes to be ticked, the district court viewed them in light of Matsushita’s requirement that Plaintiffs “show that the inference of conspiracy is reasonable in light of the competing inference[] of independent action.” Matsushita, 475 U.S. at 588. The academic amici wrongly characterize the district court’s analysis as holding Plaintiffs’ “plus factors” to be “irrelevant.” Acad. Br. 13–14, 17, 19.

The district court correctly concluded that high concentration, high entry barriers, and inelastic demand suggested weak competition but did “not push plaintiffs over the line toward an inference of conspiracy.” Op. 145. The amici wrongly assert that the court held these market characteristics “irrelevant to Sherman Act agreement analysis.” Acad. Br. at 13–16. The district court correctly concluded that a “conspiratorial motive does not move the needle in plaintiffs’ favor” given that Defendants had a “clear rational business motive” to use FSCs aggressively in coping with rising fuel prices. Op. 105. The amici wrongly assert that the district court held a motive to conspire “irrelevant to the agreement inquiry.” Acad. Br. 13, 17–19.

The district court correctly concluded that communications among Defendants “should be accorded little, if any weight” in view of their content and the context in which they occurred. Op. 105. The amici wrongly assert that the district court held the communications “irrelevant to the agreement inquiry.” Acad. Br. 19–24 (capitalization altered).

Another error attributed by the amici to the district court is analyzing “the common-motive evidence in isolation from market-structure evidence.” Acad. Br. 19. But doing so would have been to Plaintiffs’ benefit. High concentration, high entry barriers, and inelastic demand tend to yield weak competition and high profits without collusion (and without “conscious parallelism”), which results in a weak motive to conspire and run the risk of prosecution and payment of treble damages.

The academic amici submit that price-fixing allegations based on parallel conduct should always survive summary judgment if plaintiffs show that market structure is conducive to collusion and that the defendants had motive and opportunity to conspire. Acad. Br. 3, 27–28. This submission is irreconcilable with Matsushita because these boxes can be ticked even if the evidence does not tend to exclude the possibility of independent action.

In a market structure conducive to collusion, competitors “recognize a mutual interdependence of their price-output decisions, and therefore act interdependently.” Joe S. Bain, Industrial Organization 114 (2d ed. 1968); see In re Flat Glass Antitrust Litig., 385 F.3d 350, 359 (3d Cir. 2004). The results can be parallel conduct and diminished competitive vigor, which may be undesirable, but they are not a sufficient basis for inferring conspiracy. See, e.g., Twombly, 550 U.S. at 553–54, Op. 145.

Motive is ubiquitous. The Ninth Circuit observed that: “Any firm that believes that it could increase profits by raising prices has a motive to reach an advance agreement with its competitors.” See Musical Instruments, 798 F.3d at 1194. A motive to conspire exists whenever there is competition, but criminal enforcement and treble damages actions are potent deterrents. The district court was right to conclude that “a mere motive to conspire does not alone tend to exclude the possibility of independent action.” Op. 104.

Competitors legitimately communicate on matters of industry concern. “Atypical communications between alleged coconspirators can constitute a plus factor because such communications provide the opportunity for parties to come to (and enforce) an illicit agreement. But to qualify as a plus factor, such communications must go beyond the ‘standard fare’ of business and trade-association practice.” Honey Bum, 63 F.4th at 823.

After a holistic review of a voluminous record, the district court wrote a thorough 166-page decision. The court properly concluded that Plaintiffs’ “evidence lacks the crucial thrust of a conspiracy claim: facts that tend to exclude the possibility that defendants acted unilaterally and made their decisions independently.” Op. 165–66.

Conclusion

This Court should affirm the district court’s June 24, 2025 grant of summary judgment.

I. Introduction and Overview

The International Center for Law & Economics (ICLE) submits these comments in response to the Federal Communications Commission’s (FCC) public notice on satellite market-access reciprocity (“Public Notice”).[1] ICLE is a nonprofit, nonpartisan research center that applies law & economics methodologies to public policy. Its work aims to ensure that competition policy and regulation rest on sound economic analysis and promote consumer welfare, particularly in dynamic, technology-driven markets such as media and telecommunications.

This submission evaluates current market-access frameworks governing the entry of non-U.S.-licensed space stations into the U.S. market, as well as recent foreign regulatory developments that depart from the American—and historically global—approach. Those departures risk disadvantaging U.S. operators. The existing U.S. framework promotes competition, lowering costs and expanding service offerings for American consumers. It also attracts global capital and technological innovation, which are essential to closing the digital divide by extending high-speed broadband to rural and underserved areas where terrestrial deployment remains cost prohibitive. In addition, this open-market approach has supported reciprocal treatment for U.S. operators abroad, enabling the global expansion of American aerospace leadership and reinforcing U.S. participation in the international telecommunications ecosystem.

Recent shifts in reciprocity—particularly under the EU Space Act—threaten both global competitiveness and consumer access to broadband services. As ICLE has previously argued to the World Trade Organization and the European Union, the EU Space Act operates as a nontariff barrier under WTO principles.[2] In both design and effect, it targets large U.S. constellation operators by imposing compliance burdens that are not proportionate to demonstrated safety or sustainability benefits. Key features—including the size-based “giga-constellation” threshold, dual-track registration process, and extraterritorial inspection provisions—create discriminatory market-access barriers. These measures risk reducing economic welfare in both the United States and the European Union, slowing innovation, and shifting market share toward geopolitical competitors whose strategic interests may diverge from transatlantic priorities. The EU Space Act reflects a broader trend toward increased restrictions on U.S. satellite operators, raising the prospect of emerging space-sector protectionism.

As the FCC evaluates its presumption that granting market access to satellites offering WTO-covered services through member jurisdictions serves the public interest, it should closely examine the discriminatory effects of the EU Space Act and similar foreign measures. The United States should continue to prioritize open access, but the benefits of that policy depend in part on reciprocal treatment abroad. If reciprocity erodes, the value of maintaining unilateral openness correspondingly declines.

II. The U.S. Open-Access Framework: Evolution, Benefits, and Limits of Reciprocity

For nearly three decades, the United States has maintained an open-market framework for satellite services grounded in the WTO Basic Telecommunications Agreement (BTA) and implemented through the FCC’s 1997 DISCO II Order and subsequent rulemakings.[3] Under this framework, foreign-licensed satellite systems may serve the U.S. market with minimal regulatory friction, provided their home jurisdiction is a WTO member. The FCC’s approach rested on the premise that WTO commitments established a sufficient baseline of competitive conditions.[4]

The global landscape in 2026 differs markedly from that of 1997. The rapid expansion of non-geostationary orbit (NGSO) constellations, the rise of technological sovereignty policies—particularly in the European Union—and the persistence of nontariff barriers in major markets such as India and Brazil have weakened the effectiveness of a reciprocity-based open-access model.[5]

Before 1997, foreign satellite entry into the U.S. market was significantly more burdensome. Beginning in 1995, applicants were subject to an “effective competitive opportunities” test, which evaluated whether their home markets imposed de jure barriers, de facto restrictions, or competitive distortions that disadvantaged U.S. firms or conferred advantages on foreign providers.[6] This framework placed the burden on applicants to demonstrate that their domestic markets were sufficiently open.

The shift to open access has delivered substantial consumer benefits. Lower entry barriers for firms such as SES, Eutelsat, and Telesat have increased choice, encouraged product differentiation, and intensified price competition. These dynamics have improved both the quality and affordability of broadband services. Satellite connectivity has played a critical role in narrowing the digital divide by extending service to rural and underserved areas where terrestrial infrastructure remains impractical.[7]

Satellite services also support specialized and high-demand use cases. Eutelsat’s OneWeb constellation provides backhaul capacity that enables broadband providers to serve areas where fiber deployment is infeasible. SES delivers high-speed connectivity to the cruise industry, where vessels function as mobile cities with thousands of connected devices.[8] Without satellite infrastructure, these services would be significantly degraded, limiting connectivity in otherwise inaccessible environments. As more international operators deploy low-Earth-orbit (LEO) constellations, these benefits will continue to expand.

In addition, satellite systems provide resilient communications infrastructure during natural disasters.[9] When hurricanes, earthquakes, or wildfires disable terrestrial networks, satellite systems often remain operational. An open-access policy ensures that the United States can leverage the full range of available satellite capacity during emergencies while supporting international disaster-response efforts.

Open access also drives innovation, with spillover effects in adjacent markets. This is particularly evident in emerging direct-to-device services. T-Mobile’s partnership with Starlink enables satellite connectivity for standard LTE and 5G smartphones, expanding coverage without requiring new hardware.[10] As terrestrial providers explore similar offerings, they may turn to international satellite operators that offer lower-cost or higher-quality solutions. Increased competition in this space will reduce prices, improve service quality, and accelerate technological development across both satellite and terrestrial networks.

The central benefit of the BTA framework, however, is the reciprocity it creates. By granting market access to foreign operators on reciprocal terms, the United States enables firms such as SpaceX, Amazon, and Globalstar to expand internationally. Access to larger global markets allows firms to spread high fixed costs across a broader customer base, reducing per-user prices and supporting continued investment in deployment and research. Maintaining global leadership is particularly important as LEO technologies advance. U.S. firms currently account for approximately 78% of the commercial space economy,[11] while North America holds roughly 57.5% of the global satellite-internet market.[12]

Reciprocity also provides leverage. If a foreign jurisdiction restricts access for U.S. operators, the United States can respond by revisiting that country’s access to the U.S. market—the world’s most valuable satellite market. This dynamic reinforces incentives for openness and deters protectionist policies.

Finally, the U.S. approach exports regulatory standards. Foreign operators seeking access to the U.S. market must comply with FCC requirements governing orbital-debris mitigation, interference protection, and operational safety.[13] Once firms design systems to meet these standards, they often apply them globally. In this way, U.S. policy shapes international norms and promotes safe, reliable space operations.

III. The Erosion of Reciprocity in Global Satellite Markets

Despite the benefits of an open-access model, many jurisdictions have shifted toward space-sector protectionism, imposing barriers on U.S. firms while favoring domestic operators. The EU Space Act represents the most prominent example, but other countries—including Canada, Brazil, Japan, India, and China—also maintain restrictions that limit market access. These measures vary in design but collectively undermine reciprocity and reduce competitive entry.

A. The EU Space Act Undermines Reciprocity and Competition

While barriers to entry persist globally, the proposed EU Space Act presents a direct challenge to reciprocity. Its structure both targets U.S. operators and imposes discriminatory burdens that operate as a nontariff barrier.

1. The EU Space Act discriminates against U.S. operators

The EU Space Act introduces a “giga-constellation” category defined as satellite systems with more than 1,000 operational satellites.[14] This threshold does not reflect any evidence-based assessment of orbital risk or debris mitigation. Instead, it appears calibrated to capture large U.S. operators while Orbital risk depends on factors such as operating altitude, satellite design, and debris-mitigation practices—not simply the number of satellites in a constellation. By relying on size alone, the Act uses an arbitrary proxy that functions as a protectionist constraint on American firms.

The practical effect is clear. The EU’s IRIS² constellation is expected to include roughly 264 satellites, well below the threshold.[15] By contrast, U.S. operators dominate the “giga-constellation” category. SpaceX’s Starlink operates more than 10,000 satellites,[16] and Amazon’s planned low-Earth-orbit (LEO) system will include more than 3,000,[17] even if only a portion are currently active.[18] The threshold therefore captures U.S. firms almost exclusively.

For these systems, the Act imposes prescriptive, hard-coded requirements. Operators must, for example, carry additional propellant for maneuvering and end-of-life disposal. Yet fuel requirements depend on altitude, mass, and system design—not fleet size.[19] The rule thus imposes costs untethered to actual safety considerations.

The Act also creates procedural barriers that further disadvantage non-EU operators. It establishes a dual-track registration process. EU-based firms apply through member-state authorities under harmonized national procedures.[20] Non-EU operators must first undergo review by a Compliance Board within the European Union Agency for the Space Programme (EUSPA), followed by a final decision from the European Commission.[21]

This structure is not neutral. EUSPA is expected to oversee EU satellite programs that will compete directly with U.S. operators.[22] The Act therefore places a market participant in a gatekeeping role over its competitors.[23] This arrangement creates delays, increases administrative burdens, and introduces a clear risk of discriminatory outcomes.

The Act further authorizes extraterritorial inspection requirements as a condition of market access.[24] The European Commission may request inspections of non-EU operators’ facilities located outside the Union. These provisions can conflict directly with U.S. export-control laws, including the International Traffic in Arms Regulations (ITAR), which restrict access to sensitive technical data and controlled facilities.[25] Even if nominally voluntary, these inspection powers create coercive pressure. Denial of inspection access could serve as a basis for withholding authorization, effectively forcing firms to choose between violating U.S. law, and exiting the EU market. In practice, this operates as a poison-pill condition that may render compliance impossible.

Finally, the Act defers key technical requirements to future Implementing Acts (IAs).[26] Critical obligations—including debris-mitigation standards, reflectivity limits, and operational protocols—remain undefined and may not be finalized until shortly before implementation. This approach deprives non-EU operators of regulatory certainty and allows for the selective imposition of burdens aligned with evolving EU industrial-policy objectives rather than neutral safety concerns.

2. The EU Space Act functions as a nontariff barrier

The EU Space Act operates as a nontariff barrier that raises costs, distorts resource allocation, and reduces consumer choice. Compliance burdens imposed on non-EU operators will likely translate into higher prices, delayed deployment, or reduced service availability. These effects reduce output and leave mutually beneficial transactions unrealized.

By deterring or excluding large foreign providers, the Act limits the range of services available to EU consumers and governments. It weakens competition on price, quality, and coverage. At the same time, it shields less-efficient EU operators from competitive pressure, allowing capital, talent, and spectrum to remain in lower-value uses. These distortions mirror the well-documented inefficiencies associated with protectionist regulatory regimes.

The dynamic effects are likely to be more significant. Satellite markets are innovation-driven and capital-intensive. Regulatory design directly shapes investment incentives. By deferring key requirements to IAs that may not be issued until 2028 or 2029, the Act introduces substantial regulatory uncertainty into multi-year investment decisions.

Firms undertake satellite deployment based on expected returns. As regulatory risk increases, expected returns decline. Under standard real-options theory, firms will delay or scale back irreversible investments until regulatory obligations become clear.[27] This slows the deployment of new capacity and delays technological advancement.

The Act also departs from established global norms on debris mitigation and operational safety. Rather than reinforcing convergence on best practices, it risks creating a parallel regulatory regime. This fragmentation reduces interoperability, increases compliance costs, and limits the diffusion of innovation across jurisdictions.

B. Other Jurisdictions Impose Barriers to Market Entry

The EU Space Act has drawn significant attention due to its impact on a major market. Other WTO jurisdictions also impose barriers that restrict U.S. firms’ ability to enter and compete, including coordination requirements, ownership limits, and discretionary approval processes. While these measures vary in form, they produce similar effects: delayed entry, higher costs, and reduced competitive pressure.

1. Canada

Canada generally adheres to WTO BTA commitments but imposes several requirements that constrain foreign operators. Most notably, Innovation, Science and Economic Development Canada (ISED) requires new entrants to coordinate with existing Canadian systems before commencing operations.[28] While framed as a measure to prevent harmful interference, this requirement gives incumbents effective veto power. Existing operators can refuse to coordinate or adopt technical positions that delay deployment.

ISED policy RP-008 also requires satellite networks operating in the Canadian arc to provide specified coverage for Canadian territory. Operators must reserve up to 50% of capacity for Canadian users for at least six months after license issuance.[29] This obligation limits the ability of global operators to allocate capacity efficiently across markets. For non-geostationary systems, ISED further requires that primary control facilities and network operations centers be located in Canada, along with a 24/7 domestic point of contact.[30]

2. Brazil

Brazil imposes both structural and procedural constraints on foreign operators. Only Brazilian-owned entities may hold exclusive rights to operate satellites from specific orbital positions. Foreign operators are limited to non-exclusive landing rights granted for fixed terms.[31]

Brazil also requires pre-entry coordination with incumbent operators to mitigate interference.[32] Although ANATEL mandates good-faith negotiation, the burden falls on the entrant to reach agreement.[33] This creates opportunities for delay or obstruction by incumbents.

Additional requirements increase costs for foreign firms. Landing fees for foreign operators tend to exceed those applied to domestic providers. Operators must also conduct all regulatory interactions in Portuguese and retain a local legal representative. These frictions compound entry costs.

Recent policy developments further weaken reciprocity. A 2025 Brazilian law authorizes the executive branch to impose countermeasures, including restrictions on services, investment, and intellectual-property obligations.[34] This authority introduces additional uncertainty for foreign firms and signals a shift away from open-market commitments.

3. Japan

Japan similarly requires pre-coordination with incumbent operators. Under Article 6 of the Radio Act, applicants must demonstrate that they have reached agreements to prevent harmful interference with existing systems.[35] This includes coordination with both satellite and terrestrial licensees.

Because the Ministry of Internal Affairs and Communications (MIC) may withhold licenses until such agreements are secured, incumbents effectively hold a de facto veto over entry. This requirement can delay or block new competition, particularly where negotiations become protracted.

4. India

India has taken steps toward liberalization through the Indian Space Policy 2023 and recent foreign-direct-investment (FDI) reforms.[36] Nonetheless, several restrictions remain.

While reforms permit up to 100% foreign investment in the space sector, automatic approval is limited. Investments in satellite manufacturing and operations qualify for automatic approval only up to 74%, while investments in launch vehicles and spaceports are capped at 49%.[37] Investments exceeding these thresholds require government approval, introducing additional uncertainty and delay.

5. China

China remains the most restrictive major jurisdiction for foreign satellite operators. Market access is not governed by reciprocal WTO-style commitments but instead requires case-by-case approval.

China’s “Negative List” mandates majority Chinese ownership for “basic telecommunications services,” a category that includes certain satellite-based communications.[38] Foreign ownership of “value-added” services is generally capped at 50%, although limited pilot programs in select Free Trade Zones allow higher foreign participation.[39] These programs remain experimental and subject to extensive regulatory oversight.

Recent regulations further restrict access. The 2025 “Regulations on the Administration of Direct Satellite Services for Terminal Devices” require that all satellite services used within China rely on systems authorized by the government.[40] This framework effectively prevents Chinese consumers from accessing foreign constellations such as Starlink and reinforces the country’s broader policy of technological self-reliance.

IV. Preserving Open Access While Addressing Eroding Reciprocity

The FCC should continue to prioritize an open-access framework. That framework, however, depends on reciprocal market access for U.S. firms. As discussed above, multiple jurisdictions have moved away from a presumption of entry or imposed conditions that disadvantage American operators. These shifts threaten the core benefits of the current approach.

Open access enables U.S. firms to expand internationally and export American regulatory standards. This dynamic strengthens U.S. leadership on key issues such as interference management and orbital-debris mitigation. It also reinforces the role of U.S. policy in shaping global best practices. When other jurisdictions fail to reciprocate, these benefits erode.

Adopting a reciprocal-opportunities test would come with significant costs. It would reintroduce barriers to entry, reduce competition, and ultimately harm American consumers. At the same time, some form of conditionality may be necessary to preserve leverage in international negotiations. The FCC should therefore consider targeted, carefully calibrated responses that encourage reciprocity without abandoning the advantages of an open-access regime.

V. Conclusion

The FCC’s longstanding presumption of open access for foreign satellite operators has delivered substantial benefits. It has promoted competition, lowered costs, and expanded service offerings for American consumers. It has also helped establish U.S. leadership in the global space economy, where much of the world’s innovation and deployment now occurs. By maintaining an open-access framework, the FCC has encouraged reciprocal market access abroad and facilitated the global adoption of U.S. regulatory standards, particularly in areas such as interference management and orbital-debris mitigation.

These benefits, however, depend on reciprocity. As discussed above, several jurisdictions have moved away from open-access principles. The EU Space Act represents the most significant example, imposing targeted and discriminatory burdens on U.S. operators that function as a nontariff barrier. Other WTO members likewise maintain barriers—including pre-coordination requirements, ownership restrictions, and discretionary approval processes—that delay or deter entry by American firms. These measures reduce competition, increase costs, and limit the efficient allocation of resources in global satellite markets.

The erosion of reciprocity weakens the foundation of the current framework. Open access enables U.S. firms to scale globally, spread high fixed costs, and reinvest in innovation. It also allows the United States to shape international norms and ensure safe, reliable space operations. When foreign jurisdictions restrict access, these advantages diminish, and the risk of space-sector protectionism increases.

The FCC should continue to prioritize open access and competition by minimizing barriers to deployment, regardless of a firm’s nationality. At the same time, it should recognize that open access is not self-sustaining in the absence of reciprocal treatment. To preserve the benefits of the current system, the FCC should consider targeted and proportionate measures that reinforce incentives for reciprocity, while avoiding the consumer harms associated with broad restrictions on entry.

[1] Space Bureau & Office of International Affairs Seek Comment on Satellite Market Access Reciprocity, Public Notice, GN Docket No. 26-48 (Mar. 2, 2026), https://docs.fcc.gov/public/attachments/DA-26-208A1.pdf (“Public Notice”).

[2] Comments of the Int’l Ctr. for L. & Econ., Dep’t of Com. & Dep’t of State Consultation on the EU Space Act (Aug. 13, 2025), https://laweconcenter.org/wp-content/uploads/2025/08/EU-Space-Act-Comments.pdf; see also Comments of the Int’l Ctr. for L. & Econ., Proposal for Regulation of the European Parliament and of the Council on the Safety, Resilience and Sustainability of Space Activities in the Union, COM(2025) 335 (Nov. 7, 2025), https://laweconcenter.org/wp-content/uploads/2025/11/EU-Space-Act-Comments-to-EC.pdf.

[3] Amendment of the Commission’s Regulatory Policies to Allow Non-U.S. Licensed Satellites Providing Domestic and International Service in the United States, Report and Order, IB Docket No. 96-111, 12 FCC Rcd 24,094 (1997), https://docs.fcc.gov/public/attachments/FCC-99-325A1.pdf (“DISCO II Order”); Amendment of the Commission’s Regulatory Policies to Allow Non-U.S. Licensed Space Stations to Provide Domestic and International Satellite Service in the United States, Order, IB Docket No. 96-111, 15 FCC Rcd 7,207 (1999), https://docs.fcc.gov/public/attachments/FCC-99-325A1.pdf (“DISCO II First Reconsideration Order”).

[4] See DISCO II Order & DISCO II First Reconsideration Order, supra note 3.

[5] Public Notice, supra note 1, at 2–4.

[6] Reform of Rules and Policies on Foreign Carrier Entry into the U.S. Telecommunications Market, Report and Order, IB Docket No. 12-299 ¶ 2 (Apr. 22, 2014), https://docs.fcc.gov/public/attachments/FCC-14-48A1.pdf.

[7] Cellular Backhaul via Satellite, Eutelsat (last visited Mar. 23, 2026), https://www.eutelsat.com/satellite-network/oneweb-leo-constellation.

[8] The Connected Cruise, SES Networks Solution Brief (Feb. 2020), https://www.ses.com/sites/default/files/2020-02/Maritime_Solution_Brief_The-Connected-Cruise.pdf.

[9] How Satellites Play a Role in Disaster Relief, Viasat (Aug. 31, 2023), https://www.viasat.com/perspectives/corporate/2023/how-satellites-play-a-role-in-disaster-relief.

[10] Monica Alleven, Here’s the Skinny on T-Mobile’s Latest Satellite-Powered Offer, Fierce Network (Nov. 5, 2025), https://www.fierce-network.com/wireless/heres-skinny-t-mobiles-latest-t-satellite-offer.

[11] Space Foundation, The Space Report 2025 Q2 Highlights Record $613 Billion Global Space Economy for 2024, Driven by Strong Commercial Sector Growth, Press Release (July 22, 2025), https://www.spacefoundation.org/2025/07/22/the-space-report-2025-q2.

[12] Satellite Internet Market Size, Share & Industry Analysis, Fortune Bus. Insights (last visited Mar. 30, 2026), https://www.fortunebusinessinsights.com/satellite-internet-market-109242.

[13] A level playing field requires the FCC to treat all systems alike. The agency has not always done so. If the FCC aims to make U.S. standards the global norm, it should continue its space-modernization efforts to ensure parity among operators. See Space Modernization for the 21st Century, Notice of Proposed Rulemaking, SB Docket No. 25-306 (Oct. 28, 2025), https://docs.fcc.gov/public/attachments/FCC-25-69A1.pdf.

[14] Proposal for a Regulation of the European Parliament and of the Council on the Safety, Resilience and Sustainability of Space Activities in the Union, 2025/0335 (COD) (June 25, 2025), art. 5 (“EU Space Act”).

[15] Jean-Pierre Diris, IRIS2: Everything You Need to Know About This New European Constellation, Polytechnique Insights (Mar. 11, 2025), https://www.polytechnique-insights.com/en/columns/industry/iris2-everything-you-need-to-know-about-this-neweuropean-constellation.

[16] Tereza Pultarova, Starlink Satellites: Facts, Tracking and Impact on Astronomy, Space.com (Aug. 1, 2025), https://www.space.com/spacex-starlink-satellites.html; Jonathan O’Callaghan, SpaceX Now Has More Than 10,000 Starlink Satellites in Orbit, Scientific American (Mar. 17, 2026), https://www.scientificamerican.com/article/spacex-reaches-milestone-of-10-000-starlink-satellites-in-orbit.

[17] Clara Easterday, Amazon Sets April 9 Launch Date for First Operational Kuiper Satellites, Broadband Breakfast (Apr. 3, 2025), https://broadbandbreakfast.com/amazon-sets-april-9-launch-date-for-first-operational-kuiper-satellites.

[18] Kuiper, SatelliteMap.space (last visited Mar. 30, 2026), https://satellitemap.space/constellation/kuiper.

[19] Comments of the Info. Tech. & Innovation Found., Stakeholder Feedback on the EU Space Act, Off. of Space Com. at 2 (Aug. 4, 2025), https://www2.itif.org/2025-comments-eu-space-act.pdf.

[20] EU Space Act, supra note 14, arts. 6, 7, & 9.

[21] Id. at art. 17.

[22] See IRIS²: The New EU Secure Satellite Constellation, Eur. Comm’n Def. Indus. & Space (last visited Aug. 12, 2025), https://defenceindustry-space.ec.europa.eu/eu-space/iris2-secure-connectivity_en.

[23] For an analogous regulatory structure and its attendant problems, see, e.g., Julian Morris, Central Banks and Real-Time Payments: Lessons from Brazil’s Pix, Int’l Ctr. for L. & Econ. (2022), https://laweconcenter.org/resources/central-banks-and-realtime-payments-lessons-from-brazils-pix (explaining that Brazil’s state-owned real-time payment system both competes with and regulates private firms, creating conflicts of interest).

[24] EU Space Act, supra note 14, arts. 48(4) & 52.

[25] See, e.g., 22 C.F.R. pts. 120(10), 121 cat. IV(h)(3), 124.1, 127.1.

[26] EU Space Act, supra note 14, ch. IV(5).

[27] Scott R. Baker, Nicholas Bloom & Steven J. Davis, Measuring Economic Policy Uncertainty (Nat’l Bureau of Econ. Rsch., Working Paper No. 21633, Oct. 2015), https://www.policyuncertainty.com/media/BakerBloomDavis.pdf (finding that policy uncertainty increases stock-price volatility and reduces investment and employment in policy-sensitive sectors).

[28] Policy Framework for Fixed Satellite Service (FSS) and Broadcasting Satellite Service, RP-008 ¶ 3.2.4 (June 2017), https://publications.gc.ca/collections/collection_2023/isde-ised/iu64/Iu64-138-2017-eng.pdf.

[29] Innovation, Sci. & Econ. Dev. Can., RP-008, Policy Framework for Fixed-Satellite Service (FSS) and Broadcasting-Satellite Service (BSS) § 3.2.3 (June 2017) (Can.), https://ised-isde.canada.ca/site/spectrum-management-telecommunications/en/spectrum-allocation/policies/radio-systems-policies-rp/rp-008-policy-framework-fixed-satellite-service-fss-and-broadcasting-satellite-service-bss.

[30] Id.

[31] Satellite Exploitation—Recent Developments, Azevedo Sette Advogados (Mar. 2022), https://www.azevedosette.com.br/news/en/satellite-exploitation-recent-developments/6540.

[32] Process for Granting Satellite Landing Rights, Agência Nacional de Telecomunicações (Anatel), https://www.gov.br/anatel/pt-br/regulado/satellite/process-for-granting-satellite-landing-rights.

[33] Tarcísio Aurélio Bakaus, Brazilian Regulations: Use of Orbit and Space Sustainability, Anatel (May 2025), https://www.unoosa.org/documents/pdf/copuos/lsc/2025/Technical_Presentations/Wednesday7May/4_-_Brazil_1-20250425-64LSC-UNOOSA-Brazils-Law-_no_UNOOSA_logo.pdf.

[34] Brazilian Economic Reciprocity Law Is Published to Safeguard Brazilian Interests Against Unilateral Measures Adopted by Other Countries or Economic Blocs, Baker McKenzie (Apr. 22, 2025), https://sanctionsnews.bakermckenzie.com/brazilian-economic-reciprocity-law-is-published-to-safeguard-brazilian-interests-against-unilateral-measures-adopted-by-other-countries-or-economic-blocs; see also Lei No. 15.122, de 11 de abril de 2025, Diário Oficial da União [D.O.U.] de 14.04.2025 (Braz.), https://www.in.gov.br/en/web/dou/-/lei-n-15.122-de-11-de-abril-de-2025-623734149.

[35] Denpaho [Radio Act], Law No. 131 of 1950, art. 6, § 1(ix) (Japan), https://www.tele.soumu.go.jp/e/adm/proc/manual/index.htm.

[36] Foreign Direct Investment in Space Sector, KPMG (Mar. 2024), https://assets.kpmg.com/content/dam/kpmgsites/in/pdf/2024/03/foreign-direct-investment-in-indian-space-sector.pdf.

[37] Press Info. Bureau, Gov’t of India, Cabinet Approves Amendment in the Foreign Direct Investment (FDI) Policy on Space Sector, Release ID No. 2007865 (Feb. 21, 2024), https://www.pib.gov.in/PressReleasePage.aspx?PRID=2007865.

[38] Special Administrative Measures (Negative List) for Foreign Investment Access (2024 Edition) (promulgated by the Nat’l Dev. & Reform Comm’n & Ministry of Com., Sept. 8, 2024, effective Nov. 1, 2024), art. 6, § 11 (China).

[39] China Launches Pilot Program Allowing 100% Foreign Ownership in Telecom and Data Centers, BRICS+ New Economy & Legal Infrastructure Center (Oct. 30, 2024), https://neweconomy.expert/news/255901.

[40] China Calls for Realtime Censorship of Broadband, The Register (Sept. 30, 2024), https://www.theregister.com/2024/09/30/china_satellite_censorship; see also Guanyu Weixing Zhilian Zhongduan Dianxin Yewu Guanli de Zhanxing Guiding (???????????????????) [Interim Provisions on the Administration of Satellite Direct-to-Device Telecommunications Services] (promulgated by the Ministry of Indus. & Info. Tech., Sept. 14, 2024) (China).

Executive Summary

The International Center for Law & Economics (‘ICLE’) respectfully submits these comments in response to the Department for Business and Trade’s consultation on Refining Our Competition Regime.[1] ICLE is a nonprofit, nonpartisan research centre that promotes rigorous economic analysis in public-policy debates.

ICLE welcomes the Government’s commitment to economic growth and its recognition that pace, predictability, proportionality, and process—the CMA’s ‘4Ps’ framework[2]—are essential to maintaining the United Kingdom as an attractive jurisdiction for investment and innovation. Several proposals in the consultation reflect sound, evidence-based policymaking. Others, particularly the most far-reaching structural reforms, risk undermining those same objectives.

A central concern is that the consultation adopts, and in some cases generalises, institutional features drawn from the Digital Markets, Competition and Consumers Act 2024 (DMCC Act). That regime is recent, narrowly targeted, and largely untested in practice. Extending its most intrusive features across the full scope of competition and consumer enforcement risks importing uncertainty into areas where predictability is critical. Reform should proceed incrementally, not by transplanting a sector-specific regulatory model to the wider economy.

Measured against the Government’s own ‘4Ps’ framework, the Strategic Steer’s emphasis on independence and proportionality,[3] and established law & economics principles—including the error-cost framework and the consumer-welfare standard—ICLE’s principal concerns and recommendations are as follows:

• The proposed abolition of the CMA’s independent panel for Phase 2 merger and market investigations should not proceed without the simultaneous introduction of merits-based appellate review at the Competition Appeal Tribunal. The panel provides a quasi-judicial ‘fresh pair of eyes’ and underpins the current judicial-review standard. Removing it without compensating safeguards would concentrate investigative, prosecutorial, and adjudicative authority within a single institution, increasing the risk of confirmation bias and weakening procedural fairness.
• Extending algorithmic investigation powers from the DMCC Act’s Strategic Market Status regime to general competition enforcement would be internationally unprecedented and disproportionate to demonstrated need. It would subject firms across the economy to quasi-regulatory oversight designed for a narrow, ex ante framework, raise serious trade-secret and confidentiality risks, and impose burdens that may deter innovation and investment.
• The statutory codification of sunset clauses for market remedies is welcome and should be strengthened. A risk-based review cadence, clearer petition mechanisms with defined evidentiary standards and binding response timelines, and consistent transparency requirements would ensure that remedies remain proportionate as markets evolve.
• Expanding concurrency by allowing sector regulators to oversee CMA-imposed remedies would risk duplicative oversight, fragmented accountability, and higher compliance costs. The CMA should remain the single lead authority for remedy oversight, with sector regulators contributing expertise through a consultative model.
• More broadly, reforms should preserve clear institutional boundaries and accountability. Concentrating decision-making authority, expanding investigatory reach, and fragmenting oversight across multiple regulators would collectively reduce predictability and increase enforcement error.
• All reforms should be guided by the error-cost framework. Because false positives in competition enforcement are generally more costly and less self-correcting than false negatives—particularly in innovation-intensive markets—expanding CMA powers requires stronger evidentiary standards, more robust appellate review, and effective sunset mechanisms.

In sum, the Government’s ambition to create a ‘best-in-class’ competition regime calls for a selective and disciplined approach. Targeted procedural improvements should be prioritised. Reforms that expand powers without commensurate safeguards risk increasing uncertainty, deterring investment, and undermining the pro-growth objectives at the centre of the Government’s agenda.

I. Political Reorientation of UK Competition Policy

The consultation follows an 18-month period of unusually direct political intervention in UK competition policy. The Labour government, elected in July 2024, made economic growth its ‘number one mission’.[4] Prime Minister Keir Starmer compared UK regulation to ‘Japanese knotweed’, while Chancellor Rachel Reeves told regulators in January 2025 that ‘every regulator, no matter what sector, has a part to play by tearing down the regulatory barriers that hold back growth’.[5]

The CMA quickly became the focal point of this dissatisfaction. Its April 2023 decision to block the $68.7 billion Microsoft/Activision Blizzard merger—later reversed after restructuring—came to symbolise a regime seen as prioritising jurisdictional reach over growth and investment confidence. On 21 January 2025, Business Secretary Jonathan Reynolds removed CMA Chair Marcus Bokkerink. In his farewell remarks, Bokkerink warned that ‘investors put a price on the risk of political intervention, unpredictability and inconsistency’.[6] Reynolds replaced him with Doug Gurr, former head of Amazon UK, and made clear that the Government expected regulators to ‘supercharg[e] the economy’.[7]

The Strategic Steer to the CMA, published 15 May 2025, places economic growth at the centre of the authority’s mandate. It directs the CMA to prioritise pro-growth, pro-investment interventions, focus on harms with a ‘clear and direct UK impact’, support eight Industrial Strategy growth sectors, and consider whether other jurisdictions could address UK concerns through parallel enforcement.[8] The CMA operationalised this shift through its ‘4Ps’ framework—Pace, Predictability, Proportionality, and Process—introduced in late 2024 and formalised in February 2025.[9]

Institutional changes followed quickly. By March 2025, the CMA had issued a Mergers Charter, launched a merger-remedies review, and adopted new Phase 1 performance targets, including a 40-working-day pre-notification period and 25-working-day clearance for straightforward cases.[10] In October 2025, the Government reinforced this direction by introducing a stronger statutory growth duty and a public accountability dashboard.[11] The CMA conducted no Phase 2 merger investigations in the year preceding the consultation—a striking indication of the behavioural shift already underway.

Against this backdrop, a central concern in these comments is that several of the consultation’s most consequential proposals draw heavily on the Digital Markets, Competition and Consumers Act 2024 (DMCC Act). The DMCC’s digital-markets regime remains largely untested. It has operated for barely a year and applies to only a small number of cases. Extending this framework across the CMA’s broader competition and consumer functions risks importing uncertainty into areas where predictability remains essential.

That risk sits uneasily with the Strategic Steer itself, which instructs the CMA to apply the DMCC regime ‘flexibly, proportionately and collaboratively’. Expanding its most intrusive features before they have been tested in their original context is unlikely to advance those objectives. It instead risks compounding the very concerns about proportionality and predictability that the steer seeks to address.

The Government’s consultation recognises that the reforms aim to improve ‘the pace, predictability, proportionality, and process of engagement through refinements to the legislative framework for competition’.[12] Several proposals move in the opposite direction. In particular, the single-phase market review tool, the expansion of algorithmic investigation powers, and the removal of the independent panel without adequate safeguards would reduce predictability and weaken proportionality. These changes would undercut, rather than support, the Government’s stated objectives.

II. Abolition of the Panel System and Its Implication

The Government’s proposal to abolish the panel-led Inquiry Group system and replace it with Board-appointed sub-committees marks the most consequential structural reform in the consultation. It is also unlikely to advance the Government’s stated objectives.

The panel system has deep institutional roots. It traces back to the Monopolies and Restrictive Practices Commission established under the Monopolies and Restrictive Practices (Inquiries and Control) Act 1948. The CMA retained this model to ensure independent, quasi-judicial decision-making in complex competition cases. Inquiry Groups, drawn from a panel of approximately 30 members appointed by the Secretary of State, bring ‘fresh eyes’ to each case.[13] They operate under a chair appointed by the CMA Chair with Board consent, and they function as an independent decision-making body within the CMA’s broader institutional framework.

The proposal would dismantle this structure. Decisions currently reserved to Inquiry Groups would shift to the CMA Board, to new Board-level committees (including a Merger Board Committee and a Markets Board Committee), or to sub-committees appointed by those bodies.[14] The Board could also delegate certain decisions to case teams, subject to internal governance procedures.[15]

The Government justifies this shift on grounds of accountability, predictability, and consistency. The CMA Board answers to Parliament, while panel members do not. At present, the Chair, CEO, and Board remain accountable for outcomes in which they cannot participate directly. The Government argues that a Board-led model would resolve this perceived mismatch and produce more consistent decision-making.[16]

That argument is unconvincing. The current framework does not create a meaningful accountability gap.[17] The Board already plays a central role in Phase 2 processes. It initiates and oversees market studies, makes market investigation references, and issues advisory steers that Inquiry Groups must consider. The Board therefore shapes the direction and scope of investigations, even if it does not take final decisions. That division is deliberate. It preserves a structural separation between oversight and adjudication.

This separation reflects a conscious legislative choice, not an institutional flaw. Parliament designed the system to insulate case-specific decisions from a Board that is itself subject to government direction. The accountability at issue is systemic, not case-specific. Parliament holds the Board accountable for the CMA’s overall performance, not for the merits of individual decisions.

The Government’s argument also overlooks a key feature of the current system: Panel members are appointed by the Secretary of State.[18] The accountability chain therefore remains intact. It runs directly through the minister responsible for those appointments, who is accountable to Parliament for both the selection and oversight of panel members. The Secretary of State may remove members for incapacity, misbehaviour, or failure to perform their duties. This is the standard constitutional mechanism for ensuring democratic accountability in arm’s-length bodies, while preserving independence in individual decisions. The proposal fails to recognise that distinction.

Abolishing the independent panel without adequate safeguards raises three further concerns. First, consolidating investigative, prosecutorial, and adjudicative functions within a single institutional structure heightens the risk of confirmation bias. Second, the consultation does not address the applicable standard of appeal, despite the fact that the panel’s quasi-judicial character underpins the current deferential judicial-review standard. Third, if the Government proceeds with consolidation, it must adopt minimum structural safeguards. These should include, at a minimum, a shift to merits-based appellate review to preserve the legitimacy and predictability of the regime.

A. Concentration of Decision-Making and Confirmation Bias

The central concern is that abolishing the panel without compensating safeguards would concentrate unprecedented decision-making power in the CMA executive. The reform would strip the CMA of its defining structural feature and align it more closely with models such as the European Commission or the U.S. Federal Trade Commission. The result could be an authority that acts, in effect, as ‘judge, jury and executioner’.[19]

This consolidation heightens the risk that early analytical assumptions shape final outcomes. As commentators have observed, the proposed structure ‘risks entrenching early analytical assumptions, as a smaller group of senior officials may carry forward initial positions into final decisions’.[20] It also creates ‘a risk of CMA decision-making being more susceptible to Government pressure’ and ‘more prone to lobbying efforts and, in the long run, less predictable’.[21]

The problem is structural. When a single institution initiates an investigation, formulates a theory of harm, gathers evidence, and then adjudicates, the risk of confirmation bias increases sharply. The panel system mitigates that risk by introducing a genuinely independent, de novo layer of review. Inquiry Groups reassess both facts and theory with ‘fresh eyes’, providing a check on institutional tunnel vision.

Removing that safeguard would weaken the integrity of Phase 2 investigations. Without an independent decision-maker, Phase 2 risks becoming a procedural validation of Phase 1 conclusions, rather than a genuinely independent assessment.

B. The Standard of Appeal and Loss of Safeguards

The consultation is notably silent on the applicable standard of appeal. That omission is significant. The judicial-review standard under section 120 of the Enterprise Act rests, in part, on the quasi-judicial character of the independent panel.[22] Removing the panel removes that justification. The Government should not eliminate the structural safeguard that supports a deferential appellate standard while leaving that standard unchanged.

The Court of Appeal’s judgment in Cérélia/Jus-Rol underscores the limits of the current framework. The Competition Appeal Tribunal (CAT) must apply judicial review, even as a specialist tribunal. It may exercise a ‘high degree of scrutiny’ over CMA factual findings,[23] but it cannot substitute its own judgment on the merits. Its role remains confined to assessing rationality.

Comparative practice highlights the gap this creates. In the European Union, the General Court reviews Commission decisions for manifest errors of assessment and exercises unlimited jurisdiction over fines. The Court of Justice confirmed in CK Telecoms that the Commission must satisfy a ‘more likely than not’ standard of proof.[24] In the United States, the Department of Justice litigates before federal courts that apply de novo review. The Federal Trade Commission conducts administrative proceedings subject to ‘substantial evidence’ review. The Supreme Court’s decision in Loper Bright—overturning Chevron deference—has further strengthened judicial scrutiny of agency action.[25]

International guidance points in the same direction. The OECD’s 2021 Recommendation on Transparency and Procedural Fairness calls for access to an impartial, independent adjudicative body, with review that encompasses facts, evidence, and the grounds of decisions.[26]

A regime that concentrates investigative, prosecutorial, and adjudicative functions within a single institution, while limiting appeals to judicial review, would fall below the standard maintained in comparable jurisdictions.

C. Minimum Safeguards and the Need for Merits-Based Review

If the Government proceeds with replacing the panel system, it should adopt a minimum set of structural safeguards. These should include transparent, objective criteria for appointing members to any expert pool, combined with sufficient security of tenure to insulate them from executive pressure. Cooling-off periods should prevent recent CMA staff from joining the pool. A public conflicts register, with clear recusal triggers, should be mandatory. Crucially, a two-stage separation principle must preserve genuine independence between the Phase 1 case team and the Phase 2 decision-making body, with no overlap in personnel.

These measures address form, not substance. The more fundamental requirement is to reform the CAT’s appellate mandate. A shift from judicial review to a comprehensive merits-based standard is essential. Without it, the proposed institutional changes would lack an adequate external check.

Consolidating decision-making authority within a single body increases, rather than reduces, the need for independent review. Where internal safeguards weaken, external scrutiny must strengthen. A reform that concentrates adjudicative authority without enhancing appellate oversight remains incomplete.

III. Sunset Clauses and Time-Limited Remedies

The consultation proposes placing the CMA’s existing sunset-clause policy on a statutory footing. It would require the CMA to consider sunset clauses in all market remedies and mandate review at least once every 10 years.[27] Where the CMA declines to include a sunset clause, it must publish its reasoning.[28] This approach aligns with the Government’s pro-growth agenda. It limits legacy compliance burdens and helps ensure that remedies do not persist after market conditions change.

The economic rationale for time-limiting remedies is straightforward. Remedies impose costs: compliance costs for firms, monitoring costs for agencies, and constraints on pro-competitive, pro-consumer conduct. These costs are justified only while the underlying risk to competition persists.[29] Once that risk dissipates, the costs become deadweight losses, borne by firms and passed on to consumers through higher prices or reduced innovation. Evidence from the regulatory-burden literature suggests that compliance costs often behave as fixed overhead, rather than variable expenses. They therefore fall disproportionately on smaller firms and can create barriers to entry.[30]  Sunset clauses address this problem by reversing the burden of justification. Rather than requiring firms to petition for removal, they require the authority to demonstrate that continued intervention remains necessary.

International practice supports this approach. In the United States, the Federal Trade Commission adopted a formal sunset policy in 1995, establishing automatic 20-year termination for administrative orders.[31] Department of Justice merger consent decrees have incorporated 10-year sunset provisions as standard practice since 1979, and recent FTC merger orders follow similar timelines.[32] In the European Union, behavioural commitments under Article 9 of Regulation 1/2003 are typically limited to five to 10 years.[33] The OECD and the ICN Merger Remedies Guide likewise endorse time-limiting as standard practice.[34]

Domestic experience points in the same direction. The CMA’s strategic review of market remedies reflects a growing recognition that existing measures often outlast their usefulness.[35] The Restriction on Agreements and Conduct (Tour Operators) Order 1987 and the Foreign Package Holidays (Tour Operators and Travel Agents) Order 2001 illustrate the problem. Both targeted a market dominated by high-street travel agents and imposed obligations relating to in-store price display, resale price maintenance, and tied sales of travel insurance.[36] The shift to online booking rendered many of these requirements obsolete. Firms nevertheless continued to incur compliance costs for decades, including nearly 40 years under the 1987 Order.

The Payment Protection Insurance (PPI) Market Investigation Order 2011 provides a further example.[37] The Order imposed a detailed compliance regime, including bans on point-of-sale PPI, mandatory annual customer reminders, claims-ratio disclosures, compliance officer requirements, and monitoring obligations such as mystery shopping and reporting. These measures responded to a market characterised by widespread mis-selling and substantial consumer harm. That market has since disappeared. The Financial Conduct Authority set an August 2019 deadline for PPI complaints, by which point more than £38 billion in redress had been paid.[38] The FCA has confirmed that PPI is no longer sold alongside credit products and has proposed removing PPI-specific rules on the basis that they no longer serve a regulatory purpose.[39] Despite this, the CMA’s 2011 Order remains formally in force. Its compliance framework continues to apply, at least nominally, to a market that has materially evolved. This illustrates how remedies can persist in the absence of mechanisms that compel periodic reassessment.

The proposal would address part of this problem, but further refinements would improve its effectiveness. First, a risk-based review cadence would be preferable to a uniform 10-year default. In fast-moving digital and technology markets, competitive conditions can change far more quickly. A shorter review cycle—such as five years, consistent with the UK’s SMS regime—would better reflect those dynamics. Differentiated defaults, with shorter periods for fast-cycle markets and longer ones for more stable sectors, would improve calibration.

Second, the Government should establish clear petition mechanisms that allow affected parties to request review. These mechanisms should include defined evidentiary standards and binding response timelines. Third, the CMA’s existing transparency practices should be codified. The authority should publish its reasoning in all cases, whether it removes, maintains, or modifies a remedy. This would strengthen accountability and allow firms to understand the analytical basis for continued intervention.

IV. Concurrency and the Risk of Fragmentation

The consultation seeks views on whether sector regulators should oversee remedies imposed by the Competition and Markets Authority (CMA), whether the proposed consultative approach to concurrency is appropriate, and whether further reform is needed.[40]

If not carefully designed, expanded concurrency risks multiplying intervention without improving outcomes. It may undermine the Government’s objectives of pace, predictability, proportionality, and process. The UK’s existing framework already grants competition-law powers to sector regulators, including Ofcom, Ofgem, and the Financial Conduct Authority.[41] While this model can draw on sector-specific expertise, it also creates well-documented risks of duplication, forum shopping, and inconsistent decision-making.

These risks would extend—and intensify—if sector regulators were permitted to oversee CMA-imposed remedies. Remedies are not merely technical follow-ons to liability findings. They are ongoing, market-shaping interventions. Splitting responsibility for their design, implementation, and review across multiple authorities risks inconsistent interpretation, higher compliance costs, and diffused accountability. From a law & economics perspective, such fragmentation increases error costs. It raises the likelihood of overbroad or misapplied remedies and makes those errors harder to detect and correct.

The OECD has warned that concurrency frameworks can generate overlap and inefficiency where roles are not clearly defined.[42] The Strategic Steer reinforces this point. It directs the CMA to prioritise interventions with a ‘clear and direct UK impact’ and to consider whether parallel enforcement elsewhere can address concerns.[43] This principle should apply with equal force within the United Kingdom’s own institutional framework. That principle should apply equally within the UK. A system that allows multiple domestic authorities to exercise overlapping powers risks replicating, at home, the duplication the Government seeks to avoid abroad.

Reform should therefore follow an explicit anti-duplication principle. Where the CMA imposes remedies, it should remain the lead authority responsible for oversight and review. Sector regulators can and should contribute expertise, but they should not exercise parallel supervisory authority absent a clear statutory justification grounded in necessity and proportionality. This approach would promote predictability by ensuring that firms face a single decision-maker and a single set of binding obligations.

A consultative model offers the right balance. Sector regulators possess valuable technical expertise, particularly in telecommunications, energy, and financial services. They should provide evidence, market knowledge, and technical input. That does not require shared authority over remedies. Granting such authority would risk turning competition enforcement into co-regulation, blurring the line between competition law and sector-specific regulation. This risk is especially acute given the consultation’s broader trajectory, which already expands the CMA’s quasi-regulatory role.

A well-designed concurrency regime must also preserve clear lines of accountability. It should specify which authority designs remedies, which monitors compliance, and which is accountable for outcomes, including effects on investment, innovation, and consumer welfare. Any reform should therefore require designation of a single lead authority, transparent allocation of responsibilities, and unified review mechanisms. These should include sunset clauses and periodic reassessment conducted by, or under the authority of, the lead institution.

As the CMA’s powers expand, the need for clarity and accountability increases. Concurrency reform should reduce fragmentation, not entrench it.

V. Expansion of Algorithmic Investigative Powers

Chapter 4 of the consultation proposes extending the DMCC Act’s investigative powers beyond the Strategic Market Status regime to general competition enforcement.[44] These powers include the ability to require firms to explain how algorithms operate, conduct tests, generate data, and perform specified demonstrations. In its March 2026 response, the CMA went further, arguing that such powers ‘should also not be limited to algorithms’ but should apply to all investigative information-gathering across the economy.[45]

This proposal is both disproportionate and without clear precedent. It also risks undermining the predictability that the Government has placed at the centre of its reform agenda.

No comparable jurisdiction has taken this approach. In the European Union, algorithm-specific obligations remain confined to the Digital Markets Act, which applies only to designated gatekeepers, and the AI Act, which targets high-risk systems. Competition enforcement under Articles 101 and 102 TFEU continues to rely on established investigative tools.[46] In the United States, the Federal Trade Commission uses existing powers under Sections 5 and 9 to investigate algorithmic conduct, while the Department of Justice pursues such cases under the Sherman Act without additional statutory authority.

The UK proposal would go significantly further. It would extend algorithmic-testing powers from a targeted ex ante digital-markets regime to general competition enforcement across the entire economy. No other major jurisdiction has adopted, or proposed, such an expansive approach.

A. Sector-Specific Powers in a General Enforcement Context

Section 69 of the DMCC Act was designed for a narrow, ex ante regime applied to a small number of firms designated with Strategic Market Status. Extending these powers to general competition enforcement would subject firms across the entire economy to quasi-regulatory oversight developed for a fundamentally different context.

The distinction is critical. Existing regimes that mandate algorithmic testing—such as financial trading under the Financial Services Act, medical devices under MHRA guidance, and autonomous vehicles under the Automated Vehicles Act 2024—target specific, well-defined harms, including systemic financial risk, patient safety, and road safety.[47] They operate within cooperative regulatory frameworks, where firms accept oversight as a condition of market access. Regulators in these sectors possess deep, domain-specific expertise, and the scope of regulated algorithms is clearly defined.

General competition enforcement differs in each respect. It is inherently adversarial. The harms it addresses are diffuse and often contested. There is no clear limiting principle to define which algorithms fall within scope; in practice, any automated decision-making system in any sector could be captured. The CMA would therefore need to assess algorithmic systems across the entire economy—from financial services and logistics to healthcare and retail—an institutional demand that no competition authority is equipped to meet.

The burden would not fall evenly. As Mayer Brown observed in 2021, even ‘smaller firms licensing “off the shelf” algorithms would face the same investigatory expectations as larger/dominant firms’ and may lack access to the underlying data needed to comply. Extending these powers risks imposing disproportionate obligations on firms least able to meet them, without a corresponding gain in enforcement effectiveness.[48]

B. Trade Secrets and Confidentiality Risks

Algorithms, training weights, and machine-learning architectures are among firms’ most valuable trade secrets. As Katarina Foss-Solbrekk observes, trade secrets are ‘the only option left for firms wishing to protect their algorithms’[49]—a trend reinforced by Robin Feldman’s work showing that post-Alice Corp. patent law has pushed developers further toward secrecy.[50] Compelling disclosure of such assets in an adversarial investigation creates significant security risks. In merger reviews involving AI firms, the CMA could gain access to some of the most commercially sensitive intellectual property in the world.

These risks are not hypothetical. During the Microsoft/Activision Blizzard merger review, unredacted confidential materials—including Xbox console roadmaps, next-generation hardware plans, unannounced game titles, and internal acquisition-target lists—were inadvertently disclosed on a public court server in related FTC proceedings.[51] The episode illustrates how even well-resourced authorities can fail to fully protect sensitive information.

Recent UK litigation reinforces the point. In Tereos v Competition & Mkts. Auth., proceedings before the Competition Appeal Tribunal highlighted the difficulty of balancing confidentiality interests under the current framework.[52] Expanding algorithmic testing powers would intensify these challenges, increasing both the volume and sensitivity of information subject to disclosure.

C. Institutional Limits and Practical Risks

Competition authorities are not institutionally equipped to oversee algorithmic systems in a quasi-regulatory capacity. Algorithms are dynamic and continuously adaptive, not static rule-based systems. Requiring firms to run ‘specified tests’ under artificial conditions risks producing outputs that bear little resemblance to real-world market behaviour.

The Hayekian knowledge problem is directly relevant. Central authorities lack the localised, context-specific information needed to assess whether algorithmic outcomes are ‘fair’ or ‘anticompetitive’.[53] The OECD’s 2023 Algorithmic Competition Roundtable found that responses ‘generally suggested that most algorithmic theories of harm are already captured by existing law’.[54] Former US FTC Chair Maureen Ohlhausen has likewise argued that ‘concerns about algorithms are a bit alarmist’ and that ‘expanding use of algorithms raises familiar issues well within the existing canon’.[55] These assessments weigh against introducing novel, intrusive investigative powers where existing tools already suffice.

The practical consequences for merger control are significant. Merger review operates under strict statutory deadlines. Adding complex algorithmic testing and demonstration requirements would slow proceedings, increase costs for merging parties, and introduce further uncertainty into already demanding timelines. At the margin, such burdens may deter investment in the UK, contrary to the Government’s stated objectives.

The CMA’s own 2026–2029 strategy recognises this risk, warning that ‘burdensome interventions risk stifling innovation’.[56] Extending algorithmic investigation powers across general competition enforcement would exemplify precisely that type of intervention.

VI. Conclusion

ICLE welcomes the Government’s commitment to refining the United Kingdom’s competition regime. Several proposals in the consultation—notably the statutory presumption of sunset clauses and the extension of Phase 1 remedy timeframes—reflect sound, evidence-based policymaking. They will reduce regulatory friction and provide the legal certainty required for sustained economic growth.

Several of the most consequential proposals, however, risk undermining those objectives. Abolishing the CMA’s independent panel without introducing merits-based appellate review at the Competition Appeal Tribunal would concentrate investigative, prosecutorial, and adjudicative authority within a single institution. That shift would erode structural safeguards that underpin the credibility of UK competition enforcement and place the regime below the standard maintained in comparable jurisdictions.

Extending algorithmic investigation powers from the DMCC Act’s tightly circumscribed Strategic Market Status regime to general competition enforcement would be internationally unprecedented and disproportionate to any demonstrated need. It also risks chilling the algorithm-driven innovation on which the Government’s growth agenda depends. Similarly, permitting sector regulators to exercise parallel supervisory authority over CMA-imposed remedies would fragment accountability and increase compliance burdens. The CMA should remain the single lead authority, with sector regulators contributing expertise through a consultative model.

A recurring concern throughout this submission is that many proposals draw on the DMCC Act’s digital-markets regime as an institutional template. That framework received Royal Assent in May 2024, took effect in January 2025, and has so far been applied to only three Strategic Market Status designations across two firms. Extending its most intrusive features before they have been tested in practice risks compounding the proportionality and predictability concerns reflected in both the Strategic Steer and the CMA’s ‘4Ps’ framework.

Reform should also be guided by the error-cost framework. False positives in competition enforcement are typically more costly and less self-correcting than false negatives, particularly in innovation-intensive markets. Expanding CMA powers therefore requires stronger evidentiary standards, more robust appellate review, and mandatory sunset provisions—not lower thresholds for intervention.

The Government’s ambition to create a ‘best-in-class’ competition regime calls for a selective, not sweeping, reform agenda. Targeted procedural improvements should be prioritised. Expanding investigatory reach in ways that increase uncertainty, deter investment, and weaken predictability would ultimately undermine the pro-growth mission at the centre of the Government’s programme.

[1] Dep’t for Bus. & Trade, Refining Our Competition Regime: Driving Growth and Enhancing Competition for Businesses and Consumers (20 Jan. 2026) [hereinafter Consultation].

[2] Sarah Cardell, New CMA Proposals to Drive Growth, Investment and Business Confidence, Competition & Mkts. Auth. Blog (13 Feb. 2025), https://competitionandmarkets.blog.gov.uk/2025/02/13/new-cma-proposals-to-drive-growth-investment-and-business-confidence.

[3] Dep’t for Bus. & Trade & Competition & Mkts. Auth., Strategic Steer to the Competition and Markets Authority (15 May 2025), https://www.gov.uk/government/publications/strategic-steer-to-the-competition-and-markets-authority/strategic-steer-to-the-competition-and-markets-authority [hereinafter Strategic Steer].

[4] HM Gov’t, Kickstarting Economic Growth (last visited 26 Mar. 2026), https://www.gov.uk/missions/economic-growth.

[5] Keir Starmer, Keir Starmer: Growth Is the Chancellor’s Priority, The Times (28 Jan. 2025), https://www.thetimes.com/uk/politics/article/keir-starmer-growth-chancellor-k68ptvh6x; HM Treasury & Rachel Reeves, Chancellor Calls on Watchdog Bosses to Tear Down Regulatory Barriers That Hold Back Growth (22 Jan. 2025), https://www.gov.uk/government/news/chancellor-calls-on-watchdog-bosses-to-tear-down-regulatory-barriers-that-hold-back-growth.

[6] Guy Taylor, Ousted CMA Chair Bokkerink Defends Tenure, City A.M. (8 Feb. 2025), https://www.cityam.com/ousted-cma-chair-bokkerink-defends-tenure.

[7] Dep’t for Bus. & Trade, Competition & Mkts. Auth. & Jonathan Reynolds, Former Amazon Boss Named Interim Chair of CMA (21 Jan. 2025), https://www.gov.uk/government/news/former-amazon-boss-named-interim-chair-of-cma.

[8] See Strategic Steer, supra note 3.

[9] Cardell, supra note 2.

[10] Competition & Mkts. Auth., Mergers Charter: How to Work with the CMA on a Merger Investigation (12 Mar. 2025), https://www.gov.uk/government/publications/mergers-charter-how-to-work-with-the-cma-on-a-merger-investigation/mergers-charter.

[11] Dep’t for Bus. & Trade, Regulator Dashboard (21 Oct. 2025), https://www.gov.uk/government/publications/regulator-dashboard.

[12] Consultation, supra note 1, at 3 (‘improving the pace, predictability, proportionality, and process of engagement through refinements to the legislative framework for competition’).

[13] Richard Feasey, Address at the Law Council of Australia’s Competition and Consumer (ACCC) Annual Conference: The Role of the CMA Panel in Decision Making: Merger Enforcement and Reform (1 Sept. 2021), https://www.gov.uk/government/speeches/the-role-of-the-cma-panel-in-decision-making-merger-enforcement-and-reform.

[14] Consultation, supra note 1, ¶ 25.

[15] Id.

[16] Id. ¶ 6.

[17] See Gavin Robert, Three Years of CMA Merger Control: A Statistical Review, 16 Competition L.J. 211, 216 (2017) (‘…until the CMA formed as a single authority in 2014, the UK maintained separate Phase 1 and Phase 2 bodies: the OFT decided Phase 1, and, on reference, the CC conducted Phase 2. Many viewed this as an effective—if costly—check on confirmation bias.’).

[18] Consultation, supra note 1, ¶ 26.

[19] UK Government Consults on Major Reforms to Competition Processes, Osborne Clarke (4 Feb. 2026), https://www.osborneclarke.com/insights/uk-government-consults-major-reforms-competition-processes.

[20] UK Government Launches Consultation Overhauling the CMA’s Competition Regime, Baker Botts (3 Feb. 2026), https://www.bakerbotts.com/thought-leadership/publications/2026/february/uk-government-launches-consultation-overhauling-the-cmas-competition-regime.

[21] Greg Dowell & Fiona Beattie, Refining the UK Competition Regime: Proposals to Change Mergers and Markets Investigations, Macfarlanes (30 Jan. 2026), https://www.macfarlanes.com/insights/102mfb9/refining-the-uk-competition-regime-proposals-to-change-mergers-and-markets-inves.

[22] Cérélia Group Holdings SAS v Competition & Mkts. Auth. [2024] EWCA Civ 352, paras 28–41.

[23] Id.

[24] Case C-376/20 P, CK Telecoms UK Invs. Ltd v Comm’n, ECLI:EU:C:2023:561 (2023).

[25] Loper Bright Enters. v Raimondo, 603 U.S. 369 (2024).

[26] Org. for Econ. Co-operation & Dev. (OECD), Recommendation of the Council on Transparency and Procedural Fairness in Competition Law Enforcement (2021), https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0465.

[27] Consultation, supra note 1, ¶ 26.

[28] Id.

[29] Org. for Econ. Co-operation & Dev. (OECD), Remedies and Commitments in Abuse Cases, OECD Roundtables on Competition Policy Papers No. 288, at 14 (Nov. 2022), https://www.oecd.org/content/dam/oecd/en/publications/reports/2022/11/remedies-and-commitments-in-abuse-cases_c215224a/b975b0e3-en.pdf (‘An early termination ensures the remedy remains proportionate—it ceases once unnecessary—and frees the authority from ongoing monitoring, so it can redeploy resources more effectively.’).

[30] Joseph J. Cordes, Susan E. Dudley & Layvon Q. Washington, Regulatory Compliance Burdens: Literature Review & Synthesis, Geo. Wash. Univ. Regulatory Stud. Ctr., at 14–16 (Oct. 2022), https://regulatorystudies.columbian.gwu.edu/sites/g/files/zaxdzs4751/files/2022-10/regulatory_compliance_burdens_litreview_synthesis_finalweb.pdf.

[31] U.S. Fed. Trade Comm’n, Policy Statement on the Duration of Competition Orders (1995), https://www.ftc.gov/system/files/documents/public_statements/410481/frndurationoforders.pdf (establishing an automatic 20-year sunset for administrative orders).

[32] U.S. Dep’t of Justice, Antitrust Div., Merger Remedies Manual (2020), https://www.justice.gov/atr/page/file/1312416/dl; see also In re Synopsys, Inc., FTC Dkt. No. C-4820, at 19 (2025), https://www.ftc.gov/legal-library/browse/cases-proceedings/241-0059-c-4820-synopsys-inc-ansys-inc-matter (imposing a ten-year consent order).

[33] EU behavioural commitments under Article 9 of Regulation 1/2003 are typically time-limited, usually five to ten years depending on the concern. See, e.g., Commission Decision of 16 Dec. 2009, Case COMP/C-3/39.530 — Microsoft (Tying) (five-year commitment); Commission Decision of 29 Apr. 2014, Case AT.39939 — Samsung — Enforcement of UMTS Standard Essential Patents (five-year commitment); Commission Decision of 11 July 2024, Case AT.40452 — Apple — Mobile Payments, C(2024) 4761 (ten-year commitment).

[34] Org. for Econ. Co-operation & Dev. (OECD), Remedies and Commitments in Abuse Cases, supra note 29; Int’l Competition Network (ICN), Merger Working Grp., Merger Remedies Guide, at 4 (2016), https://www.internationalcompetitionnetwork.org/wp-content/uploads/2018/05/MWG_RemediesGuide.pdf.

[35] Competition & Mkts. Auth., Strategic Review of CMA Markets Remedies (19 Jan. 2026), https://www.gov.uk/cma-cases/strategic-review-of-cma-markets-remedies; Consultation, supra note 1, at 3 (‘For each remedy, the CMA expects that clear, straightforward changes in circumstances may render the measure unnecessary, allowing it to be amended or withdrawn.’).

[36] The Restriction on Agreements and Conduct (Tour Operators) Order 1987, SI 1987/1131, https://www.legislation.gov.uk/uksi/1987/1131/made; The Foreign Package Holidays (Tour Operators and Travel Agents) Order 2001, SI 2001/2581, https://www.legislation.gov.uk/uksi/2001/2581/contents/made.

[37] Competition & Mkts. Auth., PPI Market Investigation Order 2011 (24 Mar. 2011), https://assets.publishing.service.gov.uk/media/5c94dcfce5274a5e10fd5944/PPI_Order.pdf.

[38] Fin. Conduct Auth., PPI Complaints (updated 23 Apr. 2025), https://www.fca.org.uk/consumers/ppi-complaints.

[39] Fin. Conduct Auth., FCA Strips Back Insurance Rulebook (14 May 2025), https://www.fca.org.uk/news/press-releases/fca-strips-back-insurance-rulebook.

[40] Consultation, supra note 1, questions 11–13.

[41] Enterprise and Regulatory Reform Act 2013, § 51 & sch. 14; Competition Act 1998, § 54.

[42] Org. for Econ. Co-operation & Dev. (OECD), Competition Law and Policy in the United Kingdom (Peer Review, 2020).

[43] HM Gov’t, Strategic Steer to the Competition and Markets Authority, supra note 3.

[44] Digital Markets, Competition and Consumers Act 2024, c. 13, § 69 (UK).

[45] Competition & Mkts. Auth., Response to the Consultation on Refining Our Competition Regime (Mar. 2026) (‘algorithmic investigation powers should not be limited to algorithms’).

[46] See Regulation (EU) 2022/1925 (Digital Markets Act); Regulation (EU) 2024/1689 (AI Act) (neither extends algorithmic investigation powers to general competition enforcement under Articles 101–102 TFEU).

[47] Directive 2014/65/EU, art. 17 (MiFID II) (algorithmic trading obligations); U.S. Food & Drug Admin. & MHRA, Good Machine Learning Practice for Medical Device Development (2021); Automated Vehicles Act 2024 (UK).

[48] Mayer Brown LLP, Response to CMA Consultation on Algorithms (2021).

[49] Katarina Foss-Solbrekk, Three Routes to Protecting AI Systems and Their Algorithms Under IP Law: The Good, the Bad, and the Ugly, 16 J. Intell. Prop. L. & Prac. 1300 (2021).

[50] Robin Feldman, Patent Demands & Startup Companies: The View from the Venture Capital Community, 16 Nev. L.J. 583 (2016).

[51] Cecilia D’Anastasio & Leah Nylen, Microsoft Mistakenly Reveals Secret Game Plans in Court Case, Bloomberg (19 Sept. 2023).

[52] Tereos v. CMA [2024] CAT (UK) (demonstrating difficulty of balancing confidentiality interests in CMA proceedings).

[53] See Friedrich A. Hayek, The Use of Knowledge in Society, 35 Am. Econ. Rev. 519, 524 (1945).

[54] Org. for Econ. Co-operation & Dev. (OECD), Algorithmic Competition (Roundtable Background Paper, 2023) (‘responses generally suggested that most algorithmic theories of harm are already captured by existing law’).

[55] Maureen K. Ohlhausen, Should We Fear the Things That Go Beep in the Night? Some Initial Thoughts on the Intersection of Antitrust Law and Algorithmic Pricing, Remarks at the Concurrences Antitrust in the Financial Sector Conference (23 May 2017).

[56] Competition & Mkts. Auth., Annual Plan 2026–29 (2026) (‘[b]urdensome interventions risk stifling innovation’).

I. Introduction and Overview

The International Center for Law & Economics (ICLE) submits these comments in response to the Federal Communications Commission’s (FCC) Public Notice on “Sports Broadcasting Practices and Marketplace Developments.”[1] ICLE is a nonprofit, nonpartisan research center that promotes the use of law & economics methodologies to inform public policy. Its work aims to ensure that competition policy and regulation rest on sound economic analysis and promote consumer welfare, particularly in dynamic, technology-driven markets such as media and telecommunications.

The FCC’s request for comment comes at a critical moment for the video marketplace.[2] As ICLE has previously explained, video competition in the United States has never been more vigorous.[3] Consumers once relied on a limited set of local broadcast options. Today, they can access a wide array of video content across platforms and often treat nonbroadcast media as direct substitutes.[4] These expanded choices benefit consumers. At the same time, video providers—especially broadcasters—face growing difficulty maintaining the viewership needed to support investments in local programming, a core objective of FCC policy.[5]

Live sports have become one of the few remaining anchors of broadcast viewership.[6] Unlike scripted programming or local news, live sports deliver immediacy that viewers value. Audiences can watch games on demand after the fact, but much of the appeal lies in the shared, real-time experience.[7] Fans engage before, during, and after games, reacting collectively in ways that on-demand viewing cannot replicate.[8] These moments draw large audiences and allow local broadcasters to command premium advertising rates that sustain much of their business.[9]

Technological change, however, has fragmented the distribution of sports rights. High-profile games increasingly bypass traditional broadcasters in favor of cable networks and streaming platforms. For example, Monday Night Football airs on ESPN, with limited local simulcasts, while some English Premier League matches appear exclusively on NBC’s Peacock service.[10] The Public Notice raises two central questions: how this fragmentation affects consumer welfare, and whether broadcasters can continue to meet their public-interest obligations under the Communications Act if they lose access to these games.

The FCC’s concerns understate the benefits of this evolving marketplace. First, while the migration of sports rights to digital platforms may fragment distribution, it also expands access. Leagues increasingly use streaming services to offer more nationally available games, giving consumers greater choice.[11] Streaming also allows viewers to watch content regardless of location or access to a traditional television, often delivering a more flexible and user-friendly experience. Second, even if broadcasters lose rights to major professional leagues, they can pursue alternative programming strategies, including agreements with smaller leagues, minor league teams, or local schools.

The FCC’s legal authority in this area is also limited. The Communications Act empowers the agency to regulate broadcasters,[12] but the public-interest standard does not grant carte blanche to dictate programming choices.[13] Courts have substantially narrowed the constitutional foundations for content-based regulation, particularly those rooted in spectrum scarcity.[14] The FCC can and should use this proceeding to gather information about the evolving video marketplace. Any significant policy changes, however, should come from Congress.

Congress, for example, could revisit the Sports Broadcasting Act’s antitrust exemption. Repealing that exemption would allow leagues and broadcasters to negotiate more flexibly. If leaguewide agreements enhance competition and promote consumer welfare, they should survive antitrust scrutiny under the rule of reason.

II. Competition in Video Markets Benefits Consumers

The Public Notice raises important questions about competition in the modern video marketplace. Live sports broadcasting rights sit at the center of that competition. As technological change has expanded distribution options, video markets have become more dynamic, with broadcast, MVPD, and streaming platforms offering distinct benefits tailored to different consumer preferences.

Competition for sports rights has produced substantial consumer benefits. It has expanded access to games that were previously unavailable, enabled more flexible viewing across devices and locations, and spurred innovation in pricing, features, and content delivery. While fragmentation across platforms can impose search costs and require multiple subscriptions, these tradeoffs reflect increased output and intensified competition, rather than a reduction in consumer welfare.

A. Live Sports Sit at the Center of Modern Video Competition

Video markets are undergoing rapid change driven by technological innovation. As ICLE has noted in prior FCC proceedings, the rise of multichannel video programming distributors (MVPDs) and digital streaming services has shifted viewing patterns away from traditional over-the-air broadcast.[15] Consumers now prefer on-demand content they can watch on any device, regardless of location. Live sports remain the primary exception to this trend.

Live sports differ from other video content because they derive value from real-time consumption.[16] A viewer who misses an episode of a scripted show can avoid spoilers and watch later with little loss of value. That is not true for sports. Fans place a premium on experiencing games as they happen, alongside other viewers. Replays cannot replicate the immediacy or shared emotional experience of live competition.[17] As a result, major sporting events remain appointment viewing that audiences plan to watch in real time.

Video distributors have long recognized the value of this appointment viewing. From the earliest days of television, broadcasters used live sports to drive adoption. NBC and CBS aired sporting events to encourage Americans to purchase television sets.[18] Advertisers quickly followed, drawn by sports audiences that are large, loyal, and highly engaged.

That dynamic continues to shape the modern video marketplace. New entrants use live sports to drive adoption of emerging platforms and strengthen existing distribution models. ABC shifted Monday Night Football to cable in part to boost ESPN’s audience. The NFL launched Thursday Night Football to support its own cable channel and gain leverage in carriage negotiations.[19] World Wrestling Entertainment created one of the earliest direct-to-consumer streaming platforms by using live “pay-per-view” events to attract subscribers.[20]

Streaming platforms now follow the same playbook. Netflix and Amazon Prime Video have carried NFL games on Christmas Day, while Amazon holds primary rights to Thursday Night Football.[21] NBCUniversal streams select English Premier League matches exclusively on Peacock and has begun applying a similar strategy to its NBA rights.[22] The NBA offers League Pass to stream out-of-market games directly to consumers.[23] ESPN+ carries NHL games, PGA Tour coverage, and other sports programming.[24] Apple TV+ hosts Major League Soccer matches.[25]

These developments place live sports at the center of video competition. Streaming services rely on them to attract and retain subscribers. Linear television providers depend on them to remain relevant in an on-demand environment. Consumers, however, may face tradeoffs. Fragmentation across platforms can require multiple subscriptions to access games that were once available over the air.

B. Paywalled Sports Content Often Expands Consumer Access

Consumers often express frustration that they must subscribe to multiple services to access a league’s full slate of games, and that many contests now sit behind paywalls. As a baseline matter, however, much of this paywalled content was never available through traditional broadcast channels. The NFL illustrates this point.

Over the past two decades, the NFL has expanded its schedule beyond traditional Sunday and Monday night windows. It introduced Thursday Night Football, initially on NFL Network and now on Amazon Prime Video.[26] The league has also added Christmas Day games and early-morning international matchups. Many of these games sit behind paywalls for national audiences, though they typically remain available over the air in participating teams’ local markets. Historically, these games would not have appeared on local broadcast at all. Instead, they would have been played concurrently with existing Sunday matchups, leaving national audiences without access.

The NBA follows a similar model with League Pass, which allows fans to watch out-of-market, non-nationally televised games. Although the service requires a subscription, it offers access that did not previously exist. Before such offerings, fans outside a team’s local market had no practical way to view these games.

In this sense, paywalled sports content often expands, rather than restricts, consumer access. These services make additional games available that would otherwise remain unseen by most audiences.

C. Different Models Offer Different Consumer Benefits

The Public Notice emphasizes the benefits of broadcast television, particularly its free, over-the-air accessibility.[27] Broadcast remains valuable, but alternative distribution models offer distinct advantages that many consumers prefer.

Multichannel video programming distributors (MVPDs) provide bundled access to a wide range of channels and features. A cable subscription allows consumers to access broadcast content without a separate receiver, enabling them to use a display, rather than a television with built-in tuning capability. MVPDs also increasingly bundle streaming services with traditional channel packages.[28] Charter, for example, includes HBO Max, Disney+, Hulu, ESPN, Paramount+, Peacock, and Fox One in certain offerings.[29] These bundles reduce the need for consumers to purchase multiple subscriptions a la carte.

MVPD services also address many concerns associated with fragmented distribution. They offer integrated search and program guides that allow users to locate games regardless of channel or platform, reducing confusion. MVPD feeds also typically deliver higher-quality, lower-latency video than streaming services, often running 20–60 seconds ahead.[30] This reduces the risk of spoilers and places less strain on home broadband networks. While MVPD subscriptions may appear more expensive than individual streaming services, bundled offerings can be price-competitive—or even cheaper—when compared to purchasing multiple standalone subscriptions. Long-term pricing guarantees further enhance their appeal for some consumers.

Streaming services, however, have reshaped the video marketplace by offering a different set of benefits. Most notably, they operate across devices, allowing consumers to watch content wherever they are. This flexibility represents a significant departure from traditional viewing constraints. Consumers no longer need to be at home to watch live sports; they can follow games in real time from virtually any location.

Streaming also enables more tailored consumption. While MVPD bundles may appeal to consumers who want comprehensive access, others may prefer narrower, lower-cost options. A fan focused on a single sport or league may need only one subscription. For example, a UFC fan can access all events through Paramount+ for roughly $9–$14 per month, depending on the plan.[31] For cost-sensitive consumers, this a la carte model allows access to desired content without paying for unwanted programming.

D. Competition Drives Innovation Across Video Markets

All major video platforms recognize the value of live sports and compete using different technologies and business models. This competition can strain incumbents, but it also drives adaptation in response to consumer preferences and technological change. When streaming platforms acquire sports rights, they force traditional distributors to innovate or risk losing relevance.

MVPDs have responded by bundling streaming services with traditional channel offerings and adjusting pricing to remain competitive in the face of rising churn. Broadcasters, for their part, are deploying the ATSC 3.0 standard to improve functionality and reliability for over-the-air viewers.[32] Streaming platforms must also continue to innovate or risk losing subscribers to rivals—or even to legacy distribution models that retain distinct advantages.

These competitive dynamics extend beyond distribution to the leagues themselves. Sports leagues compete intensely for consumer attention—not only against each other, but also against other forms of entertainment, including television, movies, podcasts, and video games. This competition creates incentives to experiment with new distribution models that expand reach and increase revenue. Streaming platforms may offer broader audiences, enhanced features, or higher licensing fees. Increased media-rights revenue allows leagues to invest in players, facilities, and the on-field—or on-court—product. Because leagues typically share this revenue, even smaller-market teams can remain viable and competitive, expanding access to professional sports across more communities.

Local broadcasters also retain opportunities to adapt. While some stations may lose rights to major professional leagues, they can pursue alternative strategies to attract viewers. Broadcast’s comparative advantage lies in local presence. Stations can invest in local news, regional sports, or partnerships with smaller leagues and community teams. If audiences value this content, it can sustain viewership. If not, broadcasters will need to adjust their programming to match consumer demand.

E. Local News Is Not Dependent on Broadcast

A common claim is that declining broadcast television necessarily leads to a decline in local news.[33] That view overlooks how consumers now access information about their communities and the world.

Consumers increasingly rely on digital sources—social media, local websites, newsletters, and independent online outlets—for local news. Some applications aggregate local broadcasts from stations nationwide.[34] The traditional gatekeeping role of broadcasters and newspapers has largely disappeared. Today, individuals can launch blogs, newsletters, or video channels and reach audiences directly. Lower barriers to entry have expanded both the volume and diversity of local coverage. Stories that once may not have reached publication can now find an audience online.

The FCC’s focus on local stations risks conflating two distinct objectives: preserving local content and preserving a particular distribution technology. Policies that favor broadcast over competing platforms would distort competition and reduce consumer welfare.

If broadcasters lose access to some sports-related revenue, they must compete on their comparative advantages—local reporting, trusted on-air personalities, and coverage that national outlets cannot replicate. If broadcast television continues to provide value, the market will sustain it. If not, policy should not attempt to preserve legacy distribution models at the expense of innovation.

F. Fragmentation Imposes Costs but Likely Benefits Consumers

The Public Notice identifies fragmentation of sports-viewing rights as a central concern, citing both consumer confusion and rising costs:

Many games are still available for free over broadcast TV, but there has been a surge in recent years of games going behind the paywalls of various streaming services. While this can increase the number of games and sports available to fans, many consumers today find it more difficult to find the events they want to watch and are now paying to sign up for one or more video distribution platforms that consumers can find difficult to navigate.[35]

These concerns have some force. As rights fragment across platforms, consumers may no longer be able to watch all games through a single service or via over-the-air broadcast. Some fans must now subscribe to multiple platforms to access nationally televised games. Fragmentation can also create search costs and confusion, with approximately 87% of fans reporting difficulty identifying where specific games are available.[36] Streaming introduces additional challenges, including latency, reliability concerns, and access barriers tied to broadband availability and cost.

Even so, these effects do not necessarily reduce consumer welfare. As discussed above, consumers now have more choices for both entertainment generally and live sports specifically. Competition among platforms and leagues continues to drive innovation in pricing, features, and distribution. The relevant question is not whether fragmentation imposes some costs, but whether those costs outweigh the benefits of expanded access and increased competition. In the case of sports media rights, the evidence suggests that the benefits are likely to predominate.

III. Legal Limits on FCC Authority Over Sports Broadcasting

The Public Notice frames this inquiry as an examination of competition in the video marketplace, with particular focus on whether broadcasters can meet their public-interest obligations without revenues from live sports.[37] As a legal matter, however, the FCC has limited authority to regulate private contracts between professional sports leagues and streaming platforms or to require that leagues distribute games over broadcast television. Even when streaming platforms are affiliated with broadcast networks, the agency lacks authority to compel the airing of specific content. Any mandate requiring broadcast carriage of particular programming would raise serious constitutional concerns and, in any event, would require congressional action.

Because the FCC regulates broadcast licenses, it may attempt to invoke its public-interest authority to discourage networks from shifting sports content from broadcast to streaming platforms. The Public Notice suggests as much, stating:

At the same time, sports remain inherently local, despite the increasingly national nature and reach of both professional and college sports events. Just as communities turn to their local TV broadcasters for news, weather, and emergency information, they do the same for coverage of their local sports teams. Many sporting events that were previously available through free broadcast and traditional pay-TV packages, are now only available through a myriad of stand-alone subscription streaming services. This shift has led to notable frustration among many consumers and sports fans. Sports fans are increasingly left with a fragmented ecosystem that requires them to subscribe to multiple services to watch their favorite teams.[38]

The Public Notice further asks:

To what extent do current sports media rights contracts conflict with or impede TV broadcasters from meeting their public interest obligations? How should these arrangements be considered in the context of broadcasters’ public interest obligations and the FCC’s duty to ensure licensees meet their statutory requirements?[39]

These questions suggest the FCC may view carriage of professional sports as part of a broadcaster’s obligation to promote localism. Under that theory, the agency could argue that broadcast licensees must air local-team games on broadcast stations, either exclusively or alongside streaming distribution. It may also contend that shifting games to streaming platforms reduces local-station revenue and undermines their ability to fund news and other community programming.

Both theories face serious legal hurdles.

A. Scarcity Doctrine Does Not Support Sports Regulation

In Red Lion Broadcasting Co. v. FCC, the Supreme Court upheld the FCC’s authority to regulate broadcast content based on spectrum scarcity.[40] Because only a limited number of broadcasters could operate without interference, licensed stations were treated as “public trustees,” allowing the FCC to impose speech regulations that would violate the First Amendment if applied to print media.

Even at the time, however, that authority had limits that would constrain any attempt to regulate sports broadcasting decisions.

First, Red Lion addressed the Fairness Doctrine, which required broadcasters to present contrasting viewpoints on public issues. While constitutionally suspect, the doctrine rested on explicit congressional authorization. The Communications Act specifically reflects similar principles in its equal-time provisions, and the Court relied on that statutory foundation in upholding the FCC’s rule.[41] No comparable statutory directive requires broadcast networks to air local sports games, rather than distribute them via streaming platforms. To the contrary, the Sports Broadcasting Act suggests the FCC lacks authority to regulate these arrangements.[42] The statute permits leagues to negotiate collective broadcast agreements and impose certain blackouts, placing sports-media rights largely outside FCC control rather than subjecting them to additional oversight.

Second, the scarcity rationale underlying Red Lion no longer fits the modern media environment. The doctrine emerged when access to audiences depended on FCC-issued broadcast licenses. Today, cable, satellite, fiber, and digital platforms provide content producers with numerous pathways to reach consumers. Treating broadcast speech as uniquely scarce—while functionally identical content flows over other platforms—conflicts with current technological and economic realities. The First Amendment should expand protections for speech, not preserve restrictions based on outdated assumptions about media scarcity.

B. Major Questions Doctrine Limits FCC Authority

FCC authority over sports broadcasting rights is doubtful even apart from First Amendment concerns. The Supreme Court has recently emphasized, through the major questions doctrine, that agencies require clear congressional authorization to regulate issues of vast economic and political significance.[43]

Few markets fit that description more clearly than live-sports media rights. The FCC initiated this proceeding precisely because of the central role those rights play for businesses, communities, and the broader economy.

In West Virginia v. EPA,[44] the Court identified several indicators of a major-questions problem:

1. The agency asserts sweeping new regulatory authority from a long-extant statute.
2. The claimed authority rests on an ancillary or broadly worded provision.
3. Congress has repeatedly declined to address the issue through legislation.

Those factors weigh against any expansive reading of the FCC’s public-interest authority here. The Communications Act’s public-interest standard applies to broadcast licensees, not to streaming platforms or the broader video marketplace. Efforts to regulate how leagues distribute games across platforms would represent a substantial expansion of that authority.

Congress’ treatment of sports-media rights reinforces this conclusion. By granting antitrust exemptions for certain leaguewide broadcasting agreements, Congress signaled that these arrangements fall within its own policy domain. If the FCC seeks to dictate how such agreements operate, it will require a clear delegation of authority from Congress.

IV. The Sports Broadcasting Act Distorts Video Markets

Despite the local nature of sports fandom, video rights generate greater value when sold on a leaguewide basis to national networks and advertisers. Centralized rights allow networks to select and schedule the most attractive matchups, maximizing audience size and advertising revenue. Early on, however, most leagues lacked centralized media deals. Individual franchises negotiated their own broadcast contracts, effectively acting as separate media entities. Teams in larger markets—or with broader national appeal—captured significantly more revenue than smaller-market rivals, threatening leaguewide competitive balance and financial stability.

The NFL responded by restricting how teams could sell broadcast rights. One rule barred franchises from entering agreements that extended into another team’s territory,[45] preserving the value of local audiences for smaller-market teams. At the same time, these restrictions limited teams’ ability to compete for viewers beyond their home markets.

Courts soon subjected these rules to antitrust scrutiny. In United States v. NFL, courts held that several league broadcasting restrictions violated the Sherman Act and blocked the NFL’s attempt to enter a leaguewide contract with CBS in 1961—even as the rival American Football League secured a collective agreement with ABC.[46]

The NFL then turned to Congress. In response, Congress enacted the Sports Broadcasting Act of 1961 (SBA), which allows professional sports leagues to sell “sponsored telecasting” rights collectively to television networks. Those networks, in turn, distribute games to local affiliates.[47] The statute reflected the technological landscape of the time, when broadcast television dominated and cable had not yet emerged as a significant distribution channel.

Media-rights agreements have since expanded dramatically. The SBA, however, is not necessary for leaguewide agreements to comply with antitrust law. Under rule-of-reason analysis, joint restraints—such as leaguewide media deals—are permissible if their procompetitive benefits outweigh any anticompetitive effects.[48] T The NCAA, for example, operates without SBA protection yet imposes various restrictions on member institutions, and athletic conferences routinely negotiate collective media deals.

Congress enacted the SBA when broadcast networks held substantial market power and leagues sought mechanisms to preserve competitive balance. Today, the market has shifted. The SBA applies only to broadcast television rights, while broader video markets have become more competitive. Leaguewide deals now tend to benefit national networks more than local affiliates by concentrating valuable rights at the network level. Those rights, in turn, drive retransmission negotiations, with cable operators valuing access to live sports more than local programming.[49]

Repealing the SBA would not eliminate leaguewide media agreements or restrictions on local contracting. It would, however, subject those arrangements to rule-of-reason scrutiny. That approach already applies in other contexts. For example, the NFL’s Sunday Ticket package—now distributed by YouTube TV—is the subject of ongoing antitrust litigation. An amicus brief filed by ICLE identifies several procompetitive features of the arrangement.[50]

Sunday Ticket originally helped DirecTV attract satellite subscribers and now serves a similar function for YouTube TV.[51] Exclusive licensing allows the distributor to internalize the benefits of its investments, including improvements in production quality and platform features, without free-rider concerns. Bundling out-of-market games also enables more efficient pricing and expands access to content that would otherwise remain unavailable. Although the litigation remains pending, these features illustrate why such agreements can survive rule-of-reason review even without a statutory exemption.

At the same time, if the anticompetitive harms of league-imposed restrictions outweigh their benefits, courts can invalidate them. Striking down rules that require leaguewide contracting could allow individual teams to negotiate directly with local broadcasters. That shift could strengthen local affiliates by enabling them to acquire valuable sports rights and improve their bargaining position with networks. Greater financial stability, in turn, could support increased investment in local content. Repealing the SBA would not guarantee this outcome, but it would ensure that sports-media restraints face the same antitrust scrutiny as other industries, regardless of the underlying technology.

V. Conclusion

ICLE appreciates the FCC’s efforts to examine competition in video markets at a time of rapid technological and economic change. Live sports broadcasting rights sit at the center of that evolution. As distribution has expanded across broadcast, MVPD, and streaming platforms, competition for these rights has intensified, driving innovation in pricing, features, and delivery. Consumers now benefit from greater access to sports content, more flexible viewing options, and a wider range of services tailored to different preferences. While fragmentation can impose search costs and require multiple subscriptions, it reflects increased output and competition—not a reduction in consumer welfare.

These same dynamics create strong incentives for firms to adapt. Broadcasters, MVPDs, and streaming platforms each compete by offering distinct advantages, while sports leagues experiment with new distribution models to expand reach and increase revenue. Even as traditional broadcast models face pressure, local content can persist through market-driven adjustments, rather than regulatory intervention.

The FCC should proceed with caution. The Communications Act does not grant the agency broad authority to regulate how networks distribute content or to dictate the terms of private agreements between leagues and media companies. Efforts to do so would raise serious constitutional and statutory concerns, including under the First Amendment and the major questions doctrine. If policymakers determine that intervention is warranted, Congress—not the FCC—must provide clear direction.

Congress could, for example, revisit the Sports Broadcasting Act. Repealing the SBA would not eliminate leaguewide media agreements, but it would subject them to rule-of-reason antitrust scrutiny, consistent with other industries and technologies. That approach would allow courts to weigh procompetitive benefits against any anticompetitive harms, ensuring that evolving sports-media markets continue to serve consumers.

[1] Sports Broadcasting Practices and Marketplace Developments, Public Notice, MB Docket No. 26-45 (Feb. 25, 2026), https://docs.fcc.gov/public/attachments/DA-26-118A1.pdf [hereinafter Public Notice].

[2] See Comments of the Int’l Ctr. for L. & Econ., 2022 Quadrennial Regulatory Review, MB Docket No. 22-459 (Dec. 17, 2025), https://laweconcenter.org/wp-content/uploads/2025/12/FCC-Broadcast-Ownership-NPRM-2025.pdf; see also Comments of the Int’l Ctr. for L. & Econ., Empowering Local Broadcast TV Stations to Meet Their Public Interest Obligations: Exploring Market Dynamics Between National Programmers and Their Affiliates, MB Docket No. 25-322 (Dec. 10, 2025), https://laweconcenter.org/wp-content/uploads/2025/12/Network-Affiliation-Comments-of-the-International-Center-for-Law-Economics.pdf.

[3] Eric Fruits, Video Competition in the United States, Int’l Ctr. for L. & Econ. (Feb. 2025), https://laweconcenter.org/wp-content/uploads/2025/02/tldr-Video-Competition-Overview-250225.pdf; see also Ben Sperry, Live Sports, Video Competition, and Antitrust, Int’l Ctr. for L. & Econ. (May 22, 2025), https://laweconcenter.org/resources/live-sports-video-competition-and-antitrust.

[4] Eric Fruits, The FCC’s Broadcast-Ownership Review: Will the Agency Open the Door for Comprehensive Reform?, Truth on the Mkt. (Sept. 29, 2025), https://truthonthemarket.com/2025/09/29/the-fccs-broadcast-ownership-review-will-the-agency-open-the-door-for-comprehensive-reform.

[5] Public Notice, supra note 1, at 3-4.

[6] Jeffrey Westling & Ben Sperry, The 65-Year-Old Law That Still Shapes How You Watch Sports, Truth on the Mkt. (Mar. 11, 2026), https://laweconcenter.org/resources/the-65-year-old-law-that-still-shapes-how-you-watch-sports.

[7] See Reddit, The Business of Fandom 6, 11 (2026), https://www.business.reddit.com/resources/the-business-of-sports-fandom [hereinafter Reddit Report] (reporting that sports engagement on Reddit rose 22% in 2025, reaching 16 billion monthly views and more than 99 million monthly interactions, and explaining that fan discussion occurs before, during, and after games, driving demand for real-time viewing).

[8] Id. at 5.

[9] See Michael Mondello & John Fortunato, The Economics of Sport Broadcasting, in Sport Broadcasting for Managers 55, 58 (Hunter Fujak & Stephen Frawley eds., 2022), https://courses.worldcampus.psu.edu/canvas/su23/22351—2406/common/corefiles/The_Economics_of_Sport_Broadcasting.pdf (explaining that live sports command premium advertising value because viewers cannot skip commercials during live broadcasts).

[10] Joe Lucia, NBC Is Moving All Premier League Matches on July 15th to Peacock, Awful Announcing (July 8, 2020), https://awfulannouncing.com/nbc/nbc-is-moving-all-premier-league-matches-on-july-15th-to-peacock.html.

[11] Nicole Sperling, Netflix and the N.F.L. Sign a Three-Season Deal, N.Y. Times (May 15, 2024), https://www.nytimes.com/2024/05/15/business/media/netflix-nfl-live.html.

[12] 47 U.S.C § 301.

[13] Ben Sperry & Jeffrey Westling, The FCC’s Sleeping Power Over the Press, Truth on the Mkt. (Mar. 17, 2026), https://truthonthemarket.com/2026/03/17/the-fccs-sleeping-power-over-the-press.

[14] Ben Sperry, First Amendment Jurisprudence Should Reflect Economic Reality: Why Red Lion and Pacifica Must Fall, Truth on the Mkt. (Oct. 14, 2025), https://truthonthemarket.com/2025/10/14/first-amendment-jurisprudence-should-reflect-economic-reality-why-red-lion-and-pacifica-must-fall.

[15] Comments of Int’l Ctr. for L. & Econ., MB Docket No. 22-459, supra note 2; Comments of Int’l Ctr. for L. & Econ., MB Docket No. 25-322, supra note 2.

[16] Mondello & Fortunato, supra note 9, at 58.

[17] Reddit Report, supra note 7, at 6.

[18] Westling & Sperry, The 65-Year-Old Law That Still Shapes How You Watch Sports, supra note 6.

[19] “MNF” to ESPN for $8.8B; Sunday Night Goes to NBC for $3.6B, Sports Bus. J. (Apr. 18, 2005), https://www.sportsbusinessjournal.com/Daily/Issues/2005/04/19/Sports-Media/MNF-To-ESPN-For-$88B-Sunday-Night-Goes-To-NBC-For-$36B.

[20] Marc Graser, WWE Network to Launch in February as Streaming Service, Variety (Jan. 8, 2014), https://variety.com/2014/digital/news/wwe-network-to-launch-in-february-as-streaming-service-1201036864.

[21] Streamers Netflix, Amazon Set NFL Viewership Records on Christmas, Associated Press (Dec. 31, 2025), https://www.espn.com/nfl/story/_/id/47465593/streamers-netflix-amazon-set-nfl-records-christmas.

[22] Nick Mangione, How to Watch the NBA on NBC and Peacock: Schedule, Tip-Off Times, and More, Peacock Blog (Aug. 15, 2025), https://www.peacocktv.com/blog/nba-schedule-on-peacock-and-nbc.

[23] NBA League Pass, NBA (last visited Mar. 24, 2026), https://support.watch.nba.com/hc/en-us/articles/115000585974-NBA-League-Pass.

[24] All of ESPN. All in One Place, ESPN (last visited Mar. 24, 2026), https://plus.espn.com.

[25] Eben Novy-Williams & Jacob Feldman, Apple, MLS Deal Will End in 2029 With Revised Payment Structure, Sportico (Nov. 14, 2025), https://www.sportico.com/leagues/soccer/2025/apple-mls-streaming-contract-change-1234876902.

[26] Alex Sherman & Jabari Young, NFL Finalizes New 11-Year Media Rights Deal, Amazon Gets Exclusive Thursday Night Rights, CNBC (Mar. 18, 2021), https://www.cnbc.com/2021/03/18/nfl-media-rights-deal-2023-2033-amazon-gets-exclusive-thursday-night.html.

[27] Public Notice, supra note 1, at 1.

[28] Spectrum Streaming: Get Over $100 Per Month of Apps Included, Spectrum (last visited Mar. 24, 2026), https://www.spectrum.com/cable-tv/streaming.

[29] Id.

[30] Tom Butts, Super Bowl LVI Streaming Averaged 50–60 Seconds Behind Cable When Compared to In-Stadium Experience, TV Tech. (Feb. 14, 2022), https://www.tvtechnology.com/news/super-bowl-lvi-streaming-averaged-50-60-seconds-behind-cable.

[31] Macy Meyer, UFC Streaming Moves to Paramount Plus in Multibillion-Dollar Deal, CNET (Aug. 11, 2025), https://www.cnet.com/tech/services-and-software/ufc-streaming-moves-to-paramount-in-multi-billion-dollar-deal.

[32] Comments of the Int’l Ctr. for L. & Econ., Authorizing Permissive Use of the “Next Generation” Broadcast Television Standard, GN Docket No. 16-142 (Jan. 15, 2026), https://laweconcenter.org/wp-content/uploads/2026/01/ATSC-Comments.pdf.

[33] Big Tech Is a Threat to Local Journalism, Nat’l Ass’n of Broadcasters (last visited Mar. 24, 2026), https://www.nab.org/bigtech.

[34] See, e.g., NewsON, https://www.newson.us.

[35] Public Notice, supra note 1, at 1.

[36] Jake Bickerton, Report Finds Sports Fragmentation Is Frustrating Fans, Sport Broadcast (Mar. 13, 2026), https://www.broadcastnow.co.uk/broadcasting/report-finds-sports-fragmentation-is-frustrating-fans/5214803.article.

[37] Public Notice, supra note 1, at 4-5.

[38] Id. at 3-4.

[39] Id. at 4-5.

[40] Red Lion Broad. Co. v. FCC, 395 U.S. 367, 400–01 (1969).

[41] 47 U.S.C. § 315.

[42] 15 U.S.C. §§ 1291–1295.

[43] See, e.g., West Virginia v. EPA, 597 U.S. 697 (2022).

[44] Id.

[45] David L. Anderson, The Sports Broadcasting Act: Calling It What It Is—Special Interest Legislation, 17 UC Law SF Comm. & Ent. L.J. 945, 946 (1995).

[46] Id. at 949-950.

[47] Sports Broadcasting Act of 1961, 15 U.S.C. §§ 1291–1295.

[48] See, e.g., NCAA v. Bd. of Regents of Univ. of Okla., 468 U.S. 85 (1984).

[49] Comments of Int’l Ctr. for L. & Econ., MB Docket No. 25-322, supra note 2, at 6.

[50] Brief for Former Antitrust Enforcers as Amici Curiae Supporting Appellants, In re Nat’l Football League Sunday Ticket Antitrust Litig., No. 24-4115 (9th Cir. June 17, 2025).

[51] See Lillian Rizzo, NFL “Sunday Ticket” Goes to YouTube in Seven-Year, $2 Billion Annual Deal, CNBC (Dec. 22, 2022), https://www.cnbc.com/2022/12/22/nfl-sunday-ticket-youtube-tv.html; see also John Ourand, The Rise of Sunday Ticket, Sports Bus. J. (Sept. 1, 2019), https://www.sportsbusinessjournal.com/Journal/Issues/2019/09/02/Media/Sunday-Ticket (describing the prior history of NFL Sunday Ticket).

On behalf of the International Center for Law & Economics (ICLE), a nonprofit, nonpartisan research group focused on rigorous economic analysis of law and policy, I write to express concerns about S. 1424.

As the Committee considers this legislation, we urge careful scrutiny of its competitive effects. By imposing an arbitrary temporal restriction that effectively bars direct-to-consumer vehicle sales, the bill risks reducing competition and harming consumers over the long term.

Idaho has long championed free-market competition and limited government intervention. S. 1424 moves in the opposite direction. It would shield incumbents from modern competitive pressures and adopt a protectionist approach that favors existing firms over new entrants.

Direct-Sales Restrictions as Barriers to Entry

Dealer franchise laws originally aimed to prevent manufacturers from engaging in “fair-weather” competition—opening company-owned stores to undercut independent dealers that had already made significant capital investments.

Today, those laws serve a different function. States increasingly use them to block new manufacturers from entering the market with a direct-sales model.

As ICLE has noted in prior work on state laws that affect interstate commerce,[1] these restrictions create substantial barriers to entry. By mandating a specific distribution model through an arbitrary cutoff date for direct-sale licensure, the state effectively selects winners and losers. The result: protection for incumbent firms at the expense of new competitors and Idaho consumers.

Reduced Price Competition and Stifled Distribution Innovation

Economic research shows that direct-sales models often lower prices. By removing intermediary markups and reducing inventory-related inefficiencies, manufacturers can pass savings directly to consumers.

S. 1424 would foreclose that option. It would force consumers into a single, potentially higher-cost purchasing channel and weaken competitive pressure on vehicle prices.

The automotive market is undergoing a generational shift in how vehicles are marketed and sold. Digital platforms, online ordering, and transparent pricing increasingly define consumer expectations.

S. 1424 would lock Idaho into an outdated, single-channel distribution system. By preventing new entrants from using direct-to-consumer models, the bill would restrict experimentation and slow the adoption of more efficient, consumer-responsive sales methods.

Conclusion: Let Markets Compete

Competitive markets reward firms that offer better products and more efficient delivery models. If the traditional franchise system remains superior, it will succeed without legislative protection.

If direct sales offer advantages, the law should not prevent firms from competing on that basis. A licensing threshold that effectively limits participation to a small number of firms undermines competition and consumer choice.

S. 1424 is likely to reduce competition, raise prices, and limit consumer options in Idaho.

Thank you for your time and for your service to the people of Idaho.

[1] Geoffrey A. Manne et al., ICLE Comments on State Laws Having Significant Adverse Effects on the National Economy or Interstate Commerce, Int’l Ctr. for L. & Econ. (Sept. 15, 2025), https://laweconcenter.org/resources/icle-comments-on-on-state-laws-having-significant-adverse-effects-on-the-national-economy-or-interstate-commerce.

Executive Summary

We thank the European Commission for the opportunity to comment on data-privacy provisions of the Digital Omnibus. ICLE is a nonprofit, nonpartisan research centre that applies law & economics analysis to technology governance, competition, and consumer-protection policy. Our interest is to ensure that the EU’s digital rulebook advances consumer welfare and innovation through clear, predictable, and proportionate rules grounded in evidence and sound economics.

The Commission’s Digital Omnibus proposal (COM(2025)837) moves in the right direction. It recognises that the GDPR and the ePrivacy framework have become harder to apply, less predictable to enforce, and increasingly detached from technological reality. The proposal therefore deserves broad support. It would make the law more workable in several important respects, particularly by clarifying the definition of personal data and confirming that legitimate interest can support AI development subject to safeguards.

The package nevertheless remains incomplete. Its ePrivacy reforms are too cautious to resolve the cookie-banner problem, and the proposal does not address the deeper institutional dynamics that helped create the current dysfunction. The same authorities that expanded the scope of existing rules, and interpreted exemptions narrowly, will interpret the new ones. Without enforcement reform, textual simplification alone will deliver only part of the promised benefit.

ICLE’s position can be summarised in four propositions.

First, the entity-relative definition of personal data should be adopted. The proposed amendment to Article 4(1) reflects the CJEU’s recognition in EDPS v SRB that pseudonymised data are not personal data for every actor in every circumstance. It also follows the longstanding logic of Recital 26, which asks whether identification is reasonably likely in practice. A workable legal system should not impose the full weight of the GDPR on an entity that cannot realistically identify the person concerned. The amendment would improve legal certainty, strengthen incentives for pseudonymisation and data minimisation, and help arrest the drift toward treating the GDPR as a ‘law of everything’. The co-legislators should adopt the amendment and retain Article 41a, while clarifying that implementing acts create a rebuttable presumption of non-identifiability for the relevant entity.

Second, the AI provisions are welcome and necessary. Article 88c would confirm that the development and operation of AI systems may rely on legitimate interest, subject to safeguards and an unconditional right to object. That clarification is needed. The EDPB has acknowledged that legitimate interest may apply, but it has done so in terms that preserve maximum enforcement discretion and leave controllers without meaningful certainty. Legislation is the appropriate vehicle for resolving this question. Article 9(2)(k), which addresses residual special-category data in training datasets, is also directionally sound. It recognises a technical reality: large-scale training datasets cannot be purified with perfect ex ante accuracy, and the law should require proportionate safeguards rather than impossible guarantees. The legislature should therefore adopt these provisions rather than defer to non-binding guidance.

Third, the cookie and ePrivacy reforms do not go far enough. The Commission correctly diagnoses consent fatigue and the failure of endless cookie banners, but the proposed solution in Articles 88a and 88b remains too narrow. By moving personal-data processing into the GDPR while leaving non-personal terminal-equipment data under Article 5(3) of the ePrivacy Directive, the proposal creates a two-regime structure that is legally awkward and likely to produce perverse incentives. The audience-measurement exemption is too narrow to cover common analytics arrangements, and the package omits low-risk exemptions for fraud detection, basic advertising measurement, frequency capping, and similar functions. Browser-based consent signals may also become a one-way ratchet if regulators accept automated refusals broadly but reject automated opt-ins as insufficiently specific. The co-legislators should broaden the exemptions, resolve the two-regime problem, and ensure that automated signals operate in both directions.

Fourth, enforcement reform is the missing piece. The strongest substantive provisions in the Digital Omnibus will underperform if they are interpreted by institutions with structural incentives to maximise the scope of data-protection law and minimise legislative constraint. In practice, the EDPB’s guidelines and opinions already function as quasi-legislation, yet the most influential of those instruments remain difficult to challenge and lack meaningful ex ante accountability. The same dynamic appears in the objections raised against the Omnibus itself. The Commission acknowledges the need for more consistent and harmonised enforcement but proposes no mechanism capable of delivering it. ICLE therefore urges the co-legislators to treat enforcement reform as a parallel priority—whether through a dedicated roadmap, mandatory proportionality assessments for EDPB outputs, stronger consultation requirements, or more ambitious institutional reform that separates investigation from adjudication and creates an independent multidisciplinary tribunal for consequential cross-border cases.

I. Clarifying the Definition of Personal Data (Art. 4(1) and Art. 41a)

A. The Commission’s Proposed Clarification

The Commission proposes amending Article 4(1) GDPR to clarify that information does not constitute personal data for a given entity where that entity cannot identify the natural person to whom the information relates, taking into account the means reasonably likely to be used by that entity.[1]

The proposal also introduces a new Article 41a. This provision would empower the Commission, in close cooperation with the European Data Protection Board (EDPB), to adopt implementing acts specifying technical criteria for determining when pseudonymised data no longer constitute personal data for certain entities.[2]

Together, these provisions move the GDPR toward an entity-relative concept of identifiability, grounded in realistic identification risk.

B. Why the Definition Matters

In practice, the GDPR has increasingly operated as a ‘law of everything’ in the digital economy.[3] Data protection authorities and activist organisations frequently advocate extremely broad readings of ‘personal data’. Under those interpretations, any pseudonymous identifier capable of singling out a user qualifies as personal data, even where the controller has no realistic means of identifying the individual behind it.[4]

This interpretation extends the GDPR’s obligations far beyond the circumstances the regulation was designed to address. The GDPR’s safeguards were built for situations in which individuals can be identified and therefore face concrete risks. When the same obligations apply to processing that presents no realistic identification risk, the regulatory framework becomes misaligned with the harms it aims to prevent.

The consequences are tangible. Compliance costs reach levels the Commission itself estimates at roughly EUR 5 billion annually.[5] More importantly, the legal framework strains under the pressure of applying identification-based rules to non-identifiable data. Organisations must choose between nominal compliance and genuine data protection.

Recent CJEU case law has begun to correct this trajectory. In European Data Protection Supervisor v Single Resolution Board, the Grand Chamber rejected the claim that pseudonymised data constitute personal data ‘in all cases and for every person’.[6] Identifiability, the Court held, ‘depends, in essence, on the circumstances of the processing of the data in each individual case’.[7] The Court expressly rejected the EDPS’s position—the position supported by the EDPB as intervener—that pseudonymised data must always be treated as personal data for every actor.[8]

ICLE previously noted that the original Digital Omnibus consultation omitted any reform of the GDPR’s personal-data definition, representing a significant missed opportunity.[9] Now that the Commission has proposed such reform, the central policy question is how to secure the benefits of a workable definition rather than allowing the initiative to be diluted through restrictive interpretation.

The definition matters. Yet clarifying the definition alone may not suffice if enforcement structures remain unchanged. Section IV returns to this point.

C. The Constitutional Case for a Realistic Identifiability Standard

Some critics argue that the proposed definition conflicts with Article 8 of the Charter of Fundamental Rights, which protects the right to ‘protection of personal data’.[10] Noyb contends that because Article 8 CFR refers to the definition in Directive 95/46, the legislature ‘has no powers to change the definition of “personal data” to encompass less than the understanding of Directive 95/46’.[11]

That argument is difficult to sustain.

Article 8 protects personal data, but the Charter does not itself define identifiability in operational terms. The Charter’s Explanations state that Article 8 is based on Directive 95/46 and Regulation 45/2001. That reference does not constitutionalise the broadest possible interpretation of the Directive beyond legislative clarification.[12]

Directive 95/46 already incorporated a contextual identifiability standard. Recital 26 required consideration of ‘all the means likely reasonably to be used’ to identify a person.[13] The CJEU relied directly on that formulation in Breyer. The Court asked whether combining a dynamic IP address with ISP-held data constituted a means ‘which may likely reasonably be used’ to identify the data subject. Identification would not be reasonably likely where it was ‘prohibited by law or practically impossible’ or where it required disproportionate effort in time, cost, or manpower, such that ‘the risk of identification appears in reality to be insignificant’.[14]

A legislative clarification built around realistic identifiability therefore remains within the Charter’s constitutional framework. Article 52(1) CFR expressly allows proportionate limitations that pursue legitimate aims and respect the essence of fundamental rights. The proposed amendment preserves the essence of Article 8—personal data remain protected—while calibrating the trigger for protection. Data qualify as personal data when a given entity can realistically identify the individual concerned.

Advocate General Spielmann framed the point succinctly in SRB:

It seems to me disproportionate to impose on an entity, which could not reasonably identify the data subjects, obligations arising from [the GDPR].[15]

Proportionality analysis must run in both directions. Article 52(1) CFR requires that limitations of fundamental rights be proportionate. Overbroad interpretations of personal data also constrain other fundamental rights, including the freedom to conduct a business (Article 16 CFR) and the freedom of the arts and sciences (Article 13 CFR).

The question therefore runs in both directions. One may ask whether narrowing the personal-data definition disproportionately limits data protection. One must also ask whether treating pseudonymised data as personal data for every entity, regardless of realistic identification risk, disproportionately restricts the rights of those who process such data.

The EDPB and EDPS Joint Opinion addresses only the first question. Its proportionality analysis tests whether limitations on data protection are justified, but it does not examine whether the scope of data protection itself remains proportionate to the burdens it imposes. That asymmetry leaves the analysis incomplete.

D. CJEU Case Law Supports the Commission’s Approach

The Joint Opinion argues that the proposal introduces ‘significant changes that go beyond the stated aim of introducing “targeted” or “technical” amendments’.[16] Even if the proposal extends beyond mere codification, that does not present a constitutional problem. Courts interpret existing law; legislatures clarify and recalibrate legal standards within constitutional limits.

The EDPB further claims the proposal extracts ‘only a single element from a single case’ without the surrounding doctrinal context.[17] Noyb cites several CJEU decisions as contradicting the proposal.[18] On closer examination, those cases largely support an entity-relative interpretation of identifiability.

A recurring problem in the objections is doctrinal conflation. Decisions addressing whether information ‘relates to’ a person, or discussing the breadth of ‘any information’, are treated as though they resolve the separate question of whether a person is identifiable to a given entity.

1. Breyer

Breyer establishes the objective ‘reasonable means’ standard reflected in the proposal. The Court did not hold that theoretical identification suffices. Instead, it asked whether combining a dynamic IP address with ISP-held information constituted a means ‘which may likely reasonably be used’ to identify the data subject. Identification would not qualify where it was legally prohibited or required disproportionate effort such that ‘the risk of identification appears in reality to be insignificant’.[19]

The IP address counted as personal data because legal channels existed allowing the media service provider to obtain the necessary information through public authorities.[20] Noyb’s reliance on paragraph 48 to argue that ‘the possibility was sufficient’ omits the Court’s conditioning analysis.[21]

2. Nowak

Nowak concerns a different element of the definition. The Court explained that information ‘relates to’ a person where its content, purpose, or effect links it to that individual.[22] Exam answers qualified because they reflected the candidate’s knowledge, served the purpose of evaluating that candidate, and affected the candidate’s rights.

That reasoning clarifies the ‘relating to’ limb of personal data. It does not address pseudonymisation or identifiability by downstream actors.

3. Nacionalinis

Nacionalinis holds that pseudonymised data remain personal data where they can be attributed to a natural person through additional information.[23] This would defeat any proposal categorically excluding pseudonymised data.

The decision does not answer the more precise question later addressed in SRB: for which actor, in which context, and using which realistically available means is the individual identifiable?

4. Pankki

Pankki emphasises that ‘any information’ reflects the legislature’s intent to give the concept of personal data a wide scope.[24] The judgment simultaneously recalls Recital 26’s requirement to consider ‘all the means reasonably likely to be used’ to identify the person.[25]

Breadth applies only after the identifiability threshold has been crossed.

5. IAB Europe

In IAB Europe, the Court held that a TC String may constitute personal data where combining it with other identifiers allows identification.[26] The analysis turned on the fact that the TC String forms part of an ecosystem designed for combination with other identifiers and downstream actors.

The Court emphasised systemic identifiability rather than abstract possibility. The case therefore concerns a technical architecture designed to enable identification.

6. OC (OLAF)

OC addressed whether statements in an OLAF press release enabled the public to identify the individual concerned by combining them with online information.[27] SRB cited the case for precisely that proposition.[28]

At the same time, SRB also relied on OC to reiterate that identification is not reasonably likely where legal or practical constraints make the risk insignificant.

The case illustrates a mosaic scenario: identifiability arises because a sufficiently specific bundle of attributes is released into an environment where cross-referencing is reasonably likely.

The Omnibus proposal’s third sentence reflects that logic. Information does not become personal data for an entity ‘merely because’ a potential recipient possesses identification means. Where a controller intentionally designs disclosure for identifiable recipients, the data remain personal for the controller as well.[29]

Taken together, the case law supports the Commission’s direction more than critics acknowledge.

E. The Third Sentence and Indirect Identifiability

The proposal’s third sentence raises a narrower technical question. In SRB, the Court held that when data are made available to a recipient who possesses identification means, those data may become personal data both for the recipient and indirectly for the transmitting entity.[30]

Scania reaches a similar conclusion: data become personal data for the manufacturer ‘indirectly’ when it provides them to independent operators capable of identification.[31]

The Joint Opinion interprets the proposal as severing this indirect responsibility. That reading overlooks the qualifier ‘merely because’. Where a controller designs a data flow for recipients with identification means, the data remain personal data for the controller.

The Joint Opinion’s alternative interpretation creates a deeper problem. If data become personal for Entity A whenever any downstream recipient could identify the individual, the entity-relative approach becomes meaningless. In modern data ecosystems, some downstream actor will almost always possess identification capabilities. Pseudonymised data would therefore remain personal data in practice for every actor in the chain—the very result SRB rejected.

The sentence could benefit from clearer drafting. The underlying principle, however, remains sound.

F. Making the Entity-Relative Test Work in Practice

The entity-relative test functions as a design incentive. Organisations that structure systems to prevent identification benefit from reduced regulatory obligations. Organisations that retain identification capabilities remain fully subject to the GDPR.

The standard already exists in EU law. Recital 26 GDPR refers to ‘all the means reasonably likely to be used’, including objective factors such as costs, time, and available technology. The Omnibus proposal moves this standard from interpretive guidance into operative text, strengthening legal certainty.

Noyb argues that the proposal creates ‘major uncertainty’.[32] Taken seriously, that argument would undermine the existing Recital 26 standard on which the GDPR already relies.

1. Burden of proof

Advocate General Spielmann proposed a workable burden-of-proof framework. Controllers seeking to rely on non-identifiability must demonstrate, through factual evidence, that their technical and organisational measures prevent identification.[33] Once the controller meets that burden, the regulator may show why those measures are insufficient.[34]

This structure provides supervisory authorities with a clear enforcement pathway. Controllers must demonstrate—not merely assert—that internal separation of roles, technical safeguards, and contractual arrangements genuinely prevent re-identification.

2. Singling out vs identification

Some critics argue that the ability to single out a device or session necessarily implies identifiability. Recital 26 itself distinguishes these concepts. A controller may distinguish a device or browser session without attributing that information to an identified natural person.

Identification requires the ability to attribute data to a natural person and to distinguish that individual from others in a way that enables action directed at that person.[35]

3. Information asymmetry

Noyb argues that the entity-relative approach creates a ‘chicken-and-egg problem’: regulators and data subjects cannot determine whether data are personal without access to the controller’s internal systems.[36]

This concern exists under current law as well. Article 11(1) GDPR already recognises situations in which controllers cannot identify data subjects and adjusts obligations accordingly.[37] The proposal does not create the problem. It clarifies how it should be assessed.

4. Guarding against strategic ignorance

Stalla-Bourdillon warns that the entity-specific test could ‘reward willful blindness’, allowing companies to avoid learning about re-identification risks.[38]

The GDPR already contains safeguards against that behaviour. Article 11(1) does not allow controllers to avoid awareness deliberately. The ‘means reasonably likely to be used’ standard includes methods the entity should reasonably know about. Recital 26 requires assessment of available technology, not merely subjective knowledge.

5. Distributional effects

Noyb argues that the proposal benefits large technology firms while leaving SMEs subject to the GDPR.[39] This framing treats data protection reform as primarily redistributive.

In practice, any entity processing pseudonymised data that it cannot re-identify benefits from the clarification. Research institutions, health-data intermediaries, analytics providers, and SMEs that receive aggregated datasets all fall into this category.

More importantly, the proposal creates correct incentives. Organisations that design systems to avoid identification receive regulatory benefits. That aligns with the GDPR’s data-minimisation principle.

G. Who Should Define Personal Data?

The EDPB and EDPS treat the proposed amendments to Article 4(1) and Article 41a as the most serious problem in the Digital Omnibus package.[40] Their recommendation is categorical: remove the amendment[41] and rely instead on forthcoming EDPB guidance on pseudonymisation and anonymisation.[42]

This proposal highlights a structural problem in EU data-protection governance. Allowing the enforcement authority to determine the scope of the law it enforces creates an inherent conflict of interest.[43]

EDPB guidelines are formally non-binding. In practice, they operate as quasi-legislation. They shape national supervisory authority enforcement, guide market behaviour, and prove extremely difficult to challenge judicially.

Recent CJEU confirmation that binding EDPB decisions are subject to direct judicial review only underscores the accountability gap.[44] Guidelines that remain formally non-binding but practically determinative receive far less judicial scrutiny.

The Joint Opinion illustrates this problem. It asserts that the proposal would ‘adversely affect’ fundamental rights but offers no empirical evidence, enforcement modelling, or quantitative analysis supporting that claim.

Implementing acts adopted under Article 41a would provide greater accountability. They require formal Commission adoption, EDPB consultation, comitology oversight, and judicial review under Article 263 TFEU.

The Joint Opinion correctly notes one drafting ambiguity. It asks whether implementing acts would create a rebuttable presumption of non-identifiability or merely constitute one factor among others.[45] That is a fair concern.

The co-legislators should clarify that compliance with implementing-act criteria creates a rebuttable presumption that pseudonymised data do not constitute personal data for the relevant entity.

H. Recommendations

1. Adopt the Article 4(1) amendment

The entity-relative definition of personal data represents the most important improvement in the proposal. It aligns with SRB, Breyer, and Recital 26 GDPR. It creates appropriate incentives for pseudonymisation and data minimisation, and it prevents further expansion of the GDPR into a ‘law of everything’.

2. Clarify the third sentence

The text should explicitly preserve the principle that when a controller designs a data flow for recipients with identification means, the data remain personal data for the controller. The phrase ‘merely because’ likely preserves this principle, but the drafting should be tested against the Scania and OC scenarios.

3. Adopt Article 41a with a rebuttable presumption

Implementing acts adopted with EDPB consultation and comitology oversight provide greater accountability than EDPB-only guidance. Compliance with implementing-act criteria should create a rebuttable presumption of non-identifiability.

4. Do not delegate this issue solely to the EDPB

Leaving the question to EDPB guidance would preserve the institutional status quo that ICLE has repeatedly identified as the central structural weakness in EU data-protection governance.

II. AI and the GDPR (Art. 88c and Art. 9(2)(k))

A. The Commission’s Proposed Amendments

The Commission proposes two new provisions addressing the legal framework for AI development under the GDPR.

Article 88c clarifies that processing personal data in the context of the ‘development and operation’ of an AI system or AI model may rely on legitimate interests within the meaning of Article 6(1)(f) GDPR, provided the controller implements appropriate technical and organisational safeguards.[46] These safeguards include data minimisation during source selection and training, protection against disclosure of residually retained data, enhanced transparency, respect for machine-readable opt-out signals, and an unconditional right to object.[47]

Article 9(2)(k) introduces a limited derogation from the prohibition on processing special categories of personal data.[48] The derogation applies where such data appear residually in AI training, testing, or validation datasets.[49] Controllers must implement effective measures to avoid processing special categories, remove such data once identified, and—where removal would require disproportionate effort—ensure the data cannot be used to produce outputs or disclosed to third parties.

Together, these provisions address two structural challenges in applying the GDPR to AI development: uncertainty over the lawful basis for training models at scale and the practical inevitability that large-scale datasets will contain some amount of special-category data.

B. Legislative Clarification Is Necessary

The legal basis for AI training in the EU remains unsettled. EDPB Opinion 28/2024 acknowledges that legitimate interest may support AI model training, but the Opinion frames that possibility in language designed to preserve maximum enforcement discretion.[50] It recognises the possibility while leaving the balancing test so open-ended that compliance remains uncertain.

The result is a regulatory environment defined by ambiguity. Companies training AI models in the EU operate under a continuing risk of enforcement action—not because the law clearly prohibits their activities, but because the enforcer has declined to clarify whether they are permitted.

This ambiguity reflects a regulatory choice. As ICLE observed in its October 2025 submission, the EDPB’s approach illustrates a structural problem in EU data protection governance: ‘lengthy compliance measures without guarantees’, combined with ‘a threat of discretionary enforcement’ that ‘chills investment and innovation at the margins’.[51]

National supervisory authorities have already reached divergent conclusions. CNIL’s AI guidance demonstrates that balanced enforcement is possible. It provides concrete recommendations on dataset selection, pseudonymisation, and safeguards that give controllers a workable compliance framework.[52] One or two national authorities, however, cannot establish EU-wide legal certainty.[53]

The EDPB’s Joint Opinion argues that Article 88c is unnecessary because the EDPB Opinion on AI models already recognises legitimate interest as a potential legal basis.[54] This reasoning misunderstands the role of legislation. An enforcer’s non-binding opinion—revisable or withdrawable at any time—cannot substitute for a binding legislative rule.

Legislation exists precisely to define legal standards that cannot be altered at the enforcer’s discretion. Suggesting that an enforcer’s acknowledgement of a legal possibility renders legislation unnecessary inverts the constitutional relationship between legislature and enforcer.[55]

This pattern appears repeatedly in the Joint Opinion. On the definition of personal data, the EDPB argues that forthcoming pseudonymisation guidance should replace legislative amendment.[56] On DPIAs, it seeks exclusive control over relevant lists.[57] On breach-notification templates, it proposes to ‘prepare and approve’ them without Commission oversight.[58]

The cumulative picture is of an institution seeking to maximise its interpretive authority while minimising legislative and executive supervision. Article 88c is necessary precisely because it subjects the legal framework for AI training to democratic decision-making rather than leaving it to an enforcer whose institutional incentive is to preserve maximum discretion.

C. Legitimate Interest Is the Only Scalable Lawful Basis

The GDPR establishes no hierarchy among lawful bases. The EDPB itself has confirmed this.[59] Framing the debate over AI training as a choice between consent (proper) and legitimate interest (second-best) therefore misrepresents the legal framework.[60]

The relevant question is which lawful basis is proportionate and workable for training AI systems at internet scale. For three reasons, the answer is legitimate interest.

1. Consent does not scale

Large language models are trained on vast datasets drawn from publicly available internet sources. Obtaining informed, specific consent from every individual whose information appears in those sources is operationally impossible.

Even when controllers rely on first-party datasets, the scale of training data—often billions of documents—makes individual consent impracticable. Consent also carries a right of withdrawal under Article 7(3), which is difficult to operationalise once data have been incorporated into model training.

This mismatch between consent’s architecture and AI training’s operational reality does not justify prohibiting the technology.

2. Legitimate interest already includes a right to object

Critics argue that relying on legitimate interest ‘shifts the burden to 450 million Europeans’.[61] This framing overlooks how the GDPR already operates. Legitimate interest with a right to object is a standard mechanism under the Regulation. Direct marketing provides the clearest example under Article 21(2).

Article 88c actually strengthens data-subject protections. The provision creates an unconditional right to object that does not require individuals to demonstrate ‘grounds relating to his or her particular situation’, as Article 21(1) normally requires.[62]

Requiring consent for every publicly available data point would instead entrench incumbents that already possess large datasets while preventing new entrants from assembling training data retrospectively.

3. The search engine analogy

Generative AI occupies a developmental stage comparable to search engines in the late 1990s. Early search engines indexed publicly available web content without obtaining prior consent from every website author or individual referenced online.

If maximalist interpretations of data protection law had prevailed at that time—treating indexed pages as personal data requiring consent before processing—search engines would never have emerged.

The CJEU instead developed a balanced framework. In Google Spain, the Court recognised that operating a search engine constitutes a legitimate interest, subject to balancing against the rights of data subjects.[63] In GC and Others, the Court accepted that search engines cannot exercise systematic ex ante control over all indexed content, including sensitive data.[64] The Court endorsed a notice-and-takedown model rather than requiring prior filtering.

Advocate General Szpunar emphasised the ‘impracticality’ of requiring systematic ex ante monitoring of content encountered at internet scale.[65]

AI training faces the same structural challenge. The objective of training is to identify statistical patterns and predict plausible outputs, not to retrieve or disclose specific personal data.[66] Individual data points become diluted within extremely large datasets and rarely exert a ‘measurable influence’ on model outputs.

The Cologne Higher Regional Court highlighted this distinction, explaining that AI systems ‘cannot be equated with a “data archive”’ but ‘regularly consist solely of parameters for probability calculations’.[67]

Conditioning the legality of such technology on uncertain and evolving interpretations of data protection law risks creating a de facto prohibition that benefits neither data subjects nor the EU economy.

Claims that Google Spain paragraph 81 excludes commercial web scraping from legitimate interest misread the judgment.[68] The Court recognised the search engine operator’s legitimate interest and then balanced it against data-subject rights. The judgment does not categorically exclude commercial scraping from Article 6(1)(f).[69]

Article 88c reflects this framework.[70] The provision does not exempt AI training from the legitimate-interest balancing test.[71] Recital 30 confirms that ‘all other conditions of Article 6(1)(f)’ and ‘all other requirements and principles’ of the GDPR remain applicable.[72]

What Article 88c changes is the starting point of the analysis. Today, controllers must effectively persuade each supervisory authority that AI training can qualify as a legitimate interest. Article 88c makes that threshold determination legislatively. Supervisory authorities and courts may still conclude that specific training operations fail the balancing test, but they can no longer treat the legitimacy of AI training itself as an open question.

The objection that the provision ‘merely restates’ Article 6(1)(f) without clarifying the necessity or balancing tests misidentifies its function.[73] Article 88c is a legislative signal that the EDPB’s strategically ambiguous Opinion 28/2024 did not provide. Recitals 30 and 31 supply substantial guidance on the balancing factors, including beneficial uses for data subjects and society, reasonable expectations, enhanced transparency, the unconditional right to object, respect for technical indications limiting data use, and privacy-preserving techniques.[74]

The provision could usefully be supplemented by more specific criteria. But the choice between an imperfect legislative provision and no provision at all is clear.

D. Assessing Necessity in AI Training

The necessity test under Article 6(1)(f) asks whether the processing is necessary to pursue the legitimate interest—not whether less data could theoretically be used.

The Cologne Higher Regional Court’s analysis provides the most detailed judicial treatment to date. The Court rejected the claim that synthetic data offer an equivalent alternative, finding it ‘hardly plausible’ that ‘the significantly smaller amount of data to be obtained in this way … leads to comparable results when training the AI’.[75]

The Court also rejected the suggestion that controllers must justify the necessity of each individual data point:

The training of an AI requires the use of masses of data to generate patterns and probability parameters … the individual data hardly ever has a measurable influence.[76]

Necessity analysis should therefore focus on categories of data and dataset-selection criteria, rather than individual records.

CNIL’s recommendations illustrate a workable approach. Controllers should establish clear dataset-selection rules, apply pseudonymisation or de-identification before training where possible, and exclude categories of data unnecessary for the training objective.[77] These requirements are auditable and scalable.

By contrast, a record-by-record necessity assessment is incompatible with the scale of modern AI training.

Opponents often cite KNLTB paragraph 51 as evidence that legitimate interest requires something close to prior consent.[78] A closer reading shows that the passage addresses how controllers must inform data subjects of their right to object. It does not require controllers to obtain prior agreement before relying on Article 6(1)(f).

Paragraph 49 of KNLTB confirms that ‘a commercial interest of the controller could constitute a legitimate interest … provided that it is not contrary to the law’.[79]

E. Balancing Interests and Safeguards

The balancing test weighs the controller’s interests against the interests, rights, and freedoms of data subjects. Several factors are relevant in the AI context.

1.  The public interest in AI development

The interest at stake extends beyond commercial gain. The Commission identifies AI as ‘key in providing for economic growth and supporting innovation with socially beneficial outcomes’.[80] Recital 31 lists concrete benefits, including bias detection, safer outputs, and improved accessibility.[81]

EU competitiveness considerations reinforce this interest. The European Council has emphasised the strategic importance of AI development, while the Draghi and Letta reports both identify regulatory fragmentation as an obstacle to European innovation.[82]

These policy assessments reflect the legislature’s judgment that enabling AI development within proportionate safeguards serves the general interest.

2. Reasonable expectations

Reasonable expectations depend on context. Critics often argue that individuals do not expect publicly available information to be used for AI training. That claim oversimplifies the analysis.

Recital 31 directs attention to the specific context of processing, including the relationship between the data subject and the controller, transparency measures, technical signals limiting reuse, and the availability of an unconditional right to object.[83]

The Cologne Higher Regional Court adopted a similarly contextual approach. The Court did not treat AI training as equivalent to building a searchable archive of personal dossiers. Instead, it assessed whether safeguards limited the interference with individual rights.

Those safeguards included the dilution of individual data points in large datasets, the absence of continuous monitoring of private life, and the practical possibility for individuals to remove publicly available information or object to its use.[84]

3. Proportionate safeguards

Article 88c requires concrete safeguards: data minimisation during dataset selection, protection against disclosure of residual personal data, enhanced transparency, respect for machine-readable opt-out signals, and an unconditional right to object.[85]

Recital 31 further specifies that processing ‘should not give rise to the continuous monitoring of the data subject’s private life’.[86]

These measures impose auditable obligations on controllers while preserving a strong objection right for data subjects.

F. Special Categories of Data and Technical Reality

Article 9(2)(k) addresses a practical constraint of large-scale AI training: special categories of personal data will inevitably appear in training datasets despite efforts to exclude them.

AI training often involves processing millions or billions of documents collected from publicly accessible internet sources. Such corpora will inevitably contain information revealing racial or ethnic origin, political opinions, religious beliefs, health conditions, sexual orientation, or other Article 9(1) categories.[87]

Perfect ex ante filtering is technically impossible. The CJEU’s broad interpretation of special categories—extending even to data from which sensitive information can be inferred[88]—means that almost any large-scale text corpus will contain some Article 9 information.

Without Article 9(2)(k), controllers face a binary choice: guarantee perfect exclusion of special-category data or abandon AI training in the EU.

Recital 33 recognises this reality. The derogation responds to the ‘capabilities of the controller to identify and remove special categories of personal data’ while avoiding rules that would ‘disproportionately hinder the development and operation of AI’.[89]

The derogation remains narrow. Controllers must implement effective measures to avoid processing special categories and must remove such data once identified. Where removal would require retraining an entire model, controllers must ensure the data cannot be used to generate outputs or disclosed to third parties.[90]

The search-engine case law again provides the closest analogy. In GC and Others, the Court acknowledged that search engines inevitably encounter sensitive data and adopted a removal-upon-request framework, rather than requiring categorical prior exclusion.[91]

The Cologne Higher Regional Court reached a similar conclusion, citing CNIL guidance:

if, despite the measures taken, the organisation incidentally and residually processes sensitive data that it did not seek to collect, this is not considered illegal.[92]

The principle is straightforward. Where processing occurs at a scale that makes perfect filtering impossible, proportionate regulation requires reasonable preventative measures and effective remediation—not a blanket prohibition.

The Joint Opinion ‘generally welcomes’ Article 9(2)(k) and proposes several refinements, including clarifying that the derogation applies only to ‘incidental and residual’ processing, excluding user prompts received during deployment, and requiring safeguards throughout the AI development lifecycle.[93]

G. Safeguards and the Right to Object

The unconditional right to object represents the central safeguard in Article 88c. Unlike the standard Article 21(1) mechanism, data subjects need not demonstrate grounds relating to a particular situation. Controllers must cease processing the data subject’s data upon receiving an objection.[94]

The Joint Opinion proposes two adjustments. First, it suggests relocating the right to Article 21 GDPR itself to increase visibility and enforceability. That drafting improvement is reasonable.

Second, the Joint Opinion proposes that data subjects be informed ‘sufficiently in advance of the processing’ so that they may exercise the right ‘from the outset’.[95]

This requirement raises practical challenges. Where AI training relies on publicly available internet data, identifying and notifying every data subject individually may be impossible.

Recital 31 appears to recognise this constraint. It emphasises enhanced transparency and respect for machine-readable signals limiting the use of data for AI development. This framework suggests general transparency measures and technical opt-out signals, rather than individualised advance notice.[96]

Advance notice should be required where technically feasible. The legislature should avoid imposing a standard that renders web-scale training impossible in practice.

A separate concern arises after data ingestion. Critics argue that once personal data have been incorporated into trained models, meaningful deletion becomes technically impossible.[97] The same challenge affects other rights, including the right to erasure under Article 17.

The right to object therefore operates prospectively. Controllers must exclude the objecting individual’s data from future training runs. For models already trained, Article 9(5) requires safeguards ensuring the data cannot be used to generate outputs or disclosed to third parties.[98]

Requiring controllers to retrain models from scratch upon every objection would make AI development economically unviable in Europe without meaningfully strengthening data-subject protection.

H. Recommendations

1. Adopt Article 88c

Legislative clarification that AI training may constitute a legitimate interest is necessary. EDPB Opinion 28/2024 is non-binding, strategically vague, and revocable. Legislation provides the certainty required for investment and compliance.

2. Adopt Article 9(2)(k)

The derogation reflects the technical reality of large-scale AI training while maintaining strong safeguards for sensitive data.

3. Do not condition Article 88c on EDPB Opinion 28/2024

The legislature should not delegate the framework for AI training to the EDPB. The institutional incentive to preserve enforcement discretion is precisely the problem that Article 88c seeks to address.

III. Cookie Consent and ePrivacy (Art. 88a, Art. 88b, and Art. 5(3) ePrivacy Directive)

A. The Commission’s Proposed Amendments

The Commission proposes three interconnected changes to the regulation of cookies and terminal-equipment data access.

First, a new Article 88a GDPR would govern the storing of, and access to, personal data on users’ terminal equipment.[99] Consent remains the default rule, but four exemptions apply where processing is strictly necessary for transmitting an electronic communication, providing a service explicitly requested by the data subject, creating aggregated audience-measurement information for the controller’s own use, or maintaining or restoring the security of a service.[100] Additional consent-management rules require controllers to offer a single-click refusal button, prohibit repeated consent requests for the same purpose while consent remains valid, and impose a six-month cooling-off period after a refusal.[101]

Second, a new Article 88b would require controllers to accept automated, machine-readable consent and objection signals.[102] Browser providers that are not SMEs must implement these signals within 48 months of the regulation’s entry into force.[103] Media service providers are exempted from the obligation to respect automated signals.[104]

Third, Article 5(3) of the ePrivacy Directive would be amended so that it no longer applies to personal data—which would instead fall under Article 88a GDPR—but would continue to apply to non-personal data stored on or accessed from terminal equipment.[105]

The Commission describes these reforms as ‘long-overdue’, acknowledging that cookie consent banners are widely perceived as a nuisance that ‘might not achieve their aim’.[106] That diagnosis is correct. The treatment, however, remains inadequate. Among the Digital Omnibus reforms, the ePrivacy provisions are the weakest.

B. The Problem the Reform Attempts to Address

Article 5(3) of the ePrivacy Directive requires prior consent for storing information on, or accessing information from, a user’s terminal equipment, subject to two narrowly defined exemptions.[107] Under the EDPB’s interpretation, this requirement extends far beyond cookies. It covers tracking pixels, IP-based tracking, and even URL parameters, regardless of whether the data qualify as personal data.[108]

The EDPB also interprets the exemptions narrowly. Routine practices—such as using URL fragments to identify which advertising partner generated traffic, or deploying basic mechanisms to detect advertising fraud—are treated as requiring prior consent.

The result is a consent regime that mandates banners for processing activities posing minimal privacy risk. Cookie banners have become, as the Commission itself recognises, a ‘regulatory solution’ that fails to achieve its intended purpose.[109] The underlying cause is the progressive expansion of Article 5(3)’s scope through enforcement interpretation rather than legislative change.

C. Why the Reform Falls Short

The Commission’s reform addresses the symptoms of the problem but not its structure. Four shortcomings are particularly significant.

1. The two-regime architecture

The most fundamental flaw is architectural. By moving only personal-data processing from the ePrivacy Directive into the GDPR, the proposal creates two parallel regulatory regimes: Article 88a GDPR for personal data on terminal equipment, and Article 5(3) ePrivacy for non-personal data.

As the EDPB and EDPS themselves acknowledge, ‘information stored in the terminal equipment may include personal data and non-personal data, which may lead to uncertainty as to which rules apply to a particular operation’.[110]

The consequences are counterproductive. Controllers must first determine whether the information stored on a user’s device qualifies as personal data before knowing which legal regime applies. That determination may itself be contested.

The result is an inversion of regulatory logic. Non-personal data remain subject to the stricter ePrivacy consent regime, while personal data move to the GDPR, where additional exemptions apply. As noyb observes, this structure ‘could lead to controllers aiming at processing “personal data” in order to benefit from the less restrictive provisions in the GDPR’.[111] A reform intended to simplify the framework instead multiplies its complexity.

ICLE’s response diverges from noyb’s. Non-personal data should be integrated into the same risk-based framework as personal data so that low-risk processing is not trapped in a stricter legacy regime merely because it falls outside the GDPR.

Noyb instead proposes aligning Article 5(3) with an amended Article 88a so that the stricter device-access logic continues to govern both personal and non-personal data.[112] That approach would remove one inconsistency only by extending the more restrictive regime rather than simplifying the framework.

2. The analytics exemption is too narrow

Article 88a(3)(c) exempts processing for ‘creating aggregated information about the usage of an online service to measure the audience of such a service, where it is carried out by the controller of that online service solely for its own use’.[113]

Each element of this formulation restricts the exemption beyond practical usefulness.

The requirement that information be ‘aggregated’ excludes user-level analytics, which underpin basic functions such as session tracking, page-journey analysis, and conversion measurement. Industry commentary already concludes that analytics tools operating across services, platforms, and customers ‘are unlikely to fall within the scope of this exemption’.[114]

The requirement that measurement be carried out ‘by the controller … solely for its own use’ excludes third-party analytics providers operating as processors on the controller’s behalf. This excludes widely used services such as Google Analytics.

The exemption therefore becomes narrower than the equivalent UK provision, which explicitly permits third-party analytics providers acting as data processors.[115]

The EDPB and EDPS reinforce this narrow reading by arguing that the exemption should apply only to ‘anonymous aggregated information’ that does ‘not relate to a specific data subject’.[116] This interpretation renders the exemption largely ineffective, because meaningful audience measurement necessarily involves temporary processing of individual-level data before aggregation.

3. Missing low-risk exemptions

Article 88a(3)’s exemption list omits several low-risk processing activities essential to the functioning of the ad-funded internet.

Fraud detection provides the clearest example. Detecting invalid traffic and bot activity requires access to device-level signals. Under the current framework, this creates the perverse outcome that fraudsters must consent to the mechanisms designed to detect them. The Commission’s security exemption applies only to maintaining the security of a service ‘requested by the data subject’, a formulation likely to exclude advertising-fraud prevention under prevailing DPA interpretations.

Advertising measurement raises a similar issue. Basic attribution—determining whether a user who saw an advertisement subsequently visited the advertiser’s website—forms the economic foundation of online advertising. The Digital Omnibus introduces no consent exemption for any advertising-related function.[117]

This omission is difficult to reconcile with the Commission’s risk-based logic. If aggregated audience statistics are sufficiently low-risk to exempt from consent, measuring whether an advertisement led to a website visit poses no materially greater privacy risk.

The same problem arises with URL parameter processing. EDPB guidelines treat URL parameters—such as UTM tags identifying the marketing campaign that generated traffic—as falling within Article 5(3)[118] Yet these parameters are transmitted automatically by the user’s browser as part of the HTTP request. The server does not instruct the device to disclose them. The Commission’s reform leaves this interpretation untouched.

Contextual advertising presents a final example. Even the EDPB and EDPS suggest that the co-legislators should ‘consider introducing an additional use case in proposed Article 88a(3)’ for contextual advertising because it ‘is more privacy friendly than behavioural advertising’.[119]

The fact that enforcement authorities themselves recommend a broader exemption than the Commission proposes illustrates the reform’s excessive caution. Moreover, contextual advertising still relies on device-derived information for attribution, frequency capping, and other operational functions. A proportionate regime should attach exemptions to low-risk activities and safeguards, rather than relying on simplistic distinctions between contextual and behavioural advertising.

4. Browser consent signals as a one-way ratchet

Article 88b introduces automated browser-level consent signals. In principle, this mechanism could simplify consent management. In practice, it risks becoming a one-way ratchet.

Experience with current DPA practice suggests two likely outcomes. First, negative signals—such as a ‘no tracking’ browser setting—will be interpreted broadly as a global refusal of consent-based processing and direct marketing under legitimate interest. Second, positive signals will be deemed insufficient for valid consent in most cases. Supervisory authorities will argue that consent must remain ‘specific’ and ‘informed’ at the individual-service level.[120]

If that interpretation prevails, browser signals will enable universal opt-out without a corresponding mechanism for universal opt-in. Consent will cease to function as a bilateral interaction between controller and user and instead become a unilateral browser-level refusal mechanism.

The failure of the ‘Do Not Track’ standard provides a cautionary precedent. Industry participants eventually abandoned the initiative after regulators refused to recognise browser-level consent signals as valid expressions of user choice.

D. Lessons from the United Kingdom

The United Kingdom’s recent reforms illustrate that a more proportionate framework is possible.

The Data (Use and Access) Act 2025 replaced the single ‘strictly necessary’ exemption with five consent exemptions covering communication, strictly necessary processing, statistical purposes, appearance preferences, and emergency assistance.[121]

The statistical-purposes exemption is particularly instructive. It allows analytics about how an organisation’s own service is used and explicitly permits third-party analytics providers acting as data processors.[122]

The UK is also developing a broader risk-based enforcement model. In July 2025, the ICO announced a new approach to online advertising enforcement. The ICO identified six advertising capability categories—ad delivery and billing, fraud prevention, brand safety, frequency capping, measurement and attribution, and targeting methods—where low-risk activities may proceed without consent.[123]

The ICO’s position is that ‘online advertising doesn’t have to come at the expense of privacy’ and that regulators should ‘remove unnecessary regulatory barriers and open the door to responsible innovation’.[124]

The UK framework maintains consent requirements for high-risk activities, particularly extensive cross-service behavioural profiling. At the same time, it allows targeted exemptions for low-risk activities essential to digital services.[125]

The UK system also incorporates institutional flexibility. The Secretary of State may add, remove, or modify consent exemptions through secondary legislation following consultation with the ICO.[126] The EU’s Article 88a, by contrast, contains a closed list of exemptions that can be changed only through full legislative amendment.

This flexibility offers a clear advantage. Privacy-preserving technologies—such as on-device processing and privacy sandbox architectures—are evolving rapidly. Regulatory frameworks must be capable of adapting without requiring multi-year legislative reform.

The UK is no longer bound by CJEU precedent, and its experience is not directly transferable to EU law. Nonetheless, it provides empirical evidence that a differentiated, risk-based approach to terminal-equipment data access can function in practice.

The EU’s current binary model—consent or prohibition for most advertising-related activities—is therefore a policy choice rather than a constitutional requirement.

E. The EDPB/EDPS Joint Opinion

The Joint Opinion takes a more constructive tone on the ePrivacy reforms than on the personal-data definition. The EDPB and EDPS ‘support the aim’ of Article 88a, strongly welcome Article 88b, and even suggest expanding the exemption list to include contextual advertising.[127]

The co-legislators should go further. If contextual advertising qualifies for exemption because it is ‘more privacy friendly than behavioural advertising’, similar reasoning applies to other low-risk activities such as fraud detection, frequency capping, advertising delivery, and basic measurement.

More importantly, regulatory analysis should focus on risk characteristics and safeguards, rather than labels attached to advertising models. Data types used, retention periods, combination practices, and processing scale determine privacy risk—not whether advertising is described as contextual or behavioural.

The Joint Opinion also correctly identifies the structural problem created by the two-regime architecture.[128] Its recommendation that recording a consent refusal should be exempt from consent requirements—provided it relies on a generic flag rather than a unique identifier—is a sensible technical improvement.[129]

F. The Enforcement Constraint

The ePrivacy provisions illustrate the central thesis of this submission: textual reform alone cannot succeed without enforcement reform.

Authorities that interpret the current ePrivacy Directive as requiring consent for generic URL parameters are likely to interpret Article 88a’s exemptions just as narrowly. The analytics exemption will not apply to the third-party tools most websites use. The security exemption will exclude advertising-fraud detection. Legislative language that appears workable in theory may become ineffective in practice once filtered through restrictive enforcement interpretation.

Recent enforcement history supports this concern. The EDPB’s guidelines on Article 5(3), adopted in 2023 and finalised in 2024, significantly expanded the range of activities requiring prior consent. Earlier interpretations by several national authorities—including the German Datenschutzkonferenz—had treated certain automatically transmitted data, such as URL parameters and IP addresses, differently.[130]

The shift occurred through guidelines, rather than legislation.

The Commission itself acknowledges that the current framework is failing. The Explanatory Memorandum recognises that consent banners ‘might not achieve their aim’ and that a ‘regulatory solution on the consent fatigue and proliferation of cookie banners is long-overdue’.[131]

If the Commission accepts that the existing regime fails, its replacement must deliver meaningful improvement. That requires exemptions broad enough to survive restrictive interpretation or an enforcement framework that creates incentives for proportionate interpretation.

G. Recommendations

1. Resolve the two-regime architecture

The co-legislators should bring non-personal data within the same risk-based framework as personal data. The current split between Article 88a GDPR and Article 5(3) of the ePrivacy Directive creates perverse incentives, increases legal uncertainty, and undermines the reform’s simplification objective. A controller should not need to resolve a contested personal-versus-non-personal threshold question before determining which consent regime applies.

2. Broaden the exemption list

The exemption list should cover additional low-risk activities that are essential to the functioning of digital services and do not, on a proportionate assessment, justify prior-consent requirements. At a minimum, the list should include advertising-fraud detection, basic advertising measurement, frequency capping, and contextual advertising.

The law should also avoid rigid category labels.[132] Exemptions should turn on actual risk characteristics and safeguards, including the types of data used, retention periods, combination practices, and scale. Low-risk forms of behavioural advertising should not be excluded solely because they are behavioural.

3. Fix the analytics exemption

The audience-measurement exemption should be broadened to permit third-party analytics providers acting as processors under a data-processing agreement, as in the UK model. The current formulation, limited to the controller’s own use, excludes standard market practice and risks rendering the exemption ineffective in practice.

A workable exemption should recognise that meaningful analytics often requires temporary processing of individual-level data before aggregation.

4. Ensure browser signals work in both directions

The legislation should clarify that an affirmative browser-level or operating-system-level opt-in signal can, where the relevant conditions are met, constitute valid consent under Article 4(11) GDPR. Without that clarification, Article 88b is likely to become a one-way opt-out mechanism.

If negative signals are given broad legal effect while positive signals are dismissed as insufficiently specific or informed, the automated-consent framework will operate asymmetrically and will entrench refusal without enabling meaningful user choice.

5. Introduce a flexibility mechanism

The Commission should be empowered to add or modify consent exemptions through delegated acts. The closed list in Article 88a is unlikely to remain fit for purpose as privacy-preserving technologies evolve.

The UK model provides a useful precedent. A more adaptable EU framework would allow regulators and legislators to respond to technological change without waiting for full primary-legislation reform each time a new low-risk use case emerges.

6. Recognise the enforcement constraint

The co-legislators should recognise that exemptions are only as broad as the authorities that interpret them. Even well-drafted provisions will be narrowed if enforcement incentives remain unchanged.

For that reason, the ePrivacy provisions provide the clearest illustration of why substantive reform and enforcement reform must proceed together. As Section V argues, the effectiveness of any exemption will depend not only on the text adopted, but also on the institutional incentives shaping its interpretation.

IV. Enforcement Reform — The Missing Piece

A. The Central Point

The preceding sections have set out the substantive case for the Digital Omnibus’s main reforms: an entity-relative definition of personal data, a legitimate-interest framework for AI training, and a more rational ePrivacy regime. Each faces the same structural obstacle. The authorities that will interpret and apply these provisions have institutional incentives to read exemptions narrowly, expand the scope of the rules they enforce, and resist reforms that reduce their regulatory reach.

Textual reform without enforcement reform is therefore insufficient.

This is the submission’s central institutional point. Most responses to the Digital Omnibus focus on the text. ICLE’s position is different. The text matters, but text alone cannot deliver the Commission’s stated objectives of simplification, legal certainty, and proportionate regulation. The Commission itself appears to recognise this. It notes that ‘more consistent and harmonised interpretation and enforcement across Member States’ is needed.[133] It proposes no mechanism to achieve that result.

B. The Diagnosis

1. Privacy myopia

Across the EU, data protection authorities often operate less like balanced public-interest regulators than like single-issue institutions. Their design helps explain why. DPAs wield enormous enforcement power, including the ability to impose fines running into the hundreds of millions of euros. Yet no equally robust obligation requires them to account for the effects of their decisions on interests other than privacy and data protection.[134]

The result is a form of privacy myopia. Regulatory culture treats maximising data protection as the overriding objective, while innovation, economic security, freedom of expression, and public health enter the analysis, if at all, as concerns for regulated parties to raise defensively.[135]

This is a structural problem, not a personal one. DPAs are staffed by serious professionals who understandably view data protection as important. The problem is that no countervailing institutional voice represents the other interests that data protection enforcement affects. Competition authorities sometimes intervene, but their remit is narrower than the full set of interests at stake.[136] Political institutions, whose responsibilities span economic welfare and public security, are largely excluded because their involvement is seen as inconsistent with Article 52 GDPR’s independence requirement.[137]

The consequences are concrete. EDPB Opinion 28/2024 on AI models is a good example. It sets out a lengthy list of compliance measures while offering no assurance that compliance with those measures will satisfy enforcement authorities.[138] It preserves near-limitless regulatory discretion while providing little practical guidance to firms trying to innovate responsibly.[139] A controller can invest heavily in AI-related compliance and still have no confidence that its efforts will be judged adequate one or two years later.

That uncertainty chills activity almost as effectively as an outright prohibition. For firms choosing where to invest or launch new products, the rational response is often to avoid the EU altogether.[140]

2. Quasi-legislation without accountability

The EDPB amplifies this problem by functioning as an unaccountable quasi-legislator. Formally, it issues non-binding opinions and guidelines. In practice, those instruments operate as law in action. They shape national enforcement priorities, influence market behaviour, and are often treated by courts and regulators as authoritative statements of the law.

Controllers that depart from EDPB guidance face a real prospect of enforcement action, regardless of whether that guidance reflects the GDPR’s text or the CJEU’s case law.

The EDPB’s guidelines on Article 5(3) of the ePrivacy Directive illustrate the point. Adopted in 2023 and finalised in 2024, the guidelines significantly expanded the scope of activities requiring prior consent. They treated generic URL parameters and standard browser transmissions as ‘access to information stored on the terminal equipment’ and displaced narrower interpretations previously adopted by several national authorities.[141]

That shift occurred through guidelines, not legislation. It was not accompanied by an impact assessment, parliamentary oversight, or the kind of structured stakeholder consultation expected of delegated or implementing acts. Yet it reshaped the compliance landscape for website operators across the EU.

The Joint Opinion on the Digital Omnibus reflects the same institutional logic. On pseudonymisation, the EDPB and EDPS argue that forthcoming EDPB guidance is a better vehicle than the Commission’s proposed Article 41a implementing acts. [142] On ePrivacy, they resist transferring cookie rules into the GDPR in part because that move would subject enforcement to the GDPR’s consistency mechanism, which—although imperfect—provides more structure than the current fragmented ePrivacy regime.[143]

The pattern is consistent. Where the Commission proposes legislative clarification or implementing powers subject to oversight, the EDPB argues that it should retain primary or exclusive control.

3. The accountability gap in the courts

Recent litigation involving Meta and WhatsApp exposes a parallel accountability problem in the courts.

In WhatsApp Ireland v EDPB, the Grand Chamber held that EDPB binding decisions under Article 65 GDPR are ‘acts open to challenge’ under Article 263 TFEU.[144] The Court relied on Recital 143 GDPR, which recognises that EDPB decisions ‘may be of direct and individual concern to, inter alia, a controller’.[145] This was an important development. It confirmed that the EDPB cannot materially alter a controller’s legal position—in that case, by directing the Irish DPC to increase a proposed fine from EUR 30 million to EUR 225 million[146] —without the possibility of judicial review.

But the limits of that safeguard are obvious. The action was filed in 2021. The admissibility ruling arrived only in February 2026. The merits remain pending on remand. Even where review is available, meaningful judicial scrutiny may take five years or more.[147]

Meanwhile, non-binding outputs remain effectively insulated. In Meta v EDPB, the General Court held that the EDPB’s Opinion 8/2024 on ‘consent or pay’ models did not produce binding legal effects vis-à-vis third parties and therefore could not be challenged directly.[148] The Court acknowledged that the opinion used mandatory language such as ‘should’ and ‘should not’, but nonetheless characterised it as merely ‘calling for an in-depth consideration’.[149] Meta’s appeal remains pending.[150] Even if Meta succeeds, the case would address only one category of opinion. It would not solve the broader problem posed by guidelines and recommendations, which make up most of the EDPB’s quasi-legislative output.

At the same time, the EDPB’s influence over investigations is expanding. In DPC v EDPB, the General Court upheld the EDPB’s power to require national authorities to broaden investigations beyond the issues originally examined.[151] The Court did not engage seriously with whether the EDPB’s substantive positions were balanced or proportionate. It treated the EDPB as a neutral coordinator of consistent enforcement—the very assumption that is in dispute.[152]

Taken together, these cases expose the gap. The EDPB’s most influential outputs—its guidelines, opinions, and recommendations—remain the least reviewable. Its binding decisions are reviewable in principle, but only after years of litigation and without any clear indication of the intensity of substantive review. Courts have largely treated the EDPB as a neutral public-interest body. That characterisation is, at minimum, contestable.

4. What the Joint Opinion does not say

The EDPB/EDPS Joint Opinion 2/2026 is the enforcement authorities’ most comprehensive response to the Digital Omnibus. At 47 pages, it says nothing about whether the present enforcement architecture is fit for purpose.[153]

The Joint Opinion mentions DPA resource constraints only to request more resources.[154] It does not acknowledge the structural causes of inconsistent enforcement. It does not discuss the EDPB’s own accountability, the quasi-legislative function of guidelines and opinions, or the possibility that separating investigation from adjudication could improve the quality and legitimacy of enforcement outcomes.

That silence is revealing. When a regulatory body invited to comment on a major reform of its legal framework devotes no attention to whether its own institutional design contributes to the problem, the more plausible explanation is institutional incentive, not bad faith.

C. Existing Counterexamples Show a Different Model Is Possible

The French data protection authority, the CNIL, has shown that proportionate and pragmatic enforcement is possible within the current legal framework. Its AI guidance recognises that GDPR compliance for AI training is achievable and sets out workable compliance pathways. That approach contrasts sharply with the EDPB’s strategically ambiguous Opinion 28/2024.[155]

The CNIL’s example matters because it shows that a national authority willing to balance data protection against other public interests can produce guidance that is both protective and practical.

One national authority, however, cannot reshape EU-wide practice. The CNIL’s approach faces opposition from more absolutist privacy officials and activists, and there is no realistic prospect that EU privacy enforcers will converge voluntarily around its model. The institutional incentives point the other way. DPAs that interpret the law broadly expand their regulatory reach and receive reinforcement through the EDPB’s consistency mechanism. A DPA that takes a more proportionate view risks being overridden, as the Irish DPC’s experience illustrates.[156]

The UK Information Commissioner’s Office provides a complementary example. Its July 2025 call for views on a risk-based enforcement approach to online advertising identified six categories of advertising capabilities for which low-risk activities might proceed without consent. That approach reflects a markedly different regulatory philosophy.[157] The ICO distinguishes between extensive behavioural profiling, which may require consent, and lower-risk activities such as frequency capping and ad delivery, which may not.

The UK example is stronger still because it is not limited to one enforcement initiative. Section 91 of the Data (Use and Access) Act 2025 rewrites the Information Commissioner’s statutory duties. It introduces a principal objective requiring the Commissioner to secure an appropriate level of protection for personal data ‘having regard to the interests of data subjects, controllers and others and matters of general public interest’, while also promoting public trust and confidence in data processing.

The accompanying duties require the Commissioner, where relevant, to consider innovation and competition, crime prevention and detection, public security and national security, and child protection.[158] Section 120C then requires a strategy consistent with those duties and with the earlier economic-growth duty in section 108 of the Deregulation Act 2015. Section 120D adds consultation obligations with other regulators on effects relating to economic growth, innovation, and competition, backed by annual reporting to Parliament.[159]

This matters because it shows that data-protection enforcement need not be organised around a one-dimensional privacy mandate. A legislature can preserve regulatory independence while imposing express duties of balance, consultation, strategy, and public accountability.

At the same time, the UK example also supports an important limit. A bare duty to consider innovation or growth is not enough on its own. The earlier section 108 duty was plainly insufficient. The lesson is therefore twofold: broader statutory duties are both feasible and valuable, but deeper structural reform remains necessary. The EU should go further by changing who makes consequential cross-border decisions and by subjecting EDPB quasi-legislation to meaningful review.

D. A Structural Solution

The solution should address the problem at its source.[160] It should preserve the importance of data protection while reforming the institutional design that turns competent professionals into single-issue enforcers.

First, investigation should be separated from adjudication. DPAs should retain their investigative powers, technical expertise, and local knowledge. But in consequential cross-border cases, they should present their findings and recommendations to an independent decision-making body, rather than acting as investigator, prosecutor, and judge.[161]

Second, the EU should establish an independent multidisciplinary tribunal. This body should issue binding decisions, including fines, in consequential cross-border cases. Its membership should not be limited to data-protection specialists. It should include economists, generalist judges, and experts from relevant regulated sectors so that decisions reflect the wider public interest, rather than a single regulatory perspective.[162]

Third, the governing legal framework should require explicit balancing. In every decision, the tribunal should explain how it has weighed data protection against other fundamental rights and against the economic realities of the activity at issue. The GDPR already requires such balancing in provisions such as Article 6(1)(f) and Recital 4. The current enforcement architecture provides no institutional guarantee that it will actually occur.[163]

Fourth, the tribunal should include advocates general or an equivalent function for non-data-protection interests. Drawing on the Court of Justice model, those officers would be tasked with articulating the interests that lack any institutional champion under the current system, including innovation, freedom of expression, economic security, and public health.[164]

Fifth, EDPB quasi-legislation should be reviewed before taking effect. The tribunal should review EDPB guidelines, opinions, and recommendations before they become final. If the EDPB adopts guidance that fails a proportionality standard—as with its Article 5(3) ePrivacy guidance, which would require website operators to obtain consent from would-be fraudsters and attackers before deploying anti-fraud tools[165]—the tribunal should be able to refuse approval.

That reform would convert the EDPB’s quasi-legislative role from an opaque administrative process into one subject to transparent judicial oversight.[166]

This proposal does not require Treaty change. Article 257 TFEU already permits the European Parliament and Council to establish ‘specialised courts attached to the General Court to hear and determine at first instance certain classes of action or proceeding brought in specific areas’. The legal basis already exists. What is missing is political will.

Garicano, Holmström, and Petit’s Constitution of Innovation proposes using that same Treaty basis to create specialised commercial courts for internal-market enforcement, with fast-track procedures, English-language proceedings, and EU-wide injunctive powers, subject to appeal to the General Court on points of law only.[167] Their proposal targets trade and mutual-recognition disputes, but the institutional model is directly transferable.

A specialised EU regulatory tribunal established under Article 257 TFEU could house both the commercial jurisdiction that Garicano, Holmström, and Petit envisage and the data-protection adjudicatory function proposed here. That would be more efficient, and probably more politically feasible, than creating a stand-alone privacy tribunal. It would also embed data-protection enforcement within a broader framework of EU regulatory adjudication, ensuring that privacy is weighed alongside the other interests EU regulation affects.

The Unified Patent Court offers a practical precedent for specialised European judicial bodies dealing with technically and economically complex issues. The real question is not legal feasibility. It is whether the political system is willing to apply the same institutional logic to data protection, where existing arrangements serve the interests of the bodies that would have to yield authority.

E. Other Commentators Have Identified the Same Problem

ICLE is not alone in identifying enforcement design as the missing element.

Bolognini and Capparelli argue that supervisory authorities should be required to conduct a prior analytical assessment of the effects of their decisions on innovation, competitiveness, and other fundamental rights and freedoms. They also propose that this assessment should accompany the provisional decision so that the addressee can respond meaningfully.[168] In addition, they argue that the EDPB should be required to activate participatory prior-consultation procedures for its guidelines, with public access to the consultation results.[169]

Craddock makes a similar institutional point about the definition of personal data. When data cease to be treated as personal data, they fall outside DPA jurisdiction. For that reason, he argues, ‘one must be careful not to see their position as neutral’.[170]

Leiser describes the Joint Opinion as ‘a regulatory counteroffensive’ that ‘deploys the language of rights not primarily to protect individuals, but to reassert institutional centrality, supervisory reach, and interpretive authority’.[171] That is a sharp formulation, but it does not require alleging bad faith. Incentive structures can produce predictable institutional behaviour without any need for conspiracy or improper motive.

F. Recommendations

The Commission has not proposed enforcement reform in the Digital Omnibus. We recognise the political difficulty. Enforcement reform touches supervisory-authority independence, a principle embedded in Article 52 GDPR and Article 8(3) of the Charter. The EDPB and EDPS will predictably resist any reform that narrows their interpretive discretion.

Still, the implications should be stated plainly. If the enforcement architecture remains unchanged, the substantive reforms in the Digital Omnibus will be interpreted by the same authorities, using the same maximalist lens, that created the underlying problems. The entity-relative definition of personal data will be narrowed through EDPB guidance. The legitimate-interest framework for AI training will be hedged with conditions that recreate the uncertainty it was meant to resolve. The ePrivacy exemptions will be read as narrowly as the exemptions they replace.

The Commission appears to understand this problem. Its own Explanatory Memorandum acknowledges the need for more consistent enforcement. It does not act on that diagnosis.

ICLE therefore recommends the following.

1. Include enforcement reform in the legislative process

The Commission should publish a complementary enforcement-reform proposal. Regulation (EU) 2025/2518, the adopted GDPR Procedural Regulation, is not the right vehicle for structural reform. It standardises aspects of cross-border procedure without addressing the underlying problem of single-interest enforcement.[172]

2. Require proportionality assessments for EDPB outputs

At a minimum, Article 70 GDPR should be amended to require the EDPB to conduct and publish a proportionality assessment before adopting guidelines, opinions, or recommendations. That assessment should address effects on innovation, competition, crime prevention, public security, economic growth, and other fundamental rights. The absence of any such requirement is a gap the co-legislators can close.[173] Even so, this measure alone would not be enough. Impact assessments can easily become window dressing.

3. Require formal stakeholder and cross-regulator consultation

The GDPR should require the EDPB to conduct participatory prior-consultation procedures for all guidelines and opinions, publish submissions, and respond to substantive objections. At present, the EDPB may solicit comments and then disregard them without explanation. That falls below the standard expected of any body exercising quasi-legislative power.[174] The co-legislators should also consider a statutory duty to consult other public authorities where data-protection enforcement materially affects innovation, competition, economic growth, or security, as the UK now requires of the Information Commissioner.[175]

4. Establish an independent review mechanism for consequential cross-border decisions

The EU should create an independent tribunal, or a specialised chamber within the General Court, with multidisciplinary composition and a clear mandate to balance all affected interests. This is the structural reform that addresses the problem at its root.

5. Clarify the standard of judicial review for EDPB acts

WhatsApp opened the door to judicial review of binding decisions, but it said nothing about the intensity of review.[176] The co-legislators should specify that courts reviewing EDPB decisions must apply a proportionality standard that accounts for effects on all fundamental rights and legitimate interests, not merely formal competence.

6. Act on the Commission’s own diagnosis

The Commission already recognises that current enforcement mechanisms are inadequate. If enforcement reform is omitted from the Digital Omnibus, the Commission should explain what alternative mechanism will achieve the objectives it has identified, and on what timetable.

7. Learn from the CNIL and the ICO

The CNIL’s AI guidance and the UK ICO’s risk-based approach to advertising show that proportionate enforcement is possible. The real question is whether that approach can be institutionalised rather than left to the preferences of individual authorities. That requires structural reform.

[1] Proposal for a Regulation of the European Parliament and of the Council amending Regulations (EU) 2016/679 and (EU) 2018/1725 and repealing Directive 2002/58/EC (‘Digital Omnibus’) COM(2025) 837 final, art 1(1)(a), amending art 4(1) of Regulation (EU) 2016/679 (General Data Protection Regulation). The proposal states: ‘Information is not personal for a given entity where that entity cannot identify the natural person to whom the information relates, taking into account the means reasonably likely to be used by that entity. Such information does not become personal for that entity merely because a potential subsequent recipient has means reasonably likely to identify the natural person to whom the information relates.’

[2] Proposal for a Regulation of the European Parliament and of the Council amending Regulations (EU) 2016/679 and (EU) 2018/1725 and repealing Directive 2002/58/EC (‘Digital Omnibus’) COM(2025) 837 final, art 1(7), inserting new art 41a into Regulation (EU) 2016/679 (General Data Protection Regulation).

[3] The phrase adapts Nadezhda Purtova, ‘The Law of Everything: Broad Concept of Personal Data and the Future of EU Data Protection Law’ (2018) 10 Law Innov Technol 40.

[4] See, e.g., European Data Protection Board, Guidelines 01/2025 on Pseudonymisation (adopted 16 January 2025); European Data Protection Board and European Data Protection Supervisor, Joint Opinion 2/2026 on the Proposal for a Regulation (‘Digital Omnibus’) (11 February 2026) paras 14–17.

[5] Proposal for a Regulation of the European Parliament and of the Council amending Regulations (EU) 2016/679 and (EU) 2018/1725 and repealing Directive 2002/58/EC (‘Digital Omnibus’) COM(2025) 837 final, Explanatory Memorandum 7 (estimating EUR 5.1 billion in annual savings from the simplification exercise).

[6] Case C-413/23 P European Data Protection Supervisor v Single Resolution Board [2025] ECLI:EU:C:2025:645, para 82.

[7] Ibid para 100.

[8] Ibid para 86. The EDPS argued that pseudonymised data ‘must be regarded as constituting, in all cases and for every person, personal data’. The EDPB intervened in support of that view. The Court rejected the argument.

[9] International Center for Law & Economics (ICLE), Comments on the European Commission Digital Omnibus (13 October 2025) 3 https://laweconcenter.org/resources/icle-comments-on-the-european-commission-digital-omnibus.

[10] Charter of Fundamental Rights of the European Union [2012] OJ C 326/391, art 8.

[11] noyb, Digital Omnibus Report (version 3.0, 2026) 7.

[12] Explanations Relating to the Charter of Fundamental Rights [2007] OJ C 303/17, art 8 commentary (stating that art 8 is ‘based on’ Directive 95/46 and Regulation 45/2001).

[13] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] OJ L 281/31, recital 26.

[14] Case C-582/14 Patrick Breyer v Bundesrepublik Deutschland [2016] ECLI:EU:C:2016:779, paras 45–46.

[15] Opinion of AG Spielmann in Case C-413/23 P European Data Protection Supervisor v Single Resolution Board [2025] ECLI:EU:C:2025:59, para 58.

[16] European Data Protection Board and European Data Protection Supervisor (n 4) para 13.

[17] European Data Protection Board and European Data Protection Supervisor (n 4) para 15.

[18] noyb (n 11) 8.

[19] Breyer (n 14) paras 45–46.

[20] Ibid para 47.

[21] noyb (n 11) 8, citing para 48 for the proposition that ‘it was irrelevant if this is likely to be used, the possibility was sufficient’. This reading omits the qualifications in paras 45–46 that identification must rely on means ‘reasonably likely’ to be used and excludes cases where identification would require ‘disproportionate effort’.

[22] Case C-434/16 Peter Nowak v Data Protection Commissioner [2017] ECLI:EU:C:2017:994, paras 34–39.

[23] Case C-683/21 Nacionalinis visuomen?s sveikatos centras prie Sveikatos apsaugos ministerijos v Valstybin? duomen? apsaugos inspekcija [2023] ECLI:EU:C:2023:949, para 58.

[24] Case C-579/21 Pankki S [2023] ECLI:EU:C:2023:501, para 42.

[25] Ibid para 44.

[26] Case C-604/22 IAB Europe v Gegevensbeschermingsautoriteit [2024] ECLI:EU:C:2024:214, paras 40–46.

[27] Case C-479/22 P OC v European Commission [2024] ECLI:EU:C:2024:215, paras 51, 57–58.

[28] European Data Protection Supervisor v Single Resolution Board (n 6) para 81.

[29] Proposal (n 1) proposed art 4(1) GDPR, third sentence.

[30] European Data Protection Board and European Data Protection Supervisor (n 4) para 16, citing European Data Protection Supervisor v Single Resolution Board (n 6) paras 84–85.

[31] See, e.g., Case C-319/22 Gesamtverband Autoteile-Handel eV v Scania CV AB [2023] ECLI:EU:C:2023:837, para 49 (holding that data become personal for the manufacturer ‘indirectly’ when made available to independent operators with the means to identify the data subject).

[32] noyb (n 11) 9.

[33] Opinion of AG Spielmann (n 15) paras 94–96.

[34] Ibid.

[35] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) [2016] OJ L 119/1, recital 26 (distinguishing ‘identified’ and ‘identifiable’ natural persons and listing ‘singling out’ among several possible means of identification, alongside name, identification number, location data, and factors specific to identity).

[36] noyb (n 11) 6.

[37] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) [2016] OJ L 119/1, art 11(1): ‘If the purposes for which a controller processes personal data do not or no longer require the identification of a data subject, the controller shall not be obliged to maintain, acquire or process additional information in order to identify the data subject for the sole purpose of complying with this Regulation.’

[38] Sophie Stalla-Bourdillon, ‘Déjà Vu in Data Protection: The Risks of Rewriting What Counts as Personal Data’ (2026) 26 Priv Data Prot 2.

[39] noyb (n 11) 12.

[40] European Data Protection Board and European Data Protection Supervisor (n 4) para 6.

[41] Ibid paras 21, 25.

[42] Ibid para 19.

[43] See ICLE (n 9) 3–4.

[44] Case C-97/23 P WhatsApp Ireland Ltd v European Data Protection Board [2026] ECLI:EU:C:2026:81 (admissibility ruling holding that binding decisions of the EDPB under art 65 GDPR are challengeable under art 263 TFEU; the merits remain pending on remand).

[45] European Data Protection Board and European Data Protection Supervisor (n 4) para 24.

[46] Proposal for a Regulation of the European Parliament and of the Council amending Regulations (EU) 2016/679 and (EU) 2018/1725 and repealing Directive 2002/58/EC (‘Digital Omnibus’) COM(2025) 837 final (‘the Proposal’), art 1(12), inserting new art 88c into Regulation (EU) 2016/679 (General Data Protection Regulation).

[47] Ibid.

[48] Proposal (n 1) art 1(3)(a), inserting new art 9(2)(k) into Regulation (EU) 2016/679 (General Data Protection Regulation).

[49] Proposal (n 1) art 1(3)(b), inserting new art 9(5) into Regulation (EU) 2016/679 (General Data Protection Regulation).

[50] European Data Protection Board, Opinion 28/2024 on Certain Data Protection Aspects Related to the Processing of Personal Data in the Context of AI Models (adopted 17 December 2024) para 69.

[51] ICLE (n 9) 3–4.

[52] Commission nationale de l’informatique et des libertés (CNIL), ‘Base légale : l’intérêt légitime pour le développement des systèmes d’IA’ (19 June 2025) https://www.cnil.fr/fr/base-legale-interet-legitime-developpement-systeme. See also CNIL, ‘IA et RGPD : la CNIL publie ses nouvelles recommandations pour accompagner une innovation responsable’ (7 February 2025) https://www.cnil.fr/fr/ia-et-rgpd-la-cnil-publie-ses-nouvelles-recommandations-pour-accompagner-une-innovation-responsable.

[53] ICLE (n 9) 4.

[54] European Data Protection Board and European Data Protection Supervisor (n 4) para 39.

[55] See ICLE (n 9) 3 (arguing that the EDPB’s approach illustrates ‘the fox-guarding-henhouse problem’ in EU data protection governance).

[56] European Data Protection Board and European Data Protection Supervisor (n 4) para 19.

[57] Ibid para 90.

[58] Ibid para 82.

[59] European Data Protection Board, Guidelines 1/2024 on the Processing of Personal Data Based on Article 6(1)(f) GDPR (adopted February 2025) 4: ‘it should be recalled that the GDPR does not establish any hierarchy between the different legal bases laid down in Article 6(1)’.

[60] noyb (n 11) 77 (framing the debate as one where ‘the Commission proposal goes towards shifting the burden … to 450 million Europeans — instead of a handful of AI training companies’). This framing implicitly treats consent as the preferred legal basis. The GDPR contains no such preference.

[61] noyb (n 11) 77.

[62] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) [2016] OJ L 119/1, art 21(1) (requiring the data subject to demonstrate ‘grounds relating to his or her particular situation’). The proposed art 88c right to object is unconditional; no grounds must be shown.

[63] Case C-131/12 Google Spain SL and Google Inc v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González [2014] ECLI:EU:C:2014:317, paras 73–81.

[64] Case C-136/17 GC and Others v Commission nationale de l’informatique et des libertés (CNIL) [2019] ECLI:EU:C:2019:773, paras 36–39, 66.

[65] Opinion of AG Szpunar in Case C-136/17 GC and Others v Commission nationale de l’informatique et des libertés (CNIL) [2019] ECLI:EU:C:2019:14, paras 42–46.

[66] Peter Craddock, ‘About AI Training & Legitimate Interest as a GDPR Legal Ground’ (LinkedIn, 23 May 2025) https://www.linkedin.com/pulse/ai-training-legitimate-interest-gdpr-legal-ground-peter-craddock-2p5qe: ‘the objective of AI model training is not to provide responses to users that contain personal data but rather to help the AI model predict what a response through the user-facing AI system should look like’.

[67] Higher Regional Court of Cologne (OLG Köln), 23 May 2025, Case 15 UKl 2/25 https://nrwe.justiz.nrw.de/olgs/koeln/j2025/15_UKl_2_25_Urteil_20250523.html.

[68] noyb (n 11) 77, citing Google Spain (n 63) para 81.

[69] Google Spain (n 63) paras 73–74 (recognising the search engine operator’s ‘legitimate interest’ in processing personal data).

[70] Proposal (n 1) art 88c GDPR.

[71] European Data Protection Board and European Data Protection Supervisor (n 4) para 41.

[72] Proposal (n 1) recital 30: ‘This does not affect … its obligation to ensure that all other conditions of art 6(1)(f) of Regulation (EU) 2016/679, as well as all other requirements and principles of that Regulation, are met.’

[73] noyb (n 11) 80.

[74] Proposal (n 1) recitals 30–31.

[75] OLG Köln (n 67).

[76] Ibid.

[77] CNIL (n 52).

[78] noyb (n 11) 78, citing Case C-621/22 Koninklijke Nederlandse Lawn Tennisbond v Autoriteit Persoonsgegevens [2024] ECLI:EU:C:2024:858, para 51.

[79] Koninklijke Nederlandse Lawn Tennisbond v Autoriteit Persoonsgegevens (n 78) para 49.

[80] Proposal (n 1) recital 30.

[81] Proposal (n 1) recital 31 (identifying bias detection, accurate and safe outputs, and improved accessibility as examples of beneficial uses of AI).

[82] Proposal (n 1) Explanatory Memorandum 1 (citing the Draghi and Letta reports and the European Council Conclusions of 20 March 2025).

[83] Proposal (n 1) recitals 30–31.

[84] OLG Köln (n 67).

[85] Proposal (n 1) art 88c GDPR; recital 31.

[86] Proposal (n 1) recital 31.

[87] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) [2016] OJ L 119/1, art 9(1).

[88] See, e.g., Case C-184/20 OT v Vyriausioji tarnybin?s etikos komisija [2022] ECLI:EU:C:2022:601, paras 123–128 (holding that data revealing a spouse’s name in a public declaration of interests may constitute ‘data concerning health’ within art 9(1) where it permits inferences about sexual life or orientation); Case C-667/21 ZQ v Medizinischer Dienst der Krankenversicherung Nordrhein, Körperschaft des öffentlichen Rechts [2023] ECLI:EU:C:2023:1022, paras 75–80.

[89] Proposal (n 1) recital 33.

[90] Proposal (n 1) art 9(5) GDPR, as inserted by art 1(3)(b).

[91] GC and Others (n 64) paras 66–67.

[92] OLG Köln (n 67).

[93] European Data Protection Board and European Data Protection Supervisor (n 4) paras 46–51 (suggesting the three refinements discussed in the text). The Joint Opinion ‘acknowledge[s]’ that ‘it is not always possible for controllers to avoid residual and incidental processing of special categories of data’ (para 46).

[94] Proposal (n 1) art 88c GDPR; Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) [2016] OJ L 119/1, art 21(1) (requiring ‘grounds relating to his or her particular situation’).

[95] European Data Protection Board and European Data Protection Supervisor (n 4) para 42.

[96] Proposal (n 1) recital 31.

[97] noyb (n 11) 80.

[98] Proposal (n 1) art 9(5) GDPR.

[99] Proposal for a Regulation of the European Parliament and of the Council amending Regulations (EU) 2016/679 and (EU) 2018/1725 and repealing Directive 2002/58/EC (‘Digital Omnibus’) COM(2025) 837 final (‘the Proposal’), art 1(12), inserting new art 88a into Regulation (EU) 2016/679 (General Data Protection Regulation).

[100] Proposal (n 1) art 88a(3)(a)–(d).

[101] Proposal (n 1) art 88a(4)(a)–(c).

[102] Proposal (n 1) art 1(12), inserting new art 88b into Regulation (EU) 2016/679 (General Data Protection Regulation).

[103] Proposal (n 1) art 88b(6)–(7).

[104] Proposal (n 1) art 88b(3).

[105] Proposal (n 1) art 2(1), amending art 5(3) of Directive 2002/58/EC.

[106] Proposal (n 1) Explanatory Memorandum 7–8.

[107] Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (ePrivacy Directive) [2002] OJ L 201/37, art 5(3). The provision recognises two exemptions: (i) storage solely for the purpose of transmitting a communication, and (ii) storage strictly necessary to provide a service explicitly requested by the user.

[108] European Data Protection Board, Guidelines 2/2023 on the Technical Scope of Article 5(3) of the ePrivacy Directive (adopted 7 October 2024).

[109] Proposal (n 1) Explanatory Memorandum 7.

[110] European Data Protection Board and European Data Protection Supervisor (n 4) para 97(i).

[111] noyb (n 11) 84–85.

[112] noyb (n 11) 63–68.

[113] Proposal (n 1) art 88a(3)(c).

[114] See, e.g., Hendrik Schöttle and Claudio Calabro, ‘Digital Omnibus Reshapes EU Cookie Rules but Leaves Banner Fatigue Largely Intact’ (Osborne Clarke, 10 December 2025) https://www.osborneclarke.com/insights/digital-omnibus-reshapes-eu-cookie-rules-leaves-banner-fatigue-largely-intact; Taylor Wessing, ‘The Digital Omnibus: Cookies, Consent and Digital Advertising’ (Global Data Hub, 2 February 2026) https://www.taylorwessing.com/en/global-data-hub/2026/the-digital-omnibus-proposal/gdh—the-digital-omnibus—cookies.

[115] Data (Use and Access) Act 2025 (UK), s 112 and sch 12 (inserting a statistical-purposes exception into reg 6 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), covering third-party analytics providers acting as data processors under a data-processing agreement).

[116] European Data Protection Board and European Data Protection Supervisor (n 4) para 102.

[117] Proposal (n 1) art 88a(3). None of the four exemptions covers advertising delivery, measurement, or fraud prevention. The media-service-provider carve-out in art 88b(3) merely exempts media providers from respecting browser consent signals; it does not create a legal basis for consent-free advertising.

[118] European Data Protection Board (n 108) paras 31–33.

[119] European Data Protection Board and European Data Protection Supervisor (n 4) para 104.

[120] See also Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) [2016] OJ L 119/1, art 4(11) (defining consent as ‘any freely given, specific, informed and unambiguous indication of the data subject’s wishes’).

[121] Data (Use and Access) Act 2025 (UK), s 112 and sch 12.

[122] Ibid (statistical-purposes exception). See also Data Protection Network, ‘DUA Act and the 5 Cookie Exceptions’ (2025) https://dpnetwork.org.uk/duaa-cookie-exceptions.

[123] Information Commissioner’s Office (ICO), ‘ICO Opens Door to Privacy-First Advertising Models with Proposed New Enforcement Approach’ (7 July 2025) https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/07/ico-opens-door-to-privacy-first-advertising-models-with-proposed-new-enforcement-approach.

[124] Ibid, quoting Stephen Almond, ICO Executive Director of Regulatory Risk.

[125] Ibid: ‘Where people have a clear understanding that services are funded by advertising, they may accept some storage and access’.

[126] Data (Use and Access) Act 2025 (UK), s 112 (empowering the Secretary of State to add, remove, or vary exceptions to the Privacy and Electronic Communications (EC Directive) Regulations 2003 after consulting the Information Commissioner’s Office).

[127] European Data Protection Board and European Data Protection Supervisor (n 4) paras 96, 104, 108.

[128] Ibid para 97.

[129] Ibid para 106.

[130] Datenschutzkonferenz, Orientierungshilfe der Aufsichtsbehörden für Anbieter:innen von Telemedien ab dem 1. Dezember 2021 (20 December 2021) https://www.datenschutzkonferenz-online.de/media/oh/20211220_oh_telemedien.pdf.

[131] Proposal (n 1) Explanatory Memorandum 7–8.

[132] Proposal (n 1) recital 44.

[133] Proposal for a Regulation of the European Parliament and of the Council amending Regulations (EU) 2016/679 and (EU) 2018/1725 and repealing Directive 2002/58/EC (‘Digital Omnibus’) COM(2025) 837 final (‘the Proposal’), Explanatory Memorandum 3.

[134] Miko?aj Barczentewicz, ‘A Serious Target for Improving EU Regulation: GDPR Enforcement’ (EUTechReg, 27 February 2025) https://eutechreg.com/p/a-serious-target-for-improving-eu.

[135] Ibid. See also Miko?aj Barczentewicz, ‘The EDPB’s AI Opinion Shows the Need for GDPR Enforcement Reform’ (EUTechReg, 17 January 2025) https://eutechreg.com/p/the-edpbs-ai-opinion-shows-the-need.

[136] Barczentewicz, ‘A Serious Target for Improving EU Regulation: GDPR Enforcement’ (n 134).

[137] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) [2016] OJ L 119/1, art 52(1)–(2).

[138] European Data Protection Board, Opinion 28/2024 on Certain Data Protection Aspects Related to the Processing of Personal Data in the Context of AI Models (adopted 17 December 2024).

[139] Barczentewicz, ‘The EDPB’s AI Opinion Shows the Need for GDPR Enforcement Reform’ (n 135).

[140] Ibid.

[141] European Data Protection Board, Guidelines 2/2023 on the Technical Scope of Article 5(3) of the ePrivacy Directive (adopted 7 October 2024). See also Peter Craddock, ‘EDPB Seeks to Redefine ePrivacy — Part II: Overbroad Notions and Regulator Activism?’ (LinkedIn, 20 November 2023) https://www.linkedin.com/pulse/edpb-seeks-redefine-eprivacy-part-ii-overbroad-notions-peter-craddock-ptg0e.

[142] European Data Protection Board and European Data Protection Supervisor (n 4) para 19.

[143] See ibid paras 96–97.

[144] Case C-97/23 P WhatsApp Ireland Ltd v European Data Protection Board [2026] ECLI:EU:C:2026:81.

[145] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) [2016] OJ L 119/1, recital 143.

[146] European Data Protection Board, Binding Decision 1/2021 on the Dispute Arisen on the Draft Decision of the Irish Supervisory Authority Regarding WhatsApp Ireland Ltd (2021) (directing the Irish Data Protection Commission to increase its proposed fine from approximately EUR 30 million to EUR 225 million).

[147] Case T-709/21 WhatsApp Ireland Ltd v European Data Protection Board [2022] ECLI:EU:T:2022:783 (dismissing the action as inadmissible). The Court of Justice set aside that order in WhatsApp Ireland Ltd v European Data Protection Board (n 144) and remitted the case to the General Court. As of March 2026, no judgment on the merits has been delivered.

[148] Case T-319/24 Meta Platforms Ireland Ltd v European Data Protection Board [2025] ECLI:EU:T:2025:435, paras 30, 36.

[149] Ibid para 23.

[150] Case C-454/25 P Meta Platforms Ireland Ltd v European Data Protection Board (appeal brought 10 July 2025, pending).

[151] Joined Cases T-578/21, T-579/21 and T-580/21 Data Protection Commission v European Data Protection Board (General Court, 29 January 2025).

[152] See Miko?aj Barczentewicz, ‘Meta v EDPB and What Really Needs to Change in the GDPR’ (EUTechReg, 6 May 2025) https://eutechreg.com/p/meta-v-edpb-and-what-really-needs.

[153] European Data Protection Board and European Data Protection Supervisor (n 4).

[154] Ibid para 59, fn 65.

[155] Commission nationale de l’informatique et des libertés (CNIL), ‘IA et RGPD : la CNIL publie ses nouvelles recommandations pour accompagner une innovation responsable’ (7 February 2025) https://www.cnil.fr/fr/ia-et-rgpd-la-cnil-publie-ses-nouvelles-recommandations-pour-accompagner-une-innovation-responsable. See also Barczentewicz, ‘A Serious Target for Improving EU Regulation: GDPR Enforcement’ (n 134).

[156] See nn 144–147 and accompanying text.

[157] Information Commissioner’s Office (ICO), ‘ICO Opens Door to Privacy-First Advertising Models with Proposed New Enforcement Approach’ (7 July 2025) https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/07/ico-opens-door-to-privacy-first-advertising-models-with-proposed-new-enforcement-approach. The six categories are ad delivery and billing, ad-fraud prevention and detection, brand safety and compliance, frequency capping, measurement and attribution, and targeting methods.

[158] Data (Use and Access) Act 2025 (UK), s 91 (inserting Data Protection Act 2018, ss 120A–120B).

[159] Ibid s 91 (inserting Data Protection Act 2018, ss 120C–120D); Deregulation Act 2015 (UK), s 108; Legislative and Regulatory Reform Act 2006 (UK), s 21.

[160] Barczentewicz, ‘A Serious Target for Improving EU Regulation: GDPR Enforcement’ (n 134); Miko?aj Barczentewicz, ‘The EU’s GDPR “Fix” Misses the Point Entirely’ (Truth on the Market, 24 June 2025) https://truthonthemarket.com/2025/06/24/the-eus-gdpr-fix-misses-the-point-entirely; ICLE, Comments on the European Commission Digital Omnibus (13 October 2025) 3–4 https://laweconcenter.org/resources/icle-comments-on-the-european-commission-digital-omnibus.

[161] Barczentewicz, ‘The EU’s GDPR “Fix” Misses the Point Entirely’ (n 160).

[162] Ibid.

[163] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) [2016] OJ L 119/1, art 6(1)(f) (legitimate-interest balancing test); recital 4 (‘The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality’).

[164] Barczentewicz, ‘A Serious Target for Improving EU Regulation: GDPR Enforcement’ (n 134); Barczentewicz, ‘The EU’s GDPR “Fix” Misses the Point Entirely’ (n 160).

[165] Miko?aj Barczentewicz, ‘Why Europe Can’t Kill the Cookie Banner’ (Truth on the Market, 26 January 2026) https://truthonthemarket.com/2026/01/26/why-europe-cant-kill-the-cookie-banner.

[166] Barczentewicz, ‘A Serious Target for Improving EU Regulation: GDPR Enforcement’ (n 134).

[167] Luis Garicano, Bengt Holmström and Nicolas Petit, ‘The Constitution of Innovation’ (10 November 2025) https://constitutionofinnovation.eu (proposing specialised commercial courts established under art 257 TFEU, attached to the General Court, with fast-track procedures including decisions within 180 days, English-language proceedings, and EU-wide injunctive powers). See also Barczentewicz, ‘A Serious Target for Improving EU Regulation: GDPR Enforcement’ (n 134).

[168] Luca Bolognini and Enrico Capparelli, ‘Proposals for Improving the Digital Omnibus’ (February 2026) Section IV: ‘The supervisory authority should be required to carry out a prior analytical assessment of the impact that such decisions would have on innovation and competitiveness, including knowledge enhancement and technology transfer, as well as on other public interests or fundamental rights and freedoms’.

[169] Ibid (proposing either prescriptive regulation of consultation procedures or ‘greater functional autonomy’ for the EDPB, with a requirement to ‘activate prior consultation of the stakeholders’).

[170] Peter Craddock, ‘Making the GDPR Realistic? Authorities Only Want That in Part’ (LinkedIn, 20 February 2026) https://www.linkedin.com/pulse/making-gdpr-realistic-authorities-only-want-part-peter-craddock-pktxe: ‘when information ceases to be perceived as personal data, it falls outside of their remit. One must therefore be careful not to see their position as neutral’.

[171] Mark R Leiser, ‘The Entrenchment Move’ (Dr Mark R Leiser, 3 February 2026) https://digidata.substack.com/p/the-entrenchment-move: ‘The Opinion deploys the language of rights not primarily to protect individuals, but to reassert institutional centrality, supervisory reach, and interpretive authority within the emerging AI governance framework’.

[172] Regulation (EU) 2025/2518 of the European Parliament and of the Council of 26 November 2025 laying down additional procedural rules on the enforcement of Regulation (EU) 2016/679 [2025] OJ L 2025/2518 (enacted version of Proposal COM(2023) 348 final).

[173] Data (Use and Access) Act 2025 (UK), s 91 (inserting Data Protection Act 2018, ss 120A–120B).

[174] See Bolognini and Capparelli (n 168).

[175] Ibid s 91 (inserting Data Protection Act 2018, ss 120C–120D); Deregulation Act 2015 (UK), s 108; Legislative and Regulatory Reform Act 2006 (UK), s 21.

[176] WhatsApp Ireland Ltd v European Data Protection Board (n 144) (remanding the case for examination on the merits without specifying the intensity of judicial review).

I. Introduction

We appreciate the opportunity to contribute to the European Commission’s Digital Fitness Check.[1] The International Center for Law & Economics (ICLE) is a nonprofit, nonpartisan global research and policy centre dedicated to building the intellectual foundations for sensible, economically grounded policy. ICLE applies law & economics methodologies to inform public-policy debates on technology governance, competition, and consumer-protection policy. Our interest is to ensure that the EU’s digital rulebook promotes consumer welfare, innovation, and competitiveness through clear, predictable, and proportionate rules grounded in evidence and sound economics.

The Digital Fitness Check is both timely and necessary. The Commission’s recognition that the cumulative effects of EU digital regulation require systematic evaluation reflects concerns raised by ICLE and many other stakeholders. The Draghi Report, the Letta Report, and the Commission’s own Competitiveness Compass all acknowledge that the accumulation of EU digital rules may have unintended consequences for innovation and competitiveness, particularly for small and medium-sized enterprises.[2]

Unlike the Digital Omnibus—which focused on targeted, incremental reforms—the Fitness Check creates an opportunity to examine deeper structural features of the EU digital rulebook. Over time, successive legislative initiatives have produced a dense regulatory framework characterised by three recurring structural problems: weak empirical foundations for regulation, definitional and institutional spillovers across instruments, and cumulative compliance burdens that are rarely evaluated systematically. Evaluating the rulebook as an integrated system is therefore essential to ensuring that EU digital regulation supports, rather than undermines, innovation, competition, and European competitiveness.

These comments are organised as follows. Section II addresses the need for methodological rigour in the Fitness Check, including the assessment of indirect effects, the gap between projected and actual compliance costs, and the problem of last-minute legislative additions that bypass the impact-assessment process. Section III examines definitional spillovers across the EU digital rulebook, focusing in particular on the migration of key concepts—such as the DMA’s ‘gatekeeper’ designation and the DSA’s ‘very large online platform’ category—across instruments in ways that were never properly assessed. Section IV analyses the risk of an anti-commons dynamic created by overlapping data regulations, with particular attention to the interaction between the GDPR and the DMA and its implications for data use and artificial-intelligence development. Section V evaluates the institutional framework for enforcement, including the persistent under-resourcing of national supervisory authorities and the coordination challenges created by the growing number of EU and national regulators overseeing digital markets. Section VI examines the cumulative impact of the digital rulebook on startups, innovation, and European competitiveness, drawing on empirical evidence from the implementation of the GDPR and broader research on regulatory burdens in dynamic markets. Section VII concludes.

II. Evaluating the Costs and Outcomes of EU Digital Regulation

The Digital Fitness Check should be more than a mapping exercise. It should assess whether the EU’s digital rules achieve their stated objectives at the lowest effective cost. This requires more than a narrow inquiry into regulatory efficiency. It calls for a broader evaluation of how these rules affect innovation, competition, and economic growth.

Europe faces what many policymakers have described as an “existential challenge”.[3] That moment demands more than superficial reforms or procedural simplification. President Ursula von der Leyen emphasised this point at the ‘One Year After the Draghi Report’ conference, calling for a renewed “sense of urgency” and “ambition”, alongside “less paperwork, less overlaps, less complex rules”.[4] The Fitness Check should reflect that spirit. It should approach the EU’s digital rulebook with sufficient openness—and regulatory humility—to revise or repeal measures where evidence shows negative effects, or where claimed benefits remain uncertain.

The Commission’s Communication on ‘A Simpler and Faster Europe’ commits to reducing administrative costs by 25 per cent for all firms and 35 per cent for SMEs, from a baseline estimated at roughly €150 billion.[5] These are ambitious targets. The Fitness Check should provide the analytical foundation needed to meet them.

The call for evidence identifies many of the right questions, including definitional coherence, cumulative cost–benefit analysis, governance interplay, and opportunities for streamlining.[6] Experience with earlier impact assessments nonetheless suggests that the Commission’s methodology will require strengthening if the Fitness Check is to produce actionable findings.

A. Impact Assessments Miss Indirect Costs

A recurring weakness in Commission impact assessments is the failure to capture significant indirect effects of regulation. As we observed in our Digital Omnibus submission, current assessments tend to focus on the direct compliance costs borne by regulated firms while overlooking the economic consequences for third parties—e.g., “business users”—that depend on regulated services.[7]

This omission is particularly problematic in digital markets. Platforms typically act as intermediaries connecting multiple groups of users. When regulation degrades a platform’s functionality or service quality, the resulting costs do not remain confined to the platform operator. They spread across the wider ecosystem—to business users, advertisers, content creators, and consumers who rely on those services.

B. Compliance Costs Are Systematically Underestimated

Impact assessments have not only overlooked indirect costs. They have also consistently underestimated the direct compliance costs imposed on regulated firms. The Digital Markets Act (DMA) illustrates the problem.

The Commission’s impact assessment projected total compliance costs for all designated gatekeepers of approximately €21–28 million.^[8] Those figures bear little resemblance to the actual costs reported by firms. As Mikolaj Barczentewicz explains in an analysis of the DMA compliance workshops held in 2025:

During recent DMA workshops, Amazon revealed that its compliance costs have been “multiple orders of magnitude beyond that predicted amount.” This carefully chosen phrase suggests costs potentially reaching hundreds of millions of euros annually for Amazon alone. Meta representatives acknowledged that reality has dwarfed initial third-party estimates of $10-20 million per year. As one Meta representative noted, “we’re a long way north of that.”

The human resource allocation tells an equally striking story.

• Apple’s “engineers have spent hundreds of thousands of hours to bring everything to life, often on incredibly compressed timelines.” There are “thousands of employees at Apple involved in dealing with the impact of the DMA in engineering, design, operations, marketing, and more.”

• Meta has deployed over 11,000 employees working on DMA compliance design, build, and implementation—investing close to 600,000 engineering hours, equivalent to over six decades of engineering work compressed into a two-year period.

• Google assigned approximately 3,000 people, mostly engineers, working full-time for two years just on Article 5(2) compliance alone. [9]

Other estimates suggest even broader economic costs. A 2025 report estimated that EU digital-services regulation imposes up to $97.6 billion annually in total costs once lost revenue is included. Compliance costs alone were estimated at $2.2 billion per year.[10]

These figures still understate the true burden because they omit opportunity costs. Every engineering hour devoted to regulatory compliance is an hour not spent on innovation that could benefit European consumers. As an Amazon representative explained during the DMA workshops:

…any dollar that you spend or euro that you spend on work necessarily takes away that work from other areas that you could be innovating and providing benefits to customers in Europe.[11]

C. The RSB Identified These Problems Early

These shortcomings are not merely external critiques. The Commission’s own Regulatory Scrutiny Board (RSB)—an independent body responsible for evaluating the quality of Commission impact assessments—raised fundamental concerns about the DMA before the regulation was adopted.

The RSB issued an initial negative opinion on the DMA impact assessment, concluding that the analysis:

… does not sufficiently justify the restriction of its scope to digital markets. It does not justify the selection of platform services within the digital sector nor does it clarify the concept of gatekeeper platforms.

… does not provide policymakers with real choices on the different policy options. It does not provide a full range of options and it does not develop these in sufficient detail. It therefore cannot assess their impacts on different stakeholders.^[12]

This negative opinion forced a substantial revision of the proposal before its formal publication in December 2020. Yet even after revisions, the RSB continued to identify what it described as “significant shortcomings”. The Board also found that the report did not fully justify the selection of the core platform services covered by the regulation and failed to define adequately several measures included in the different policy options.[13]

The Board further urged the Commission to clarify the causal link between alleged market failures and the harms identified, and to consider the potential costs of curtailing size advantages arising from network economies and economies of scale.^[14] In essence, the RSB questioned whether the evidence demonstrated that the targeted practices produced the harms the DMA sought to address—and whether the regulation itself might eliminate efficiencies that benefit consumers.

D. DMA Enforcement Reveals Unintended Consequences

These findings matter for the Fitness Check for two reasons.

First, they show that many of the evidentiary weaknesses now visible in DMA enforcement—including unintended consequences for European hotels and the withdrawal of political-advertising services discussed below—were foreseeable. The Commission’s own oversight body raised them at the outset.

Second, they suggest that the impact-assessment process, as currently structured, lacks sufficient authority to prevent inadequately supported proposals from advancing to legislation. The Fitness Check should therefore treat the RSB’s conclusions as a starting point for evaluating whether DMA obligations are appropriately calibrated to the harms they were meant to address and whether the assumptions underpinning those obligations have been borne out in practice.

More broadly, RSB opinions should carry greater weight in the legislative process so that the Board’s quality-control function cannot be routinely overridden by political imperatives.

Recent enforcement experience further illustrates the risks of poorly calibrated regulation. Available evidence suggests that EU hotels experienced a significant decline in direct traffic following DMA enforcement against Google Search, with gains accruing disproportionately to large travel intermediaries, rather than to the smaller European businesses the DMA was intended to support.[15]

Regulatory uncertainty has also delayed access to new products for European consumers. Google’s Gemini AI and Meta’s Threads were available abroad months before their EU launch. Google’s AI Overviews—which provide multi-step reasoning capabilities in search results to more than one billion users worldwide—also reached European users substantially later.[16] These are precisely the kinds of indirect effects that the Fitness Check should identify and help eliminate.

E. SME and Innovation Effects Are Under-Examined

The Draghi Report reached a similar conclusion regarding the Commission’s analytical framework. It found that more than half of Commission impact assessments fail to provide sufficient detail on the needs of SMEs. It also observed that the EU lacks both a commonly agreed definition of ‘small mid-caps’ and readily available statistical data on them.[17]

The Fitness Check should therefore adopt a methodology that goes beyond mapping overlaps. It should measure the cumulative economic impact of EU digital rules across firms of all sizes, including indirect effects on business users of regulated platforms and on incentives to innovate.

F. The Legislative Process Needs Stronger Safeguards

The Fitness Check’s analytical framework will shape not only how existing rules are evaluated, but also how future legislation is designed. One persistent concern is the problem of last-minute legislative additions.

Several instruments in the Digital Package underwent substantial changes during trilogue negotiations that introduced obligations without adequate drafting or analysis. The Artificial Intelligence Act provides a prominent example. Its provisions on general-purpose AI (GPAI) were introduced late in the legislative process in response to ChatGPT’s emergence and were not subject to the impact assessment accompanying the Commission’s original proposal.[18]

The result may be legislation that inadvertently slows the EU’s adoption of critical technologies. The Commission’s current effort to ease compliance burdens through the Digital Omnibus—less than a year after the AI Act’s adoption—illustrates the problem.

The Fitness Check should therefore also address procedural safeguards. Any substantive amendment introduced after the impact-assessment stage should trigger a supplementary assessment proportionate to the amendment’s significance. Such a requirement would strengthen the evidentiary foundation of EU digital legislation and reduce the risk of poorly calibrated rules.

III. Definitional Incoherence Across the EU Digital Rulebook

Beyond methodological weaknesses in impact assessments, a second structural problem concerns definitional spillovers across the EU digital acquis. Legal regimes rarely operate in isolation. Modern economic activity—especially in digital markets—falls simultaneously under multiple regulatory frameworks, including competition law, consumer protection, and data protection. Each regime pursues distinct policy objectives, but they often regulate the same underlying conduct. When key concepts across these frameworks diverge, the result is not only conceptual confusion but regulatory spillovers, where rules designed for one policy domain reshape outcomes in another.

These spillovers create more than compliance challenges. Definitional incoherence can produce overlapping obligations, conflicting compliance requirements, weakened enforcement coordination, and legal uncertainty. As the EU digital rulebook has expanded, it has generated what commentators describe as a ‘complex matrix’ and a ‘layering of governance structures’ assembled over time for markets that were often national in scope but now operate on a supranational basis.[19] These misalignments do more than complicate interpretation. They can affect how authority is allocated among regulators, shape firms’ incentives to choose particular jurisdictions, and undermine consistent enforcement across the Union.[20]

The treatment of data across EU law illustrates the problem. Under the GDPR, personal data is framed through the lens of individual rights and informational autonomy.[21] The DMA, by contrast, treats data primarily as an economic input. It requires designated gatekeepers to enable data portability and third-party interoperability in order to lower barriers to entry in digital markets.[22] The interaction between these instruments creates tangible friction. A gatekeeper obliged, for example, under Article 6(9) of the DMA to facilitate data portability may simultaneously face GDPR constraints that limit the lawful basis or permissible scope of that transfer. In some scenarios, satisfying both regimes simultaneously may prove structurally impossible, forcing firms to prioritise one framework over the other.

The Commission and the European Data Protection Board have acknowledged this tension. Both institutions have issued draft Joint Guidelines on the interplay between the two instruments for public consultation.[23] This initiative is welcome, but further work remains necessary to reconcile the two regimes.[24]

Comparable difficulties arise in the classification of digital intermediaries. The DMA introduced the concept of a ‘gatekeeper’ to designate a small number of large platforms providing core platform services that meet specific quantitative and qualitative thresholds.[25] That concept has since migrated into other legal instruments, most notably the Data Act. Article 5(3) of the Data Act provides that any undertaking designated as a gatekeeper under Article 3 of the DMA cannot qualify as an eligible third party for purposes of receiving data at a user’s request under the Data Act’s data-sharing framework.[26]

This exclusion aims to prevent gatekeepers from leveraging internet-of-things (IoT) data to strengthen their market position. It nevertheless creates tension with the DMA’s own data-portability obligations under Article 6(9), which require gatekeepers to facilitate outbound portability to end users and authorised third parties.[27] The resulting regime is asymmetric: gatekeepers must make data available to others under the DMA but cannot receive data under the Data Act, even when users wish to share their data with a gatekeeper’s service.

This interaction was never properly assessed in the Data Act’s impact assessment, which preceded the DMA’s entry into force and the designation of specific gatekeepers. The episode illustrates a broader structural problem. When concepts designed for one regulatory context migrate into another without careful analysis of how the two instruments interact, the result is legal uncertainty and outcomes that may serve neither instrument’s objectives.

A similar concern arises with the Digital Services Act’s concept of ‘very large online platforms’ (VLOPs). VLOP designation triggers heightened obligations under the DSA, including systemic-risk assessments, independent auditing, and enhanced transparency requirements.[28] The threshold was designed for a specific regulatory purpose. Yet the concept increasingly appears in other regulatory discussions, including proposals such as the Digital Fairness Act and sector-specific legislation. Each extension risks applying obligations calibrated for one policy objective to contexts where they may be disproportionate.

Ensuring definitional coherence across the EU digital acquis therefore requires a more systematic approach.

First, the Fitness Check should conduct a cross-instrument audit of key definitions and regulatory categories across the EU digital rulebook. This exercise should identify not only textual inconsistencies but also situations in which one instrument’s concepts implicitly determine rights or duties under another.

Second, the Commission should adopt a rebuttable presumption against importing regulatory categories from one instrument into another without a dedicated impact assessment of the interaction. Concepts such as ‘gatekeeper’ or ‘VLOP’ should not become default legislative categories.

Third, where full harmonisation is neither possible nor desirable, the Union should develop conflict-management mechanisms for overlapping regimes. These may include structured cooperation clauses, clearer competence rules, express conflict provisions, and safe-harbour mechanisms for firms acting in good faith to reconcile competing obligations.

Fourth, impact assessments should evaluate cumulative effects, rather than individual instruments in isolation. The relevant question is not only whether a proposal is justified on its own terms but also how it interacts with the obligations, thresholds, and governance structures already embedded in the wider digital acquis.

The objective of the Fitness Check should not be uniformity for its own sake. It should be regulatory coherence. The EU’s digital rulebook will inevitably contain multiple regimes pursuing different policy objectives. When the same firms, technologies, and data flows are governed through inconsistent concepts transplanted across instruments without adequate justification, the result is not a coherent framework for digital governance but a layered system of potentially self-defeating obligations.

IV. Data Regulation and the Risk of an Anti-Commons

A significant problem in the EU’s digital rulebook is what could be described as an ‘anti-commons’ dynamic in the regulation of data.[29] In the classic formulation developed by Michael Heller, a tragedy of the anti-commons occurs when resources remain underutilised because too many actors hold rights to exclude others from using them.[30] In regulatory contexts, the anti-commons arises when overlapping legal regimes grant multiple authorities the power to restrict the same activity, making lawful use of a resource—here, data—difficult or impossible in practice.

The concept offers a useful lens for analysing EU data regulation, where multiple legal instruments impose distinct but cumulative restrictions on the processing, combination, and sharing of data. Each instrument is enforced by a different authority, operating under its own institutional mandate and interpretive priorities.

The joint guidelines issued by the Commission and the European Data Protection Board on the interplay between the DMA and the GDPR illustrate these tensions clearly.[31] Under Article 5(2) DMA, gatekeepers may not process, combine, or cross-use personal data across their core platform services and other services unless they obtain valid consent from end users. As the joint guidelines emphasise, this consent must satisfy the GDPR’s requirements—it must be specific, informed, and freely given.[32]

In practice, the availability of consent as a lawful basis is constrained. The Court of Justice’s judgment in Meta Platforms v. Bundeskartellamt held that a dominant market position may create power imbalances that undermine the voluntary nature of consent.[33] This interpretation significantly weakens the consent route under Article 5(2) DMA, as regulators may be inclined to presume that gatekeepers occupy such positions of power. The remaining GDPR legal bases offer little practical relief. The joint guidelines exclude reliance on ‘performance of a contract’ and ‘legitimate interests’, leaving only non-commercial bases such as compliance with a legal obligation or the protection of vital interests—grounds that rarely apply to commercial data processing.

The result is a formal legal pathway for data processing that, in practice, is largely unavailable. The likely consequence is that the use of data—including by the gatekeepers discussed above—will fall below socially optimal levels. This matters not only for gatekeepers but for the broader digital economy. Data that cannot lawfully be processed, combined, or cross-used cannot be deployed to improve services, develop new products, or train artificial-intelligence systems. The anti-commons dynamic thus produces systematic underutilisation of data and complementary assets, with consequences for compliance, consumer welfare, and innovation.[34]

The problem is compounded by the joint guidelines’ approach to consent interfaces. The guidelines require gatekeepers to obtain separate consent for each distinct processing purpose—such as personalised advertising, personalised content, and service development—through individual questions within a consent flow.[35] At the same time, they caution that the process must not create ‘choice fatigue’ for users.[36] Navigating this tension will be difficult in practice. Poorly designed consent flows could undermine the validity of consent while also risking classification as an ‘aggressive’ commercial practice under EU consumer-protection law.[37]

These requirements may therefore generate conflicting outcomes in EU data regulation. The Commission has simultaneously recognised the need to reduce cookie-consent fatigue. Requiring consent interfaces that multiply user prompts under the DMA risks producing the opposite result, creating additional complexity for both users and firms.

Similar anti-commons effects may arise in the context of artificial intelligence. AI development depends on the ability to process, combine, and cross-use large datasets to train models and improve outputs. The DMA’s restrictions on data combination and cross-use could prevent gatekeepers from using data generated across their services to train AI models.[38] The AI Act introduces an additional layer of obligations relating to training data, including requirements on data governance, bias testing, and documentation. These obligations may, at times, prove difficult to reconcile with the DMA’s and GDPR’s overlapping constraints on data use.[39]

Recent case law illustrates the uncertainty surrounding these interactions. A judgment of the Higher Regional Court of Cologne tentatively addressed the issue, concluding that Meta’s use of data from Instagram and Facebook to train generative AI models did not violate the DMA.[40] The broader legal landscape remains uncertain. Other courts or regulators across the Union could reach different conclusions regarding the interaction of these instruments.

This emerging anti-commons dynamic has clear implications for the Fitness Check. The Commission should evaluate whether the EU’s expanding body of data regulation collectively makes it less attractive to conduct data-driven activities within the Union. Such an outcome would lead to inefficient underutilisation of Europe’s data resources, with negative consequences for European consumers and businesses.

The Fitness Check should therefore examine whether the ‘without prejudice’ clauses that accompany many of these instruments operate effectively in practice or merely obscure conflicts that generate anti-commons outcomes.[41] In particular, it should assess the cumulative effects of the GDPR, the DMA, the Data Act, and the ePrivacy framework on the lawful processing and use of data. These constraints also have broader implications for the EU’s competitiveness in artificial intelligence, where access to large and diverse datasets is a key input for innovation. This analysis would help identify areas where overlapping restrictions produce inefficiencies without corresponding gains in data protection.

V. Institutional Capacity and Regulatory Coordination

Effective enforcement of EU digital regulation requires supervisory authorities with strong technical expertise, adequate financial and human resources, and sufficient operational independence to exercise their powers without undue political or market influence. The forthcoming Fitness Check should therefore examine whether the EU’s current institutional framework is equipped to deliver effective enforcement in practice. Two governance challenges deserve particular attention: institutional capacity and coordination across authorities.

The evaluation should consider whether the national authorities designated under the EU digital rulebook—including those responsible for the GDPR, the Digital Services Act, and the Digital Markets Act—possess the staffing levels, technological capabilities, and investigative expertise necessary to fulfil their increasingly complex mandates. Digital markets evolve rapidly. Regulated firms operate at a high level of technical sophistication, and many services function across borders. These realities place significant demands on regulators. Without sustained institutional capacity, enforcement risks falling short of legislative ambition.

Experience with the implementation of the GDPR offers important lessons. Although the regulation assigns central enforcement responsibilities to national data-protection authorities (DPAs), many DPAs remain significantly under-resourced relative to the scale and complexity of their tasks. This structural imbalance has contributed to the widely documented challenges associated with the GDPR’s one-stop-shop mechanism, particularly in cross-border cases involving large digital platforms. Any comprehensive evaluation of the EU digital rulebook should therefore examine not only the design of legal obligations but also whether supervisory authorities have the institutional capacity needed to enforce those obligations consistently across the Union.

A further concern relates to the limited coordination among the multiple regulatory bodies that now share oversight of digital markets. The EU’s digital regulatory framework—including the DMA, GDPR, DSA, AI Act, NIS2 Directive, Data Act, and several sector-specific regimes—allocates supervisory and enforcement responsibilities across numerous authorities. These bodies operate under different legal mandates, institutional structures, and enforcement priorities, often reflecting distinct regulatory traditions and policy objectives.

Institutional diversity may sometimes be justified by the aims of individual instruments. Yet it also creates challenges for the coherence of the overall regulatory system. The risk extends beyond duplicative administrative efforts. Overlapping jurisdictions and fragmented oversight may produce situations in which obligations imposed by one authority are difficult to reconcile with those enforced by another. Firms may then face conflicting requirements, higher compliance costs, and greater legal uncertainty, undermining both the effectiveness and the credibility of the EU’s digital regulatory framework.

Fragmentation may also arise when new regulatory initiatives pursue objectives already addressed under existing EU or national law. The DMA illustrates this risk. The regulation’s justification for EU-level harmonisation rests on the cross-border nature of digital-platform services, which makes it difficult for individual Member States to address the identified competition concerns effectively. In practice, however, the boundaries between the DMA and traditional competition law—both at EU and national levels—remain uncertain.

Since the adoption of the DMA, several Member States have introduced or expanded national initiatives addressing digital markets. These include new competition-law provisions tailored to digital platforms, rules addressing economic dependence, and expanded market-investigation powers for national authorities. The result is a growing landscape of overlapping regulatory initiatives.

The parallel application of the DMA at the EU level alongside the enforcement of both existing and newly adopted national rules creates risks of double jeopardy, inconsistent enforcement outcomes, and conflicting decisions across jurisdictions.[42] These developments threaten the integrity of the internal market and risk undermining the very rationale for adopting a harmonised EU framework for digital markets.[43]

VI. Competitiveness and EU Digital Regulation

The Fitness Check’s stated purpose is to assess how the EU digital rulebook affects—and supports—the Union’s competitiveness.[44] This is ultimately the most important question. The evidence available to date suggests cause for concern.

In a recent white paper, ICLE scholars examined whether the EU’s Digital Package—comprising the DMA, DSA, Data Act, and AI Act—responds to the needs of technology startups and scaleups.[45] The analysis found considerable heterogeneity. Some instruments attempt to address startup-specific concerns, while others scarcely acknowledge them. All the acts provide some exemptions or carveouts for SMEs, but these differ significantly in scope. The DMA focuses almost exclusively on large gatekeepers, while the AI Act contains more extensive provisions intended to support smaller firms. Despite these carveouts, contradictions across the Digital Package complicate efforts to support SMEs and increase compliance burdens for startups and other firms. These frictions risk harming competition, investment, and innovation.

A central difficulty lies in the fragmented origins of the Digital Package. The instruments were not designed as a single integrated framework. Instead, they emerged at different moments to address distinct perceived problems in digital markets. The result is a regulatory environment that startups encounter as complex and fragmented. Each instrument introduces its own definitions, obligations, and compliance mechanisms. From the perspective of a young firm attempting to launch or scale within the EU, the relevant question is therefore not whether any single rule appears reasonable in isolation but whether the cumulative effect of multiple rules creates barriers to entry or expansion. Scholars of regulatory economics have long observed that such cumulative burdens can be particularly harmful in dynamic sectors where experimentation, rapid iteration, and risk-taking drive innovation.[46]

Empirical evidence from the implementation of the GDPR offers a cautionary precedent. A study by Jian Jia, Ginger Zhe Jin, and Liad Wagman found that, within a year of the GDPR’s enforcement, European technology startups experienced an average reduction of 26.1 per cent in monthly venture-funding deals relative to their U.S. counterparts.[47] The decline persisted through at least 2020. The contraction was most pronounced among data-driven startups, firms aged zero to three years, and business-to-consumer ventures.[48] A separate study found that the GDPR prompted websites to reduce their use of third-party technology vendors, leading to a 15 per cent decline in vendors serving EU visitors and a 17 per cent increase in market concentration among service providers.[49] Larger firms—including Google and Facebook—expanded their market shares at the expense of smaller advertising-technology providers. As Michal Gal and Oshrit Aviv conclude, the GDPR’s privacy safeguards have had the unintended effect of limiting competition and increasing concentration in data-related markets.[50]

These findings highlight a broader structural concern about regulatory design in digital markets. Digital innovation often depends on network effects, access to data, and rapid scaling. Even modest regulatory frictions can therefore produce disproportionate effects on entrepreneurial activity.[51] Venture-capital investment is particularly sensitive to these frictions. Investors routinely assess regulatory risk when deciding where to allocate capital. Jurisdictions perceived as imposing unpredictable or costly compliance obligations tend to attract less early-stage investment. Empirical research suggests that regulatory shocks can influence not only the number of startups created but also where those firms choose to locate their operations.[52] Regulatory policy thus shapes not only the performance of existing firms but also the geographic distribution of future innovation.

These dynamics are likely to recur as additional layers of regulation accumulate. Compliance costs tend to fall disproportionately on smaller firms that lack the diversified data assets, legal teams, and compliance departments that allow large incumbents to absorb new requirements more easily. Higher fixed compliance costs raise barriers to entry, weaken incentives for entrepreneurship, and risk consolidating market power in the very firms that regulation seeks to constrain.

This dynamic creates what might be called a ‘compliance paradox’: regulations designed to constrain large platforms may inadvertently strengthen their competitive position by raising the fixed costs that potential challengers must bear. A two-person startup cannot maintain a compliance department. The fixed costs of understanding and complying with overlapping requirements under the GDPR, AI Act, DSA, and Data Act are substantial, regardless of firm size. These costs divert resources that would otherwise support product development, customer acquisition, and innovation. Surveys of European digital startups confirm that these concerns are widely shared. A recent Stripe survey found that 83 per cent of startups believe EU policymaking is geared toward incumbents and that entrepreneurs want policymakers to prioritise reforms that save them time and money.[53]

Compliance costs also shape firms’ strategic decisions. When regulatory obligations become complex and uncertain, entrepreneurs may avoid entering regulated sectors altogether. Others may redirect their efforts toward jurisdictions with clearer or lighter regulatory frameworks. In digital markets, this dynamic can produce a form of ‘innovation migration’, in which promising firms establish themselves outside the EU to access more favourable investment environments. Multiple factors contribute to this pattern—including capital-market depth and labour mobility—but regulatory complexity frequently appears among the cited drivers.

The Draghi Report reached similar conclusions. It emphasised that scale is crucial for performance, innovation, and competitiveness. The report warned that the EU’s regulatory burden risks preventing European firms from achieving the scale needed to compete globally.[54] Among leading software and internet companies, EU firms account for only 7 per cent of global research-and-development expenditure, compared with 71 per cent for U.S. firms.[55] Between 2008 and 2021, 147 European unicorns were founded, yet 40 later relocated their headquarters abroad—most of them to the United States.[56] These figures point to structural weaknesses in the European innovation ecosystem that regulation may exacerbate, rather than resolve.

The cumulative nature of digital regulation also raises institutional questions about how impact assessments are conducted. EU legislative procedures typically evaluate the expected effects of individual proposals. They rarely examine how multiple regulatory instruments interact once implemented simultaneously. Policymakers may therefore underestimate the real compliance burdens facing firms operating across several regulatory regimes. Each framework introduces its own reporting obligations, governance requirements, and liability risks. The combined effect can exceed the sum of the individual rules.

Impact assessments accompanying key elements of the Digital Package appear not to have fully accounted for these dynamics. ICLE’s analysis suggests that the DMA, Data Act, and AI Act assessments at times overlooked the potential effects of these regulations on startups and on venture-investment incentives.[57] This concern is echoed by France Digitale, the largest startup advocacy organisation in Europe, which has called for regulatory ‘breathing space’ to allow startups to comply with successive regulations. The organisation proposes extended moratorium periods beyond the 12 months currently provided under the DSA and Data Act.[58]

The Fitness Check should therefore evaluate the cumulative compliance burden that the Digital Package imposes on SMEs and startups, rather than examining each instrument in isolation. This evaluation should consider interaction effects across instruments. A startup operating in the health-technology sector, for example, may simultaneously face obligations under the GDPR, the AI Act, the Data Act, the NIS2 Directive, the Medical Devices Regulation, and the forthcoming European Health Data Space Regulation. Each framework introduces its own definitions, reporting requirements, and supervisory authorities. The cumulative burden of this regulatory web may prove qualitatively different—and substantially greater—than the sum of the individual obligations.

The Fitness Check should also examine whether digital regulation creates barriers that prevent firms from scaling, including by constraining exit opportunities. Competitiveness and innovation do not arise solely from startups. Large firms play a central role in modern innovation ecosystems, particularly in research-intensive sectors such as software, artificial intelligence, and digital infrastructure. Empirical research consistently finds that larger firms account for a disproportionate share of global R&D spending and often possess the resources needed to transform early-stage ideas into scalable technologies.[59] Startups frequently depend on these firms as partners, customers, and sources of capital. Acquisition by an established company is a common exit pathway that allows new technologies to be deployed at scale.

Policies that focus exclusively on promoting startups while constraining the firms that provide scale, capital, and commercialisation pathways risk weakening the broader innovation ecosystem. Article 14 of the DMA, which requires gatekeepers to inform the Commission of intended concentrations, has therefore attracted concern among venture investors. Acquisition by large technology companies represents a common and often essential exit strategy for European startups.[60] Empirical research also suggests that acquisitions by large technology firms can stimulate venture-capital activity globally, including in Europe and the United States.[61] If regulatory frameworks make such acquisitions more uncertain or costly, venture investment may shift toward less regulated jurisdictions, with long-term consequences for European innovation.[62]

Given these dynamics, the Fitness Check should also establish a mechanism for continuous evaluation of the cumulative effects of EU digital regulation, rather than treating this exercise as a one-off review. Regulation in fast-moving markets requires continuous learning. If evidence shows that specific rules discourage startup formation, investment, or innovation, policymakers should have the institutional tools needed to adjust thresholds, refine obligations, or introduce targeted exemptions. A standing efficiency-review mechanism—supported by systematic cost-benefit analysis and structured stakeholder consultation—would help ensure that the EU digital rulebook remains fit for purpose as markets and technologies evolve.

VII. Conclusion

The Digital Fitness Check offers the Commission an opportunity to assess the cumulative effects of the EU’s digital rulebook with analytical clarity. Individual instruments within the Digital Package may address legitimate concerns. Taken together, however, they have produced a regulatory architecture characterised by overlapping obligations, inconsistent definitions, fragmented governance, and cumulative compliance costs that risk undermining the objectives these measures were meant to achieve.

Several conclusions follow.

First, the Fitness Check should adopt a methodology capable of capturing indirect effects, interaction effects, and the full economic impact of regulation. Current impact assessments often focus narrowly on direct compliance costs while overlooking ecosystem effects, opportunity costs, and cumulative burdens. The large gap between the Commission’s projected DMA compliance costs and the actual costs reported by designated gatekeepers illustrates this problem. The Commission’s own Regulatory Scrutiny Board identified serious evidentiary shortcomings in the DMA impact assessment before the regulation was adopted. Those findings should serve as a baseline. Substantive amendments introduced after the impact-assessment stage should also trigger supplementary assessments proportionate to their significance.

Second, the Commission should address definitional spillovers across the digital acquis. Concepts such as ‘gatekeeper’ and ‘very large online platform’ increasingly appear outside the instruments for which they were originally designed. The migration of the gatekeeper concept into the Data Act and the potential extension of the VLOP designation illustrate the risks. The Fitness Check should therefore include a cross-instrument audit of key regulatory definitions, a rebuttable presumption against importing regulatory categories without dedicated interaction assessments, and clearer conflict-management rules for overlapping regimes.

Third, overlapping data regulations risk creating an anti-commons dynamic that suppresses socially valuable data use. The interaction between the GDPR and the DMA is particularly illustrative. Article 5(2) DMA permits cross-service data use with user consent, yet the interpretation of consent following Meta Platforms v. Bundeskartellamt—combined with the exclusion of alternative GDPR legal bases—may render that pathway unavailable in practice. The result may be systematic underutilisation of data without corresponding gains in privacy protection, with implications for service development, AI training, and innovation.

Fourth, the institutional framework for enforcement warrants careful scrutiny. Effective enforcement requires supervisory authorities with sufficient resources, technical expertise, and operational independence. Experience under the GDPR suggests that many national authorities remain under-resourced relative to their responsibilities. At the same time, the growing number of EU and national regulators exercising authority over digital markets creates coordination challenges. The parallel application of the DMA alongside expanding national digital-competition initiatives risks fragmented oversight and inconsistent enforcement.

Fifth, the Fitness Check should examine empirically the cumulative regulatory burden facing startups and SMEs. Evidence from the GDPR experience suggests that regulatory shocks can reduce venture investment and increase market concentration. These findings illustrate a compliance paradox: rules designed to constrain large platforms may entrench their position by raising the fixed compliance costs that smaller firms struggle to absorb. Such dynamics can discourage entrepreneurship, reduce venture-capital investment, and limit scaling opportunities for European startups.

The Fitness Check should therefore evaluate the EU digital rulebook as an integrated system rather than as a collection of isolated instruments. Establishing a mechanism for ongoing assessment—supported by systematic cost-benefit analysis and structured stakeholder input—would help ensure that EU digital regulation remains coherent, proportionate, and supportive of innovation and competitiveness. Ensuring that future legislation is grounded in robust evidence, coherent definitions, coordinated governance, and careful assessment of cumulative economic effects will be essential if the EU’s digital rulebook is to support—rather than constrain—innovation and competitiveness.

[1] Eur. Comm’n, Call for Evidence for an Evaluation/Fitness Check: Digital Fitness Check, Ref. Ares(2025)10018469 (19 Nov. 2025), https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/15554-Digital-fitness-check-testing-the-cumulative-impact-of-the-EUs-digital-rules/public-consultation_en [hereinafter Call for Evidence].

[2] Mario Draghi, The Future of European Competitiveness (Rep. to the Eur. Comm’n, 9 Sept. 2024), https://commission.europa.eu/topics/competitiveness/draghi-report_en [hereinafter Draghi Report]; Enrico Letta, Much More Than a Market: Speed, Security, Solidarity (Rep. to the Eur. Council, Apr. 2024), https://www.consilium.europa.eu/media/ny3j24sm/much-more-than-a-market-report-by-enrico-letta.pdf [hereinafter Letta Report]; Eur. Comm’n, A Competitiveness Compass for the EU, COM(2025) 30 final (29 Jan. 2025) [hereinafter Competitiveness Compass].

[3] Draghi Report, pt. A, at 5.

[4] Ursula von der Leyen, President of the Eur. Comm’n, Opening Keynote Speech at the ‘One Year After the Draghi Report’ Conference, Eur. Comm’n (15 Sept. 2025), https://ec.europa.eu/commission/presscorner/detail/en/speech_25_2102 (‘We can move mountains when we have the ambition, the unity and the urgency. It is our choice. So let us make that choice again. For prosperity.’).

[5] Eur. Comm’n, A Simpler and Faster Europe: Communication on Implementation and Simplification, COM(2025) 47 (11 Feb. 2025), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52025DC0047.

[6] Call for Evidence, supra note 1.

[7] Miko?aj Barczentewicz & Kristian Stout, ICLE Comments on the European Commission Digital Omnibus, Int’l Ctr. for L. & Econ. (13 Oct. 2025), https://laweconcenter.org/resources/icle-comments-on-the-european-commission-digital-omnibus, § IV.

[8] Eur. Comm’n, Impact Assessment Report on the Proposal for a Regulation of the European Parliament and of the Council on Contestable and Fair Markets in the Digital Sector (Digital Markets Act), SWD(2020) 363 final, § 3.2 (15 Dec. 2020), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52020SC0363.

[9] Miko?aj Barczentewicz, The Digital Markets Act as an EU Digital Tax: When Compliance Costs Dwarf Regulatory Estimates, Truth on the Mkt. (8 July 2025), https://truthonthemarket.com/2025/07/08/the-digital-markets-act-as-an-eu-digital-tax-when-compliance-costs-dwarf-regulatory-estimates.

[10] Carl J. Schramm, Costs to U.S. Companies from EU Digital Services Regulation, Comput. & Commc’ns Indus. Ass’n (July 2025), https://ccianet.org/research/reports/costs-to-us-companies-from-eu-digital-services-regulation.

[11] Barczentewicz, supra note 9.

[12] Eur. Comm’n, DMA Impact Assessment, supra note 8, annex 1, § 4 (Consultation of the RSB).

[13] Eur. Comm’n, Regul. Scrutiny Bd., Regulatory Scrutiny Board Opinion on the Proposal for a Regulation of the European Parliament and of the Council on Contestable and Fair Markets in the Digital Sector (Digital Markets Act), SEC(2020) 437 (10 Dec. 2020), at 3.

[14] Id. The RSB also noted that the impact assessment should ‘better distinguish problems relating to size advantages from the monopolisation of data and the imposition of market rules such as exclusive dealing’.

[15] Geoffrey A. Manne, Dirk Auer, Lazar Radi?, Selçukhan Ünekba?, & Mario A. Zúñiga, ICLE Response to First Review of the Digital Markets Act 20–22, Int’l Ctr. for L. & Econ. (24 Sept. 2025), https://laweconcenter.org/resources/icle-response-to-first-review-of-the-digital-markets-act.

[16] Id. at 23.

[17] Draghi Report, pt. B, at 322.

[18] See Barczentewicz & Stout, supra note 7, § II.C.

[19] Peter Alexiadis et al., Coherence versus Fragmentation: Institutional Challenges to EU Digital Markets Regulation, 24 Bus. L. Int’l 233, 235 (2023).

[20] Ireland’s Balance Between Big Tech and Data Privacy, Simmons & Simmons (4 Oct. 2021), https://www.simmons-simmons.com/en/publications/cktn6s3w12h5v0a21q1n0i8l/irelands-balance-between-big-tech-and-data-privacy.

[21] Regulation (EU) 2016/679 of the Eur. Parl. & of the Council of 27 Apr. 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC, 2016 O.J. (L 119) 1 [hereinafter GDPR], arts. 5–6 (establishing principles of lawfulness, purpose limitation, and data minimisation).

[22] Regulation (EU) 2022/1925 of the Eur. Parl. & of the Council of 14 Sept. 2022 on Contestable and Fair Markets in the Digital Sector, 2022 O.J. (L 265) 1 [hereinafter DMA], arts. 2–3.

[23] Eur. Data Prot. Bd. & Eur. Comm’n, Joint Guidelines on the Interplay between the Digital Markets Act and the General Data Protection Regulation (public consultation, 9 Oct.–4 Dec. 2025), https://www.edpb.europa.eu/our-work-tools/documents/public-consultations/2025/joint-guidelines-interplay-between-digital_en.

[24] Miko?aj Barczentewicz, Comments of the International Center for Law & Economics on the Joint EDPB–European Commission Guidelines on the Interplay Between the DMA and GDPR, Int’l Ctr. for L. & Econ. (4 Dec. 2025), https://laweconcenter.org/wp-content/uploads/2025/12/2025.12-GDPR_DMA-consultation.pdf.

[25] DMA, arts. 2–3

[26] Regulation (EU) 2023/2854 of the Eur. Parl. & of the Council of 13 Dec. 2023 on Harmonised Rules on Fair Access to and Use of Data, 2023 O.J. (L 2854) 1 [hereinafter Data Act], art. 5(3).

[27] DMA, art. 6(9).

[28] Regulation (EU) 2022/2065 of the Eur. Parl. & of the Council of 19 Oct. 2022 on a Single Market for Digital Services, 2022 O.J. (L 277) 1 [hereinafter DSA], arts. 33–37.

[29] James M. Buchanan & Yong J. Yoon, Symmetric Tragedies: Commons and Anticommons, 43 J.L. & Econ. 1 (Apr. 2000).

[30] Michael A. Heller, The Tragedy of the Anticommons: Property in the Transition from Marx to Markets, 111 Harv. L. Rev. 621 (1998); see also id. at 1.

[31] Eur. Comm’n & Eur. Data Prot. Bd., Draft Joint Guidelines on the Interplay Between the Digital Markets Act and the General Data Protection Regulation (Oct. 2025) [hereinafter Draft Joint Guidelines].

[32] Id. recitals 6, 10.

[33] Case C-252/21, Meta Platforms Inc. v. Bundeskartellamt, ECLI:EU:C:2023:537 (4 July 2023).

[34] Id.

[35] Draft Joint Guidelines, recitals 41–42.

[36] Id. recital 46.

[37] Id. recital 48.

[38] See, e.g., Data Act, arts. 5–7 (establishing data-portability rules, including specific obligations for gatekeepers).

[39] Regulation (EU) 2024/1689 of the Eur. Parl. & of the Council of 13 June 2024 Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act), 2024 O.J. (L 1689) 1 [hereinafter AI Act], arts. 10, 53, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689.

[40] Oberlandesgericht Köln [Higher Reg’l Ct. of Cologne], Judgment of 27 May 2025, Case No. 6 U 140/24; see also Ma?gorzata Wojtas & Heiner Mecklenburg, Use of Personal Data for AI Training Does Not Violate DMA According to Higher Regional Court of Cologne, PwC Legal (3 June 2025), https://www.pwclegal.de/use-of-personal-data-for-ai-training-does-not-violate-dma-according-to-higher-regional-court-of-cologne.

[41] Konstantina Bania, Fitting the Digital Markets Act in the Existing Legal Framework: The Myth of the ‘Without Prejudice’ Clause, 19 Eur. Competition J. 116 (2023).

[42] See, e.g., Giuseppe Colangelo, Trendy Antitrust for Digital Markets: Are Market Investigations the New Black?, 15 J. Eur. Competition L. & Prac. 289 (2024).

[43] See Giuseppe Colangelo, The European Digital Markets Act and Antitrust Enforcement: A Liaison Dangereuse, 47 Eur. L. Rev. 597 (2022).

[44] Call for Evidence, supra note 1.

[45] Lazar Radic & Dirk Auer, A Europe Fit for the Age of Startups: Rhetoric and Reality in the EU’s Digital Package, Int’l Ctr. for L. & Econ. (1 Aug. 2025), https://laweconcenter.org/resources/a-europe-fit-for-the-age-of-startups-rhetoric-and-reality-in-the-eus-digital-package.

[46] See, e.g., James Broughel, Regulation and Economic Growth: Applying Economic Theory to Public Policy, Mercatus Ctr. (18 May 2017), https://www.mercatus.org/research/books/regulation-and-economic-growth.

[47] Jian Jia, Ginger Zhe Jin & Liad Wagman, The Short-Run Effects of the General Data Protection Regulation on Technology Venture Investment, 40 Mktg. Sci. 661 (2021).

[48] Id. at 670–75; Jian Jia & Liad Wagman, The One-Year Impact of the General Data Protection Regulation (GDPR) on European Ventures, Data Catalyst Inst. (Jan. 2020), https://datacatalyst.org/wp-content/uploads/2020/01/GDPR-report-2020.pdf.

[49] Garrett A. Johnson, Scott K. Shriver & Samuel G. Goldberg, Privacy and Market Concentration: Intended and Unintended Consequences of the GDPR, 69 Mgmt. Sci. 5695 (2023).

[50] Michal S. Gal & Oshrit Aviv, The Competitive Effects of the GDPR, 16 J. Competition L. & Econ. 349, 352 (2020).

[51] Ironically, these same characteristics of digital markets often justify regulation. See, e.g., DMA, recital 2. ICLE scholars have challenged the assumption that digital-platform regulation should mirror telecoms regulation, warning that doing so may foster dependency and dampen innovation. See Eric Fruits, Digital Platforms Aren’t Telecoms and Their Regulations Shouldn’t Rhyme, Truth on the Mkt. (10 Mar. 2025), https://truthonthemarket.com/2025/03/10/digital-platforms-arent-telecoms-and-their-regulations-shouldnt-rhyme (‘regulatory frameworks that force successful companies to subsidise actual and potential competitors rarely generate meaningful innovation. They create dependency, not dynamism.’).

[52] Josh Lerner, Boulevard of Broken Dreams: Why Public Efforts to Boost Entrepreneurship and Venture Capital Have Failed—and What to Do About It (Princeton Univ. Press 2009).

[53] See Radic & Auer, supra note 45 (citing Stripe, The Startup Report: Europe Edition (2024)).

[54] Draghi Report, pt. B, at 12–13.

[55] Draghi Report, pt. B, at 12.

[56] Id. at 36.

[57] Radic & Auer, supra note 45.

[58] France Digitale, EU Startup and Scaleup Strategy: A Roadmap for European Tech Leaders (Mar. 2025), https://media.francedigitale.org/app/uploads/prod/2025/03/14182410/France-Digitale-EU-Startup-and-Scaleup-Strategy-.pdf.

[59] Draghi Report, pt. B, at 30 (‘There is a close link between the size of companies and technology adoption. Evidence from the US shows that adoption rises with firm size for all advanced technologies. Likewise, while in 2023 30 per cent of large businesses in the EU had adopted AI, only 7 per cent of SMEs had done so. Size enables adoption because larger companies can spread the high fixed costs of AI investment over greater revenues, rely on more skilled management to implement organisational changes, and deploy AI more productively using larger data sets.’).

[60] See Radic & Auer, supra note 45 (discussing the impact of DMA art. 14 on acquisition incentives and venture-capital exit strategies); DMA, art. 14.

[61] Tiago S. Prado & Johannes M. Bauer, Big Tech Platform Acquisitions of Start-Ups and Venture Capital Funding for Innovation, 59 Info. Econ. & Pol’y 100973 (2022).

[62] See Draghi Report, pt. B, at 36 (noting that 40 of 147 European unicorns founded between 2008 and 2021 relocated their headquarters abroad, mainly to the United States).

I. Introduction and Summary

Amazon LEO’s extension request raises important questions about how the Federal Communications Commission (FCC) should apply build-out rules in high-capital-expenditure, launch-constrained industries. These comments evaluate the non-geostationary orbit (NGSO) milestone regime from a law & economics perspective, focusing on the real-options structure of spectrum licensing and satellite-deployment investment.

A satellite license functions economically as a real option[1]—the right, but not the obligation, to deploy and bring into service a constellation at a future date. Milestone rules force exercise of that option on a regulatory timeline. In doing so, they reduce the option value that can make speculative license holding attractive.

The option value of a license differs across firms. For a speculator, option value is high because sunk costs are low and flexibility remains high. For a firm that has already made large, irreversible, deployment-specific investments, option value is much lower. As demonstrated sunk investment grows, the firm has already exercised much of the option embedded in the license. The screening rationale for forced exercise correspondingly weakens.

This framework clarifies the economic logic of milestone policy. Milestones can serve as efficient screening tools when they compel exercise of options held by speculative licensees. Rigid forfeiture rules become dynamically inefficient when applied to firms that have already committed substantial irreversible capital, because those investments demonstrate that the option has largely been exercised.

Milestone rules therefore play an important economic role in deterring warehousing. In capital-intensive, launch-constrained low-Earth orbit (LEO) satellite markets, however, rigid interim milestones may not optimally balance anti-warehousing deterrence, dynamic competition, and efficient capital deployment.[2]

II. The Screening Function of Spectrum Milestones

Spectrum milestones aim to separate genuine operators from speculators.[3] The economic logic parallels classic screening and signaling models. Milestones impose costs that fall differently across firms. For firms that intend to deploy, compliance costs are small relative to their planned investment. For speculators, milestone deadlines—combined with ex ante bond requirements—make warehousing costly. The bond, triggered when a licensee misses a milestone, creates the primary financial penalty that deters speculative holding.[4]

This framework draws on foundational insights from information economics. Spectrum licensing creates information asymmetries between regulators and licensees about deployment intentions. Milestones function as a separating mechanism. Like educational credentials or insurance deductibles, they impose costs that induce self-selection between firms that plan to deploy and firms that do not.[5]

The screening rationale assumes that compliance costs remain systematically lower for genuine deployers than for speculators. That assumption holds when milestones require physical deployment or verified capital expenditures.[6] Under some conditions, rigid forfeiture provisions can invert this relationship. External shocks—such as supply-chain disruptions, launch-vehicle shortages, or force majeure events—can raise compliance costs for all licensees regardless of intent. When that occurs, the screening mechanism can lose its separating function.

The Commission designed its milestone framework primarily for terrestrial wireless systems and early geostationary satellite markets. In those contexts, deployment timelines and capital requirements were more predictable. NGSO broadband constellations present different calibration challenges.

Satellite constellation deployment requires massive capital commitments with multi-year lead times and tightly coupled production steps.[7] Unlike terrestrial build-out—where delays in one market do not prevent deployment elsewhere—satellite manufacturing and launch operate as a single integrated production function. A delay in one launch campaign can cascade through the entire deployment schedule in ways that calendar-based milestones cannot easily accommodate.

Economic theory also recognizes that credible commitments can reveal information that reduces the need for regulatory screening.[8] When a licensee makes substantial transaction-specific investments—such as manufacturing satellites, securing launch contracts, and building ground infrastructure—those expenditures function as self-enforcing bonds that align incentives with deployment. Satellite investments are highly asset-specific. Satellites designed for particular orbital configurations have limited alternative uses, face no meaningful secondary market, and degrade on fixed operational timelines. These features make constellation investments strongly sunk in the economic sense, strengthening the self-enforcing commitment to deployment.[9]

This insight draws on Oliver Williamson’s framework of credible commitments and asset specificity.[10] Spectrum-specific sunk costs create path dependence that discourages abandonment.[11] That behavior is precisely what milestone rules aim to prevent. Once a firm commits billions of dollars to satellite manufacturing and launch, the marginal cost of continuing deployment often falls below the sunk cost already incurred. Economic incentives therefore favor completing the system even without regulatory compulsion.

These dynamics create a potential screening paradox. Firms most likely to satisfy milestone requirements are often those whose investment behavior already demonstrates commitment. At the same time, the anti-warehousing rationale weakens precisely where compliance becomes most likely.

Milestones nevertheless serve an additional coordination function. Operators in later processing rounds rely on predictable timelines from earlier-round licensees to design their systems and negotiate interference protections. Milestones calibrated to encourage expeditious deployment can therefore produce ecosystem-wide benefits beyond screening out speculators.

The key policy question is not whether milestones are necessary for committed deployers. The relevant question is whether their timing and enforcement appropriately balance anti-warehousing deterrence against the risk of penalizing firms whose deployment progress is genuine but constrained by factors beyond their control.

III. Real Options and Satellite Deployment Investment

Spectrum licenses embed real-options characteristics for which milestone policy must account.[12] Deploying a satellite constellation requires large-scale, irreversible investment under uncertainty—precisely the conditions in which option value becomes most important.[13]

Milestone rules effectively force licensees to exercise that option on a regulatory timeline.[14] For speculative holders, forced exercise can improve efficiency by preventing strategic delay.[15] For firms already deep into irreversible deployment, rigid milestone timing can force suboptimal capital allocation without providing meaningful screening benefits.

The real-options framework therefore suggests that milestone policy should consider how much option value a licensee has already extinguished through irreversible investment. A firm that has committed billions of dollars to satellite manufacturing, launch contracts, and ground infrastructure has already exercised much of its deployment option. Remaining uncertainty concerns execution timing, rather than deployment intent.

Milestone enforcement also carries broader competitive implications.[16] In nascent NGSO markets, aggressive enforcement that threatens credible deployers with forfeiture can reduce the number of viable competitors.

The emerging LEO broadband market exhibits characteristics of dynamic competition driven by rapid technological innovation. At the same time, it features network effects and substantial barriers to entry.[17] Regulatory policies that inadvertently eliminate credible competitors through rigid milestone enforcement may impose greater consumer harm than the speculative warehousing such rules seek to prevent.

The regulatory-design literature emphasizes the importance of adaptive mechanisms that incorporate new information.[18] Traditional command-and-control milestone regimes assume stable deployment environments. The NGSO sector instead operates in a context of rapid technological change, evolving launch economics, and supply-chain constraints that regulators did not fully anticipate when adopting the current framework.

Progress-contingent approaches can better align with the real-options structure of LEO investment.[19] Rather than focusing solely on point-in-time milestone compliance, regulators can evaluate a licensee’s deployment trajectory. This approach preserves anti-warehousing deterrence while reducing the risk of forfeiting licenses held by firms that demonstrate genuine deployment progress.

IV. Recommendations for NGSO Milestone Policy

The preceding analysis yields four policy recommendations.

1. Preserve milestone screening as an anti-warehousing tool.

The institutional and economic case for deployment obligations remains strong. Without enforceable commitments, applicants may seek authorizations for speculative purposes—such as blocking rivals, increasing bargaining leverage, or warehousing spectrum rights. Those outcomes would leave orbital and spectrum resources idle and delay service to consumers.

2. Reevaluate milestone calibration.

The Commission should assess whether interim milestones remain calibrated to current industry conditions, including satellite-manufacturing cycles, launch-vehicle availability, and upstream capacity constraints. As the economic literature emphasizes, well-designed mechanisms separate high-value from low-value entrants while minimizing wasteful expenditures that do not increase output or innovation.

A progress-contingent bonding regime could better align the screening mechanism with the underlying information problem. Under such a framework, operators would post financial bonds that are released as they achieve verified deployment milestones. The Commission could also consider a graduated milestone structure with more frequent checkpoints and proportional, rather than binary, consequences.

Under this approach, missing a single milestone would not automatically trigger license suspension or revocation. Instead, partial bond forfeiture tied to each checkpoint would maintain continuous incentive pressure while preserving the operator’s ability to demonstrate compliance at later intervals. This structure would address the bluntness of the current two-milestone regime—50% and 90% deployment thresholds—by providing more granular visibility into deployment progress. Any recalibration should also align with the proposed extension of NGSO license terms to 20 years under the Space Modernization for the 21st Century NPRM.

3. Better incorporate evidence of sunk investment.

The Commission’s waiver process allows operators to present sunk-investment evidence when seeking milestone extensions. The absence of clear criteria, however, has produced inconsistent outcomes. In some cases, operators cite aggregate expenditure figures without verifiable benchmarks demonstrating meaningful deployment progress.

The Commission should formalize objective, verifiable metrics—such as completed satellite manufacturing, binding launch contracts, or finished ground infrastructure—as structured criteria for evaluating whether a licensee has effectively exercised its deployment option. These metrics would shift milestones from automatic forfeiture triggers toward rebuttable screening tools.

When operators can credibly demonstrate substantial sunk investment, the marginal benefits of rigid calendar-based deadlines fall, while the marginal costs—including false-positive forfeiture risk and entry barriers—rise. NASA’s commercial-resupply program offers a useful institutional model: staged readiness assessments and technical reviews, rather than binary date-certain forfeiture.

4. Account for dynamic and regulatory competition.

Milestone enforcement sends signals that extend beyond individual licensees. In LEO broadband markets with high fixed costs and strong first-mover dynamics, revoking a near-deployment authorization can reshape market structure. Such actions may weaken potential competition, accelerate market tipping, and redirect investment toward foreign regulatory regimes.[20]

Milestone rules serve an important economic function in allocating scarce orbital and spectrum resources. Their efficiency, however, depends on calibration to industry structure and input constraints. The Commission’s task is not to decide whether milestones should exist. The relevant question is whether enforcement should distinguish between speculative reservation of rights (where option value remains high and screening is most valuable) and demonstrated, irreversible commitment to deployment (where the option has largely been exercised and the screening rationale weakens).

The Commission should evaluate the pending request through a forward-looking, economically informed framework that considers screening accuracy, dynamic investment incentives, global regulatory competition, and the long-run structure of LEO markets. The FCC’s Space Modernization for the 21st Century NPRM recognizes that legacy rules may not reflect contemporary LEO deployment economics.[21] The same recognition should guide the Commission’s approach here.

[1] See Avinash K. Dixit & Robert S. Pindyck, Investment Under Uncertainty (Princeton Univ. Press 1994); Avinash K. Dixit, Entry and Exit Decisions Under Uncertainty, 97 J. Pol. Econ. 620 (1989).

[2] See Peter Cramton, Innovation and Market Design, 9 Innovation Pol’y & Econ. 113 (2009) (analyzing market-design tools that select high-value entrants while minimizing waste).

[3] See George A. Akerlof, The Market for “Lemons”: Quality Uncertainty and the Market Mechanism, 84 Q.J. Econ. 488 (1970); Paul Milgrom & John Roberts, Price and Advertising Signals of Product Quality, 94 J. Pol. Econ. 796 (1986).

[4] See Akerlof, supra note 3; see also Peter Q. Blair & Bobby W. Chung, A Model of Occupational Licensing and Statistical Discrimination, 111 AEA Papers & Proc. 91 (2021).

[5] See Joseph D. Piotroski & Suraj Srinivasan, Regulation and Bonding: The Sarbanes-Oxley Act and the Flow of International Listings, 46 J. Acct. Res. 383 (2008) (finding that high compliance costs screen out smaller firms and drive jurisdictional sorting).

[6] See Blair & Chung, supra note 4; Xing Xia, Barrier to Entry or Signal of Quality? The Effects of Occupational Licensing on Minority Dental Assistants, 71 Labour Econ. (2021).

[7] See Kristian Stout, Satellite-Spectrum Policy Changes Are Needed, Int’l Ctr. for L. & Econ. (2025), https://laweconcenter.org/resources/satellite-spectrum-policy-changes-are-needed; Michael Calabrese, Jessica Dine & Kristian Stout, Ex Parte Letter of ICLE and OTI Re: SB Docket Nos. 25-180, 25-157 & 25-306, Int’l Ctr. for L. & Econ. & New Am. Found. Open Tech. Inst. (2026), https://laweconcenter.org/resources/ex-parte-letter-of-icle-and-oti-re-sb-docket-nos-25-180-25-157-25-306.

[8] See Edward B. Rock, Securities Regulation as Lobster Trap: A Credible Commitment Theory of Mandatory Disclosure, 23 Cardozo L. Rev. 675 (2002).

[9] See Oliver E. Williamson, Credible Commitments: Using Hostages to Support Exchange, 73 Am. Econ. Rev. 519 (1983); Richard Baldwin, Sunk-Cost Hysteresis, Nat’l Bureau of Econ. Rsch., Working Paper No. 2911 (1989).

[10] See Williamson, supra note 9; see also Baldwin, supra note 9.

[11] See Baldwin, supra note 9 (showing that sunk costs create path dependence that discourages exit after deployment).

[12] See Dixit & Pindyck, supra note 1; Lenos Trigeorgis, Real Options and Investment Under Uncertainty: What Do We Know?, Nat’l Bureau of Econ. Rsch., Working Paper No. 22 (2002).

[13] See Dixit, supra note 1; Scott R. Baker, Nicholas Bloom & Steven J. Davis, Measuring Economic Policy Uncertainty, 131 Q.J. Econ. 1593 (2016).

[14] See Nancy L. Stokey, Wait-and-See: Investment Options Under Policy Uncertainty, 21 Rev. Econ. Dynamics 246 (2018).

[15] See Cramton, supra note 2; Stokey, supra note 14.

[16] See Richard J. Gilbert, The Role of Potential Competition in Industrial Organization, 3 J. Econ. Persp. 107 (1989); David S. Evans & Richard Schmalensee, Some Economic Aspects of Antitrust Analysis in Dynamically Competitive Industries (MIT Press 2002).

[17] See Michael Calabrese et al., Low-Earth Orbit Satellites: Policies to Promote Spectrum Sharing, Foster Competition, and Close Digital Divides—A Report of the LEO Policy Working Group, Int’l Ctr. for L. & Econ. & New Am. Found. Open Tech. Inst. (2025), https://laweconcenter.org/resources/low-earth-orbit-satellites-policies-to-promote-spectrum-sharing-foster-competition-and-close-digital-divides-a-report-of-the-leo-policy-working-group.

[18] See Warren E. Walker, Vincent A.W.J. Marchau & Darren Swanson, Addressing Deep Uncertainty Using Adaptive Policies, 77 Tech. Forecasting & Soc. Change 917 (2010).

[19] See generally Ian Ayres & John Braithwaite, Responsive Regulation: Transcending the Deregulation Debate (Oxford Univ. Press 1992); see also Diane S. Koons et al., Risk Mitigation Approach to Commercial Resupply to the International Space Station, Nat’l Aeronautics & Space Admin. (2010), https://ntrs.nasa.gov/api/citations/20100014822/downloads/20100014822.pdf (describing NASA’s staged readiness reviews and milestone-based risk management).

[20] See generally Victor Fleischer, Regulatory Arbitrage, Univ. of Colo. L. Sch. Legal Stud. Res. Paper No. 10-11 (2010), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1567212; Anthony Van Fossen, Globalization, Stateless Capitalism, and the International Political Economy of Tonga’s Satellite Venture, 22 Pac. Stud. 1 (1999); Steven Vogel, International Games With National Rules: How Regulation Shapes Competition in “Global” Markets, 16 J. Pub. Pol’y 167 (1996).

[21] See Space Modernization for the 21st Century, 90 Fed. Reg. 56,338 (2025) (FCC).

Executive Summary

The International Center for Law & Economics (ICLE) appreciates the opportunity to respond to the National Institute of Standards and Technology’s Request for Information on security considerations for AI agent systems. These comments address Questions 4(d)(ii), 5(b), 5(d), and 5(e), drawing on law & economics research on security investment, comparative regulatory analysis, and insights from fields outside artificial intelligence and cybersecurity.

A central barrier to effective AI agent security monitoring is doctrinal ambiguity across overlapping legal regimes. Privacy and communications laws rarely prohibit monitoring outright. Instead, uncertainty about how monitoring practices will be classified raises the expected cost of observability infrastructure. Firms—particularly smaller deployers—therefore underinvest in telemetry, logging, and anomaly detection. The resulting security blind spots reflect avoidable compliance friction rather than intentional privacy protection.

To reduce this monitoring gap, NIST should prioritize four areas of government collaboration. First, define the technical parameters of security-necessary telemetry, including a taxonomy of telemetry types by privacy sensitivity, purpose-separation design patterns, and retention and access matrices. Second, develop sector-specific monitoring profiles for high-friction deployment contexts such as health care, financial services, education, and workplace systems. Third, promote standards convergence by publishing crosswalks aligning NIST frameworks with international standards such as ISO/IEC 42001 and ISO/IEC 27001. Fourth, support a common AI incident-reporting vocabulary and standardized reporting fields to reduce multi-regime reporting costs.

Comparative analysis shows that no jurisdiction has resolved the tension between monitoring obligations and privacy constraints. The European Union establishes the clearest monitoring mandates but generates regulatory complexity across overlapping instruments. The United Kingdom’s principles-based model offers flexibility but weaker enforcement clarity. China’s sovereignty-centered approach enables decisive regulation but is incompatible with cross-border governance frameworks. Singapore’s standards-led model shows that monitoring gaps can persist even when organizations formally adopt security-management standards.

Insights from other fields reinforce these conclusions. Research on investment under uncertainty shows that regulatory ambiguity depresses security investment. Trade secret law demonstrates how “reasonable measures” standards can guide security practices without prescribing rigid technical rules. Stable definitions of security-necessary monitoring—supported by technical standards, rather than prescriptive mandates—can therefore improve both security outcomes and innovation incentives.

 I. Question 4(d)(ii): Are there legal and/or privacy challenges to monitoring deployment environments for security threats, risks, or vulnerabilities?

A. The Telemetry Paradox

Yes—and the challenges are structural, rather than incidental. A major and underappreciated barrier to effective AI-agent security monitoring is doctrinal ambiguity across overlapping legal regimes. This ambiguity raises the expected cost of monitoring to the point where firms rationally underinvest in the observability that agent security requires.

We refer to this dynamic as the “Telemetry Paradox.” The granular monitoring necessary to secure autonomous agents simultaneously expands regulated data processing and surveillance risk. At the same time, the mismatch between agent architectures and legacy legal categories makes it difficult to identify the compliance boundary ex ante.

The consequences are significant. Legal certainty functions as a principle of economic efficiency because it reduces the transaction costs firms face when planning compliance-sensitive investments. When the legality of monitoring is unclear, firms rationally delay or scale back telemetry—even when known threat vectors remain unaddressed.[1] Emerging evidence suggests that EU regulatory frameworks often become the highest common technical baseline for transatlantic deployments. In practice, the most restrictive classification of monitoring practices can therefore shape global system design.[2]

Two concrete scenarios illustrate the Telemetry Paradox.

A hospital deploying an AI agent to assist with claims processing needs tool-call logs and reasoning traces to detect prompt-injection attacks and billing anomalies. Yet that telemetry can capture protected health information subject to Health Insurance Portability and Accountability Act (HIPAA) minimum-necessary requirements and potentially General Data Protection Regulation (GDPR) special-category restrictions if European patients are involved.

A software-as-a-service (SaaS) provider deploying an agent with tool access across multiple customer environments requires cross-session behavioral baselines to detect privilege escalation and lateral movement. Each customer’s data-processing agreement may impose different retention limits, access controls, and deletion timelines on the same log stream.

In both cases, the monitoring necessary for security is precisely the monitoring that overlapping legal regimes make difficult to scope with confidence.

A further complication is that monitoring infrastructure itself can create privacy and security risks. Research on privacy side channels in machine-learning systems shows that system-level monitoring components—such as query filtering, output monitoring, and preprocessing layers—can be exploited to extract private information at rates significantly higher than attacks against the underlying model.[3] Increased telemetry may therefore reduce certain categories of security loss while simultaneously increasing expected privacy loss. Legal regimes thus have independent reasons to scrutinize broad, undifferentiated monitoring.

B. Legal Sources of Monitoring Uncertainty

Several overlapping legal regimes contribute to what we call the “observability gap.”

1. U.S. communications law

U.S. communications law generally reflects two conceptual approaches: restrictions on acquiring or intercepting data, and regulation of how data may be used once collected. In the long run, the latter provides a more productive lens for evaluating security–privacy tradeoffs in agentic AI deployments.

The Electronic Communications Privacy Act (ECPA) illustrates the problem. Its core distinction between interception of communications in transit (Wiretap Act) and access to communications in storage (Stored Communications Act) maps poorly onto AI-agent traffic. These statutes were designed for discrete messages, not for continuous, replicated data flows.[4]

The Stored Communications Act’s categories—content versus non-content, storage duration thresholds, and provider classifications—fit poorly with agent telemetry. An agent’s tool-call arguments may qualify as “content” under one statutory provision while functioning as system telemetry under another. The individual whose privacy interests are implicated may be a third-party human whose message the agent processes, rather than the deployer operating the system.

Recent class-action litigation alleging that AI-powered transcription and monitoring constitute unlawful interception illustrates the strain these statutes face when applied to agentic systems.[5]

These difficulties suggest that the most productive governance lens is not ECPA’s transit-versus-storage taxonomy, but a purpose-limitation framework grounded in contextual privacy expectations. The central challenge in personalized AI governance is the information asymmetry between developers and users regarding data collection, retention, and repurposing. These conditions produce adverse-selection dynamics analogous to George Akerlof’s “market for lemons.”[6]

Under a purpose-limitation approach, user data should be used only for the purposes for which it was shared. Governance would focus on evaluating system outputs and observable harms rather than prescribing technical architectures or attempting to classify data flows under statutory categories designed for a different technological environment.[7]

Applied to agent-security telemetry, this framework offers several advantages.

First, it accommodates the mixed-purpose nature of monitoring data. Agent telemetry frequently serves security, compliance, and product-improvement functions simultaneously. A purpose-limitation framework can evaluate these uses without forcing artificial classification into “content” and “non-content” categories.

Second, it scales across contexts by calibrating obligations to data sensitivity. Existing sectoral regimes illustrate this approach. The Gramm–Leach–Bliley Act establishes disclosure and opt-out requirements for nonpublic personal information in financial services, while HIPAA imposes strict purpose limitations on protected health information. Both operationalize purpose limitation without imposing a uniform technical classification scheme.[8]

Third, it addresses third-party privacy concerns directly. When an agent processes a third party’s message, the relevant question is whether the processing falls within the purpose for which the data was shared—not whether the data was “in transit” or “in storage” at the moment of access.

The Wiretap Act and Stored Communications Act remain relevant, but primarily as litigation risk rather than as governance frameworks. If courts begin treating agent tool calls as “interceptions,” the resulting precedent could chill legitimate security monitoring while failing to address the underlying privacy harms. Policymakers should therefore consider whether a voluntary certification regime—supported by standardized disclosures and minimal legal backstops under existing consumer-protection authority—could provide a credible alternative governance path.[9]

The Cybersecurity Information Sharing Act of 2015 illustrates the fragility of narrow purpose-specific carve-outs. Its protections for monitoring “for cybersecurity purposes” depend on purpose segmentation that current regulatory guidance does not clearly define. The statute’s repeated short-term renewals further underscore the instability of this approach.[10]

2. EU data protection

The GDPR simultaneously requires security and constrains data collection. Article 32 mandates “appropriate technical and organisational measures,” while Article 5’s minimization and storage-limitation principles restrict the scope and duration of monitoring.[11]

For security telemetry, the most relevant lawful basis is legitimate interest under Article 6(1)(f). The European Data Protection Board’s 2024 guidelines recognize network and information security as a paradigmatic legitimate interest, reflecting Recitals 47 and 49. They also require a documented three-step balancing test and prior assessment.[12]

This framework acknowledges that security monitoring may be lawful but does not provide clear ex ante certainty about which monitoring designs will survive enforcement scrutiny. The resulting uncertainty becomes a central compliance risk.[13]

The economic implications are substantial. James Langenfeld, Frank Fagan, and Samuel Clark show that legal restrictions that create information gaps distort security investment and increase expected harm.[14] Building a security-logging system requires a large upfront investment, while the privacy risk associated with operating it accrues continuously.

When firms cannot predict whether regulators will classify logging as excessive processing, they face an asymmetric payoff structure. Under-monitoring generates diffuse and difficult-to-attribute security losses. Over-monitoring can produce discrete, litigable privacy violations.

The European Data Protection Board’s breach-notification guidance documents incidents in which “data was exfiltrated without leaving a trace in the logs.”[15] These examples illustrate the operational costs of insufficient monitoring that regulators later criticize in post-incident investigations.

3. ePrivacy overlay

Even when GDPR compliance is addressed, the ePrivacy Directive adds another layer of uncertainty. Article 5(3) restricts storing information or gaining access to information on terminal equipment.

The European Data Protection Board’s guidance in internet-of-things (IoT) contexts suggests a broad interpretation that could encompass agent-side instrumentation.[16] Runtime inspection tools—such as SDK instrumentation, endpoint telemetry, and local sandboxes recording tool invocations—may therefore require consent unless they fall within a narrow exemption.

Whether these monitoring tools qualify as “strictly necessary” for security remains unresolved.

C. Security Investment Effects of Legal Uncertainty

The core economic mechanism is straightforward. When firms cannot predict whether a monitoring practice will be considered lawful, they treat legal risk as an additional cost of security investment—and invest less.

The Gordon–Loeb model, developed by Lawrence Gordon and Martin Loeb, formalizes this dynamic. Firms invest in security only up to a bounded fraction of expected loss, with investment most attractive for midrange vulnerabilities.[17] Legal uncertainty alters this calculation by increasing the effective marginal cost of monitoring—through legal review, retention tooling, and litigation reserves—while reducing its perceived effectiveness because firms may hesitate to rely on telemetry during incident response.

Both effects reduce optimal monitoring.

Extensions of the Gordon–Loeb framework further show that, even when accounting for security externalities, socially optimal cybersecurity investment rarely exceeds 37% of expected externality losses.[18] Modest regulatory ambiguity can therefore eliminate a substantial share of socially beneficial monitoring.

The distributional effects resemble patterns observed in other compliance-intensive regulatory settings. Large platform providers can absorb compliance costs and convert monitoring capabilities into competitive advantages. Smaller deployers face the option-value logic of uncertainty and delay or limit monitoring investments.

Empirical research on GDPR compliance costs suggests similar outcomes. One NBER study finds that the GDPR induced the exit of roughly one-third of Google Play apps,[19] while other work finds increased concentration in web-technology markets.[20] Analogous pressures likely affect AI deployments facing uncertain monitoring obligations.

The likely result is a security architecture in which AI-agent risk concentrates among smaller deployers with the least monitoring capacity.

D. FTC Enforcement and Monitoring Obligations

U.S. enforcement practice creates a distinct form of bidirectional uncertainty.

The Federal Trade Commission’s (FTC) action against Rite Aid established that deploying AI-based surveillance technology without “reasonable safeguards” can violate Section 5 of the FTC Act.[21] This sets a floor for monitoring obligations.

At the same time, the FTC’s order in the Drizly matter imposed company-wide data-minimization requirements and mandated deletion of data that no longer served legitimate business purposes.[22] This order signals that retaining large volumes of security-relevant data may itself trigger enforcement risk.

Firms therefore face liability both for insufficient monitoring and for excessive retention. The boundary between the two remains defined largely through case-by-case adjudication.

E. Compound Compliance Frictions in Complex Deployments

These challenges compound in complex regulatory environments.

Consider an AI agent deployed by a financial institution to assist employees in processing customer health-insurance claims. Workplace-surveillance law may constrain the granularity of employee telemetry. The CNIL’s €32 million sanction against Amazon France Logistique—later partially reduced by the Conseil d’État—demonstrates that even operational or security rationales may fail proportionality review.[23]

HIPAA and the Gramm–Leach–Bliley Act simultaneously require logging while imposing distinct retention, access, and disclosure obligations on the same data.

Third-party interactions may incidentally expose trade secrets. The Defend Trade Secrets Act conditions protection on maintaining “reasonable measures” to preserve secrecy—measures that often require monitoring.[24] Yet monitoring itself may constitute unauthorized acquisition of confidential information belonging to third parties.

Each additional legal constraint increases the option value of delaying monitoring investment. The joint probability of compliance failure across multiple regimes rises faster than the sum of individual risks.

In practice, monitoring investments may therefore concentrate on legally mandated requirements—such as HIPAA audit logs or GLBA security-event records—rather than on the most security-relevant observability signals. Agent reasoning traces, anomalous tool-use patterns, and cross-session behavioral baselines may remain unrecorded because no specific mandate requires them and multiple legal regimes create risk from collecting them.

F. Separating Privacy Protection from Compliance Costs

Not all monitoring constraints reduce welfare. Privacy and security address distinct policy objectives. Treating both as access-control problems can produce policy errors in both directions.[25]

The relevant question is not whether legal constraints impose costs—they do—but whether those costs correspond to meaningful privacy protections.

A security-focused telemetry constraint generates avoidable compliance friction when:

1. the restricted telemetry is primarily used for breach detection or forensic attribution, rather than behavioral profiling;
2. the telemetry is less intrusive than content capture, access-controlled, retention-bounded, and insulated from secondary uses; and
3. the privacy risk from retention is low because the recorded events are low-specificity security signals, such as tool-call metadata, authentication tokens, or error codes.

Conversely, a constraint may represent a genuine privacy protection when it restricts telemetry that is substantially more revealing than necessary for security or prevents the repurposing of security data for unrelated functions such as employee performance monitoring.

Several categories of legal constraint clearly provide meaningful protection and should be preserved. Restrictions on generalized interception help prevent mass surveillance of communications content. Authentication requirements for subject-access requests protect individuals from unauthorized disclosure.

Other rules appear to impose compliance costs without comparable privacy benefits. These include the Stored Communications Act’s storage-duration thresholds, the lack of clear standards for “strictly necessary” security logging under the GDPR legitimate-interest framework, and conflicting retention or erasure requirements across sectoral mandates.

The NIST Privacy Framework provides a useful analytical basis for evaluating these tradeoffs. Under this approach, privacy risk arises when data processing creates “problems for individuals,” not merely when it triggers a statutory category.[26]

II. Question 5(b): In which policy or practice areas is government collaboration with the AI ecosystem most urgent?

The Telemetry Paradox described above reflects a coordination problem, rather than a purely technical limitation. AI agent security depends on monitoring architectures that cut across multiple regulatory regimes, standards frameworks, and sectoral obligations. When these regimes use inconsistent terminology or impose conflicting requirements on telemetry collection and retention, the result is underinvestment in the observability necessary for secure deployment. Targeted government coordination—particularly through standards development and shared technical definitions—can reduce this friction without weakening privacy protections. Four areas of collaboration would most directly improve AI agent security.

A. Defining Security-Necessary Telemetry

NIST is well positioned to define the technical parameters of security-necessary telemetry. Establishing a shared technical vocabulary and clear design patterns would make regulatory safe harbors more administrable.

NIST should publish a taxonomy of telemetry types organized by privacy sensitivity. Such a taxonomy could distinguish, for example, tool-call metadata, authentication events, error signals, and anomaly indicators from behavioral-profiling data. It should also include purpose-separation design patterns and sample retention and access matrices.

These definitions could inform regulatory safe harbors used by other agencies—including the FTC, HHS, and even the European Data Protection Board—by establishing a common technical baseline for distinguishing “security-necessary” telemetry from surveillance-oriented monitoring. The evaluative criterion described in Section I.F provides a principled starting point for scoping these definitions.

B. Sector-Specific Monitoring Profiles

Certain deployment contexts create particularly complex monitoring obligations. Health care, financial services, education, and workplace deployments each involve multiple legal regimes that impose overlapping—and sometimes conflicting—requirements on the same telemetry.

NIST should develop sector-specific monitoring profiles for these high-friction environments. This approach would extend the model used in NIST IR 8596 (Cybersecurity Framework Profile for AI) and the HIPAA Security Rule implementation guidance (SP 800-66r2).[27] Sector-specific profiles could specify which monitoring practices are expected, which retention periods are justified, and how conflicts among sectoral mandates should be resolved.

Providing such profiles would help deployers translate high-level regulatory obligations into concrete monitoring architectures.

C. Standards Convergence for Agent Security

AI agent security currently spans multiple overlapping standards frameworks. NIST’s AI Risk Management Framework,[28] the Cybersecurity Framework, the Generative AI Profile,[29] and the emerging agent identity and authorization concept paper[30] should therefore be explicitly bridged to ISO/IEC 42001 (AI management systems) and ISO/IEC 27001 (information security management).

NIST can accomplish this through published crosswalk documents and gap analyses. Existing research mapping ISO 27001 controls against data-protection requirements shows that security compliance and privacy compliance only partially overlap—particularly in areas such as security log retention and access.[31]

NIST-led crosswalks among the AI RMF, the Cybersecurity Framework, the Privacy Framework, and international standards would provide firms with a unified compliance architecture. Without such coordination, organizations must conduct bespoke analyses across multiple standards bodies and jurisdictions.

D. Harmonized AI Incident-Reporting Standards

Incident-reporting requirements for AI systems are emerging across multiple international initiatives. The OECD’s work toward a common AI incident-reporting framework[32] and the G7 Hiroshima AI Process[33] both aim to establish harmonized terminology and reporting criteria.

NIST should actively participate in these initiatives and adopt compatible vocabulary. It should also publish concrete incident-reporting field definitions tailored to AI-agent contexts. Clear reporting schemas would reduce the transaction costs of multi-regime compliance by clarifying which events must be detected, recorded, and reported.

The European Union Agency for Cybersecurity’s (ENISA) multilayer framework for cybersecurity practices in AI provides a useful template. ENISA proposes a three-layer structure consisting of cybersecurity foundations, AI-specific cybersecurity controls, and sector-specific requirements[34] This layered model mirrors the compliance architecture organizations already face in practice and could serve as a basis for coordinated NIST-ENISA work on AI agent security standards.

III. Question 5(d): How are other countries addressing these challenges and what are the benefits and drawbacks of their approaches?

Other major jurisdictions are approaching AI agent security monitoring through distinct regulatory architectures. These frameworks vary in how they define monitoring obligations, allocate enforcement authority, and reconcile security observability with privacy and data-governance constraints. Comparative analysis therefore helps identify which governance strategies reduce monitoring uncertainty and which create additional compliance friction. The following overview highlights several leading models and the tradeoffs they present.

A systematic institutional study of overlaps across the EU digital regulatory ecosystem finds that each regulation “functions reasonably in isolation” but together form an “extremely difficult to navigate” legal landscape.[35] Transparency, logging, and reporting obligations appear repeatedly across multiple instruments, meaning monitoring architectures cannot realistically be designed once—even within the EU—let alone across jurisdictions.

A. European Union: Mandatory Monitoring and Regulatory Complexity

The EU most clearly embeds monitoring obligations directly into AI governance.

The AI Act requires high-risk AI systems to support security observability across the system lifecycle. Article 12 requires systems to enable automatic event logging for traceability and compliance.[36] Article 26 imposes deployer-side log-retention obligations of at least six months, subject to data-protection law.[37] Together these provisions create a credible monitoring baseline supported by conformity assessment.[38]

This structure also creates an important friction point. Article 26’s retention mandate is explicitly conditional on EU or national data-protection law. The Act therefore simultaneously requires log retention and places limits on the legal conditions under which those logs may be retained.

Parallel EU cybersecurity legislation further strengthens the monitoring floor. The NIS2 Directive,[39] the Cyber Resilience Act (CRA),[40] and the Digital Operational Resilience Act (DORA)[41] impose incident and vulnerability reporting obligations, including early-warning and full-notification timelines of 24 hours and 72 hours.[42] These instruments collectively reinforce monitoring requirements across sectors.

The drawback is regulatory complexity. Studies of the EU digital regulatory ecosystem identify conflicts in definitions, reporting timelines, and compliance triggers across at least five overlapping instruments.[43] These inconsistencies create regulatory incoherence. Firms often respond by routinizing minimum compliance rather than optimizing security observability.

B. United Kingdom: Principles-Based Governance and Standards Development

The United Kingdom takes a different approach, relying primarily on principles-based governance implemented by sector regulators.

This model produces fewer AI-specific statutory mandates but also fewer built-in compliance safe harbors. The UK Code of Practice for the Cyber Security of AI sets out expectations that system operators log system actions and analyze logs for anomalies.[44] The government has submitted the Code to ETSI for potential international standardization, reflecting a strategy of shaping global standards rather than imposing detailed domestic rules.

The UK AI Security Institute further supports this approach through evaluation programs. These include agentic task environments and cyber range testing designed to identify the monitoring capabilities necessary for secure AI operation.[45]

One advantage of this model is reduced legal friction for security monitoring. The Data (Use and Access) Act 2025 introduces “recognized legitimate interests” for crime prevention and safeguarding.[46] These provisions reduce the balancing-test burden for security-oriented data processing.

The drawback is enforcement uncertainty. Monitoring expectations ultimately depend on the willingness and capacity of sector regulators to interpret and enforce the principles. Critics therefore describe the model as a form of “regulatory hallucination”—an appearance of governance without binding regulatory obligations.[47]

C. China: Security-Driven and Sovereignty-Centered Regulation

China’s governance architecture links personal-information regulation with national-security objectives in ways that differ significantly from EU and UK approaches.

Rogier Creemers describes China’s Personal Information Protection Law (PIPL) as having a “clear family resemblance” to the GDPR for firm-to-consumer data governance.[48] At the same time, the Data Security Law (DSL) operates as a national-security instrument that places few meaningful constraints on state access to data.

Matt Sheehan’s analysis of China’s AI regulatory process identifies a pattern of deliberate regulatory ambiguity that expands enforcement discretion.[49] This design enables rapid policy implementation and centralized enforcement.

The advantage of this system is decisiveness. The Chinese regulatory framework can quickly establish mandatory monitoring practices and enforce them through administrative action.

The disadvantages are substantial for international deployment. Data-localization requirements under PIPL and the DSL create structural conflicts with EU adequacy-based transfer mechanisms. The EU adequacy framework assumes meaningful limits on government access to data—limits the Chinese system does not provide.

D. Singapore and Japan: Governance Through Testing and Evaluation

Singapore and Japan emphasize testing-based governance rather than prescriptive monitoring mandates.

Singapore’s AI Verify framework and broader collaborative governance model translate security goals into practical testing and certification processes.[50] This approach attempts to operationalize monitoring expectations through technical validation rather than statutory requirements.

Empirical evidence nonetheless suggests implementation gaps. An analysis of 27 major Singapore enforcement cases between 2022 and 2024 finds that the most frequently failed ISO/IEC 27001 controls include Control 8.16 (Monitoring Activities) and Control 8.15 (Logging).[51] These findings suggest that organizations often struggle to operationalize monitoring even when formal security-management standards are adopted.

Network-security failures frequently occur alongside logging failures, producing cascading vulnerabilities in monitoring systems.

E. Comparative Tradeoffs Across Governance Models

Three core tradeoffs emerge from this comparison.

1. Legal certainty versus adaptability

The EU establishes the clearest formal monitoring obligations but generates uncertainty at the interfaces between overlapping regulatory instruments. The UK and Singapore frameworks allow faster regulatory adaptation but leave “reasonable security” expectations less clearly specified.

2. Monitoring floors versus innovation costs

ENISA’s annual surveys of NIS Directive cybersecurity investment across EU member states find that incident-reporting mandates correlate with improved detection and response capabilities.[52] At the same time, compliance burdens and fragmented oversight can reduce effectiveness. Smaller operators in particular often allocate disproportionate resources to reporting requirements, rather than to substantive security improvements.

3. Cross-border operability versus data sovereignty

Modern security operations depend on cross-border telemetry flows. Data-localization measures therefore introduce operational costs and security risks. By 2023, more than 100 localization measures existed across roughly 40 countries, complicating centralized monitoring architectures.[53]

F. Toward a Global AI Governance Regime Complex

The emerging trajectory suggests that global AI governance will develop as a regime complex, rather than a unified regulatory system.

Emma Klein and Stewart Patrick argue that AI governance will likely emerge through “multiple institutions within and across several functional areas,” because “the challenges that AI presents are too multifaceted, the relevant actors too varied, and the geopolitical situation too complicated” for a single global authority.[54]

For AI agent monitoring, this implies that harmonization is unlikely. More realistic governance pathways include mutual recognition regimes, shared incident-reporting vocabularies, and convergence among international technical standards.

IV. Question 5(e): Are there practices, norms, or empirical insights from fields outside of artificial intelligence and cybersecurity that might benefit our understanding?

The monitoring challenges described above are not unique to artificial intelligence. Several mature policy domains—including investment economics and trade-secret law—have long addressed analogous problems involving uncertainty, security incentives, and legal standards for reasonable protection. Their analytical frameworks provide useful guidance for designing AI agent monitoring governance.

A. Investment Under Uncertainty and Security Monitoring

The economics literature on investment under uncertainty provides a well-developed framework for understanding why firms delay monitoring investments when legal conditions are unclear.

Real-options models treat investment decisions as choices between immediate action and waiting for additional information. Nicholas Bloom, Stephen Bond, and John Van Reenen show that moving from low to high uncertainty reduces first-year investment responses to demand shocks by roughly half.[55] Kira Fabrizio similarly finds that anticipated regulatory instability dampens investment even when current policy conditions remain favorable.[56]

Mazaher Kianpour and Shahid Raza extend this framework to cybersecurity. Their analysis shows that regulatory volatility induces “wait-and-see” behavior in cybersecurity investment decisions.[57]

The implication for AI monitoring is straightforward. Legal uncertainty regarding the permissibility of security telemetry produces the same investment-chilling effect observed in other regulated sectors. In energy markets, uncertainty about carbon pricing or renewable-energy subsidies delays infrastructure investment. In AI deployment contexts, uncertainty about monitoring legality delays investments in telemetry, logging infrastructure, and anomaly detection.

The policy response suggested by the literature is also similar. Credible and stable regulatory commitments reduce the option value of delay and encourage earlier investment in protective infrastructure.

B. Trade Secret Law and the ‘Reasonable Measures’ Standard

Trade secret law provides a complementary insight into how legal standards can guide security practices without prescribing detailed technical rules.

Under the Defend Trade Secrets Act, firms receive protection only if they implement “reasonable measures” to maintain the secrecy of protected information. Courts and practitioners have spent decades interpreting and operationalizing this standard.

Raj Sachdev’s Reasonable Cybersecurity Measures Framework provides a structured method for evaluating whether specific cybersecurity practices satisfy this legal threshold.[58] The framework offers a vocabulary that could inform discussions of “reasonable” AI security monitoring.

Empirical research also demonstrates the economic effects of clear protection standards. Ivan Png finds that stronger trade-secret protection correlates with roughly 3.1-3.2% higher R&D investment in innovation-intensive industries.[59] Feng Gao, Xue Wang, and Benda Yin show that stronger trade-secret protection enables firms to shift resources away from defensive secrecy measures and toward productive investment.[60]

Monitoring uncertainty therefore has broader implications than security alone. When firms cannot determine whether monitoring practices will be considered lawful, the resulting uncertainty weakens the appropriation incentives that support innovation.

[1] Aurélien Portuese, Orla Gough & Joseph Tanega, The Principle of Legal Certainty as a Principle of Economic Efficiency, 44(1) Eur. J.L. & Econ. 131 (2017), https://doi.org/10.1007/s10657-014-9435-2 (arguing that legal certainty promotes economic efficiency by reducing transaction costs for compliance-sensitive investments); see also Alessandro Acquisti, Curtis Taylor & Liad Wagman, The Economics of Privacy, 54(2) J. Econ. Literature 442 (2016), https://doi.org/10.1257/jel.54.2.442 (surveying the economics of privacy and explaining how regulatory uncertainty shapes privacy-related economic decisions).

[2] Vijay Kanabar & Krassimira Kaloyanova, Securing Generative AI Systems: Threat-Centric Architectures and the Impact of Divergent EU–US Governance Regimes, 6(1) J. Cybersecurity & Privacy 27 (2026), https://doi.org/10.3390/jcp6010027; see generally Anu Bradford, The Brussels Effect: How the European Union Rules the World (2020) (describing how EU regulation can become the de facto global compliance baseline).

[3] Edoardo Debenedetti et al., Privacy Side Channels in Machine Learning Systems, in Proceedings of the 33rd USENIX Security Symposium (2024), https://www.usenix.org/conference/usenixsecurity24/presentation/debenedetti.

[4] Orin S. Kerr, A User’s Guide to the Stored Communications Act, and a Legislator’s Guide to Amending It, 72 Geo. Wash. L. Rev. 1208 (2004); Orin S. Kerr, The Next Generation Communications Privacy Act, 162 U. Pa. L. Rev. 373 (2014) (arguing that ECPA’s foundational categories are obsolete for modern data flows).

[5] William Simpson, Dressing Old Laws in Class Action Suits: Applying Anti-Wiretapping Laws to AI Transcription Services, IAPP; see, e.g., Ambriz v. Google, LLC, No. 3:23-cv-05437-RFL (N.D. Cal. Feb. 10, 2025) (denying motion to dismiss CIPA claims arising from alleged interception and analysis of customer-service calls using Google Cloud Contact Center AI).

[6] Ben Sperry & Kristian Stout, The Trust Constraint on Personalized AI: How Transparency and Adaptive Governance Can Unlock AI Productivity, ICLE Issue Brief 2026-01-09, at 7–9 (arguing that information asymmetries between AI developers and users regarding data collection, retention, and repurposing create adverse-selection dynamics that undermine trust and constrain personalization’s productivity-enhancing potential).

[7] Id. at 11–12 (“The guiding principle . . . should be purpose limitation; user data should be used only for the purposes for which it is shared.”); id. at 9–10 (advocating governance that evaluates system outputs and observable harms rather than prescribing technical architectures).

[8] Id. at 13–14 (describing GLBA’s disclosure and opt-out requirements for nonpublic personal information as a template for generative AI governance); id. at 14 (analogizing HIPAA’s strict purpose limitations on protected health information to the governance needs of AI systems processing sensitive data in regulated domains).

[9] Id. at 15–16 (proposing a federally recognized safe-harbor framework supported by voluntary, independent verification of data-use commitments, with certification focused on whether firms adhere to stated practices regarding data segmentation, purpose limitation, retention, and non-retraining).

[10] See Jared Bomberg, Workplace Monitoring Gets Easier, IAPP (2016) (explaining the Cybersecurity Information Sharing Act of 2015’s information-sharing protections and their limitations for mixed-purpose telemetry). Note: the Cybersecurity Information Sharing Act of 2015’s information-sharing protections expired on September 30, 2025, were temporarily extended through January 30, 2026, and were further extended through September 30, 2026 via the Consolidated Appropriations Act—the resulting short-term renewals themselves illustrate the regulatory instability this comment describes.

[11] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 Apr. 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), 2016 O.J. (L 119) 1, https://eur-lex.europa.eu/eli/reg/2016/679/oj; Cédric Burton, Article 32 Security of Processing, in The EU General Data Protection Regulation (GDPR) (2020), https://doi.org/10.1093/oso/9780198826491.003.0068.

[12] Eur. Data Prot. Bd., Guidelines 1/2024 on Processing of Personal Data Based on Article 6(1)(f) GDPR (2024), https://www.edpb.europa.eu/system/files/2024-10/edpb_guidelines_202401_legitimateinterest_en.pdf; see also Eur. Data Prot. Bd., Opinion 28/2024 on Certain Data Protection Aspects Related to the Processing of Personal Data in the Context of AI Models (2024), https://www.edpb.europa.eu/our-work-tools/our-documents/opinion-board-art-64/opinion-282024-certain-data-protection-aspects_en (confirming that legitimate interest may provide a lawful basis for AI-related processing, including cybersecurity uses).

[13] Miko?aj Barczentewicz, The GDPR and GenAI—Part 1: Lawful Bases, How EU Law Influences Tech (2024), https://eutechreg.com/p/the-gdpr-and-genai-part-1-lawful; see also Gianclaudio Malgieri, Can Legitimate Interest Be an Appropriate Lawful Basis for Processing Artificial Intelligence Training Datasets?, Computer L. & Sec. Rev. (2023), https://doi.org/10.1016/j.clsr.2022.105780 (analyzing the use of legitimate interest, rather than consent, as a lawful basis for AI-related processing).

[14] James Langenfeld, Frank Fagan & Samuel Clark, eds., The Law and Economics of Privacy, Personal Data, Artificial Intelligence, and Incomplete Monitoring, Research in L. & Econ., vol. 30 (2022), https://doi.org/10.1108/S0193-5895202230 (developing a framework linking incomplete monitoring under privacy law to security-investment gaps and resulting welfare losses); Ross Anderson & Tyler Moore, The Economics of Information Security, 314 Science 610 (2006), https://doi.org/10.1126/science.1130992 (showing how misaligned incentives and information asymmetries lead to chronic cybersecurity underinvestment).

[15] Eur. Data Prot. Bd., Guidelines 01/2021 on Examples Regarding Personal Data Breach Notification (2021), https://www.edpb.europa.eu/system/files/2022-01/edpb_guidelines_012021_pdbnotification_adopted_en.pdf.

[16] Eur. Data Prot. Bd., Guidelines 2/2023 on Technical Scope of Article 5(3) of the ePrivacy Directive (2024), https://www.edpb.europa.eu/system/files/2024-10/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_v2_en_0.pdf. The regulatory framework for Article 5(3) remains unsettled. The European Commission withdrew the proposed ePrivacy Regulation in Feb. 2025 and announced plans to integrate certain ePrivacy rules into the GDPR through the Digital Omnibus Package.

[17] Lawrence A. Gordon & Martin P. Loeb, The Economics of Information Security Investment, ACM Transactions on Info. & Sys. Sec. (2002), https://doi.org/10.1145/581271.581274.

[18] Lawrence A. Gordon et al., Externalities and the Magnitude of Cyber Security Underinvestment by Private Sector Firms: A Modification of the Gordon–Loeb Model, J. Info. Sec. (2015), https://doi.org/10.4236/jis.2015.61003; see also Howard Kunreuther & Geoffrey Heal, Interdependent Security, 26(2–3) J. Risk & Uncertainty 231 (2003), https://doi.org/10.1023/A:1024119208153 (providing a game-theoretic explanation for why interdependent security decisions lead to systematic underinvestment).

[19] Rebecca Janßen et al., GDPR and the Lost Generation of Innovative Apps, Nat’l Bureau of Econ. Rsch., Working Paper No. 30028 (2022), https://www.nber.org/papers/w30028 (finding that the GDPR led roughly one-third of apps to exit the market and reduced consumer surplus by an estimated 32%); see also Christian Frey et al., Privacy Regulation and Firm Performance: Estimating the GDPR Effect Globally, Econ. Inquiry (2024), https://doi.org/10.1111/ecin.13219 (finding that the GDPR reduced profits by about 8% on average for firms serving EU markets).

[20] Garrett A. Johnson, Scott K. Shriver & Samuel G. Goldberg, Privacy and Market Concentration: Intended and Unintended Consequences of the GDPR, 69(10) Mgmt. Sci. 5695 (2023), https://doi.org/10.1287/mnsc.2023.4709 (finding that the GDPR increased web-technology market concentration in the short run due to disproportionate fixed compliance costs); Christian Peukert, Stefan Bechtold, Michail Batikas & Tobias Kretschmer, Regulatory Spillovers and Data Governance: Evidence from the GDPR, 41(4) Marketing Sci. (2022), https://doi.org/10.1287/mksc.2021.1347 (corroborating concentration effects and documenting spillovers to non-EU websites).

[21] FTC v. Rite Aid Corp., No. 2:23-cv-05023 (E.D. Pa. 2023), https://www.ftc.gov/legal-library/browse/cases-proceedings/2023190-rite-aid-corporation-ftc-v (alleging that the deployment of AI-based surveillance without reasonable safeguards constitutes an unfair practice under Section 5 of the Federal Trade Commission Act).

[22] Lesley Fair, Data Security Forecast: Drizly with a 100% Chance of Far-Reaching Order Provisions, Fed. Trade Comm’n Bus. Blog (2022), https://www.ftc.gov/business-guidance/blog/2022/10/data-security-forecast-drizly-100-chance-far-reaching-order-provisions (explaining that the Federal Trade Commission’s Drizly order imposed company-wide data-minimization obligations and treated excessive data retention as a data-security risk).

[23] Commission Nationale de l’Informatique et des Libertés (CNIL), Employee Monitoring: CNIL Fined Amazon France Logistique €32 Million (2024), https://www.cnil.fr/en/employee-monitoring-cnil-fined-amazon-france-logistique-eu32-million (describing the CNIL’s €32 million fine against Amazon France Logistique for excessive employee monitoring that violated GDPR proportionality requirements). On Dec. 23, 2025, the Conseil d’État partially revised the decision and reduced the fine to €15 million, holding that the CNIL erred with respect to certain productivity indicators, while rejecting the remainder of Amazon’s challenge.

[24] Raj Sachdev, “Reasonable [Cybersecurity] Measures” for Digital Trade Secrets: Lessons from Marketing, 65 IDEA: J. Franklin Pierce Ctr. for Intell. Prop. 39 (2025), https://scholars.unh.edu/law_facpub/510.

[25] Derek E. Bambauer, Privacy Versus Security, 103 J. Crim. L. & Criminology 667 (2013), https://scholarlycommons.law.northwestern.edu/jclc/vol103/iss3/2; see also Danielle Keats Citron & Daniel J. Solove, Privacy Harms, 102 B.U. L. Rev. 793 (2022), https://scholarship.law.bu.edu/faculty_scholarship/3096 (developing a taxonomy of privacy harms that clarifies the distinction between privacy harms and security harms).

[26] Nat’l Inst. of Standards & Tech., NISTIR 8062: An Introduction to Privacy Engineering and Risk Management in Federal Systems (2017), https://doi.org/10.6028/NIST.IR.8062; Nat’l Inst. of Standards & Tech., NIST Privacy Framework 1.1, NIST CSWP 40 (Initial Pub. Draft 2025), https://doi.org/10.6028/NIST.CSWP.40.ipd (operationalizing the concepts introduced in NISTIR 8062 and adding AI-specific privacy risk-management guidance).

[27] Nat’l Inst. of Standards & Tech., NIST SP 800-66 Rev. 2: Implementing the HIPAA Security Rule (2024), https://doi.org/10.6028/NIST.SP.800-66r2; see also Dep’t of Health & Hum. Servs., HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information, Notice of Proposed Rulemaking, 90 Fed. Reg. 898 (Jan. 6, 2025) (proposing stronger HIPAA Security Rule requirements, including mandatory multifactor authentication and elimination of the “required” versus “addressable” distinction).

[28] Elham Tabassi et al., Artificial Intelligence Risk Management Framework (AI RMF 1.0), Nat’l Inst. of Standards & Tech. (2023), https://doi.org/10.6028/NIST.AI.100-1; Nat’l Inst. of Standards & Tech., NIST AI RMF to ISO/IEC FDIS 42001 Crosswalk (2023), https://airc.nist.gov/docs/NIST_AI_RMF_to_ISO_IEC_42001_Crosswalk.pdf (documenting efforts to align the NIST AI Risk Management Framework with ISO/IEC 42001).

[29] Chloe Autio et al., Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile (2024), https://doi.org/10.6028/NIST.AI.600-1.

Chloe Autio et al., Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile, Nat’l Inst. of Standards & Tech. (2024), https://doi.org/10.6028/NIST.AI.600-1.

[30] Nat’l Inst. of Standards & Tech., Accelerating the Adoption of Software and Artificial Intelligence Agent Identity and Authorization (Concept Paper, Initial Pub. Draft 2026), https://csrc.nist.gov/pubs/other/2026/02/05/accelerating-the-adoption-of-software-and-ai-agent/ipd (part of the broader NIST AI Agent Standards Initiative announced in Feb. 2026).

[31] Vasiliki Diamantopoulou, Aggeliki Tsohou & Maria Karyda, From ISO/IEC 27001:2013 and ISO/IEC 27002:2013 to GDPR Compliance Controls, Info. & Computer Sec. (2020), https://doi.org/10.1108/ics-01-2020-0004; see also Hans Graux et al., Interplay Between the AI Act and the EU Digital Legislative Framework, Eur. Parl. Comm. on Indus., Rsch. & Energy, Study PE 778.575 (2025), https://www.europarl.europa.eu/thinktank/en/document/ECTI_STU(2025)778575 (mapping overlaps and gaps across the EU digital legislative framework, including requirements related to security log retention and access).

[32] Org. for Econ. Co-operation & Dev., Towards a Common Reporting Framework for AI Incidents, OECD Artificial Intelligence Papers No. 34 (2025), https://doi.org/10.1787/f326d4ac-en; Ren Bin Lee Dixon & Heather Frase, AI Incidents: Key Components for a Mandatory Reporting Regime, Ctr. for Sec. & Emerging Tech., Georgetown Univ. (2025), https://cset.georgetown.edu/publication/ai-incidents-key-components-for-a-mandatory-reporting-regime (proposing elements of a mandatory AI-incident reporting regime modeled on aviation, health-care, and cybersecurity reporting systems).

[33] Org. for Econ. Co-operation & Dev., G7 Hiroshima Process on Generative Artificial Intelligence (AI) (2023), https://doi.org/10.1787/bf3c0c60-en; Org. for Econ. Co-operation & Dev., Overview of the OECD Pilot of the Hiroshima Artificial Intelligence Process Reporting Framework (2024), https://www.oecd.org/en/publications/overview-of-the-oecd-pilot-of-the-hiroshima-artificial-intelligence-process-reporting-framework_e41c1fcc-en.html (reporting pilot results that operationalize the Hiroshima Process commitments).

[34] Eur. Union Agency for Cybersecurity (ENISA), Multilayer Framework for Good Cybersecurity Practices for AI (2023), https://www.enisa.europa.eu/publications/multilayer-framework-for-good-cybersecurity-practices-for-ai.

[35] Graux et al., supra note 32.

[36] Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act), arts. 12–13, 2024 O.J. (L 1689) 1, https://eur-lex.europa.eu/eli/reg/2024/1689/oj (requiring high-risk AI systems to enable automatic event logging to support traceability and regulatory compliance).

[37] Regulation (EU) 2024/1689, art. 26 (requiring deployers of high-risk AI systems to retain system logs for at least six months).

[38] Id.; Michèle Finck, Chapter III: High-Risk AI System, in The EU Artificial Intelligence Act (2026), https://doi.org/10.1093/law/9780198925705.003.0004.

[39] Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 Dec. 2022 on Measures for a High Common Level of Cybersecurity Across the Union (NIS 2 Directive), 2022 O.J. (L 333) 80, https://eur-lex.europa.eu/eli/dir/2022/2555/oj; Eur. Union Agency for Cybersecurity (ENISA), Technical Implementation Guidance on Cybersecurity Risk Management Measures (2025), https://www.enisa.europa.eu/sites/default/files/2025-06/ENISA_Technical_implementation_guidance_on_cybersecurity_risk_management_measures_version_1.0.pdf.

[40] Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 Oct. 2024 on Horizontal Cybersecurity Requirements for Products with Digital Elements (Cyber Resilience Act), 2024 O.J. (L 2847) 1, https://eur-lex.europa.eu/eli/reg/2024/2847/oj; Pier Giorgio Chiara, The Cyber Resilience Act: The EU Commission’s Proposal for a Horizontal Regulation on Cybersecurity for Products with Digital Elements, Int’l Cybersecurity L. Rev. (2022), https://doi.org/10.1365/s43439-022-00067-6; Florian Teichmann, The Cyber Resilience Act as a New Paradigm for Product Security: A Compliance Roadmap, Int’l Cybersecurity L. Rev. (2025), https://doi.org/10.1365/s43439-025-00162-4 (analyzing the final enacted regulation).

[41] Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 Dec. 2022 on Digital Operational Resilience for the Financial Sector (DORA), 2022 O.J. (L 333) 1, https://eur-lex.europa.eu/eli/reg/2022/2554/oj; Eur. Supervisory Auths. (EBA, EIOPA & ESMA), Joint Regulatory Technical Standards on Major Incident Reporting Under DORA (2024), https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/operational-resilience/joint-technical-standards-major-incident-reporting.

[42] G7 Cyber Expert Group, Statement on Artificial Intelligence and Cybersecurity (2025), https://www.gov.uk/government/publications/g7-cyber-expert-group-statement-on-ai-and-cybersecurity/g7-cyber-expert-group-statement-on-artificial-intelligence-and-cybersecurity-september-2025; Jukka Ruohonen & Paul Timmers, Vulnerability Coordination Under the Cyber Resilience Act, Applied Cybersecurity & Internet Governance (2025), https://doi.org/10.60097/acig/213350.

[43] Anacleto Correia & António Gonçalves, Regulatory Convergence and Divergence: A Study on the Synergies and Conflicts Among Key Cybersecurity European Legislation, in MCIS 2024 Proceedings (2024), https://aisel.aisnet.org/mcis2024/4 (identifying conflicts in definitions and reporting timelines across the GDPR, NIS2, DORA, AI Act, and Cyber Resilience Act); Lee A. Bygrave, The Emergence of EU Cybersecurity Law: A Tale of Lemons, Angst, Turf, Surf and Grey Boxes, Computer L. & Sec. Rev. (2024), https://doi.org/10.1016/j.clsr.2024.106071 (describing EU cybersecurity law as “a sprawling jungle of regulatory instruments interacting in complex, confusing and sometimes disjointed ways”).

[44] U.K. Dep’t for Sci., Innovation & Tech., Code of Practice for the Cyber Security of AI (2025), https://www.gov.uk/government/publications/ai-cyber-security-code-of-practice/code-of-practice-for-the-cyber-security-of-ai.

[45] U.K. AI Sec. Inst., Frontier AI Trends Report (2025), https://www.aisi.gov.uk/frontier-ai-trends-report (evaluating frontier AI cybersecurity capabilities, including agentic cyber-task performance across varying levels of difficulty).

[46] Data (Use and Access) Act 2025; U.K. Dep’t for Sci., Innovation & Tech., Data (Use and Access) Act Factsheet: UK GDPR and DPA (2025), https://www.gov.uk/government/publications/data-use-and-access-act-2025-factsheets/data-use-and-access-act-factsheet-uk-gdpr-and-dpa.

[47] Albert Sanchez-Graells, Responsibly Buying Artificial Intelligence: A “Regulatory Hallucination”, 77(1) Current Legal Probs. 81 (2024), https://doi.org/10.1093/clp/cuae006 (coining the concept of a “regulatory hallucination”); Christopher T. Marsden, Generative AI Regulation in the UK, in The Oxford Handbook of the Foundations and Regulation of Generative AI (2025), https://doi.org/10.1093/oxfordhb/9780198940272.013.0043.

[48] Rogier Creemers, China’s Emerging Data Protection Framework, J. Cybersecurity (2022), https://doi.org/10.1093/cybsec/tyac011.

[49] Matt Sheehan, Tracing the Roots of China’s AI Regulations, Carnegie Endowment for Int’l Peace (2024), https://carnegieendowment.org/research/2024/02/tracing-the-roots-of-chinas-ai-regulations?lang=en; Yue Zhu et al., China’s Emerging Regulation Toward an Open Future for AI, 390 Science 132 (2025) (providing an overview of China’s six-pillar AI regulatory architecture).

[50] Sun Sun Lim & Gerry Chng, Verifying AI: Will Singapore’s Experiment with AI Governance Set the Benchmark?, Communication Rsch. & Prac. (2024), https://doi.org/10.1080/22041451.2024.2346416; Infocomm Media Dev. Auth. (IMDA), Model AI Governance Framework for Generative AI (2024), https://www.imda.gov.sg/resources/press-releases-factsheets-and-speeches/archived/imda/press-releases/2024/launch-of-generative-ai-governance-framework.

[51] Jeremy Leonard Naramuda et al., Analyzing the Implementation Gaps in ISO/IEC 27001:2022 Controls: Insights from PDPC Singapore’s Cybersecurity Breaches, in 2025 IEEE 2nd International Conference on Cryptography, Informatics, and Cybersecurity (ICOCICS) (2025), https://www.semanticscholar.org/paper/67f45a88a7de5c19bdea5821610eda816d1f79f7.

[52] Eur. Union Agency for Cybersecurity (ENISA), NIS Investments 2024 (2024), https://www.enisa.europa.eu/publications/nis-investments-2024 (surveying cybersecurity investment and compliance across EU member states under NIS Directive reporting requirements).

[53] Cristina Del Giovane, Janos Ferencz & Javier López González, The Nature, Evolution and Potential Implications of Data Localisation Measures (OECD 2023), https://www.oecd.org/en/publications/the-nature-evolution-and-potential-implications-of-data-localisation-measures_179f718a-en.html; Peter Swire et al., Risks to Cybersecurity from Data Localization, Organized by Techniques, Tactics and Procedures, J. Cyber Pol’y (2024), https://doi.org/10.1080/23738871.2024.2384724 (finding that 13 of 14 ISO 27002 security controls are negatively affected by data-localization requirements).

[54] Emma Klein & Stewart Patrick, Envisioning a Global Regime Complex to Govern Artificial Intelligence, Carnegie Endowment for Int’l Peace (2024), https://carnegieendowment.org/research/2024/03/envisioning-a-global-regime-complex-to-govern-artificial-intelligence?lang=en; Huw Roberts et al., Global AI Governance: Barriers and Pathways Forward, 100(3) Int’l Affs. 1275 (2024), https://doi.org/10.1093/ia/iiae073 (mapping the emerging global AI-governance regime complex).

[55] Nick Bloom, Stephen Bond & John Van Reenen, Uncertainty and Investment Dynamics, Rev. Econ. Stud. (2007), https://doi.org/10.1111/j.1467-937X.2007.00426.x; see generally Avinash K. Dixit & Robert S. Pindyck, Investment Under Uncertainty (1994) (providing the foundational theoretical treatment of real-options investment decisions under uncertainty).

[56] Kira R. Fabrizio, The Effect of Regulatory Uncertainty on Investment: Evidence from Renewable Energy Generation, J.L. Econ. & Org. (2013), https://doi.org/10.1093/jleo/ews007; Scott R. Baker, Nick Bloom & Steven J. Davis, Measuring Economic Policy Uncertainty, 131(4) Q.J. Econ. 1593 (2016), https://doi.org/10.1093/qje/qjw024 (showing that policy uncertainty predicts declines in investment, output, and employment across 12 major economies).

[57] Mazaher Kianpour & Shahid Raza, More Than Malware: Unmasking the Hidden Risk of Cybersecurity Regulations, Int’l Cybersecurity L. Rev. (2024), https://doi.org/10.1365/s43439-024-00111-7.

[58] Sachdev, supra note 24.

[59] Ivan Png, Law and Innovation: Evidence from State Trade Secrets Laws, 99(1) Rev. Econ. & Stat. 167 (2017), https://doi.org/10.1162/rest_a_00532; Colleen Cunningham & Aldona Kapacinskaite, Keeping Invention Confidential, Mgmt. Sci. (2025), https://doi.org/10.1287/mnsc.2023.01434 (finding that stronger trade-secret protection increases both the use and novelty of trade secrets).

[60] Feng Gao, Xue Wang & Benda Yin, The Benefits of Trade Secret Legal Protection: Evidence from Firms’ Cost Structure Decisions, J.L. Econ. & Org. (2022), https://doi.org/10.1093/jleo/ewac013.

I. Introduction

The International Center for Law & Economics (ICLE) submits these comments in response to the Autorité de la Concurrence’s public consultation on the competitive situation in the conversational agents sector. ICLE is a non-profit research centre that applies economic analysis to legal and regulatory questions, with a particular focus on competition policy and market institutions.

These comments assess the competitive implications of integrating AI applications into digital ecosystems under both competition law and sector-specific regulation. They address several issues raised in the consultation, particularly the integration of conversational agents into the existing services of vertically integrated firms (Section I.B of the consultation). The analysis also engages with partnerships in this area (Section I.D), the evolving role of conversational agents as platforms (Section I.E), and the adequacy of the current legislative and regulatory framework (Section III, Question 25).

Artificial intelligence (AI) is emerging as a general-purpose technology with immediate implications for competition policy.[1] As deployment spreads across search, commerce, productivity software, and communications services, AI tools are beginning to reshape how firms compete, organise production, and interact with users. At the downstream level, foundation models enable new product categories and add new functionality to existing digital services.

Much of this transformation centres on AI assistants and agents. These systems increasingly mediate users’ online activity and shift the traditional web-browsing experience toward AI-centred interaction.[2]

AI assistants—e.g., OpenAI ChatGPT, Google Gemini, Microsoft Copilot, Anthropic Claude, Meta AI Assistant, and Mistral Le Chat—are primarily reactive, language-based systems. They interpret natural-language prompts and generate responses using probabilistic reasoning and, in some cases, tool-augmented capabilities. Their operation remains prompt-driven: users initiate the task and define its boundaries.

Alongside these systems, early agentic tools—e.g., OpenAI Operator, Anthropic Claude’s Computer Use, Perplexity’s Buy with Pro, and Google DeepMind’s Project Mariner—operate differently. They initiate actions, interact with external software environments, and adjust behaviour to pursue specified objectives. They can execute multi-step workflows and sustain continuous processes that extend beyond simple response generation. The distinction is functional rather than semantic: assistants answer questions, while agents perform tasks.

The rapid expansion of generative AI has increased both the number and diversity of these systems.[3] AI assistants and agents increasingly function as access points to digital services, rather than standalone applications.[4] Through a single interface, users can search, shop, book services, retrieve documents, or interact with third-party tools without leaving the conversational environment. AI-enabled browsers, including OpenAI’s ChatGPT Atlas and Perplexity’s Comet, reinforce this shift.

Firms are deploying these capabilities through two primary strategies. Some partner with third-party AI developers, while others build proprietary systems and embed them into existing ecosystems. This divergence reflects the competitive relationship between incumbent platforms and AI entrants. New entrants seek distribution through widespread embedding across platforms, while incumbents deploy vertically integrated AI to retain users within their ecosystems.

Competition authorities have begun to scrutinise these developments. Integration may improve quality and reduce transaction costs, but regulators have expressed concerns that it may also reinforce market power. Agencies have raised issues relating to tying, foreclosure, and self-preferencing, particularly where AI tools are embedded in widely used services.[5] Jurisdictions that adopted ex ante digital-market regulation are already reassessing whether those frameworks adequately address AI-enabled conduct.[6]

Early disputes illustrate the emerging terrain. Amazon has sued Perplexity, alleging that its agent accessed user accounts and masked automated activity as human browsing.[7] Elon Musk has threatened litigation accusing Apple of manipulating App Store rankings to favour OpenAI’s ChatGPT after Apple integrated the service into iOS devices.[8] Meanwhile, the Italian competition authority opened proceedings regarding Meta’s preinstallation of Meta AI within WhatsApp.[9]

These comments analyse the competitive implications of integrating AI applications into digital ecosystems under both antitrust law and sector-specific regulation.

From an antitrust perspective, the core issues are not new. They resemble longstanding debates over vertical integration and self-preferencing in digital markets.[10] Existing competition law remains sufficiently flexible to address exclusionary conduct. The real novelty lies elsewhere: AI markets currently exhibit rapid entry, experimentation, and technological uncertainty. The speed with which new services and firms have emerged complicates predictions about durable market power. Replicating familiar anti–Big Tech analytical frameworks risks misdiagnosing competitive dynamics in a still-fluid environment.

The same caution applies to digital-platform regulation. A Big Tech-centric regulatory approach creates asymmetric coverage. The European Union’s (EU) Digital Markets Act (DMA), for example, captures AI functionality integrated into designated core platform services,[11] yet standalone AI applications may fall outside its scope regardless of their growth or competitive significance. The rise of agentic systems highlights the difficulty regulators face in anticipating technological trajectories.[12]

Policy therefore confronts two opposing risks: delayed intervention that allows anticompetitive conduct to entrench, and premature intervention that distorts competition in evolving markets.

The comments proceed as follows. Section II examines business strategies for deploying assistive AI services and uses the Meta AI investigation to illustrate potential antitrust concerns arising from integration into core ecosystems. Section III analyses the challenges AI technologies pose for recently enacted digital-market regulations. Section IV evaluates the limits of a Big Tech-centric framework and questions the assumption that AI markets will follow the historical trajectory of earlier digital platforms. Section V concludes.

II. Competitive Strategies for Deploying AI Assistants and Agents

AI assistants and agents have become a central competitive frontier in online markets. A growing share of users rely on these tools to interact with digital systems, retrieve and synthesise information, automate tasks, and delegate bounded autonomous actions across platforms and services. The rapid cadence of model releases and the ongoing race for performance leadership reflect both the importance of these applications and the intensity of rivalry in this sector.

Competition between incumbent technology firms and AI entrants increasingly turns on how these systems are adopted and distributed. Because AI assistants may mediate—or potentially displace—traditional general-purpose search and other gateway services,[13] new entrants pursue rapid diffusion through embedding across multiple platforms. Incumbent firms instead face a familiar make-or-buy decision: partner with external AI developers or build proprietary systems.

Each option presents tradeoffs. Partnerships allow incumbents to reach competitive parity quickly and reduce disruption risk by aligning with potential rivals. Over time, however, reliance on third-party technology may create strategic dependence on external providers and their commercial success.[14] Internal development preserves control but requires substantial investment and entails technological uncertainty.

Observed market behaviour reflects these incentives. Many incumbents have integrated proprietary AI functionality into existing ecosystems. Google has incorporated generative-AI features into Gmail, Google Docs, and Search. Meta has embedded AI assistants into WhatsApp, Messenger, and Instagram. Microsoft integrated Copilot into the Office suite, although its early capabilities relied heavily on its partnership with OpenAI. Microsoft has since diversified Copilot’s architecture by combining internal and external models to reduce reliance on OpenAI.

Many partnerships instead focus on upstream AI inputs—cloud infrastructure, computing chips, training data, and technical expertise—or take the form of financial investment, rather than distribution agreements.[15]

New entrants typically pursue a different strategy. OpenAI’s launch of ‘apps in ChatGPT’ allows users to run third-party applications inside conversations, supported by an open developer toolkit (the Apps SDK).[16] Early partners include Booking.com, Canva, Coursera, Expedia, Figma, Spotify, and Zillow, with additional participants such as OpenTable, Peloton, Target, Tripadvisor, and Uber expected to join.

OpenAI has also pursued commerce integration. Companies including Etsy, Shopify, and Walmart allow users to browse and purchase products directly through ChatGPT.[17] A partnership with PayPal enables instant checkout through PayPal’s digital wallet, while PayPal processes merchant payments.[18]

Incumbents have responded with similar initiatives. Google has partnered with firms including Shopify, Etsy, Wayfair, Target, and Walmart to develop an open standard for agentic commerce. The system allows users to complete purchases through Search or the Gemini application without switching between apps or webpages.[19]

Competition authorities have expressed concern about both types of strategies.

First, regulators scrutinise partnerships between large platforms and AI developers.[20] These arrangements may generate pro-competitive benefits by giving entrants access to capital, distribution, and essential inputs such as specialised computing capacity. Authorities nonetheless worry that partnerships may neutralise emerging competitors—for example, through contractual restrictions that limit downstream competition—and thereby reinforce incumbent positions across the AI value chain.[21]

Second, agencies have focused on the integration of AI into core platform services.[22] Ecosystem integration can improve product quality and reduce transaction costs, but authorities warn it may also create foreclosure risks. Regulators frequently invoke tying and self-preferencing theories of harm. Platforms may condition access to core services on the use of proprietary AI or advantage their own tools through preinstallation, exclusive integration, or interoperability limits. Such practices could restrict user choice and raise barriers to rival applications.

Taken together, scepticism toward both partnerships and internal development reflects a broader concern that AI may strengthen existing digital ecosystems, rather than disrupt them.[23] Current policy debates therefore often adopt a Big Tech–centric perspective.

The ongoing Meta AI investigation provides a useful case study for evaluating these issues and the competitive implications of foundation-model assistants embedded within established digital ecosystems.

A. Meta AI and WhatsApp: Assessing Tying Risks in AI Integration

In July 2025, the Italian competition authority (ICA) opened an antitrust investigation into Meta’s decision to preinstall Meta AI within WhatsApp, combining its messaging service with its proprietary AI assistant.[24] The authority emphasised that Meta AI appears in a prominent interface position and is integrated into the WhatsApp search bar, allowing users to interact with the assistant without opening a separate chat.[25]

The ICA also identified limits on user control. Users can access competing AI services by initiating separate chats, but they cannot remove the Meta AI interface elements.[26] The authority further noted uncertainty regarding training data. Interactions with Meta AI appear to contribute to model training, except for private messages and instances in which users explicitly opt out in specific chats.[27]

The investigation therefore centres on an alleged tying practice. In the ICA’s view, preinstallation and preferential placement may give Meta an advantage in the AI-chatbot market by leveraging its position in consumer messaging services.[28] The concern is that Meta may steer WhatsApp’s large user base into the emerging AI market not through competition on the merits, but through product integration.[29]

The authority also emphasised the potential interaction between distribution and data. If Meta trains its model using interactions generated through a dominant messaging service, user-base leverage and data accumulation may reinforce one another. This feedback loop could create lock-in effects and reduce reliance on competing assistants.[30]

Despite the technological novelty of AI, the theory of harm is familiar. The case fits within a well-established vertical-integration framework, rather than introducing a new antitrust doctrine. Competition law has repeatedly addressed similar conduct in digital markets,[31] and existing rules do not require structural revision simply because the product incorporates AI.

European precedent illustrates the point. In Microsoft, the General Court held that the ubiquity of a dominant operating system could foreclose competition in the tied software market.[32] Bundling software with a preinstalled operating system allowed the tied product ‘to benefit from the ubiquity of that operating system … which cannot be counterbalanced by other methods of distributing media players’.[33]

A decade later, in Google Android, the European Commission found that Google preserved and strengthened its dominance in general search by requiring device manufacturers to preinstall Google Search and Chrome as a condition for licensing the Play Store and by imposing contractual restrictions that locked Android into a Google-controlled ecosystem.[34] The Commission concluded that preinstallation created a status quo bias that reduced both manufacturers’ incentives to preinstall rival applications and users’ incentives to download them.

More recently, in Facebook Marketplace, the Commission determined that tying Facebook Marketplace to Facebook abused Meta’s dominant position because integration provided a distribution advantage that rival platforms could not replicate.[35] Embedding Marketplace within the Facebook interface ensured universal visibility.[36] Although users could adjust certain settings, doing so required multiple complex steps that limited practical effectiveness.[37]

U.S. law reflects similar concerns. The U.S. District Court for the District of Columbia held that Google secured default-search status through anticompetitive distribution agreements with browser developers, device manufacturers, and carriers.[38] The U.S. District Court for the Northern District of California likewise found that Google unlawfully tied access to the Play Store to the use of Google Play Billing.[39] The court barred Google from requiring Play Billing for distributed applications and from imposing contractual restrictions that conditioned payment, distribution, or access to the Play Store on exclusive or preferential treatment.

Against this background, the ICA can rely on a well-developed tying framework. The authority must establish that: (i) the tying and tied products are distinct; (ii) Meta holds a dominant position in the tying market; (iii) users lack a genuine choice to obtain the tying product independently of the tied product; and (iv) the conduct is capable of producing exclusionary effects.

The outcome, however, need not replicate prior cases. AI markets remain highly dynamic and characterised by considerable competitive uncertainty. Even if Meta seeks to leverage messaging dominance into AI services, success cannot be presumed. The relevant question is whether preinstallation confers an advantage that rivals cannot offset through alternative distribution, product quality, or innovation.

The investigation has since expanded. The ICA also examined Meta’s October 2025 business terms, which prohibit providers from using the WhatsApp Business Solution when AI assistants constitute the primary service offered.[40] AI tools remain permitted for ancillary functions, such as automated customer support. The ICA adopted interim measures,[41] and both the European Commission and the Brazilian competition authority opened parallel inquiries.[42]

Authorities worry that the WhatsApp policy may restrict output, market access, or technical development by preventing rival assistants from reaching users through WhatsApp. Meta responds that general-purpose chatbots fall outside WhatsApp’s intended function as a communication tool between businesses and users, and that supporting such systems would require substantial operational resources.[43]

Although these comments focus on the integration of Meta AI into WhatsApp, the parallel investigations provide additional insight into market conditions. The ICA’s interim measures suggest a market with multiple entrants attempting to reach users.[44] Some are smaller providers without proprietary distribution channels—e.g., Ira, Luzia, Poke, Puch AI, and Zapia—while others, including ChatGPT, Copilot, and Perplexity, already possess alternative distribution pathways. The dispute therefore turns not only on dominance, but also on whether messaging platforms function as essential gateways to user access.

III. AI and the Limits of Digital-Market Regulation

If AI complicates antitrust analysis, it poses an even sharper challenge for recently enacted digital-market regulation. The same technological change that motivates regulatory intervention may also undermine it. Rapid advances in AI risk rendering new regulatory frameworks incomplete or outdated.

The Digital Markets Act (DMA) illustrates the problem. As part of the Act’s first review, the European Commission is consulting stakeholders on whether the framework adequately addresses AI-enabled services and whether the list of core platform services and related obligations requires revision.[45] The DMA—like other digital-market regimes—was not designed with AI in mind. Legislators instead targeted large online platforms designated as gatekeepers: firms that serve as gateways for business users to reach consumers and can leverage advantages—particularly access to data—across markets.

AI services may fall within DMA-type regulation through two main channels. First, an AI provider could itself offer a core platform service and qualify as a gatekeeper. Second, AI functionality embedded within an already designated platform service becomes subject to the obligations governing that service. The result is a differentiated regulatory landscape that treats incumbent platforms and AI entrants differently.

For incumbents, integration brings AI features within the DMA’s scope. The primary question then becomes whether existing obligations can adapt to new technologies. The European Commission’s ongoing specification proceeding concerning Google illustrates this dynamic. The proceeding seeks to ensure that Google provides third-party AI services access to Android operating-system features comparable to those available to its own services, consistent with the vertical-interoperability requirement of Article 6(7) of the DMA.[46]

Standalone AI providers face the opposite situation. The DMA may not apply at all, regardless of market significance, because standalone AI applications do not clearly fit within any enumerated core platform service. Unless regulators reinterpret existing categories—e.g., search engines, browsers, or virtual assistants—AI developers cannot be designated as gatekeepers solely on the basis of AI offerings.[47] This structural gap is particularly salient for agentic systems, which may reshape market intermediation while remaining formally outside the regulation’s scope.[48]

Expanding regulation, however, carries its own risks. AI markets remain unsettled in technology, business models, and market structure. Extending ex ante obligations to AI services may constrain experimentation in product design, functionality, and platform architecture. Policymakers would need to predict both the direction and speed of technological change in an environment characterised by rapid innovation and uncertainty.

Premature regulation therefore risks misjudging market power. Authorities may underestimate future competition or overestimate the durability of concentration. Either error may distort innovation incentives and consumer outcomes. The regulatory problem is therefore symmetrical: waiting too long may allow harmful conduct to emerge, while acting too early may suppress competitive experimentation.

IV. Rethinking Big Tech-Centric Assumptions in AI Markets

Both the Meta AI investigation and the ongoing debate over revising the Digital Markets Act (DMA) reflect a similar analytical pattern. Assessments of AI competition remain anchored in the same Big Tech–centric framework that has shaped digital-market policy for two decades.

Competition authorities recognise that AI has stimulated innovation and entry. At the same time, many worry that markets for foundation models may follow the early trajectory of digital platforms.[49] In this view, economies of scale and scope, network effects, data feedback loops, and limited multi-homing could produce ‘winner-takes-most’ outcomes and eventual market tipping.[50] The concern is prospective: large technology firms might shape AI markets in ways that reduce future competition by leveraging existing advantages across layers of the AI stack.

The ICA’s Meta AI investigation reflects this reasoning. The authority emphasises that AI development requires substantial computing capacity, high-quality data, specialised labour, and investment capital.[51] Because large platforms control many of these inputs and operate vertically integrated ecosystems, regulators worry that they can resist disruption and extend market power into adjacent markets.[52]

Sound policy analysis, however, should compare AI systems with earlier digital platforms rather than assume they are equivalent.[53] The emerging literature highlights several differences.[54]

Network effects appear weaker for foundation models than for traditional platforms because individual users gain little value from the presence of additional users. Data feedback loops exist, but the strategic importance of proprietary data may be declining as datasets expand and synthetic data becomes more common. Investment patterns also show persistent entry. New AI firms continue to attract substantial funding across successive rounds,[55] indicating both investor confidence and expectations of continued competition.

In practice, many predicted entry barriers have proved less significant than anticipated. The diversity of downstream applications also makes universal tipping unlikely. Rather than converging on a single dominant platform, AI services increasingly specialise across different applications. Rapid market expansion and continued entry therefore challenge key assumptions underlying current policy debates and point to ongoing competitive pressure.

Some scholars further argue that static indicators of market power—such as market shares and margins—may understate competition in innovative industries.[56] Dynamic indicators, including investment levels, innovation rates, and the ability of smaller firms to attract capital, provide a more informative picture.[57] The emergence of firms such as OpenAI and Anthropic is difficult to reconcile with the claim that incumbents can seamlessly extend dominance into AI markets.[58]

Empirical evidence also complicates the narrative that data advantages determine competitive success. To date, large platforms have not translated existing data holdings into decisive superiority over AI startups. OpenAI’s ChatGPT, for example, has become the most widely used chatbot. By February 2025, it exceeded 400 million monthly active users[59] and accounted for roughly 86% of global chatbot traffic between April 2024 and March 2025.[60] By September 2025, it ranked among the world’s most visited websites,[61] and by November 2025 it was the most downloaded generative-AI mobile application.[62] Developer adoption likewise remains high.[63]

These figures nonetheless remain fluid. As of January 2026, ChatGPT’s traffic share had declined to roughly 65% amid growing competition from Gemini.[64] Anthropic’s Claude has also expanded rapidly and is projected to reach break-even earlier than OpenAI.[65] The relevant point is not which firm leads, but how quickly leadership can change.

Rapid turnover weakens predictions of durable concentration. Even unsuccessful entry can discipline incumbents in contestable markets.[66] The threat of displacement may therefore matter as much as observed market shares.

Against this background, a presumption against integration strategies by large technology firms risks analytical error. The concern resembles longstanding scepticism toward vertical integration. Yet vertical integration can generate efficiencies, eliminate double marginalisation, reduce transaction costs, and improve product quality and coordination.

Applying traditional anti–Big Tech reasoning to AI disregards current market conditions. The sector shows sustained entry, diverse business models, rapid innovation, and abundant capital. Large platforms do not appear to hold a decisive structural advantage.

The Meta AI case illustrates the point. It is uncertain that integrating Meta AI into WhatsApp would materially harm competition in AI assistants, particularly given the success of rivals such as ChatGPT. ChatGPT achieved rapid adoption through cross-platform integration and partnerships that allow users to shop, book services, and perform other tasks within a single interface. By contrast, Meta AI’s market share remained minimal—about 0.2% between April 2024 and March 2025[67] and below 1% in January 2026[68]—and developer adoption remained limited.[69]

Industry practice further weakens a categorical rule against integration. Firms routinely use their own services as distribution channels for AI tools. In recent U.S. litigation, Judge Amit Mehta rejected a proposed remedy that would have broadly prohibited Google from favouring its Gemini system within Chrome.[70] He warned that such a restriction would impair competition:

Such a restriction would set Google apart from its competitors. … The court will not hobble Google’s competitiveness by prohibiting self-preferencing of its own GenAI technologies, when that is precisely how the emerging—and highly competitive—GenAI marketplace operates.[71]

Extending traditional anti–Big Tech assumptions to AI markets therefore risks counterproductive enforcement. Restrictions on integration strategies could weaken competitive pressure on leading AI firms and produce the opposite of the intended effect. The risk is particularly pronounced where digital-platform conduct already faces substantial constraints under DMA-type regulation.

V. Conclusion

ICLE welcomes the Autorité’s decision to launch this public consultation and appreciates the opportunity to contribute to its analysis of competition in the conversational agents sector. In light of the issues examined above, we highlight several considerations relevant to the themes identified in the consultation.

With respect to the integration of conversational agents into the existing services of vertically integrated firms (Section I.B of the consultation), the Autorité should avoid presuming that integration is inherently anticompetitive. Vertical integration and product embedding often generate efficiencies, improve coordination among complementary services, and accelerate the deployment of new technologies. As the Meta AI investigation illustrates, the relevant question is not whether integration occurs, but whether it forecloses rivals that retain alternative distribution channels and the capacity to innovate. Authorities should continue to apply established antitrust doctrine to demonstrably exclusionary conduct, while avoiding the assumption that preinstallation, default placement, or preferential integration automatically extend earlier self-preferencing concerns.

Regarding partnerships among publishers of conversational agents (Section I.D), the analysis in these comments suggests that partnerships, ecosystem integration, and internal AI development represent standard competitive responses in a market defined by technological uncertainty and rapid innovation. AI markets currently exhibit frequent entry, high investment levels, and rapidly shifting competitive leadership. Network effects appear weaker than in traditional platforms, data advantages are less durable, and new firms continue to attract funding and users. The emergence of firms such as OpenAI and Anthropic demonstrates that incumbents have not seamlessly extended dominance into AI markets. Restricting the strategies under scrutiny could therefore reduce, rather than enhance, competitive rivalry by weakening an important constraint on leading AI firms.

On the question of whether conversational agents are evolving into platforms (Section I.E), the competitive landscape remains highly fluid. AI markets differ from earlier platform markets in economically relevant ways. Even leading positions remain unstable as competing models improve quickly. The Autorité should exercise caution before projecting the trajectory of earlier platform markets onto conversational agents. Rather than assuming that AI will replicate the dynamics of digital platforms, analysis should recognise that vigorous competition may already be occurring—and that premature classification of conversational agents as platforms risks triggering regulatory frameworks before market structures stabilise.

Finally, regarding the adequacy of the legislative and regulatory framework (Section III, Question 25), these comments identify a structural asymmetry in existing digital-market regimes. Frameworks such as the EU’s Digital Markets Act already impose substantial obligations on designated gatekeepers when AI functionality is integrated into core platform services. By contrast, standalone AI assistants and agents may fall outside these regimes altogether, regardless of their competitive significance. This mismatch suggests that the greater risk may not be insufficient oversight of incumbents, but rules designed for earlier intermediaries, rather than today’s forms of competition. ICLE therefore encourages the Autorité to consider this regulatory asymmetry and to avoid layering additional obligations that could reinforce, rather than correct, the imbalance.

In sum, competition policy in the conversational agents sector faces two symmetrical risks: delayed intervention that allows anticompetitive conduct to entrench, and premature intervention that distorts competition in evolving markets. Focusing exclusively on the first risk overlooks the second. AI markets remain uncertain, dynamic, and highly innovative. In these conditions, ICLE encourages the Autorité to prioritise evidence over analogy and to adopt a context-sensitive framework that reflects the distinctive competitive dynamics of these markets.

[1] See, e.g., Statista, Number of AI Tool Users Worldwide from 2020 to 2031 (in Millions) (2025), https://www.statista.com/outlook/tmo/artificial-intelligence/worldwide (last visited 9 Feb. 2026) (showing steady growth in global AI-tool users—from about 116 million in 2020 to roughly 350 million in 2025, with projections exceeding 1 billion by 2031).

[2] See, e.g., Org. for Econ. Co-operation & Dev. (OECD), Artificial Intelligence and Competitive Dynamics in Downstream Markets (2025), https://www.oecd.org/content/dam/oecd/en/publications/reports/2025/11/artificial-intelligence-and-competitive-dynamics-in-downstream-markets_c6e81d0e/ccf0624a-en.pdf; see also Amit Zac & Michal S. Gal, The Price of Advice: Experimental Evidence on the Effects of AI Recommenders (2025), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5637090 (finding that consumer-facing AI recommender systems influence purchasing decisions).

[3] See, e.g., CB Insights, Global Number of Deals and Funding for Agentic Artificial Intelligence (AI) Startups from 2020 to 2024 (2025), https://www.statista.com/statistics/1607697/global-agentic-ai-startup-dealsand-funding (showing rapid growth in the agentic-AI startup sector, with funding rising from about $24 million across eight deals in 2020 to roughly $3.8 billion across 162 deals in 2024); see also Deloitte, Interest in Generative Artificial Intelligence (AI) Developments in Organizations Worldwide in 2024 (2025), https://www.statista.com/statistics/1603062/interest-in-future-genai-related-developments (reporting that agentic AI ranked among organisations’ most salient technological developments in 2024).

[4] See, e.g., Press Release, Autorité de la Concurrence, Conversational Agents: the Autorité Starts Inquiries Ex Officio with a View to Issuing an Opinion (2026), https://www.autoritedelaconcurrence.fr/en/press-release/conversational-agents-autorite-starts-inquiries-ex-officio-view-issuing-opinion.

[5] Id.; Austl. Competition & Consumer Comm’n (ACCC), Digital Platform Services Inquiry—Final Report (2025), https://www.accc.gov.au/about-us/publications/serial-publications/digital-platform-services-inquiry-2020-25-reports/digital-platform-services-inquiry-final-report-march-2025; Autorité de la Concurrence, Opinion on the Competitive Functioning of the Generative Artificial Intelligence Sector (2024), https://www.autoritedelaconcurrence.fr/en/opinion/competitive-functioning-generative-artificial-intelligence-sector; U.K. Competition & Mkts. Auth. (CMA), AI Foundation Models—Updated Paper (2024), https://www.gov.uk/government/publications/ai-foundation-models-update-paper; Autoridade da Concorrência, Competition and Generative Artificial Intelligence (2023), https://www.concorrencia.pt/sites/default/files/documentos/Issues%20Paper%20-%20Competition%20and%20Generative%20Artificial%20Intelligence.pdf.

[6] See, e.g., Eur. Comm’n, Consultation on the First Review of the Digital Markets Act (2025), https://digital-markets-act.ec.europa.eu/consultation-first-review-digital-markets-act_en; Eur. Comm’n, Review of the Digital Markets Act—Call for Evidence, Ares(2025)6881572 (2025), https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=intcom:Ares(2025)6881572.

[7] Shirin Ghaffary & Matt Day, Amazon Sues to Stop Perplexity from Using AI Tool to Buy Stuff, Bloomberg (4 November 2025), https://www.bloomberg.com/news/articles/2025-11-04/amazon-demands-perplexity-stop-ai-agent-from-making-purchases (reporting that Amazon alleges a third-party AI shopping agent failed to disclose when it purchased on users’ behalf, threatening platform integrity and merchant choice); see also Perplexity Team, Bullying Is Not Innovation, Perplexity (4 November 2025), https://www.perplexity.ai/hub/blog/bullying-is-not-innovation.

[8] Surbhi Misra, Musk Says xAI to Take Legal Action Against Apple over App Store Rankings, Reuters (12 August 2025), https://www.reuters.com/sustainability/boards-policy-regulation/musk-says-xai-take-legal-action-against-apple-over-app-store-rankings-2025-08-12.

[9] See, e.g., Press Release, Autorità Garante della Concorrenza e del Mercato (AGCM), The Italian Competition Authority Launches Investigation into Meta over Abuse of Dominant Position (30 July 2025), https://en.agcm.it/en/media/press-releases/2025/7/A576.

[10] See, e.g., Giuseppe Colangelo, Antitrust Unchained: The EU’s Case Against Self-Preferencing, 72 GRUR Int’l 538 (2023); Pablo Ibáñez Colomo, Self-Preferencing: Yet Another Epithet in Need of Limiting Principles, 43 World Competition 417 (2020).

[11] Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on Contestable and Fair Markets in the Digital Sector and Amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act), 2022 O.J. (L 265) 1.

[12] See, e.g., Friso Bostoen & Jan Kramer, Is the DMA Ready for Agentic AI?, Centre on Regulation in Europe (CERRE) (2025), https://cerre.eu/publications/is-the-dma-ready-for-agentic-ai; Jan-Frederick Gohsl, Future Proofing the DMA for Agentic AI: Lessons from the AI Act, 48 World Competition 315 (2025).

[13] See, e.g., TokenRing AI, The Search Wars of 2026: ChatGPT’s Conversational Surge Challenges Google’s Decades-Long Hegemony, WRAL (2026), https://markets.financialcontent.com/wral/article/tokenring-2026-1-2-the-search-wars-of-2026-chatgpts-conversational-surge-challenges-googles-decades-long-hegemony (reporting that ChatGPT Search captured roughly 17–18 per cent of global search queries by early 2026).

[14] The same risk may also arise where a partnership involves two large incumbents. See, e.g., Press Release, Google, Joint Statement from Google and Apple, Google Blog (12 January 2026), https://blog.google/company-news/inside-google/company-announcements/joint-statement-google-apple (announcing a multiyear collaboration under which Apple will build next-generation foundation models on Google’s Gemini models to power future Apple Intelligence features, including a more personalised Siri).

[15] See, e.g., Org. for Econ. Co-operation & Dev. (OECD), Competition in Artificial Intelligence Infrastructure (2025), https://www.oecd.org/en/publications/competition-in-artificial-intelligence-infrastructure_623d1874-en.html.

[16] OpenAI, Introducing Apps in ChatGPT and the New Apps SDK (6 October 2025), https://openai.com/index/introducing-apps-in-chatgpt?utm_source=chatgpt.com.

[17] Jaewon Kang, Walmart Partners With OpenAI to Offer Shopping on ChatGPT, Bloomberg (14 October 2025), https://www.bloomberg.com/news/articles/2025-10-14/walmart-partners-with-openai-to-offer-shopping-on-chatgpt.

[18] See, e.g., Press Release, PayPal, OpenAI and PayPal Team Up to Power Instant Checkout and Agentic Commerce in ChatGPT (2025), https://newsroom.paypal-corp.com/2025-10-28-OpenAI-and-PayPal-Team-Up-to-Power-Instant-Checkout-and-Agentic-Commerce-in-ChatGPT.

[19] See, e.g., Vidhya Srinivasan, New Tech and Tools for Retailers to Succeed in an Agentic Shopping Era, Google (11 January 2026), https://blog.google/products/ads-commerce/agentic-commerce-ai-tools-protocol-retailers-platforms.

[20] See, e.g., Press Release, Conselho Administrativo de Defesa Econômica (CADE), CADE to Investigate Big Techs’ Acquisitions of AI Startups (2024), https://www.gov.br/cade/en/matters/news/cade-to-investigate-big-techs2019-acquisitions-of-ai-startups; Press Release, Eur. Comm’n, Commission Launches Calls for Contributions on Competition in Virtual Worlds and Generative AI (2024), https://ec.europa.eu/commission/presscorner/detail/en/IP_24_85; Press Release, Eur. Comm’n, U.K. Competition & Mkts. Auth. (CMA), U.S. Dep’t of Just., & Fed. Trade Comm’n, Joint Statement on Competition in Generative AI Foundation Models and AI Products (2024), https://competition-policy.ec.europa.eu/about/news/joint-statement-competition-generative-ai-foundation-models-and-ai-products-2024-07-23_en; Press Release, U.K. Competition & Mkts. Auth., CMA Seeks Views on AI Partnerships and Other Arrangements (2024), https://www.gov.uk/government/news/cma-seeks-views-on-ai-partnerships-and-other-arrangements; Press Release, Fed. Trade Comm’n, FTC Launches Inquiry into Generative AI Investments and Partnerships (2024), https://www.ftc.gov/news-events/news/press-releases/2024/01/ftc-launches-inquiry-generative-ai-investments-partnerships.

[21] See, e.g., Austl. Competition & Consumer Comm’n (ACCC), supra note 5; Autorité de la Concurrence, supra note 5; Klaus Kowalski, Cristina Volpin & Zsolt Zombori, Competition in Generative AI and Virtual Worlds, Eur. Comm’n, Competition Pol’y Brief No. 3 (2024), https://op.europa.eu/en/publication-detail/-/publication/5530c8ca-7a1f-11ef-bbbe-01aa75ed71a1/language-en; U.K. Competition & Mkts. Auth. (CMA), supra note 5. See also, e.g., Dirk Auer & Mario Zúñiga, AI Partnerships and Competition: Damned if You Buy, Damned if You Don’t, Int’l Ctr. for L. & Econ. (2025), https://laweconcenter.org/resources/ai-partnerships-and-competition-damned-if-you-buydamned-if-you-dont; Josef Drexl & Daria Kim, AI Innovation Competition as a Discovery Procedure: The Role and Limits of Competition Law (2025), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5439660.

[22] See, e.g., Autorité de la Concurrence, supra note 4; Austl. Competition & Consumer Comm’n (ACCC), supra note 5; Autorité de la Concurrence, Opinion on the Competitive Functioning of the Generative Artificial Intelligence Sector, supra note 5; U.K. Competition & Mkts. Auth. (CMA), AI Foundation Models: Initial Report (2023), https://www.gov.uk/government/publications/ai-foundation-models-initial-report; Autoridade da Concorrência, supra note 5; Body of Eur. Regulators for Elec. Commc’ns (BEREC), BEREC High-Level Position on Artificial Intelligence and Virtual Worlds, BOR (24) 68 (2024).

[23] See, e.g., Margrethe Vestager, Making Artificial Intelligence Available to All—How to Avoid Big Tech’s Monopoly on AI?, Eur. Comm’n (2024), https://ec.europa.eu/commission/presscorner/detail/en/speech_24_931.

[24] Autorità Garante della Concorrenza e del Mercato (AGCM), Decision No. 31634, Case A576, Meta AI (22 July 2025) (noting that Meta later offered the service as a standalone product at meta.ai and, at least in the United States and Canada, through a dedicated iOS and Android app).

[25] Id. ¶¶ 4, 6.

[26] Id., ¶ 7.

[27] Id., ¶¶ 8, 10.

[28] Id., ¶ 42.

[29] Id., ¶ 43.

[30] Id., ¶ 45.

[31] See, e.g., Case C-233/23, Alphabet Inc. & Others v. Autorità Garante della Concorrenza e del Mercato (Android Auto), EU:C:2025:110 (25 February 2025); Case C-48/22 P, Google LLC & Alphabet Inc. v. Eur. Comm’n (Google Shopping), EU:C:2024:726 (10 September 2024); Case C-252/21, Meta Platforms Inc. v. Bundeskartellamt, EU:C:2023:537 (4 July 2023).

[32] Case T-201/04, Microsoft Corp. v. Eur. Comm’n, EU:T:2007:289 (Gen. Ct. 17 September 2007).

[33] Id., ¶ 1036.

[34] Eur. Comm’n, Case AT.40099, Google Android (18 July 2018), confirmed by Case T-604/18, Google LLC v. Eur. Comm’n, EU:T:2022:541 (Gen. Ct. 14 September 2022).

[35] Eur. Comm’n, Case AT.40684, Facebook Marketplace (14 November 2024).

[36] Id., ¶ 820.

[37] Id., ¶ 821.

[38] United States et al. v. Google LLC, 747 F. Supp. 3d 1 (D.D.C. 2024).

[39] In re Google Play Store Antitrust Litig., No. 20-CV-05671-JD, 2024 WL 4438249 (N.D. Cal. 7 October 2024), aff’d, 147 F.4th 917 (9th Cir. 2025), modified, 152 F.4th 1078 (9th Cir. 2025).

[40] See, e.g., Press Release, Autorità Garante della Concorrenza e del Mercato (AGCM), The Italian Competition Authority Opens Procedure for the Adoption of Interim Measures Against Meta over Abuse of a Dominant Position (2025), https://en.agcm.it/en/media/press-releases/2025/11/A576.

[41] See, e.g., Press Release, Autorità Garante della Concorrenza e del Mercato (AGCM), The Italian Competition Authority Orders Meta to Suspend the Terms Excluding Competing AI Chatbots from WhatsApp (2025), https://en.agcm.it/en/media/press-releases/2025/12/A576.

[42] See, e.g., Conselho Administrativo de Defesa Econômica (CADE), Cade Abre Inquérito Contra Meta e Aplica Medida Preventiva Suspendendo Novos Termos do WhatsApp sobre IA (2026), https://www.gov.br/cade/pt-br/assuntos/noticias/cade-abre-inquerito-contra-meta-e-aplica-medida-preventiva-suspendendo-novos-termos-do-whatsapp-sobre-ia; Press Release, Eur. Comm’n, Commission Notifies Meta of Possible Interim Measures to Reverse Exclusion of Third-Party AI Assistants from WhatsApp (2026), https://ec.europa.eu/commission/presscorner/detail/en/ip_26_310.

[43] See Autorità Garante della Concorrenza e del Mercato (AGCM), Decision No. 31775, Case A576, Meta AI ¶ 75 (22 December 2025).

[44] Id., ¶¶ 31-32.

[45] See Eur. Comm’n, supra note 6.

[46] See, e.g., Press Release, Eur. Comm’n, Commission Opens Proceedings to Assist Google in Complying with Interoperability and Online Search Data Sharing Obligations under the Digital Markets Act (2026), https://ec.europa.eu/commission/presscorner/detail/en/ip_26_202.

[47] See, e.g., Bostoen & Kramer, supra note 12.

[48] See, e.g., OECD, supra note 2; Gohsl, supra note 12.

[49] See, e.g., Eur. Comm’n, U.K. Competition & Mkts. Auth., U.S. Dep’t of Just., & Fed. Trade Comm’n, supra note 20.

[50] See, e.g., Eur. Comm’n, supra note 20; Kowalski, Volpin & Zombori, supra note 21.

[51] Autorità Garante della Concorrenza e del Mercato (AGCM), supra note 24, ¶ 36.

[52] Id.

[53] See, e.g., Anton Korinek & Jai Vipra, Concentrating Intelligence: Scaling and Market Structure in Artificial Intelligence, 40 Econ. Pol’y 227 (2025); Catherine Tucker, How Does Competition Policy Need to Change in a World of Artificial Intelligence?, 40 Oxford Rev. Econ. Pol’y 834 (2024).

[54] See, e.g., Andrei Hagiu & Julian Wright, Artificial Intelligence and Competition Policy, 103 Int’l J. Indus. Org. 103134 (2025); Korinek & Vipra, supra note 53; Zach Meyers & Marc Bourreau, A Competition Policy for Cloud and AI, Centre on Regulation in Europe (CERRE) (2025), https://cerre.eu/publications/acompetition-policy-for-cloud-and-ai; Thibault Schrepel & Alex “Sandy” Pentland, Competition Between AI Foundation Models: Dynamics and Policy Recommendations, 34 Indus. & Corp. Change 1085 (2025). See also Austl. Competition & Consumer Comm’n (ACCC), supra note 5, at 292; Autorité de la Concurrence, supra note 5, at 5.

[55] See, e.g., Kate Clark, Anthropic Raising $10 Billion at $350 Billion Value, Wall St. J. (7 January 2026), https://www.wsj.com/tech/ai/anthropic-raising-10-billion-at-350-billion-value-62af49f4.

[56] Meyers & Bourreau, supra note 54.

[57] Id.

[58] Geoffrey A. Manne & Dirk Auer, From Data Myths to Data Reality: What Generative AI Can Tell Us About Competition Policy (and Vice Versa), CPI Antitrust Chron. (February 2024); see, e.g., CB Insights, Artificial Intelligence (AI) Unicorns Worldwide in 2nd Quarter 2025, by Valuation (2025), https://www.statista.com/statistics/1621613/artificial-intelligence-unicorns-worldwide (showing an AI-startup ecosystem led by ByteDance and OpenAI at roughly $300 billion valuations, followed by Stripe ($70 billion), Databricks and Anthropic ($62 billion each), and xAI ($50 billion)).

[59] See Roland Berger, Most Popular Artificial Intelligence (AI) Applications Worldwide in February 2025, by Monthly Active Users, Statista (2025), https://www.statista.com/statistics/1609163/top-ai-applications-mau-worldwide (reporting that the ByteDance-owned chatbot Doubao reached about 82 million monthly active users, with ChatGPT’s Nova Assistant at roughly 63 million and DeepSeek at about 62 million; a second group—Remini, Talkie AI, Character AI, ChatOn, Genius, and Gemini—each recorded about 28–33 million users); see also Similarweb, 2025 Generative AI Landscape: The State of Gen AI (2025), https://www.similarweb.com/corp/2025-generative-ai-landscape (finding that ChatGPT leads U.S. usage with more than 41 million monthly active users and a 33 per cent stickiness rate, while rivals such as Perplexity, Copilot, and Gemini have smaller user bases and lower engagement).

[60] Semrush, Artificial Intelligence (AI) Chatbots Worldwide Market Share from April 2024 to March 2025 (2025), https://www.statista.com/statistics/1618020/ai-chatbots-traffic-share-ww.

[61] See Similarweb, supra note 59 (reporting that in September 2025 Google received about 82 billion monthly visits worldwide, followed by YouTube at roughly 29 billion, Facebook at about 11 billion, Instagram at approximately 6.5 billion, and ChatGPT at around 6 billion).

[62] See AppMagic, Most Downloaded Generative AI Mobile Apps Worldwide as of 27 November 2025, Statista (2025), https://www.statista.com/statistics/1554189/top-gen-ai-apps-by-downloads (showing Google Gemini with about 392 million downloads, followed by Cici (169 million), DeepSeek (158 million), Perplexity (95 million), and Grok (82 million)).

[63] See Stack Overflow, Most Used Artificial Intelligence (AI) Search and Developer Tools Among Developers Worldwide as of 2024, Statista (2024), https://www.statista.com/statistics/1483838/ai-tools-usage-among-developers-use-worldwide (reporting GitHub Copilot usage at 44 per cent, Google Gemini at 22 per cent, Bing AI at 14 per cent, and Visual Studio IntelliCode at 13.7 per cent, with lower adoption for Claude (7.6 per cent) and Perplexity AI (4.9 per cent)).

[64] See Similarweb, AI Global—Global Sector Trends on Generative AI (2026), https://www.similarweb.com/corp/wp-content/uploads/2026/01/attachment-Global-AI-Tracker-6.pdf?utm_medium=social&utm_source=twit (reporting lower market shares for rivals, including DeepSeek (3.7 per cent), Grok (3.4 per cent), Perplexity (2.0 per cent), Claude (2.0 per cent), and Copilot (1.1 per cent)).

[65] Bradley Olson, The Week Anthropic Tanked the Market and Pulled Ahead of Its Rivals, Wall St. J. (5 February 2026), https://www.wsj.com/tech/ai/the-week-anthropic-tanked-the-market-and-pulled-ahead-of-its-rivals-ef59dff1; George Hammond, Anthropic’s Breakout Moment: How Claude Won Business and Shook Markets, Fin. Times (6 February 2026), https://www.ft.com/content/a75555a6-24c3-4468-aba9-7fe12b5def31.

[66] U.K. Competition & Mkts. Auth. (CMA), supra note 22, ¶ 4.17.

[67] Semrush, supra note 60.

[68] Similarweb, supra note 64.

[69] Stack Overflow, supra note 63.

[70] United States et al. v. Google LLC, No. 20-cv-3010 (APM) (D.D.C. 2025).

[71] Id.

Executive Summary

Many state automobile-dealer franchise laws require manufacturers to sell vehicles through franchised dealers, even when manufacturers would prefer to sell directly to consumers. Originally enacted to regulate bargaining relationships between manufacturers and their dealer networks, these laws now function as a mandatory intermediary requirement. The result is effectively a “middleman tax” on car buyers: a legally imposed distribution layer that increases vehicle prices even where more efficient models are available.

Using an analytical framework first developed in a 2000 Goldman Sachs study and later cited by the U.S. Department of Justice, this issue brief updates the methodology with current vehicle prices, interest rates, inventory data, and dealer operating costs. The results suggest that direct distribution could generate savings of roughly $3,934 to $4,992 per vehicle. Applied to the modern average transaction price of about $50,000, this represents an efficiency gain of 7.87% to 9.87%—the practical equivalent of removing a substantial implicit surcharge from every new-car purchase.

Mandatory dealer intermediation also fragments the national market, burdens interstate commerce, and fits poorly with modern vehicle business models built around digital retailing, centralized pricing, and software-defined vehicles. The policy principle is simple: allow channel competition. States should not mandate a single distribution architecture when multiple models can compete to serve consumers. Removing the “middleman tax” would lower costs, expand consumer choice, and better align the law with the modern automobile market.

I. Introduction

For most Americans, buying a car is one of the largest purchases they will ever make. Yet in all 50 states, a web of dealer-franchise laws dictates how that purchase must occur. Legislatures enacted these statutes between the 1930s and 1970s to protect franchised dealers from coercive manufacturer practices. Today, they serve a different function: many state laws prohibit manufacturers from selling vehicles directly to consumers—even when no franchisee exists and no vertical relationship requires regulation.[1]

The core question is straightforward: why should state law force an out-of-state manufacturer to adopt a particular retail structure as the price of access to a state’s consumers? This issue brief argues that such mandates impose a large and unnecessary “middleman tax” on car buyers, fragment the national market in ways that burden interstate commerce, and fit poorly with modern direct-to-consumer and software-driven vehicle business models. Based on updated estimates, the current burden imposed by state franchise laws amounts to roughly $3,934 to $4,992 per vehicle—between 7.87% and 9.87% of the average $50,000 purchase price.[2]

This issue brief proceeds in three parts. First, it quantifies the economic costs created by this middleman tax. It builds on a conservative baseline established in a 2009 paper by the U.S. Department of Justice’s Economic Analysis Group[3] and updates that methodology using current vehicle prices, inventory data, interest rates, and compliance costs. Second, it examines the constitutional limits that the Dormant Commerce Clause places on state efforts to dictate firm organization as a condition of market access. Third, it shows that many state franchise statutes fit poorly—both textually and structurally—with the business models they now attempt to regulate. Courts and regulators often rely on expansive interpretations of provisions designed for a fundamentally different market.

At bottom, this story is about affordability and consumer welfare. Direct sales are not a luxury preference. They lower acquisition costs, reduce transaction frictions, and speed consumer access to cost-saving vehicle technologies. In a market where the average new-vehicle transaction price now exceeds $50,000[4] and affordability sits near historic lows,[5] the stakes of this debate are substantial.

II. The Origins and Evolution of Dealer-Franchise Laws

Automobile-dealer franchise laws emerged between the 1930s and 1950s, when the U.S. auto market was dominated by the “Big Three”: General Motors, Ford, and Chrysler.[6] In that environment, manufacturers were widely seen as holding overwhelming bargaining power over their franchised dealer networks. Critics argued that automakers could force dealers to accept unwanted vehicles, terminate franchise agreements without cause, or place new franchises inside an existing dealer’s territory. States responded by enacting franchise-protection statutes. By the mid-20th century, every state had adopted some form of dealer-protection law.

These laws targeted a specific problem: the balance of power within an intrabrand relationship. Legislatures sought to regulate the vertical relationship between a manufacturer and its own franchised dealers. The entire statutory framework assumed the existence of that relationship and focused on the bargaining power within it.[7]

The modern automobile market looks very different. The Big Three’s combined market share has fallen from roughly 90% in the 1950s to about 40% today.[8] Interbrand competition now defines the market, with dozens of manufacturers competing for consumers. Dealers have also changed. What were once largely small, family-owned businesses have evolved into large, sophisticated enterprises, often owned by multi-state groups or publicly traded companies. As of 2024, the United States had about 16,957 franchised light-vehicle dealerships.[9] Currently, about 150 dealerships control roughly 30% of industry revenue, and some estimates project that figure will reach 50% by 2050.[10]

This shift highlights a categorical distinction. Regulating an existing vertical relationship between a manufacturer and its franchisees differs fundamentally from prohibiting an alternative distribution model where no franchisee exists. New entrants such as Tesla, Lucid, Rivian, Scout, and others operate without franchised dealers. There is no intrabrand relationship to regulate—a point recognized by at least one state supreme court.[11] Applying franchise-protection statutes to these firms therefore reflects a category error. It conflates the regulation of an existing franchise relationship with the prohibition of a competing business model.

The persistence of these laws, despite the disappearance of the market conditions that produced them, illustrates a classic pattern of regulatory capture.[12] Automobile dealers—the organized interest group that benefits from the statutes—have used the legislative process to preserve economic rents, while spreading the resulting costs across consumers.

III. The Economic Cost of the ‘Middleman Tax’

Dealer-franchise laws operate, in economic terms, as a structural restraint on distribution. They require a two-tier channel—manufacturer to dealer to consumer—even where a one-tier channel—manufacturer to consumer—would be feasible and potentially more efficient. This requirement effectively imposes what this issue brief refers to as a “middleman tax” on vehicle purchases.

The resulting costs arise from several sources. Maintaining dealer inventories ties up capital and slows inventory turnover. Sales commissions and related transaction overhead increase the cost of each sale. Thousands of retail locations duplicate facilities, staffing, and administrative functions that a more centralized distribution system could avoid. Consumers also bear bargaining and search costs that accompany dealership negotiations. Finally, the make-to-stock distribution model weakens the link between production and consumer preferences, producing misallocation costs that appear as rebates, incentives, and markdowns on slow-moving inventory.[13] Although not captured in the foregoing analysis as an economic cost, the dealership model also imposes substantial transaction costs on consumers. The average vehicle purchase required roughly 13 hours of buyer time in 2025, including research, dealer visits, and negotiation.[14]

The sections that follow quantify these effects and place them in a broader economic context. Section III.A summarizes the baseline estimates developed by the U.S. Department of Justice’s Economic Analysis Group. Section III.B updates those estimates using current vehicle prices, interest rates, and dealer operating costs, producing a modern estimate of the middleman tax imposed by dealer mandates. Section III.C then examines the dynamic effects of these rules, showing how dealer mandates can dampen manufacturing investment and constrain innovation in software-defined vehicles and integrated digital-service platforms.

A. The DOJ Baseline Estimate

The most rigorous government analysis of these costs appears in a 2009 paper by the U.S. Department of Justice’s (DOJ) Economic Analysis Group, authored by Gerald R. Bodisch.[15] The Bodisch paper established several conservative benchmarks for understanding the costs of the traditional dealer-based distribution system.

First, Bodisch estimated that the total cost of automobile distribution in the United States averaged as much as 30% of the final vehicle price. These costs split roughly evenly between manufacturer-related expenses—such as advertising, rebates, and subsidized financing—and dealer-related expenses, including inventory financing, insurance, advertising, and sales commissions.

Second, the paper documented the scale of capital tied up in the industry’s “make-to-stock” distribution model. At the end of 2008, the nation’s roughly 20,700 franchised dealerships collectively held about $100 billion in new-vehicle inventory.[16] Bodisch estimated that carrying this inventory imposed annual costs of roughly $890 million.

Third—and most relevant for present purposes—the paper relied on a 2000 Goldman Sachs analysis of the potential savings from shifting to a direct-sales, build-to-order distribution model. Using an average vehicle price of $26,000, Goldman Sachs estimated total savings of $2,225 per vehicle, or roughly 8.6% of manufacturer’s suggested retail price (MSRP).[17] These savings fell across five categories, illustrated in Table I.

TABLE 1: Estimated Per-Vehicle Savings from Shift to Direct-Sales Model

SOURCE: Goldman Sachs (2000)

TABLE II: Range of Savings Across Multiple Price Points[18]

Goldman Sachs also identified roughly $1,000 in additional potential savings per vehicle from improvements in product development, manufacturing flexibility, and procurement. The DOJ paper attributed most of the benefits, however, to efficiencies created by shorter order-to-delivery cycles.[19]

To illustrate that these projections were not purely theoretical, the paper pointed to the Chevrolet Celta program in Brazil. There, General Motors implemented a build-to-order, internet-direct model that produced consumer prices roughly 6% lower, while selling more than 700,000 vehicles.[20]

B. Updating the DOJ Baseline

The Goldman Sachs estimates relied on data from 2000 and were reported by the DOJ in 2009. Many of the original inputs—vehicle prices, floorplan interest rates, facility costs, and inventory carrying charges—are now outdated. Importantly, most changes since 2000 have made the physical dealer infrastructure more expensive to maintain, not less.

This issue brief therefore applies the same component framework to current market conditions. The resulting figures should be understood as conservative. A fresh bottom-up reconstruction using current dealer financial data would likely produce equal or larger estimates for most components. Appendix A provides the detailed methodology, underlying data sources, and academic cross-references.

Several key inputs have shifted since the original analysis. First, the average transaction price (ATP) of a new vehicle has roughly doubled, surpassing $50,000 for the first time in September 2025.[21] Second, the interest-rate environment has tightened considerably. Dealer floorplan financing—typically structured as variable-rate facilities priced at the Secured Overnight Financing Rate (SOFR) plus 200–400 basis points—now carries effective rates of roughly 6% to 9% for well-qualified dealers, substantially higher than early-2000s levels.[22]

Other structural conditions have changed far less. Days’ supply for new vehicles still falls in the 60-90 day range identified by Bodisch, suggesting that the core inefficiencies of the make-to-stock distribution model persist despite two decades of digital transformation.[23] Dealership operating costs also remain substantial. According to the National Automobile Dealers Association (NADA), the average franchised dealership generated $73.3 million in total sales in 2024, while earning net margins of roughly 1% to 2%.[24] Those margins imply non-vehicle-acquisition operating expenses—including payroll, facilities, advertising, insurance, and floorplan interest—of about $500,000 or more per month.

Applying the Goldman Sachs component ratios to a $50,000 ATP produces the updated estimates illustrated in Table III.

TABLE III: Updated Savings Estimates for Shift to Direct-Sales Model

The updated analysis suggests that direct distribution could generate savings of roughly $3,934 to $4,992 per vehicle—up to a 9.87% efficiency gain when applied to the modern ATP.[25]

These estimates remain conservative. Elevated interest rates, with floorplan borrowing costs around 6% or higher, increase inventory carrying costs more than simple ratio scaling would suggest. Bottom-up reconstructions of individual components confirm that the ratio-based estimate likely understates the true savings. Appendix A provides the full component-level analysis, methodology, data sources, and academic cross-references.

C. Investment and Innovation Costs of Dealer Mandates

Dealer-franchise laws impose more than static distribution costs. They also create dynamic costs for manufacturing investment and innovation. Lower effective consumer prices—made possible by direct distribution—expand the addressable market for new entrants. As prices fall, more consumers can afford to purchase vehicles, increasing unit demand and improving capacity utilization at domestic production facilities. Higher volumes, in turn, make it easier for firms to justify large-scale manufacturing investments in the United States. While any estimate of incremental production is necessarily counterfactual, the underlying economic logic is straightforward: lower prices expand demand.

The innovation channel is equally important. Modern vehicles are increasingly defined by software. Over-the-air (OTA) updates, subscription-based features, and integrated digital-service ecosystems now shape how manufacturers design and deliver vehicles. These business models do not fit neatly within the mid-20th-century dealership framework—if they fit at all—which assumed that a “sale” occurred as a discrete transaction at a physical location, followed by periodic warranty or maintenance visits to a local dealer.

The tension arises because software-defined vehicles depend on an ongoing digital relationship between the manufacturer and the vehicle owner. Over-the-air (OTA) software updates allow manufacturers to remotely update vehicle systems, add features, or correct defects without requiring a visit to a dealership. These updates are delivered directly to vehicles through wireless networks, much like updates to smartphones or other connected devices.

By eliminating the need for in-person service visits, OTA updates reduce recall costs and enable continuous improvement of vehicle functionality. At the same time, they weaken the traditional dealership role as the primary intermediary for maintenance and customer contact. Dealerships derive substantial revenue from service visits and warranty work, so this shift creates a structural conflict between the software-centric design of modern vehicles and a distribution system built around periodic dealership interaction.

Manufacturers operating under a direct-sales model can instead iterate continuously on the customer experience. They can integrate vehicle purchase, software management, service scheduling, and charging infrastructure into a unified digital platform. Dealer-franchise laws often block this approach for new entrants. In many states, those statutes effectively require manufacturers to route vehicle sales through a franchised dealer network—even when no such network exists.

IV. The Dormant Commerce Clause and Dealer-Franchise Laws

The Dormant Commerce Clause is the constitutional principle that limits states’ ability to interfere with interstate commerce. Although the U.S. Constitution grants Congress the power to regulate commerce among the states, the Supreme Court has long interpreted that grant to carry a negative implication: states may not enact laws that discriminate against interstate commerce or impose burdens that outweigh their local benefits. In practice, the doctrine prevents individual states from erecting protectionist barriers or regulating commerce in ways that disrupt the national market.

State dealer-franchise laws implicate this doctrine because they dictate the business structure an out-of-state manufacturer must adopt to access a state’s consumers. These statutes require manufacturers to distribute vehicles through franchised dealers, rather than sell directly to consumers. In effect, they condition market access on adopting a state-mandated distribution model.

Direct-sales bans are vulnerable to challenge on two grounds. First, they discriminate in practical effect against out-of-state manufacturers that prefer distribution models that do not rely on in-state franchised dealers. Although these statutes appear facially neutral, they systematically advantage the incumbent dealer network—a politically powerful in-state interest group—while disadvantaging out-of-state manufacturers that seek to compete through alternative channels.

Second, even if a court determines that a direct-sales ban is not discriminatory, the statute must still survive the balancing test the Supreme Court articulated in Pike v. Bruce Church, Inc. Under that test, a state law is invalid if “the burden imposed on such commerce is clearly excessive in relation to the putative local benefits.”[26] On the burden side, the analysis is straightforward. Dealer-franchise laws impose billions of dollars in aggregate costs on consumers, fragment the national market into 50 regulatory regimes, and block the entry of competing business models. On the benefit side, the asserted local interests—consumer protection, local employment, and service infrastructure—are either pretextual or achievable through less restrictive means.[27]

Arguments that direct-sales bans protect public health or consumer welfare have repeatedly been rejected by legal scholars, economists, and staff of the Federal Trade Commission (FTC).[28] The central problem is pretext. Dealer-franchise laws were enacted to protect dealers from manufacturer coercion, not to protect consumers from manufacturers. Recasting those statutes as consumer-protection measures after the fact does not change their legislative purpose or practical effect.

Even accepting the asserted benefits at face value, categorical bans on direct sales are not narrowly tailored to achieve them. States possess a range of less restrictive alternatives. They can license direct-sales facilities, impose disclosure requirements, enforce lemon laws against all sellers regardless of distribution model, and require service-availability guarantees as a condition of market access. None of these tools requires banning an entire distribution channel.

An additional—and often overlooked—dimension of the Dormant Commerce Clause challenge involves extraterritoriality. When individual states dictate the distribution structure manufacturers must adopt, they effectively force firms to organize their national operations around the most restrictive state’s rules. Manufacturers cannot realistically maintain one distribution system for permissive states and another for restrictive states without incurring large duplicative costs. The result is that a handful of restrictive states determine the distribution architecture for the entire national market—precisely the kind of extraterritorial regulation the Commerce Clause was designed to prevent.[29]

Courts and policymakers have begun to grapple with these tensions. In Massachusetts, the Supreme Judicial Court held that the state’s dealer association lacked standing to challenge Tesla’s direct-sales operations because Tesla had no affiliated dealer network. The court recognized that Tesla’s business model presented no franchise relationship to regulate.[30] In Illinois, an appellate court ruled in 2024 that existing law does not bar manufacturers from obtaining dealer licenses to conduct direct sales.[31]

Manufacturers continue to test these legal boundaries. Lucid has filed challenges in multiple states.[32] Rivian has backed reform efforts in Washington state, including a now-abandoned 2026 ballot initiative to authorize direct-to-consumer EV sales.[33] Rivian has also filed suit in Ohio challenging a state direct-sales ban that permits Tesla to sell vehicles directly while excluding newer entrants.[34]

Taken together, these developments suggest that courts and legislatures[35] are beginning to recognize a key distinction: regulating existing franchise relationships differs fundamentally from prohibiting alternative business models altogether.

V. Statutory Misfit in the Modern Vehicle Market

Even before reaching constitutional questions, many state franchise statutes fit poorly with modern vehicle business models. Courts and regulators often apply these laws to direct-to-consumer manufacturers through expansive interpretations of provisions designed for a fundamentally different commercial relationship.

Most franchise statutes revolve around the manufacturer-dealer relationship. Their operative provisions govern franchise termination, territorial allocations, facility requirements, and other features of an ongoing vertical business arrangement. Direct-to-consumer entrants have none of these elements. They operate without franchisees, franchise agreements, or territorial allocations. Applying franchise statutes to such firms does not advance the statutes’ original purpose. Instead, it stretches the laws beyond their text and structure to reach conduct the legislature never contemplated.[36]

The modern automotive market now includes business models that diverge sharply from the franchised-dealer archetype. Manufacturers increasingly rely on online ordering with centralized, non-negotiable pricing; agency sales models in which the “dealer” functions primarily as a delivery agent, rather than a reseller; remote delivery and mobile-service routing; software-defined vehicle features delivered through over-the-air updates; vertically integrated charging and service networks; and hybrid retail models in which showrooms exist but do not operate as statutory “dealers.” These approaches challenge the core assumptions of franchise law, which presupposed a manufacturer producing a finished vehicle, shipping it to a dealer’s lot, and allowing the dealer to negotiate the retail price with the consumer.

State regulatory approaches to these models vary widely. In practice, state regimes generally fall into four categories: outright bans on direct manufacturer sales; bans with limited electric-vehicle carve-outs; capped regimes that permit direct sales subject to limits on the number of stores or vehicles sold; and permissive regimes that allow direct sales with few restrictions. This patchwork fragments the national market and complicates manufacturers’ efforts to operate under a consistent distribution model.

In many restrictive states, regulators stretch the statutory definitions of “dealer” and “franchise” beyond recognition to capture manufacturers that have never operated through a franchise model. This interpretive expansion is not merely technical. It determines whether new competitors can reach millions of consumers.

It also bears noting that federal law already addresses many of the concerns that state franchise statutes claim to address. Federal dealer-protection statutes govern manufacturer-dealer relationships nationwide.[37] The FTC has also attempted to regulate dealer practices through rulemaking. Although a federal court vacated the agency’s proposed CARS Rule on procedural grounds,[38] the rule illustrates that federal regulators can pursue consumer-protection objectives through less restrictive tools than blanket bans on direct distribution. The presence of these federal mechanisms weakens the argument that state-level distribution bans are necessary to protect consumers.

VI. Conclusion

State automobile-dealer franchise laws impose what this issue brief calls a “middleman tax” on American car buyers. Applying the DOJ’s methodology with current market data, the analysis here estimates that mandatory dealer intermediation adds roughly $4,687 to the cost of a new vehicle. That figure rises further when dealer add-ons, bargaining rents, and administrative fees are included. In a market where the average transaction price exceeds $50,000 and affordability sits near historic lows, the issue is not abstract. It directly affects millions of consumers.

These estimates are conservative. Even using the lowest plausible inputs for each component, the floor estimate remains about $3,934 per vehicle, or 7.87% of the average transaction price. The increase in the average transaction price—from $26,000 in 2000 to about $50,000 today—largely tracks cumulative inflation. That means the structural cost of mandatory intermediation remains at least as large in real terms today as when the DOJ first documented the problem more than 15 years ago. Current market conditions likely increase the burden further. Higher interest rates, rising commercial real-estate costs, and greater vehicle complexity all raise the cost of maintaining a large brick-and-mortar dealer network. Bottom-up reconstructions using current dealer financial data consistently match or exceed the ratio-scaled estimates. A realistic estimate places the cost closer to $4,992 per vehicle, even before accounting for bargaining frictions, dealer add-ons, and consumer time costs documented in the academic literature.

Dealer franchise laws also impose broader economic costs. They fragment the national market by forcing manufacturers to organize distribution around the most restrictive state rules. They burden interstate commerce by conditioning market access on a state-mandated business structure. And they fit poorly with modern vehicle business models, extending franchise-protection statutes designed for mid-20th-century manufacturer-dealer relationships to firms that have never operated through a franchise system.

The principle guiding reform should be simple: allow channel competition. States should not mandate a single distribution architecture when multiple models can compete to serve consumers.

Several reform paths are available. The most comprehensive option is repeal of direct-sales bans, allowing manufacturers to choose any lawful distribution model. Where repeal proves politically infeasible, states can replace categorical bans with licensing and disclosure requirements that ensure consumer protection without prohibiting direct sales. States can also require service availability, bonding, or escrow provisions as conditions of market access. Any reform should include sunset clauses and periodic review requirements to reduce the risk of regulatory recapture by incumbent interests.[39]

The federal government also has a role to play. The DOJ’s Anticompetitive Regulations Task Force could issue a formal report updating the 2009 Bodisch analysis with current market data and documenting the competitive harms of state direct-sales bans. The DOJ could also file statements of interest or amicus curiae briefs in ongoing litigation challenging these laws. In cases where state statutes conflict with the Dormant Commerce Clause or federal policy, the federal government may also consider direct legal challenges.

Congress also has a role to play. For example, it could structure relevant federal incentive programs to encourage states to adopt more forward-thinking direct-sales policies.

The case for reform is strong. Protecting an incumbent distribution channel is not the same as protecting consumers. Allowing manufacturers to compete through different distribution models would lower costs, expand consumer choice, and better align the law with the realities of the modern automobile market.

APPENDIX A: Methodology and Data Sources for the Reconstructed Goldman Sachs Distribution Savings Decomposition

I. Methodology and Baseline Assumptions

This appendix documents the methodology, data inputs, and academic cross-references underlying the updated distribution-cost estimates presented in Section III.B of the issue brief. The analytical framework originates in a 2000 Goldman Sachs equity-research report. That report estimated that shifting from the franchised-dealer distribution model to a direct-sales, build-to-order system could reduce distribution costs by roughly $2,225 per vehicle, or 8.56% of the then-average transaction price of $26,000.[40] The DOJ’s Economic Analysis Group later adopted this framework in a 2009 discussion paper to demonstrate that state dealer-franchise laws impose measurable efficiency costs on automobile distribution.[41]

The Goldman Sachs analysis relied on economic conditions that differ substantially from today’s market. Many of the original inputs—including floorplan financing rates, facility costs, and inventory-carrying charges—reflect early-2000s conditions. Over the past quarter-century, rising vehicle prices, fluctuating interest rates,[42] and higher commercial real-estate costs[43] have altered the cost structure of dealer-based distribution. These changes generally increase, rather than reduce, the cost of maintaining a large physical dealership network.

The reconstruction presented here applies the original percentage decomposition to updated market data from 2025–2026. This approach provides a conservative estimate. A fully bottom-up reconstruction using current dealer financial data would likely generate equal or larger estimates for most cost components.

The analysis uses an average transaction price (ATP) of $50,000 as the primary baseline. This figure reflects the September 2025 record of $50,080 reported by Cox Automotive’s Kelley Blue Book.[44] Each component estimate presented below draws on current industry data and, where available, cross-references the academic literature summarized in the accompanying literature review.

II. Original Component Decomposition

The 2000 Goldman Sachs report decomposed potential distribution-cost savings into five categories, each expressed as a percentage of the average vehicle price.[45] The DOJ’s Economic Analysis Group adopted these estimates in its 2009 analysis, noting that total distribution costs could reach as much as 30% of the final vehicle price, split roughly evenly between manufacturer-side and dealer-side expenses.[46]

APPENDIX TABLE I: Goldman Sachs 2000 Baseline

SOURCE: Goldman Sachs (2000)

The Goldman Sachs report also identified roughly $1,000 per vehicle in additional savings from secondary sources, including modular vehicle architecture and tighter supplier integration. Those effects are not included in the five-component decomposition reported above.[47]

III. Updated Macroeconomic and Industry Inputs

The reconstruction requires updating the key macroeconomic and industry variables that drive each savings component. The table below summarizes the baseline and updated values:

Updating the original framework requires revising the macroeconomic and industry variables that drive each savings component. Table II below summarizes the baseline values used in the 2000/2009 analysis and the updated inputs used in the reconstruction.

APPENDIX TABLE II: Updated Economic Inputs (2025–2026)

[48] [49] [50] [51] [52] [53] [54] [55] [56]

A. Note on ATP Selection

This analysis uses $50,000 as a round-number proxy for the modern average transaction price (ATP). Cox Automotive reported an ATP of $50,080 in September 2025,[57] while the December 2025 figure was approximately $47,104 for all light vehicles.[58] MoneyGeek projects an average ATP of $48,841 for 2026.[59] The $50,000 baseline therefore sits near the upper end of recent estimates. Sensitivity to ATP assumptions is addressed in Section VI below.

IV. Component-by-Component Reconstruction

This section reconstructs each component of the Goldman Sachs distribution-savings framework using updated market data. Subsection A examines savings from improved matching of production to consumer demand under a build-to-order or direct-sales model. Subsection B estimates reductions in inventory-carrying costs resulting from shorter supply chains and lower days’ supply. Subsection C analyzes potential savings from reducing dealership density and the fixed facility overhead associated with large retail networks. Subsection D evaluates reductions in sales commissions and personnel costs that arise when negotiated dealership sales processes are replaced with centralized, non-negotiable pricing. Subsection E estimates potential logistics savings from streamlined hub-to-consumer delivery and reduced dealer-network routing, and concludes with an empirical cross-check using Tesla’s operating experience as a direct-sales manufacturer. Together, these components provide a conservative reconstruction of the distribution-cost savings discussed in Section III.B of the issue brief.

A. Component 1: Improved Matching of Supply with Consumer Demand

Original Ratio: 3.20% of vehicle price.[60]

Mechanism: Under the make-to-stock model, dealers must clear unpopular configurations through incentives and discounts. A build-to-order (BTO) or direct-sales model reduces the need for such price-clearing mechanisms by aligning production with confirmed consumer preferences. The Goldman Sachs framework attributed the largest share of projected savings to this channel.[61]

Calculation:

S? = ATP × 0.032

S? = $50,000 × 0.032 = $1,600

1. Supporting data

Manufacturer incentive spending reached roughly 7.5% of ATP (about $3,750 per vehicle) by late 2025,[62] indicating that the costs of mismatched inventory remain substantial. Academic research corroborates that search and matching frictions generate meaningful price distortions. Charles Murry and Yiyi Zhou estimate that search frictions create markups of roughly $333 per vehicle in markets where dealers collocate.[63] That figure captures only consumer-side search costs, not the manufacturer-side incentives required to move mismatched inventory. Florian Zettelmeyer, Fiona Scott Morton, and Jorge Silva-Risso find that internet-based information reduces transaction prices by roughly 1.5%–2%, largely through improved consumer matching and bargaining leverage.[64] These results support the core mechanism in the Goldman Sachs framework.

2. Assessment

The 3.2% ratio remains plausible and may even be conservative under current market conditions. In 2000, incentive spending represented a smaller share of vehicle prices. By 2025, manufacturer incentives reached about 7.5% of ATP (roughly $3,750 per vehicle),[65] far exceeding the $832 the original model attributed to supply-demand mismatching at a $26,000 ATP. This pattern suggests that inefficiencies associated with make-to-stock distribution have grown relative to the original estimate. The $1,600 figure should therefore be understood as the maximum savings achievable under full BTO adoption. Even a partial shift toward build-to-order distribution could capture a meaningful share of these gains.

B. Component 2: Lower Inventory Carrying Costs

Original Ratio: 2.21% of vehicle price.[66]

Mechanism: The franchised-dealer model requires maintaining roughly 60–90 days’ supply of finished vehicles on dealer lots, generating substantial floorplan interest and operational holding costs. Direct-sales models can reduce this inventory buffer by aligning production more closely with confirmed consumer demand.[67]

Ratio-Based Calculation:

S? (ratio) = ATP × 0.0221

S? = $50,000 × 0.0221 = $1,105

Bottom-Up Reconstruction: Because the full Goldman Sachs report is not publicly available, this appendix also reconstructs inventory savings using current data inputs. Inventory-carrying costs include both an interest component and a noninterest operational component:

S? (reconstructed) = (ATP × r × Δt / 365) + (Δt × C??)

Where:

• r ≈ 6% (approximate floorplan rate, conservative relative to current prime-plus dealer financing);[68]
• Δt = 45 days (estimated reduction from a 73-day legacy supply to roughly a 28-day direct-to-consumer target);[69] and
• C?? = $15 per day (noninterest holding costs, including insurance, storage, and lot maintenance).[70]

S? (reconstructed) = ($50,000 × 0.06 × 45 / 365) + (45 × $15)

= $370 + $675

= $1,045

The bottom-up reconstruction yields $1,045 (2.09% of ATP), slightly below the $1,105 (2.21%) produced by ratio scaling. The true value likely falls within a range of roughly $1,045–$1,105 per vehicle, or about 2.09%–2.21% of the vehicle price. Recent industry data show net floorplan expense per unit rising 35% to $487 in the first quarter of 2025, reflecting the upward pressure of higher interest rates. The 6% floorplan rate assumed here is conservative. With prime rates between roughly 6.5% and 7.5% over the past year,[71] actual dealer floorplan rates often approach or exceed 7%, which would increase the reconstructed estimate.

1. Academic cross-check

Empirical research supports the importance of the inventory channel. Gérard P. Cachon and Marcelo Olivares show that distribution-network design strongly influences finished-goods inventory levels and that inter-dealer competition encourages excess stocking.[72] Their findings support the assumption that a direct-sales model with fewer distribution points would reduce days’ supply. Adam Copeland, Wendy E. Dunn, and George Hall document systematic within-model-year price declines under the build-to-stock model, as dealers discount aging inventory to clear lots.[73]

2. Assessment

The bottom-up reconstruction yields $1,045 (2.09% of ATP), modestly below the ratio-scaled estimate of $1,105 (2.21%). Both reconstruction inputs are deliberately conservative. The assumed 6% floorplan rate sits below current prime-based dealer financing rates, which often fall in the 7%–10% range. The $15-per-day noninterest holding cost also represents a lower-bound estimate derived from aggregate dealership operating data. Adjusting either input to reflect current market conditions would increase the reconstructed value. For consistency with the original Goldman Sachs framework, this brief uses the ratio-based figure ($1,105) in the summary table. That figure falls comfortably within the range supported by current data and likely understates inventory-carrying costs in the present interest-rate environment.

C. Component 3: Reduction in Dealership Density and Facility Overhead

Original Ratio: 1.49% of vehicle price.[74]

Mechanism: Physical dealerships impose large fixed costs, including facility leases or mortgages, insurance, utilities, maintenance, and administrative personnel. A direct-sales model replaces dispersed suburban dealership lots with centralized delivery hubs, service centers, and smaller retail galleries, reducing the need for a dense network of full-service retail locations.

Ratio-Based Calculation:

S? (ratio) = ATP × 0.0149

S? = $50,000 × 0.0149 = $745

Bottom-Up Reconstruction: This component can also be reconstructed using current dealership-level data. As of 2024, the United States had approximately 16,957 franchised light-vehicle dealerships.[75] NADA reports that the average franchised dealership generated $73.3 million in total sales in 2024 on net margins of approximately 1–2 percent, with cost of goods sold (vehicle acquisition) representing roughly 90 percent of revenue. This implies non-vehicle-acquisition operating expenses on the order of $500,000 or more per month per dealership, encompassing payroll, facility costs, advertising, insurance, and floorplan interest.

Note on Cost Allocation: These operating expenses include both facility-related overhead (leases or mortgages, utilities, property insurance, taxes, building maintenance, and management) and personnel-related costs (sales commissions, salaries, and benefits). Because the Goldman Sachs framework treats commissions separately, as in Component 4, this analysis allocates only a portion of operating expenses to facility overhead to avoid double counting.

No single authoritative source reports the facility-related share of dealership operating costs. This appendix estimates facility-related overhead at roughly $100,000–$125,000 per month per dealership, covering lease or mortgage payments, utilities, insurance, property taxes, and facility maintenance. This assumption is conservative. A typical multiacre suburban dealership with showroom space, service bays, and large vehicle lots likely incurs facility costs at or above this range, particularly given commercial real-estate appreciation since 2000. Even the lower bound of $100,000 represents only about 20% of total estimated monthly operating expenses.

Calculation (Facility-Related Overhead, Assuming a 75% Network Reduction):

Total annual facility overhead:

16,957 dealerships × $112,500 per month (midpoint) × 12 months

= $22.9 billion per year

Per vehicle sold (14.9 million seasonally adjusted annual rate, or SAAR)[76]:

$22.9 billion ÷ 14.9 million = $1,536 per vehicle

Assuming a 75% reduction in the physical retail network under a direct-sales model:

S? (reconstructed) = $1,536 × 0.75 = $1,152 (2.3% of ATP)

For comparison, if facility-related overhead were as low as $50,000 per month—capturing only lease or mortgage costs and excluding other facility expenses—the floor estimate would be:

16,957 × $50,000 × 12 ÷ 14.9 million × 0.75

= $512 per vehicle (1.02% of ATP)

The bottom-up reconstruction therefore produces a range of $512–$1,152 per vehicle. The broader facility-overhead estimate ($1,152, or 2.3%) exceeds the ratio-scaled Goldman Sachs estimate of $745 (1.49%). The Goldman Sachs figure falls near the midpoint of the reconstructed range, suggesting that it captured more than bare lease costs but less than the full allocation of facility overhead.

A 75% reduction in the retail network is itself conservative relative to observed direct-sales models. Tesla serves U.S. sales volumes comparable to those of a mid-size franchised manufacturer through roughly 276 retail locations, whereas a similarly sized franchised brand typically operates between about 1,200 and 4,000 dealerships. That comparison implies network reductions of roughly 77%–93% on a per-brand basis. This appendix uses the lower figure to reflect that a mature direct-sales system would still require delivery hubs, service centers, and test-drive locations.

1. Academic cross-check

Empirical research on selling, general, and administrative (SG&A) costs shows that these expenses often exhibit “stickiness,” adjusting slowly when demand declines.[77] This literature suggests that overhead embedded in a mandated intermediary structure can persist even when more efficient configurations become available.[78] Scholarship on franchise law similarly characterizes dealership infrastructure as an institutional artifact: when intermediation is mandatory and entry and exit are constrained, the physical retail network persists even if market conditions would otherwise favor consolidation or alternative distribution models.

2. Assessment

The bottom-up analysis brackets the Goldman Sachs estimate. A conservative lease-only assumption supports savings of about $512 per vehicle (1.0%), while a broader facility-overhead allocation supports roughly $1,152 per vehicle (2.3%). The original Goldman Sachs ratio of 1.49% ($745) falls comfortably within this range and serves as a reasonable midpoint estimate. This appendix therefore adopts the Goldman Sachs ratio as the lower-bound estimate. Changes in underlying cost drivers since 2000 reinforce that conclusion. Commercial real-estate prices, property insurance, and utility costs have all risen substantially, increasing the per-unit cost of maintaining large suburban dealership facilities relative to the environment in which the original estimate was developed.

D. Component 4: Lower Sales Commissions and Personnel Expenses

Original Ratio: 1.47% of vehicle price.[79]

Mechanism: The franchised-dealer sales process relies on multiple layers of commissioned and salaried personnel: front-line salespeople, sales managers who approve and negotiate deals, finance-and-insurance (F&I) managers who structure financing and sell add-on products, and administrative staff who support the transaction. A direct-sales model replaces this structure with salaried product specialists operating under centralized, non-negotiable pricing. That shift reduces the multi-layered personnel overhead associated with commission-based bargaining.

Ratio-Based Calculation:

S? (ratio) = ATP × 0.0147

S? = $50,000 × 0.0147 = $735

Partial Bottom-Up Reconstruction: Average gross profit per new vehicle retailed was $2,247 in 2024. Industry-standard commission rates range from about 20%–25% of front-end gross profit.[80] Applying that range to the reported gross profit yields a direct per-vehicle commission of roughly $449–$562,[81] establishing a verifiable floor for the commission component (about 0.90%–1.12% of ATP).

Front-line commissions represent only part of the sales-department personnel cost that a direct-sales model would restructure. The remainder of the Goldman Sachs estimate—about $286 per vehicle (the difference between $735 and the lower-bound commission of $449)—likely reflects additional personnel layers involved in the traditional dealership sales process, including:

• Sales-manager compensation (deal negotiation, desk approval, and pricing authority)
• F&I-manager compensation (financing structuring, product sales, and compliance)
• Administrative and desk staff supporting the multi-step transaction process
• Training and onboarding costs for a high-turnover commissioned sales force

No single source reports per-vehicle figures for each of these components. A conservative allocation nonetheless aligns with the Goldman Sachs total: $449 in direct commissions plus roughly $286 in supporting sales-department personnel costs equals $735 (1.47% of ATP). This estimate implies that for every dollar paid in front-line commission, about $0.64 supports the surrounding sales infrastructure—a plausible ratio given the management-intensive and negotiation-driven nature of the franchised-dealer sales process.

1. Academic cross-check

Academic research documents the welfare costs associated with commission-driven bargaining models. Ambarish Chandra, Sumeet Gulati, and James Sallee find that negotiated pricing disproportionately disadvantages consumers with higher bargaining disutility, including many older buyers and women.[82] In effect, bargaining can function as a regressive transaction tax paid through time, stress, and higher expected prices. Meghan R. Busse, Jorge Silva-Risso, and Florian Zettelmeyer show that consumer-facing rebates pass through more directly to buyers than dealer-targeted incentives, suggesting that intermediaries capture surplus through opaque pricing channels.[83] Andreas Grunewald et al. estimate that eliminating dealer discretion in loan pricing alone would generate significant consumer-surplus gains—an additional cost channel beyond the commission savings estimated here.[84]

2. Assessment

The direct commission estimate of $449–$562 per vehicle provides a well-supported lower bound. The Goldman Sachs ratio of 1.47% ($735) plausibly captures the full sales-department personnel structure, although the portion above the direct commission (about $286) reflects supporting infrastructure costs that cannot be independently verified with the same precision. Some portion of this estimate may overlap with personnel costs embedded in dealership overhead (Component 3). That overlap is likely minimal because the bottom-up reconstruction in Component 3 relies primarily on facility and occupancy costs, rather than staffing figures.

The $735 estimate therefore remains a reasonable midpoint for the personnel-cost component. Importantly, it captures only the direct payroll effects of restructuring the sales process. It does not include broader welfare gains from eliminating bargaining frictions—such as reduced consumer time costs, lower price dispersion, and improved transparency—which the academic literature suggests could be substantially larger than the commission savings alone.

E. Component 5: Lower Shipping and Logistics Costs

Original Ratio: 0.19% of vehicle price.[85]

Mechanism: Direct-sales models enable optimized hub-to-consumer delivery routes, reducing reliance on the multi-step manufacturer-to-dealer-to-consumer logistics chain that characterizes the franchised-dealer system. Modern destination fees have also increased substantially, with some domestic trucks carrying destination charges as high as $2,295.[86]

Calculation:

S? = ATP × 0.0019

S? = $50,000 × 0.0019 = $95

1. Assessment

This component is the smallest in the Goldman Sachs framework and likely the most conservative. Current destination fees—generally ranging from $995 to $2,295—substantially exceed the $95 savings estimated here. That gap suggests the original Goldman Sachs ratio may understate potential logistics savings. Destination fees, however, include transportation costs from the assembly plant to the retail network that would exist under any distribution model. The marginal savings from logistics optimization therefore remain modest relative to the other components.

At the same time, several modern logistics factors suggest that the $95 estimate likely understates the full inefficiency associated with dealer-based routing.

First, destination fees have risen sharply—from an average of about $839 in 2011 to a current range of roughly $995–$2,295, with a midpoint near $1,200. These fees are typically equalized across buyers of a given model regardless of distance from the assembly plant. That structure effectively cross-subsidizes transportation costs and reflects the logistical constraints of routing vehicles through a dispersed network of roughly 17,000 dealer lots, rather than through a smaller number of regional delivery hubs. A hub-based distribution system could price logistics more directly based on distance. If even 15%–25% of the average destination fee reflects this structural inefficiency, the avoidable cost would fall in the range of roughly $180–$300 per vehicle.^[87]

Second, dealer-to-dealer trades—in which a vehicle is transported from one dealership to another to match a buyer’s desired configuration—represent pure logistics waste that would not exist under a build-to-order or centralized-inventory model. Transfer fees for these trades range from $0 for short intra-market swaps to several hundred dollars for cross-state transports, with documented examples around $195 per transaction. Although no authoritative source quantifies the share of transactions involving dealer trades, the practice is common enough to support a dedicated logistics infrastructure.^[88]

Third, direct-to-consumer operators demonstrate that alternative logistics systems can operate at scale. Carvana, for example, runs a hub-and-spoke distribution network with vertically integrated transportation, reconditioning, and customer delivery. The company reports per-unit cost advantages of roughly $1,200–$2,600 relative to traditional dealer-intermediated distribution.^[89]

Taken together, these factors suggest that a reasonable but nonconservative estimate of logistics savings would fall in the range of $200–$400 per vehicle (roughly 0.40%–0.80% of ATP), compared with the $95 estimate produced by ratio scaling. This appendix nonetheless retains the $95 figure as the baseline, because the original Goldman Sachs derivation is not publicly available in sufficient detail to determine which logistics costs it already incorporated. The $200–$400 range should therefore be understood as a plausible upper bound reflecting destination-fee inefficiencies, dealer-trade logistics waste, and the demonstrated efficiency of hub-based direct-delivery models.

2. Cross-check

An additional cross-check for the savings estimate comes from Tesla’s operating experience as a direct-sales manufacturer. Bloomberg Intelligence reports that Tesla’s SG&A expense per delivery was $2,651 per vehicle in 2023, about 72% higher than Stellantis.[90] This figure reflects the cost of maintaining company-owned showrooms, mobile-service crews, and vertically integrated delivery logistics.

These figures provide a practical benchmark against the theoretical savings estimate, demonstrated in Table III. The resulting net efficiency gain of roughly $2,036 per vehicle indicates that even after accounting for the substantial costs of operating a vertically integrated retail and service network, direct sales can remain more cost-efficient than the franchised-dealer model.

APPENDIX TABLE III: Tesla Benchmark Against Theoretical Savings

[91]

The $2,651 figure also reflects Tesla’s continued buildout of its retail, service, and delivery infrastructure. As the network matures, economies of scale could reduce SG&A costs on a per-vehicle basis.

For policy purposes, the key question is not whether direct sales always produce lower costs in every circumstance. The relevant question is whether state law should categorically prohibit manufacturers from attempting a distribution model that economic evidence suggests can produce measurable efficiencies. Even the $2,036 net estimate represents a meaningful cost reduction for consumers.

V. Methodological Limitations and Caveats

The reconstruction presented in this appendix provides a conservative estimate of the potential distribution-cost savings from direct-sales models, but several methodological limitations should guide how the results are interpreted. The analysis relies on ratio scaling from the original Goldman Sachs framework, rather than a fully bottom-up re-derivation using current dealer cost data. It also evaluates the distribution channel in partial equilibrium, holding broader market conditions constant. In addition, structural changes in the automotive industry over the past quarter-century—including dealer consolidation, digital retail tools, and changes in product mix—may affect how the original ratios translate to current market conditions. The subsections below discuss these limitations and explain why, despite them, the estimates presented here likely understate rather than overstate the cost of mandatory dealer intermediation.

A. Linear Scaling of Cost Ratios

The methodology applies the original percentage ratios from the 2000 Goldman Sachs analysis to modern vehicle prices, implicitly assuming that the cost components scale proportionally with the average transaction price. In practice, some components may scale nonlinearly. Logistics costs, for example, may include larger fixed components, while savings from improved supply-demand matching could increase as vehicles become more complex. The directional bias of this assumption likely produces understatement. Over the past 25 years, interest rates, commercial real-estate costs, and vehicle complexity have all increased, factors that would tend to raise the cost of maintaining a large dealership network. A fully bottom-up reconstruction using current cost structures would therefore likely produce estimates at least as large as the ratio-scaled figures presented here.

B. Industry Changes Since 2000

The automotive industry has changed significantly since the Goldman Sachs report. Dealer consolidation may have produced some efficiency gains within the franchise system. Digital shopping tools have reduced some consumer information frictions. At the same time, the shift in product mix toward larger vehicles, particularly SUVs and trucks, has altered cost structures across manufacturing and distribution. These structural changes could influence the magnitude of distribution-cost savings in either direction.

C. Original Ratios Not Re-Derived

The 2026 estimates apply the original Goldman Sachs percentage decomposition to updated price data, rather than independently re-estimating each component using current cost structures. Future research should attempt a full bottom-up reconstruction using contemporary dealer financial data, such as the National Automobile Dealers Association’s “Annual Financial Profile of America’s Franchised New-Car Dealerships,” rather than relying solely on ratio extrapolation.

D. Partial-Equilibrium Framework

The estimates describe the savings associated with transitioning a single manufacturer’s distribution model while holding other market conditions constant. A system-wide transition to direct distribution could generate general-equilibrium effects, including changes in competitive dynamics, entry and exit patterns, and manufacturer pricing strategies. These second-order effects could be substantial and are ambiguous in direction.

E. Inflation Adjustment

The reconstruction applies the original Goldman Sachs percentage ratios to the 2026 average transaction price of $50,000 rather than simply inflating the original dollar figures from 2000. This approach is appropriate because cumulative consumer price index inflation from 2000 to 2025 is roughly 92%.[92] The increase in the average transaction price from $26,000 to about $50,000 therefore largely reflects general inflation, with only modest real appreciation. Applying the original ratios to the modern transaction price produces estimates broadly equivalent to an inflation-adjusted calculation.

VI. Conclusion

The reconstruction presented in this appendix is deliberately conservative at every step. It applies simple ratio scaling from the original Goldman Sachs framework, adopts the lowest plausible inputs where ranges exist, and explicitly flags areas of uncertainty. Under these cautious assumptions, the floor estimate is $3,934 per vehicle (7.87% of ATP), derived by taking the lowest value in each component range. Because cumulative CPI inflation from 2000 to 2025 is roughly 92%, the increase in the average transaction price from $26,000 to $50,000 largely reflects general price-level changes. Even the conservative floor therefore implies that the real cost of mandatory dealer intermediation is at least as large today as when Goldman Sachs first estimated it in 2000 and the DOJ documented it in 2009.

The conservative floor, however, is unlikely to represent the most realistic estimate. The bottom-up evidence consistently points in one direction: current market conditions have made the physical dealer infrastructure more expensive to maintain in real terms, not less. Interest rates are higher than in 2000, commercial real estate costs have risen, and vehicle complexity has increased. Where components could be reconstructed using contemporary data, the bottom-up figures generally met or exceeded the ratio-scaled estimates—inventory carrying costs of $1,045–$1,105, facility overhead of $745–$1,152, commissions of $449–$735, and shipping and logistics savings of up to $400 per vehicle. Using the upper end of these component ranges yields an estimate of roughly $4,992 per vehicle (9.87% of ATP). Even that figure likely understates the full economic burden of mandatory dealer intermediation because it excludes welfare costs—such as bargaining frictions, consumer time costs, and distributional harms—that the academic literature identifies as economically significant but that fall outside the Goldman Sachs accounting framework.

[1] See Daniel A. Crane, Tesla, Dealer Franchise Laws, and the Politics of Crony Capitalism, 101 Iowa L. Rev. 573 (2016),  https://repository.law.umich.edu/articles/1721.

[2] These figures represent the per-vehicle cost based on an average purchase price of $50,000, as discussed infra.

[3] See Gerald R. Bodisch, Economic Effects of State Bans on Direct Manufacturer Sales to Car Buyers, U.S. Dep’t Just. (2009), https://www.justice.gov/atr/economic-effects-state-bans-direct-manufacturer-sales-car-buyers.

[4] See Cox Auto. Inc., Kelley Blue Book Report: New-Vehicle Average Transaction Price Hits Record High in September, Surges Past $50,000 for the First Time Ever (Oct. 13, 2025), https://www.coxautoinc.com/insights-hub/sept-2025-atp-report.

[5] See Jonathan Gregory, Wage Gains Boost New-Vehicle Affordability in November Despite Higher Rates, Cox Auto. Inc. (Dec. 15, 2025), https://www.coxautoinc.com/insights-hub/nov-2025-vai (noting that purchasing a new vehicle requires about 36.3 weeks of income—still historically high, despite recent affordability improvements following pandemic-driven price increases).

[6] See Roger D. Blair et al., Brief of Legal and Economic Scholars to the Georgia Supreme Court in Lucid v. Georgia, Int’l Ctr. L. & Econ. (July 10, 2025), https://laweconcenter.org/resources/brief-of-legal-and-economic-scholars-to-the-georgia-supreme-court-in-lucid-v-georgia.

[7] Id.

[8] James M. Rubenstein, Making and Selling Cars: Innovation and Change in the U.S. Automotive Industry 188 (Johns Hopkins Univ. Press 2008).

[9] See Patrick Manzi, 2024 Annual Financial Profile of America’s Franchised New-Car Dealerships, Nat’l Auto. Dealers Ass’n (2024), https://www.nada.org/media/4695/download.

[10] Julie Walker, How Many U.S. Dealership Owners Will We Have in 2050?, Kerrigan Advisors (Mar. 30, 2025), https://www.kerriganadvisors.com/in-the-news/how-many-u-s-dealership-owners-will-we-have-in-2050.

[11] Mass. State Auto. Dealers Ass’n, Inc. v. Tesla Motors MA, Inc., 15 N.E.3d 1152 (Mass. 2014), https://law.justia.com/cases/massachusetts/supreme-court/2014/sjc-11545.html.

[12] See George J. Stigler, The Theory of Economic Regulation, 2 Bell J. Econ. & Mgmt. Sci. 3 (1971).

[13] Bodisch, supra note 3.

[14] 2024 Car Buyer Journey Study, Cox Auto. Inc. (2025), https://www.coxautoinc.com/wp-content/uploads/2025/01/2024-Car-Buyer-Journey-Study-Research-Summary.pdf.

[15] Id.

[16] Id. at 4.

[17] Id.

[18] As discussed below, this analysis yields estimated savings ranging from a conservative baseline of 7.87% per vehicle to 9.87% per vehicle. The analysis assumes a $50,000 new-vehicle price. Table II illustrates how these estimates translate across a range of vehicle price points.

[19] Id.

[20] Id. at 5-6.

[21] Cox Auto Inc., supra note 4 (noting that recent increases in average vehicle prices largely track overall inflation; see also Appendix A, § 7.E); Nora Eckert, Automakers Have Resisted Raising Car Prices Because of Tariffs. That Might Not Last, Reuters (Sept. 18, 2025), https://www.reuters.com/business/media-telecom/automakers-have-resisted-raising-car-prices-because-tariffs-that-might-not-last-2025-09-18 (reporting that 2025 U.S. tariffs—including 25% duties on imported vehicles and auto parts—have increased costs for automakers and suppliers, potentially adding about $2,300 per vehicle); The Latest Car Tariff Information, Kelley Blue Book (Feb. 25, 2026), https://www.kbb.com/tariffs/#:~:text=New%20cars%3A%20Shoppers%20can%20expect,cars%20less%20affordable%20for%20consumers (estimating that tariffs could raise prices by as much as $6,000 on vehicles priced under $40,000 as duties phase in); Lawrence Ulrich, Trump’s Auto Tariffs Are Turning New-Car Shopping into a Wild Ride, Car & Driver (Aug. 5, 2025), https://www.caranddriver.com/news/a65592759/trump-auto-tariffs-new-car-shopping-outlook.

[22] See Thomas L. Hidder, Floor-Plan Financing for Auto Dealers: Trends, Structures & What’s Changing, Harney Partners (Nov. 24, 2025), https://harneypartners.com/floor-plan-financing-for-auto-dealers; Prime Rate Information, Bank Am. (Dec. 11, 2025), https://newsroom.bankofamerica.com/content/newsroom/home/prime-rate-information.html (reporting a prime rate of 6.75% effective December 2025; this brief uses an approximate 6% rate in the bottom-up reconstruction as a conservative assumption; see Appendix A).

[23] See Cox Auto. Inc., New-Vehicle Inventory Returns to Pre-Tariff Levels as EV Sales Accelerate and Incentives Rise (Aug. 14, 2025), https://www.coxautoinc.com/insights-hub/july-2025-new-vehicle-inventory.

[24] See Appendix A § 5.

[25] See Optimum Info, Dealer Financial Analysis Report—Q1 2025, https://optimuminfo.com/resources/blogs/dealer-financial-analysis-report-q1-2025 (last visited Feb. 27, 2025).

[26] Pike v. Bruce Church, Inc., 397 U.S. 137, 142 (1970).

[27] See Fed. Trade Comm’n, FTC Staff: Missouri and New Jersey Should Repeal Their Prohibitions on Direct-to-Consumer Auto Sales by Manufacturers (May 16, 2014), https://www.ftc.gov/news-events/news/press-releases/2014/05/ftc-staff-missouri-new-jersey-should-repeal-their-prohibitions-direct-consumer-auto-sales.

[28] Id.

[29] See Healy v. Beer Inst., 491 U.S. 324, 336 (1989) (“The Commerce Clause … precludes the application of a state statute to commerce that takes place wholly outside of the State’s borders, whether or not the commerce has effects within the State.”); Crane, supra note 1 (arguing that state dealer-franchise laws effectively dictate the distribution structures out-of-state manufacturers must adopt to access a state’s market); Brannon P. Denning, Extraterritoriality and the Dormant Commerce Clause: A Doctrinal Post-Mortem, 73 La. L. Rev. 979 (2013).

[30] Mass. State Auto. Dealers Ass’n, Inc. v. Tesla Motors MA, Inc., 469 Mass. 675, 15 N.E.3d 1152 (2014).

[31] See Ill. Auto Dealers Ass’n v. Office of the Ill. Sec’y of State, No. 1-23-0100 (Ill. App. Ct. Aug. 23, 2024); Sarah J. Reusche, Illinois Appellate Court Affirms Direct-to-Consumer Auto Sales, Lavelle L. (Sept. 9, 2024), https://www.lavellelaw.com/illinois-appellate-court-affirms-direct-to-consumer-auto-sales.

[32] Blair et al., supra note 6.

[33] See John Smart, Rivian’s $4.6 Million Ballot Gambit to Crack Washington’s Tesla Sales Monopoly, WebProNews (Jan. 27, 2026), https://www.webpronews.com/rivians-4-6-million-ballot-gambit-to-crack-washingtons-tesla-sales-monopoly; Lisa Stiffler , The ‘Tesla exemption’ No More: Rivian and Lucid Break Through Washington State’s Dealership Wall, GeekWire (Mar. 12, 2026), https://www.geekwire.com/2026/the-tesla-exemption-no-more-rivian-and-lucid-break-through-washington-states-dealership-wall/.

[34] See Andrew J. Hawkins, Rivian Calls Ohio’s Ban on Direct Car Sales ‘Irrational in the Extreme’ in New Lawsuit, The Verge (Aug. 4, 2025), https://www.theverge.com/news/718186/rivian-ohio-lawsuit-direct-sales-ban.

[35] See Matt Wilson, Rivian Pushes for Direct Sales as Iowa Weighs Changes to Dealership Laws, Drive Tesla (Feb. 13, 2026), https://driveteslacanada.ca/news/rivian-pushes-for-direct-sales-as-iowa-weighs-changes-to-dealership-laws (discussing Iowa Senate Study Bill 3067 (proposed 2025)); Carrigan Woodson, South Carolina’s Direct-to-Consumer Car Sales Bill Ran Out of Time in 2025. Should It Be Revived in 2026?, Palmetto Promise (Aug. 5, 2025), https://palmettopromise.org/south-carolinas-direct-to-consumer-car-sales-bill-ran-out-of-time-in-2025-should-it-be-revived-in-2026.

[36] See Crane, supra note 1.

[37] See 15 U.S.C. § 1221.

[38] See Nat’l Auto. Dealers Ass’n v. FTC, No. 24-60013 (5th Cir. Jan. 27, 2025) (vacating 16 C.F.R. pt. 463 for failure to comply with advance-notice requirements under § 18 of the Federal Trade Commission Act).

[39] Thomas Randolph Beard & George S. Ford, State Automobile Franchise Laws: Public or Private Interests?, SSRN (Sept. 12, 2016).

[40] Gary Lapidus, eAutomotive: Gentleman Start Your Search Engines, Goldman Sachs (2000). The original Lapidus report is unavailable. This analysis therefore relies on Bodisch, supra note 3, which cites Lapidus and Charles H. Fine & Daniel M. G. Graff, Automotive Industry: Internet-Driven Innovation and Economic Performance, in The Economic Payoff from the Internet Revolution (Robert E. Litan & Alice M. Rivlin eds., 2001), https://archive.org/details/economicpayofffr0000unse.

[41] Bodisch, supra note 3.

[42] In 2000, the average corporate-bond yield was 7.6%; by February 2026, it had fallen to 5.3%. See Moody’s Seasoned Aaa Corporate Bond Yield (AAA), FRED, Fed. Rsrv. Bank St. Louis, https://fred.stlouisfed.org/series/AAA (last visited Feb. 25, 2026).

[43] Lapidus, supra note 40, as cited in Bodisch, supra note 3.

[44] Cox Auto Inc., supra note 4.

[45] Lapidus, supra note 40, as cited in Bodisch, supra note 3.

[46] Bodisch, supra note 3.

[47] Id.

[48] Cox Auto Inc., supra note 4.

[49] The 2000 Goldman Sachs report expressed savings as percentage shares of the average transaction price, rather than reporting individual cost inputs. The variables marked “N/A”—including floorplan rates, incentive levels, and dealership operating costs—were implicit in the original analysis but were not reported as standalone figures. Current values are provided here to show that changes since 2000 support, rather than undermine, the original ratios.

[50] See infra notes 28-34 and accompanying text.

[51] Cox Auto. Inc., New-Vehicle Inventory Returns to Pre-Tariff Levels as EV Sales Accelerate and Incentives Rise (July 2025), https://www.coxautoinc.com/insights-hub/july-2025-new-vehicle-inventory.

[52] Cox Auto Inc., supra note 4.

[53] $708 vs. $250: What Dealers Really Spend Per Car Sold, Big Time Advert. & Mktg. (2025), https://www.gowithbigtime.com/blog/C/2025/10/01/708-vs-250-What-Dealers-Really-Spend-Per-Car-Sold-177.

[54] The per-vehicle commission derives from Presidio-NCM benchmark data reporting average new-vehicle gross profit of $2,247 for full-year 2024, applied to an industry-standard 20–25% front-end commission rate ($2,247 × 0.20–0.25 = $449–$562 per vehicle). See James Hickey, Dealer Profitability Improved at End of 2024, Digital Dealer (Feb. 28, 2024), https://digitaldealer.com/news/auto-dealership-profitability-improved-at-end-of-2024/163923 (reporting Presidio-NCM benchmark data); AutoFinder, How Much Commission Does a Car Salesperson Make?, https://autofinder.com/insights/how-much-commission-does-a-car-salesman-make (reporting commission rates of 20–30% of gross profit); Mark McDonald, Car Salesman Confidential: How to Get Paid, MotorTrend (Feb. 14, 2014), https://www.motortrend.com/features/car-salesman-confidential-how-to-get-paid (reporting typical commissions of about 25% of gross profit plus backend compensation); Lawrence Hodge, How Much Car Salespeople Make in Commissions, Jalopnik (Feb. 20, 2025), https://www.jalopnik.com/1795349/how-much-car-salespeople-make-commissions (reporting commissions of roughly 20% on new-car sales).

[55] Renee Valdes, Destination Charges and Dealer Fees Explained, Autotrader (Apr. 30, 2024), https://www.autotrader.com/car-shopping/new-car-delivery-or-destination-charges-explained.

[56] Nat’l Auto. Dealers Ass’n, NADA Data: Annual Financial Profile of America’s Franchised New-Car Dealerships (2024), https://www.nada.org/nada/nada-data (reporting average dealership sales of $73.3 million with net margins of 1–2%, implying non-vehicle-acquisition operating expenses of roughly $500,000 per month or more).

[57] Cox Auto Inc., supra note 4.

[58] Id.

[59] Nathan Paulus, Average New Car Price in 2026: $48,841, MoneyGeek (Dec. 29, 2025), https://www.moneygeek.com/resources/average-price-of-a-new-car.

[60] Lapidus, supra note 40, as cited in Bodisch, supra note 3.

[61] Bodisch, supra note 3.

[62] Cox Auto Inc., supra note 4.

[63] Charles Murry & Yiyi Zhou, Consumer Search and Automobile Dealer Colocation, 66 Mgmt. Sci. 1909 (2020), https://doi.org/10.1287/mnsc.2019.3307.

[64] Florian Zettelmeyer, Fiona Scott Morton & Jorge Silva-Risso, How the Internet Lowers Prices: Evidence from Matched Survey and Automobile Transaction Data, 43 J. Mktg. Rsch. 168 (2006), https://doi.org/10.1509/jmkr.43.2.168.

[65] Cox Auto Inc., supra note 4.

[66] Lapidus, supra note 40, as cited in Bodisch, supra note 3.

[67] Bodisch, supra note 3.

[68] See Optimum Info, Dealer Financial Analysis Report—Q1 2025 (2025), https://optimuminfo.com/resources/blogs/dealer-financial-analysis-report-q1-2025; see also Harney Partners, Floor-Plan Financing for Auto Dealers: Trends, Structures & What’s Changing (2025), https://harneypartners.com/floor-plan-financing-for-auto-dealers; Bank Am., Prime Rate Information (reporting a prime rate of 6.75% effective December 2025), https://newsroom.bankofamerica.com/content/newsroom/home/prime-rate-information.html.

[69] Cox Auto. Inc., New-Vehicle Inventory Returns to Pre-Tariff Levels as EV Sales Accelerate and Incentives Rise (July 2025), https://www.coxautoinc.com/insights-hub/july-2025-new-vehicle-inventory.

[70] The $15-per-day non-interest holding cost (C??) is an estimate. No published source reports a per-vehicle, per-day figure for noninterest inventory-carrying costs. This estimate derives from aggregate dealership operating data. National Automobile Dealers Association financial profiles report average dealership payroll of about $5.39 million annually—roughly $449,000 per month—with payroll typically accounting for about 40%–50% of operating expenses. That implies total operating costs of roughly $900,000–$1.1 million per month per dealership. See Nat’l Auto. Dealers Ass’n, NADA Data: Annual Financial Profile of America’s Franchised New-Car Dealerships (2024), https://www.nada.org/nada/research-data/nada-data. To remain conservative, this brief assumes total operating costs of about $500,000 per month, only modestly above payroll and therefore likely understating the full overhead associated with maintaining dealership facilities and inventory. A typical dealership lot holds about 150–250 vehicles. See Andy Kalmowitz, Nearly 3 Million Cars Are Sitting on Dealer Lots, Jalopnik (July 12, 2024), https://www.jalopnik.com/nearly-3-million-cars-are-sitting-on-dealer-lots-1851587949 (reporting 2.89 million vehicles across roughly 17,000 lots). Allocating a conservative share of dealership operating costs to inventory maintenance—including insurance, lot upkeep, security, and depreciation exposure—yields an estimated holding cost of roughly $10–$20 per vehicle per day, assuming that about 10%–20% of dealership operating costs relate to maintaining inventory on dealership lots. This brief uses the midpoint of that range.

[71] Bd. of Governors Fed. Rsrv. Sys., Bank Prime Loan Rate [DPRIME], FRED, Fed. Rsrv. Bank St. Louis, https://fred.stlouisfed.org/series/DPRIME (last visited Feb. 25, 2026).

[72] Gérard P. Cachon & Marcelo Olivares, Drivers of Finished-Goods Inventory in the U.S. Automobile Industry, 56 Mgmt. Sci. 202 (2009), https://doi.org/10.1287/mnsc.1090.1095; Marcelo Olivares & Gérard P. Cachon, Competing Retailers and Inventory: An Empirical Investigation of General Motors’ Dealerships in Isolated U.S. Markets, 55 Mgmt. Sci. 1586 (2009), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1946447.

[73] Adam Copeland, Wendy E. Dunn & George Hall, Inventories and the Automobile Market, 42 RAND J. Econ. 121 (2011), https://www.jstor.org/stable/23046792.

[74] Lapidus, supra note 40, as cited in Bodisch, supra note 3.

[75] Nat’l Auto. Dealers Ass’n, NADA Data: Annual Financial Profile of America’s Franchised New-Car Dealerships (2024), https://www.nada.org/nada/research-data/nada-data.

[76] Nat’l Auto. Dealers Ass’n, NADA Market Beat (2025), https://www.nada.org/nada/research-data/market-beat (reporting a seasonally adjusted annual rate of approximately 16.2–16.3 million units).

[77] Mark C. Anderson, Rajiv D. Banker & Surya Janakiraman, Are Selling, General, and Administrative Costs “Sticky”?, 41 J. Acct. Rsch. 47 (2003), https://www.jstor.org/stable/3542244.

[78] Francine Lafontaine & Fiona Scott Morton, Markets: State Franchise Laws, Dealer Terminations, and the Auto Crisis, 24 J. Econ. Persp. 233 (2010), https://doi.org/10.1257/jep.24.3.233.

[79] Lapidus, supra note 40, as cited in Bodisch, supra note 3.

[80] See Cox Auto. Inc., supra note 21.

[81] Id.

[82] Ambarish Chandra, Sumeet Gulati & James Sallee, Who Loses When Prices Are Negotiated? An Analysis of the New Car Market, 65 J. Indus. Econ. 235 (2017), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2602526.

[83] Meghan R. Busse, Jorge Silva-Risso & Florian Zettelmeyer, $1,000 Cash Back: The Pass-Through of Auto Manufacturer Promotions, 96 Am. Econ. Rev. 1253 (2006), https://www.nber.org/system/files/working_papers/w10887/w10887.pdf.

[84] Andreas Grunewald et al., Auto Dealer Loan Intermediation: Consumer Behavior and Competitive Effects, Nat’l Bureau Econ. Rsch., Working Paper No. 28136 (2020), https://doi.org/10.3386/w28136.

[85] Lapidus, supra note 40, as cited in Bodisch, supra note 3.

[86] Renee Valdes, Destination Charges and Dealer Fees Explained, Autotrader (Apr. 30, 2024), https://www.autotrader.com/car-shopping/new-car-delivery-or-destination-charges-explained.

[87] Mike Monticello, The Truth About Destination Fees, Consumer Reps. (Aug. 15, 2023), https://www.consumerreports.org/cars/buying-a-car/the-truth-about-destination-fees-a1615480982; Chris Hardesty, What Are Destination Charges?, Kelley Blue Book (May 2, 2025), https://www.kbb.com/car-advice/what-are-destination-charges.

[88] See, e.g., Powers Swain Chevrolet, Will a Car Dealership Drop the Transfer Fee from Another Dealership? (July 5, 2024), https://www.pschevy.com/blog/2024/july/5/will-a-car-dealership-drop-the-transfer-fee-from-another-dealership.htm (reporting a $194.50 transfer fee for a dealer-to-dealer vehicle locate).

[89] See Carvana Co., Cost Structure Details (Nov. 2023), https://investors.carvana.com/~/media/Files/C/Carvana-IR/documents/cost-structure-details.pdf (reporting per-unit cost advantages of $1,200–$2,600 from vertically integrated inbound transportation, reconditioning, and customer delivery); see also infra § 6 (Cross-Check) (comparing Tesla’s SG&A per delivery with legacy OEMs).

[90] Bloomberg Intelligence, Retail Auto Dealers Deep Dive (June 5, 2024), https://www.madaonline.com/sites/default/files/Bloomberg_Intelligence_Retail_Auto_Dealers_June_2024.pdf.

[91] Id.

[92] See U.S. Bureau Lab. Stat., CPI Inflation Calculator, https://www.bls.gov/data/inflation_calculator.htm (last visited Feb. 25, 2026) (reporting that $26,000 in 2000 equals $50,098.06 in 2026, a cumulative increase of more than 92%).

Executive Summary

Policymakers have proposed capping credit card interest rates to provide relief to consumers. A recent Vanderbilt Policy Accelerator study argues that banks’ margins are sufficient to absorb such caps while continuing to lend profitably, yielding net consumer savings.

That conclusion relies on a static framework that asks only whether lending remains arithmetically viable under a cap. It does not consider how lenders, borrowers, and competing providers will respond when risk-based pricing is constrained. Economic theory and evidence show that credit markets adjust along other margins: supply contracts for higher-risk borrowers, shifts toward lower-risk segments, and migrates to substitute or informal channels.

The Vanderbilt study also rests on unsupported assumptions. It assumes issuers will uniformly price at the cap, even though that could raise costs for prime borrowers and turn a ceiling into a de facto floor. It assumes banks will offset losses by cutting advertising, despite likely effects on competition and innovation. And it evaluates viability using accounting returns, rather than the risk-adjusted returns that drive capital allocation.

A proper welfare analysis must account for borrowers pushed out of the market, substitution into costlier alternatives, fee shifting, and reduced innovation. Evidence from prior reforms and international experience confirms these effects.

Credit markets are dynamic. Price ceilings do not eliminate risk or create credit; they reallocate it. The relevant question is whether restricting risk-based pricing improves welfare once these adjustments are considered. The evidence suggests it does not.

I. Introduction

Policymakers across the political spectrum have recently proposed bills to impose price controls on credit card interest rates. In February 2025, Sens. Josh Hawley (R-Mo.) and Bernie Sanders (I-Vt.) introduced S.381, the 10 Percent Credit Card Interest Rate Cap Act.[1] Sanders argued that the legislation would provide “desperately needed financial relief” to working families struggling to pay their bills.[2]

Economists have long viewed such proposals with skepticism. Price controls are blunt instruments, and their unintended but predictable effects often outweigh any intended benefits. It is therefore notable that in September 2025 the Vanderbilt Policy Accelerator published a study concluding that interest-rate caps would benefit consumers.[3]

This brief evaluates that study’s methodology, analysis, and conclusions. The study asks whether banks’ current profit margins are sufficient to absorb a mandated rate cut—and answers yes. But it does not address the more relevant question: how banks, borrowers, and substitute lenders will respond to a binding price ceiling. That question has been studied extensively, and the evidence does not favor rate-cap proponents.

II. The Limits of Static Analysis

The Vanderbilt study, authored by Brian Shearer—a lawyer and former assistant director at the Consumer Financial Protection Bureau (CFPB)—uses comparative static analysis to estimate the effects of capping credit card interest rates at 10%, 15%, or 18%. It relies on data from a Federal Reserve Bank of New York report by Itamar Drechsler (hereinafter the “Drechsler Report”), which decomposes credit card profitability into key components: interest spread, charge-off losses, interchange revenue, rewards costs, fee revenue, and operating expenses. The data cover borrower and transactor accounts across 14 FICO score bins, ranging from 600 to 850.[4]

Shearer replaces the observed interest spread with a hypothetical spread consistent with each proposed cap—for example, a 5% spread under a 10% cap, assuming a 5% federal funds rate. He then recalculates return on assets (ROA) and asks whether it remains positive.

The results appear striking. Under a 15% cap, nearly every FICO tier generates positive returns without adjustments to rewards or operating costs, suggesting that existing margins could absorb a meaningful rate reduction. Under a 10% cap, ROA turns negative in tiers below FICO 780 before adjustments. Shearer argues, however, that banks could restore profitability by cutting rewards in those tiers and trimming what he characterizes as “bloated advertising budgets,”[5] while still leaving consumers better off because interest savings would exceed rewards reductions by at least three to one.

These calculations are internally consistent but rest on a critical assumption: that a federal price control on credit card rates would produce no behavioral response. The analysis assumes no credit rationing, no product substitution, no fee shifting, and no portfolio rebalancing. That assumption is not merely contestable—it conflicts with extensive empirical evidence on how credit markets respond to binding price ceilings.

A sound policy analysis must also look beyond borrowers who remain in the market. Consumer welfare cannot be measured solely by comparing interest payments before and after a cap. It must account for borrowers who are rationed out of credit markets, the costs of shifting to substitute or informal credit, changes in fees and other less-salient pricing terms, reduced competition and innovation, and the reallocation of capital toward uncapped products. A policy that lowers rates for some borrowers while excluding others—or pushing them into inferior alternatives—may produce visible short-term savings while reducing overall welfare once these broader adjustments are considered. Because the Vanderbilt study focuses only on projected savings within the existing portfolio, it does not capture the full economic consequences of a binding cap.

III. Credit Rationing Under Price Controls

In a seminal 1981 paper, Andrew Weiss and Nobel Prize–winning economist Joseph Stiglitz showed that when lenders cannot adequately price risk—whether due to a binding usury cap or asymmetric information—markets do not clear through prices.[6] Instead, they clear through quantity rationing. When lenders cannot raise interest rates to reflect higher risk, they restrict the supply of credit to riskier borrowers.

Credit card markets follow this logic. A binding rate cap prevents lenders from charging risk-adjusted prices to higher-risk borrowers. Lenders respond by tightening nonprice terms: raising minimum credit score thresholds, lowering credit limits, shortening maturities, requiring additional collateral, or denying credit altogether. The result is both a reduction in total credit and a reallocation of credit toward lower-risk borrowers.

Shearer acknowledges this dynamic only at the margins. He notes, for example, that lending to borrowers with FICO scores of 600 and below may decline under a 10% cap because those accounts remain unprofitable even after eliminating rewards and cutting advertising. He treats this as a narrow and acceptable edge case, suggesting that “at that risk-level, we might see increases in other fees or a reduction in lending.”[7]

That framing understates the stakes. Even if the effects were limited to borrowers with FICO scores of 600 and below, excluding them from the credit card market would raise serious concerns. This group may represent “only 12% of Americans,” but dismissing granting their ability to access credit cards as resembling “predatory lending”[8] overlooks why their borrowing costs are higher in the first place: elevated default risk. Higher APRs reflect that risk; they do not create it. Nor does the possibility of debt cycles justify denying access to credit altogether. If anything, evidence on product substitution suggests that consumers denied mainstream credit often turn to more expensive or less regulated alternatives.

At bottom, this reasoning reflects a paternalistic premise: that individuals with low FICO scores are better off excluded from credit markets than allowed to borrow at risk-adjusted prices. That premise is both contestable and inconsistent with evidence on how consumers respond to credit constraints.

Rationing, moreover, is not confined to the lowest FICO tiers. A 2025 Federal Reserve Bank of New York study by Rajashri Chakrabarti et al. examined the introduction of 36% APR caps in several states and found that credit to higher-risk borrowers contracted, while credit to lower-risk borrowers expanded—exactly the reallocation predicted by theory.[9] The effects were concentrated among borrowers whose risk profiles implied market-clearing rates above the cap. If a 36% cap produces measurable rationing, a 10% or 15% federal cap would likely have far more pronounced effects.

A static accounting framework cannot capture these dynamics because it does not model behavior. Shearer’s approach shows only that bank profitability at each FICO tier is arithmetically consistent with lower interest rates. That is true in the same narrow sense that a restaurant’s gross margins might appear sufficient to absorb a price ceiling. What the arithmetic cannot show is whether the restaurant will remain open, change its menu, shift costs, or exit the market. Credit markets are not vending machines that dispense loans at regulator-set prices.

IV. Substitution Effects and Credit Migration

The Vanderbilt study largely ignores a central question: what happens to borrowers who lose access to credit cards—or face sharply reduced credit limits—under a binding rate cap? This is not a theoretical concern. A World Bank review of interest-rate caps across more than 70 countries identifies “migration to the least-constrained channel” as a pervasive and well-documented response.[10] When regulation targets a specific product, lenders adjust, and borrowers seek substitutes.

One such substitute is buy now, pay later (BNPL) financing—e.g., pay-in-four loans financed by merchants—as well as installment loans repaid over time with interest. The CFPB’s January 2025 report finds that about 21% of Americans with a credit score have used BNPL.[11] Use is heavily concentrated among lower-credit borrowers: “subprime” consumers (FICO scores of 580–619) account for 16% of BNPL loans, while “deep subprime” consumers (FICO scores of 300–579) account for 45%.[12] These are precisely the borrowers most likely to face credit restrictions under a binding cap on credit card interest rates.

BNPL, however, is an imperfect substitute for credit cards. Merchant offers of BNPL remain limited, and much more limited than the general prevalence of credit card acceptance. BNPL products also typically offer weaker fraud protections (for example, completely lacking zero-liability policies), along with more cumbersome dispute-resolution processes than credit card chargebacks. They also generally do not provide insurance benefits. In addition, pay-in-four products are usually limited to smaller purchases.

For larger purchases, borrowers may turn to installment loans. But annual percentage rates (APRs) on such loans for lower-FICO borrowers often match or exceed credit card rates. At the same time, many states have imposed caps on installment-loan APRs, which has reduced or eliminated their availability for the very consumers most likely to be rationed out of the credit card market.

Borrowers who cannot access credit cards, BNPL, or installment loans may turn to other sources, such as payday lending, which is often more expensive. If caps extend across all legal credit products—through a federal usury rule, for example—some borrowers will turn to illegal lending markets.

International experience underscores this risk. After Japan tightened rate caps under the 2006 revision of the Money Lending Business Act, consumer-finance balances fell sharply, while illegal lending expanded. Some illegal lenders reportedly charged rates as high as 10% per week—equivalent to an APR of 14,104%.[13] Korea’s experience is similar. After progressively lowering its statutory maximum rate to 20% by 2021, one study estimates that a single 2018 rate reduction pushed roughly 659,000 borrowers into informal or illegal credit channels.[14]

The Vanderbilt study’s failure to engage with these substitution effects is not a minor omission. It overlooks one of the most consistent empirical findings in the literature on price controls in credit markets.

V. Fee Shifting and Hidden Price Adjustments

When governments cap one source of revenue, lenders typically recover losses elsewhere. Fee shifting is a well-documented response to interest-rate restrictions. It can take many forms: higher annual fees, increased penalty and late fees, reduced benefits such as credit insurance, tighter grace periods, and higher minimum payment requirements that raise the effective cost of revolving balances.

Shearer argues that such fee shifting is unlikely, relying on a 2015 study by Sumit Agarwal, Souphala Chomsisengphet, Neale Mahoney, and Johannes Stroebel on the effects of the CARD Act. That study estimated that the act’s fee restrictions saved consumers $11.9 billion annually, with “no evidence of an offsetting increase in interest charges or a reduction in the volume of credit.”[15] But more recent research—using longer time horizons, richer data, and structural models unavailable to Agarwal et al.—reaches a different conclusion. The evidence now indicates that the CARD Act produced substantial fee shifting, altered competitive dynamics, restricted credit access for higher-risk borrowers, and imposed welfare costs that the study’s framework did not capture.

Agarwal et al. based their conclusions on a difference-in-differences model applied over a short observation window. Broader evidence tells a different story. The CFPB’s own 2013 report found that “[d]ue to the increase in both the incidence and average dollar amount of annual fees, consumers…paid an additional $475 million in annual fees in 2012.”[16]

Fee shifting has also intensified over time. Using CFPB data, the Consumer Bankers Association reports that total annual fees have doubled since 2015. While increased card issuance explains part of that growth, issuers also shifted the fee burden away from subprime borrowers and toward higher-credit tiers.[17] Lenders did not simply absorb lost revenue; they restructured pricing in ways that short-run models could not detect.

Agarwal et al. acknowledged these limits. With only two years of post–CARD Act data, they could not evaluate longer-run effects on market entry and exit, contract structure, or investment.[18] Subsequent evidence shows precisely those adjustments: rising annual fees, redesigned rewards programs, and changes in competitive behavior.

The most rigorous challenge to Agarwal et al. comes from Scott Nelson’s structural model of the credit card market.[19] Accounting for private information in repricing—the mechanism the CARD Act restricts—Nelson finds distributional effects absent from earlier work. Pricing became less responsive to both public and private measures of borrower risk, and price dispersion fell by roughly one-third, indicating more pooled pricing. Rates declined for higher-risk and less price-sensitive borrowers, while rising elsewhere—including for some borrowers with low FICO scores but favorable private risk profiles.

In other words, the CARD Act induced substantial fee shifting and cross-subsidization. It also contributed to partial market unraveling among relatively safe subprime borrowers, who were priced out of credit they would otherwise have received. Nelson further shows that part of the earlier study’s measured increase in “consumer surplus” reflects reduced lender profits—a transfer to remaining borrowers, not a net welfare gain. That transfer came at the expense of borrowers who exited the market entirely, whose losses are not captured in account-level data.[20]

Other studies corroborate these findings. Yiwei Dou, Julapa Jagtiani, Joshua Ronen, and Kenechukwu Maingi show that the ratio of credit limits to total available credit declined for subprime borrowers relative to higher-score groups after the CARD Act.[21] Crucially, this shift began with the legislation—not during the Great Recession—undermining claims that macroeconomic conditions drove the change. Song Han, Benjamin Keys, and Geng Li find similar effects in credit card solicitation data, documenting a contraction in supply to subprime borrowers.[22] Gregory Elliehausen and Simona Hannon find that restrictions on risk-management practices reduced credit card holding among higher-risk consumers and increased reliance on consumer finance loans in states where those loans remained viable.[23] In short, borrowers who lost access to credit cards shifted to costlier alternatives—a welfare loss not reflected in the original estimates.

Finally, Shearer contends that consumers choose credit cards based on salient features such as annual fees and rewards, limiting issuers’ ability to shift costs. But if consumers focus on visible terms, issuers have stronger incentives to adjust less salient ones: tighter grace periods, higher minimum payments, and more aggressive penalty structures. The study does not model these margins of adjustment.

VI. The Uniform Pricing Assumption

A further key assumption in the Vanderbilt study is that all issuers will charge the capped interest rate to all borrowers. Shearer describes this as a “conservative” assumption, reasoning that if banks charge less than the cap, consumers save even more. But the assumption is neither conservative nor empirically grounded.

It may hold for lower-FICO tiers, where current rates exceed any proposed cap. For higher-FICO borrowers—particularly those currently paying interest spreads in the 8–12% range—the assumption implies that rates would rise under a cap, not fall. Shearer acknowledges as much, noting that under an 18% cap, borrowers with FICO scores above 760 would pay roughly $7 billion more each year.

The assumption draws on the payday-lending literature, where lenders often charge the maximum permissible rate.[24] But that pattern reflects the structure of payday lending, which targets high-risk borrowers with few alternatives. In that context, the cap may approximate the minimum viable rate. Credit card markets are different. Issuers serve borrowers across a wide range of risk profiles and compete on multiple price and nonprice dimensions. By assuming uniform pricing at the cap, the study imports a model that does not fit the market it seeks to analyze.

If issuers continue to price below the cap for prime borrowers, the study overstates consumer savings. If they instead converge on the cap, then the policy functions as a price floor for low-risk borrowers—raising their borrowing costs while purporting to help consumers. Either way, the study’s savings estimates are unreliable.

VII. The Advertising Assumption

In FICO tiers where static ROA turns negative under a rate cap, the Vanderbilt study assumes that banks will restore profitability by cutting advertising expenditures. That assumption is flawed in several respects.

First, the study assumes that marketing accounts for 20% of expenses across all issuers and FICO tiers.[25] This figure derives from a single observation about Capital One’s expense structure in the Drechsler Report—and refers to “marketing,” not advertising.[26] That is a thin empirical basis for a system-wide assumption with significant analytical consequences.

Second, marketing is not a discretionary expense that banks can reduce without tradeoffs. It is an endogenous investment in customer acquisition and retention. Marketing allows issuers to inform consumers about existing products and introduce new ones. A uniform reduction in marketing might leave relative market shares unchanged, but only by dampening competition and slowing product differentiation. That outcome appears implicit in the study’s assumption.

Reduced marketing would also affect innovation. If expected returns fall, banks will scale back investment in new products and features. Lower marketing spend reduces product adoption and revenue, weakening incentives to invest in improvements such as fraud protection, insurance benefits, and digital account management tools. These are not marginal features; they are central to the value proposition of modern credit cards.

More fundamentally, the claim that advertising budgets are “bloated” lacks a clear benchmark. The assumption that banks will absorb the effects of rate caps primarily through advertising cuts reflects the same static logic that underpins the broader analysis. In reality, banks would adjust along multiple margins—credit rationing, product substitution, and fee restructuring among them. Assigning the entire adjustment burden to marketing is inconsistent with both theory and evidence.

VIII. Capital Allocation and Opportunity Cost

A final—and more fundamental—weakness in the Vanderbilt study lies in its treatment of capital allocation and opportunity cost. The study assumes that a positive ROA is sufficient to sustain lending within a given FICO tier. If projected ROA remains above zero—or above the federal funds rate—lending is deemed “viable.” That framing misstates how banks allocate capital and leads to an overly optimistic view of credit card lending under rate caps.

Banks do not evaluate business lines against a zero-profit threshold. They allocate scarce regulatory capital based on risk-adjusted return on capital (RAROC).[27] The relevant question is not whether a product generates a positive accounting return, but whether it generates a return commensurate with the capital it consumes, the volatility of its cash flows, its correlation with macroeconomic risk, and the returns available from alternative uses of capital.

Credit cards score poorly on these dimensions. They are unsecured, operationally intensive, and highly procyclical. Charge-off rates rise sharply in downturns, reflecting both income volatility and the absence of collateral.[28] Under Basel standards and U.S. implementing regulations, unsecured revolving credit carries materially higher capital charges than many secured products.[29] Banks must hold capital against unexpected losses, not just expected losses, precisely because these portfolios exhibit elevated loss volatility.[30]

Rate caps compress the risk premium available to compensate for that volatility. If a 15% cap reduces projected ROA in binding tiers to roughly 2%, as the Vanderbilt study suggests, that figure must be evaluated in context. A 2% ROA on a high-risk, high-volatility unsecured product is not equivalent to a 2% ROA on secured lending or fee-based activities. Nor is it equivalent to alternative uses of capital once returns are evaluated on a risk-adjusted basis.

The federal funds rate is also the wrong benchmark. Banks cannot freely redeploy capital into reserves and earn the policy rate without regard to capital requirements, liquidity rules, leverage constraints, and shareholder expectations.[31] The relevant comparison is the marginal risk-adjusted return available elsewhere. If capped returns fall below a bank’s internal hurdle rate—typically set above its cost of equity and calibrated to portfolio risk—capital will have to be reallocated.[32]

That reallocation need not be dramatic to matter. Even modest shifts toward prime borrowers, secured lending, commercial credit, or fee-based services would reduce supply in the segments where caps bind most tightly. The Vanderbilt framework assumes capital remains in place so long as returns are positive. In practice, capital flows to its highest risk-adjusted use.[33]

Static ROA analysis also misses the dynamic nature of credit card lending. These portfolios depend on sustained investment in underwriting, fraud detection, rewards systems, customer acquisition, and digital servicing. Lower expected lifetime returns reduce incentives to invest. Banks will respond by tightening underwriting, lowering credit limits, scaling back acquisitions, and reducing exposure to cyclical segments. Over time, these adjustments contract effective supply—even if accounting ROA never turns negative.

Price controls also distort risk across the business cycle. In expansions, upside is capped; in downturns, losses are not. This asymmetric payoff further discourages capital allocation to capped products. Banks earn less in good times while bearing full downside risk in bad times. The rational response is to shift capital toward assets where pricing can adjust with risk—a pattern well documented in the banking literature.[34]

In short, a positive projected ROA under a rate cap does not establish economic viability. The relevant test is whether returns exceed the full opportunity cost of capital on a risk-adjusted basis. The Vanderbilt study does not perform that test. By treating positive accounting returns as sufficient, it understates the likelihood of capital reallocation and credit contraction in the very segments the policy aims to help.

IX. Conclusion

The Vanderbilt Policy Accelerator study offers an ambitious attempt to quantify the effects of federal credit card interest-rate caps. Its central claim is that banks’ existing profit margins can absorb a mandated reduction in interest spreads while remaining profitable, thereby delivering net savings to consumers. That conclusion rests on a narrow comparative-static framework that asks only whether credit card lending remains arithmetically viable under a capped rate. It does not ask how market participants will respond once risk-based pricing is constrained.

Credit markets are dynamic. They rely on risk differentiation, portfolio optimization, and capital allocation under regulatory constraints. Theory and empirical evidence show that when a binding price ceiling prevents lenders from pricing for risk, adjustment occurs along other margins. Credit supply contracts for higher-risk borrowers, shifts toward lower-risk borrowers, and migrates into substitute or informal channels. Lenders restructure revenue through fees and less-salient pricing terms. Capital flows toward products with stronger risk-adjusted returns.

The Vanderbilt framework cannot capture these dynamics. By treating positive projected ROA as evidence of continued supply, it overlooks the relevant benchmark: risk-adjusted return on capital. Credit card lending is unsecured, operationally intensive, and procyclical. When caps compress margins, they reduce the risk premium available to compensate for volatility and downturn exposure. Even if accounting returns remain positive, capital may rationally move elsewhere.

The study’s uniform-pricing assumption further undermines its conclusions. If issuers continue to price below the cap for prime borrowers, the study overstates consumer savings. If they instead converge on the cap, the policy risks functioning as a price floor for low-risk borrowers. Either outcome calls the projected savings into question.

Most importantly, the study evaluates welfare only for borrowers who remain in the capped market. It does not account for those excluded from credit, those pushed into higher-cost or less-regulated alternatives, reduced innovation, or long-run contractions in supply. Transfers within a shrinking market do not constitute net welfare gains.

Price ceilings in credit markets do not eliminate risk or create credit. They reallocate it. They change who receives credit, on what terms, and from which providers. Whether that reallocation improves welfare depends on general-equilibrium effects—not on whether a mandated rate aligns with current accounting margins.

The relevant policy question is not whether banks can absorb lower interest spreads in a static model. It is whether restricting risk-based pricing improves consumer welfare once rationing, substitution, fee restructuring, and capital reallocation are taken into account. On that question, the weight of theory and evidence is far less reassuring than the Vanderbilt study suggests.

[1] 10 Percent Credit Card Interest Rate Cap Act, S. 381, 119th Cong. (2025), https://www.congress.gov/bill/119th-congress/senate-bill/381.

[2] Bernie Sanders, News: Sanders, Hawley Introduce Bill Capping Credit Card Interest Rates at 10%, U.S. Senate (Feb. 4, 2025), Press Release, https://www.sanders.senate.gov/press-releases/news-sanders-hawley-introduce-bill-capping-credit-card-interest-rates-at-10.

[3] Brian Shearer, Capping Credit Card Rates, Vanderbilt Policy Accelerator (Sept. 2025), https://cdn.vanderbilt.edu/vu-URL/wp-content/uploads/sites/412/2025/10/01144344/Capping-Credit-Card-Rates.pdf [hereinafter Vanderbilt Study].

[4] Itamar Drechsler et al., Credit Card Banking, Fed. Rsrv. Bank of N.Y. Staff Rep. No. 1143 (2025), https://www.newyorkfed.org/medialibrary/media/research/staff_reports/sr1143.pdf [hereinafter Drechsler Report].

[5] Vanderbilt Study, supra note 3, at 7, 17.

[6] Joseph E. Stiglitz & Andrew Weiss, Credit Rationing in Markets with Imperfect Information, 71 Am. Econ. Rev. 393 (1981).

[7] Vanderbilt Study, supra note 3, at 24.

[8] Id. at 25.

[9] Rajashri Chakrabarti et al., Less for You, More for Me: Credit Reallocation and Rationing Under Usury Limits, Fed. Rsrv. Bank of N.Y. Staff Rep. No. 1173 (2025).

[10] Samuel Munzele Maimbo & Claudia Alejandra Henriquez Gallegos, Interest Rate Caps Around the World: Still Popular, But a Blunt Instrument, World Bank Pol’y Rsch. Working Paper No. 7070 (2014).

[11] Consumer Fin. Prot. Bureau, Consumer Use of Buy Now, Pay Later and Other Unsecured Debt 1 (Jan. 2025).

[12] Id. at 14.

[13] Shigeru Sato & Shingo Kawamoto, Loan-Shark Lending Surge Feared in Japan, Bloomberg (Aug. 8, 2012), https://www.bloomberg.com/news/articles/2012-08-07/loan-shark-lending-surge-feared-in-japan.

[14] Aurora Ferrari et al., Interest Rate Caps: The Theory and the Practice, World Bank Pol’y Rsch. Working Paper No. 8398, at 18–20 (2018).

[15] Sumit Agarwal et al., Regulating Consumer Financial Products: Evidence from Credit Cards, 130 Q.J. Econ. 111, 112 (2015).

[16] Consumer Fin. Prot. Bureau, CARD Act Report 25 (2013), https://files.consumerfinance.gov/f/201309_cfpb_card-act-report.pdf.

[17] Consumer Bankers Ass’n, Facts Matter: CARD Act Report Reveals Credit Card Fee Landscape in Stark Contrast to CFPB’s Misleading Headlines (2024), https://consumerbankers.com/press-release/facts-matter-card-act-report-reveals-credit-card-fee-landscape-in-stark-contrast-to-cfpbs-misleading-headlines.

[18] Agarwal et al., supra note 15, at 157–58.

[19] Scott T. Nelson, Private Information and Price Regulation in the US Credit Card Market, 93 Econometrica 1371, 1371 (2025).

[20] Id. at 1372.

[21] Yiwei Dou et al., The Credit Card Act and Consumer Debt Structure, 7 J.L. Fin. & Acct. 91, 91-92 (2022).

[22] Song Han, Benjamin J. Keys & Geng Li, Information, Contract Design, and Unsecured Credit Supply: Evidence from Credit Card Mailings, Bd. of Governors of the Fed. Rsrv. Sys., Fin. & Econ. Discussion Series No. 2015-103 (2015).

[23] Gregory Elliehausen & Simona M. Hannon, The Credit Card Act and Consumer Finance Company Lending, 34 J. Fin. Intermediation 109, 109-10 (2018).

[24] Vanderbilt Study, supra note 3, at 14 (“[P]ayday lenders uniformly charge the maximum interest rate allowed by state law.”).

[25] Id. at 17-18.

[26] Drechsler Report, supra note 4, at 29 (noting that Capital One’s marketing accounts for about 20% of total expenses); Vanderbilt Study, supra note 3, at 18 (assuming 20% of operating expenses in each tier go to advertising based on that estimate).

[27] Joel M. Bessis, Risk Management in Banking 197–205 (4th ed. 2015) (explaining RAROC frameworks, internal capital allocation, and risk-adjusted performance measurement in banking institutions).

[28] Ronald J. Mann, Charging Ahead: The Growth and Regulation of Payment Card Markets 96–101 (2006) (describing cyclicality and loss volatility in credit card portfolios); Fed. Deposit Ins. Corp., Quarterly Banking Profile tbl. RC-N (various years) (showing elevated, recession-sensitive net charge-off rates for credit card loans relative to other loan categories).

[29] Basel Comm. on Banking Supervision, Basel III: A Global Regulatory Framework for More Resilient Banks and Banking Systems ¶¶ 49–54, 153–159 (rev. June 2011) (describing capital buffers and the treatment of credit risk exposures); 12 C.F.R. pt. 3, subpt. D (2024) (OCC risk-based capital rules); 12 C.F.R. pt. 217, subpt. D (2024) (Federal Reserve capital rules implementing Basel standards).

[30] Basel Comm. on Banking Supervision, International Convergence of Capital Measurement and Capital Standards ¶¶ 330–335 (June 2006) (assigning risk weights and capital treatment for qualifying revolving retail exposures, including credit card receivables).

[31] Basel Comm. on Banking Supervision, Basel III: The Liquidity Coverage Ratio and Liquidity Risk Monitoring Tools ¶¶ 14–25 (Jan. 2013) (establishing liquidity coverage requirements); 12 C.F.R. pt. 249 (2024) (U.S. liquidity coverage ratio rule).

[32] Robert C. Merton & André F. Perold, Theory of Risk Capital in Financial Firms, 1 J. Applied Corp. Fin. 16, 19–24 (1993) (developing internal risk-capital allocation principles and hurdle-rate logic for financial institutions).

[33] Franklin Allen & Douglas Gale, Competition and Financial Stability, 55 J. Money, Credit & Banking 453, 458–63 (2004) (analyzing capital-allocation decisions and risk-taking incentives under competitive constraints).

[34] Anil K. Kashyap & Jeremy C. Stein, Cyclical Implications of the Basel II Capital Standards, 49 Econ. Persp. 18, 20–24 (2004) (discussing the procyclicality of bank capital requirements and lending behavior); Viral V. Acharya et al., Capital Shortfall: A New Approach to Ranking and Regulating Systemic Risks, 102 Am. Econ. Rev. 59, 61–64 (2012) (analyzing capital adequacy and downside risk exposure in financial institutions).

Executive Summary

Several states are considering legislation that would require large grocery suppliers to offer identical prices and contract terms to all retailers purchasing the same quantity of goods. New York Senate Bill S8563—the “Consumer Grocery Pricing Fairness Act”—is a leading example.

The proposal aims to prevent large national retailers from negotiating better wholesale prices than smaller independent grocers. Supporters argue that large retailers use their buying power to secure discounts unavailable to smaller stores, creating a “waterbed effect” in which suppliers recover lost revenue by charging smaller retailers higher prices. They contend that this dynamic harms independent grocers and contributes to food deserts in low-income communities.

This issue brief concludes that, while these concerns are understandable, the proposed legislation would likely raise grocery prices, reduce competition, and harm the consumers it intends to help.

S8563 would require large food manufacturers—those with more than $6 billion in annual sales—to offer identical “terms of sale” to retailers purchasing the same volume of goods, defined as up to a single truckload. “Terms of sale” include prices, discounts, rebates, delivery terms, promotional allowances, and other contractual provisions. The bill would also require suppliers to disclose anonymized contract terms offered to dominant retailers upon request. Violations could trigger enforcement actions by the state attorney general or private plaintiffs, with penalties of up to three times actual damages.

In practice, the legislation establishes a mandatory price-parity rule. If a supplier offers a discount to one covered retailer, it must extend the same terms to all similarly situated buyers. Because any discount would immediately apply across the market, suppliers would have strong incentives to eliminate targeted discounts and adopt uniform, higher wholesale prices.

Price differences across buyers are common in competitive markets and often reflect legitimate efficiencies. Large retailers frequently receive lower wholesale prices because they purchase in higher volumes, place predictable orders, and reduce suppliers’ distribution and marketing costs. Those efficiencies lower suppliers’ per-unit costs and often translate into lower retail prices for consumers. Research shows that large-format retailers such as Walmart frequently offer lower grocery prices and that their presence can prompt competing stores to reduce prices as well.

Mandatory price uniformity weakens those competitive dynamics. Economic theory and historical experience—particularly under the Robinson-Patman Act—suggest that price-parity rules discourage discounting and push suppliers toward rigid, uniform pricing structures.

Supporters of the legislation rely heavily on the “waterbed effect,” the idea that discounts to large buyers force suppliers to charge higher prices to smaller ones. While this concept appears in economic theory, it arises only under specific market conditions and has limited empirical support. Suppliers typically set prices based on each buyer’s demand conditions and competitive alternatives, not to offset discounts offered to other customers.

The bill’s disclosure requirements raise additional concerns. By requiring suppliers to disclose anonymized contract terms from dominant retailers, the legislation could reduce incentives to negotiate discounts. Economic research shows that greater pricing transparency in concentrated markets can facilitate coordination and weaken price competition. Advances in artificial intelligence further complicate the assumption that disclosed contract terms can remain effectively anonymized.

The legislation is also justified as a response to food deserts and nutritional inequality. Empirical research, however, indicates that limited geographic access to grocery stores explains only a modest portion of observed differences in diet quality. Much of the disparity reflects differences in consumer demand, rather than wholesale pricing conditions.

If the legislation raises wholesale prices or reduces discounting, the resulting retail price increases are likely to fall disproportionately on low-income households that rely on high-volume, low-margin retail formats. Increased regulatory risk could also discourage investment in new stores, particularly in underserved communities.

Policies aimed at supporting small grocers and improving food access address legitimate concerns. Mandatory wholesale price uniformity, however, is a blunt instrument. The available economic evidence suggests that such legislation would reduce discounting, increase grocery prices, and ultimately harm consumers—particularly those with the fewest alternatives.

I. Introduction and Overview

New York Senate Bill S8563—the “Consumer Grocery Pricing Fairness Act”—would prohibit large grocery suppliers from offering different prices, rebates, promotional allowances, or contract terms to retailers purchasing equivalent quantities of the same goods.[1] The bill applies to suppliers with more than $6 billion in annual sales and imposes additional restrictions on retailers with more than $18 billion in annual sales operating in more than 20 states. Violations would carry civil penalties of up to three times actual damages, enforceable by the New York attorney general or by private plaintiffs. Several other states are considering similar legislation.

Sen. Cordell Cleare, the bill’s sponsor, argues that large retailers extract preferential wholesale terms from suppliers.[2] Suppliers then raise prices to smaller, independent grocers to offset those discounts, creating what she describes as a “waterbed effect.” In her view, this price discrimination drives independent grocers out of business and contributes to the emergence of “food deserts,” where low-income neighborhoods lack adequate access to grocery stores.

This issue brief evaluates those claims against the relevant economic literature. It concludes that S8563—and similar bills under consideration in other states—would likely produce the opposite of their stated objectives. By prohibiting the negotiated discounts through which competitive pressure operates in grocery supply chains, the bill would reduce discounting across the market, raise average wholesale costs, and ultimately increase retail prices. The burden would fall most heavily on low-income consumers who rely on high-volume, low-margin retail formats.

The bill’s food-desert rationale also rests on a misreading of the empirical literature on nutritional inequality. Its mandatory disclosure provisions introduce an additional risk by facilitating the sort of coordinated pricing behavior that antitrust law seeks to prevent.

S8563 closely resembles pending legislation in Minnesota, Arizona, and Rhode Island, suggesting a coordinated multistate effort to establish a de facto national pricing standard through state law. Each proposal shares the same structural flaw: they treat price differences as presumptively anticompetitive without requiring any showing of consumer harm. That approach inverts the core logic of modern antitrust analysis.

II. How the Bill Works

S8563 would add a new Article 22-C to New York’s General Business Law. Its core provision—Section 350-k—makes it unlawful for a “covered supplier” to fail to extend the same “terms of sale” to all buyers purchasing on the same “volume unit basis” in “reasonably contemporaneous sales.” The bill defines “terms of sale” broadly. It covers not only price, but also discounts, rebates, delivery terms, payment terms, package size, promotional allowances, marketing devices, merchandising arrangements, and distribution terms, all evaluated on a per-unit basis.

This structure differs sharply from contractual most-favored-nation (MFN) clauses. In ordinary commercial practice, an MFN clause is a negotiated contractual provision under which a seller agrees to give a particular buyer terms no worse than those offered to other buyers. S8563 would effectively impose a statutory MFN regime. Covered suppliers would be legally required to offer the same terms to every similarly situated retailer, regardless of the parties’ negotiated agreements.

The bill defines “volume unit basis” as a base unit of measurement that cannot exceed a single truckload. That definition has significant practical consequences. The law treats the first truckload sold to an independent grocer the same as the 500th truckload sold to a national chain. Suppliers therefore must offer identical per-unit terms to both buyers. They cannot price the difference in predictability, logistics simplicity, or long-term planning value that a 500-truckload relationship provides.

TABLE 1: Major Retailers Covered by State Bills

[3] [4] [5] [6] [7]

The bill’s thresholds target the largest participants in the national grocery market while nominally exempting smaller firms. A “covered supplier” is any entity that produces and sells “covered goods” in New York with annual sales exceeding $6 billion (adjusted for inflation).[8] A “dominant covered retailer” is a retailer with more than $18 billion in annual retail sales of covered goods and at least one storefront or distribution center in more than 20 states, including New York.

The $18 billion retailer threshold captures Walmart, Costco, Ahold Delhaize, Whole Foods, Dollar General, and other national chains (Table 1). The $6 billion supplier threshold captures nearly all major branded food manufacturers—companies like PepsiCo, Nestlé, Kraft Heinz, General Mills, Conagra Brands, and Tyson Foods.[9]

A. Mandatory Disclosure of Competitors’ Pricing Terms

Section 350-k(2) requires that, upon written request from any covered retailer or wholesaler, a covered supplier must provide—within 14 days—anonymized terms of sale from all contracts with dominant covered retailers for the same covered good and volume unit basis during the prior 180 days. The provision converts competitively sensitive pricing information from a private bargaining asset into a quasi-public document accessible to any buyer that asks for it.[10]

B. Conditional Limits on Suppliers’ Ability to Refuse to Deal

The bill prohibits covered suppliers from refusing to sell to a non-dominant covered retailer that has paid on time during the previous 12 months and has requested equal terms, unless the supplier can demonstrate a “commercially reasonable justification.” The bill includes a construction clause stating it does not “require” doing business with anyone. In practice, however, the commercially reasonable justification standard functions as a conditional duty to deal. That requirement departs from the general rule in U.S. antitrust law that firms retain broad discretion to choose their trading partners.

C. Enforcement and Treble-Damages Liability

The New York attorney general may bring enforcement actions, and any “injured person” may file a private lawsuit. Available remedies include injunctions and civil penalties of up to three times actual damages—a treble-damages structure that mirrors the private remedy available under federal antitrust law. The bill also imposes agency liability for violations committed by contracted third parties, meaning a supplier cannot avoid liability by routing transactions through intermediaries.

The bill includes several affirmative defenses. Suppliers may justify pricing differences that are “predominantly attributable” to genuine distribution or manufacturing efficiencies, distress sales of perishable or seasonal goods, or coercion by a dominant retailer. The coercion defense requires the supplier to demonstrate that it did not collude, would have suffered substantial harm by refusing the dominant retailer’s demands, and made a good-faith effort to report the conduct to the attorney general—effectively requiring suppliers to act as state informants against their largest customers.

III. Parallel Legislation in Other States

S8563 forms part of a broader multistate legislative effort built on nearly identical statutory language, definitions, and thresholds.

A. Minnesota House File 2149 and Senate File 2556

HF2149 was introduced in the Minnesota House of Representatives March 10, 2025, and referred to the Committee on Commerce Finance and Policy.[11] Its Senate companion, SF2556, was referred to the Committee on Commerce and Consumer Protection March 13, 2025.[12] Both bills replicate S8563’s core structure: a “same terms of sale” mandate, a 14-day disclosure window, a 180-day lookback period, and a treble-damages enforcement regime. Reporting in Minnesota House Session Daily describes supporters arguing that grocery-market concentration has contributed to “food deserts expanding in rural and underserved areas.”[13]

B. Arizona Senate Bill 1226 and House Bill 2948

SB1226 and HB2948 were introduced in the Arizona Legislature in 2026.[14] Both adopt the same $6 billion supplier threshold and $18 billion retailer threshold. They also replicate the bill’s “volume unit basis” definition—capped at a single truckload—and the 14-day anonymized disclosure requirement. In their operative provisions, the Arizona bills are functionally identical to S8563.

C. Rhode Island House Bill 7514

Introduced Feb. 6, 2026, and referred to the House Committee on Corporations, H7514 follows the same legislative template: a same-terms mandate, anonymized disclosure of dominant-retailer contract terms, and enforcement by the state attorney general and private plaintiffs.[15]

D. Maine LD1894/HP1265

The Maine Legislature has considered related legislation.[16] In the current session, however, the bill’s title reflects a conversion to a resolution establishing a study commission, rather than imposing a same-terms-of-sale mandate.[17] Maine’s proposal remains conceptually related, but it does not currently replicate S8563’s operative structure.

The near-uniformity of definitions, thresholds, and enforcement mechanisms across these bills strongly suggests coordinated model-legislation drafting. Multistate enactment would create effects that extend beyond any single jurisdiction. A supplier operating in New York, Minnesota, Arizona, and Rhode Island would face substantial compliance risk if it offered differentiated terms to retailers in any one of those states. The most likely response would not be state-by-state compliance. Suppliers would instead adopt uniform national pricing—eliminating the competitive discounting that currently benefits consumers across all states, not just those that enact the legislation.

IV. The Robinson-Patman Act and S8563

The Robinson-Patman Act (RPA) of 1936, codified at 15 U.S.C. § 13, prohibits sellers engaged in interstate commerce from charging competing buyers different prices for goods of “like grade and quality” where the effect “may be substantially to lessen competition or tend to create a monopoly.” The statute also covers discriminatory promotional allowances and services under Sections 2(d) and 2(e). The Federal Trade Commission (FTC) administers the act and publishes compliance guidance, including the Fred Meyer Guides governing promotional allowances, codified at 16 C.F.R. Part 240.

Congress enacted the RPA in response to the competitive pressure that national grocery chains—particularly the Great Atlantic & Pacific Tea Company (A&P)—placed on smaller, independent grocers during the 1930s.[18] Legislators worried that A&P’s buying power allowed it to secure supplier discounts unavailable to smaller rivals, giving it a retail price advantage that independent stores could not match.

A. Modern Robinson-Patman Doctrine and Enforcement

Federal enforcement of the RPA declined sharply beginning in the late 1970s. The U.S. Department of Justice (DOJ) stopped bringing RPA cases in 1977, and the FTC largely ceased enforcement by the 1990s.[19] The Antitrust Modernization Commission, a bipartisan body established by Congress in 2002, issued a report in 2007 recommending outright repeal of the statute on the grounds that it discourages price discounting, raises consumer prices, and protects competitors, rather than competition:

By broadly discouraging price discounts, the Robinson-Patman Act potentially harms competition and consumers… the Act protects competitors, often at the expense of competition… All of these costs are likely to result in higher prices to consumers than would be the case if the Robinson-Patman Act were not on the books.[20]

The Supreme Court has interpreted the RPA in light of broader antitrust principles. In Brooke Group Ltd. v. Brown & Williamson Tobacco Corp., the Court held that the act condemns price discrimination only when it threatens competitive injury.[21] In Volvo Trucks N. Am., Inc. v. Reeder-Simco GMC, Inc., the Court further held that plaintiffs must demonstrate harm to competition among purchasers who actually compete with one another.[22]

Recent enforcement activity suggests a tentative revival of the statute. In January 2025, the FTC filed suit against PepsiCo under the RPA, alleging that the company offered Walmart promotional pricing and marketing support unavailable to smaller retailers.[23] The FTC dismissed the case without prejudice in May 2025.[24] Similarly, in FTC v. S. Glazer’s Wine & Spirits, LLC, the agency alleged that the distributor violated the RPA by offering large chains discounts unavailable to smaller retailers.[25] A district court denied the defendant’s motion to dismiss in April 2025,[26] although the case continues to face challenges, including potential cost-justification defenses.

Private enforcement persists as well. In February 2026, the 9th U.S. Circuit Court of Appeals affirmed a district court judgment for wholesale purchasers in LA Int’l Corp. v. Prestige Brands Holdings, Inc., involving promotional payment discrimination favoring Costco, while remanding on attorney’s fees.[27] Taken together, these developments suggest a modest resurgence of Robinson-Patman enforcement through both FTC activity and private litigation.

B. How S8563 Goes Beyond the Robinson-Patman Act

S8563 and similar state bills share the RPA’s core premise: that large buyers extract supplier concessions unavailable to smaller competitors, creating cost disadvantages that affect downstream retail competition. Like the RPA, the state-level “grocery pricing fairness” bills extend beyond list prices to cover promotional allowances, marketing devices, and merchandising arrangements—the same conduct addressed by Sections 2(d) and 2(e) of the RPA and the Fred Meyer Guides. The state proposals also incorporate familiar affirmative defenses, including cost justification and meeting competition, placing the burden on defendants to show that pricing differences reflect legitimate business reasons.

Despite these similarities, S8563 departs from the RPA in several important ways that make it substantially more restrictive.

First, the bill eliminates the competitive-injury requirement that limits RPA liability. The federal statute applies only when a pricing difference “may be substantially to lessen competition or tend to create a monopoly.” Courts interpreting this language require plaintiffs to demonstrate actual competitive harm; price differences alone do not suffice. S8563 imposes no such screening mechanism. A covered supplier violates the statute whenever it fails to offer identical terms to similarly situated buyers, regardless of whether the difference produces any competitive harm at the retail level. This categorical rule removes the central constraint that courts have used to prevent the RPA from condemning efficient, pro-competitive pricing.

Second, the bill’s truckload cap on the “volume unit basis” definition diverges sharply from established RPA doctrine. Under federal law, suppliers may offer volume discounts that reflect genuine economies of scale—lower per-unit costs resulting from larger, more predictable orders, simplified logistics, or reduced inventory risk. Courts and the FTC recognize these efficiencies as legitimate cost justifications.[28] S8563 forecloses that flexibility. Because the volume unit basis cannot exceed a single truckload, the law requires suppliers to offer the same per-unit terms to a buyer ordering one truckload as to a buyer ordering hundreds. A supplier that processes 500 weekly truckload orders from a national retailer—allowing it to plan production runs, reduce waste, and minimize carrying costs—must offer the same per-unit price to a local grocer placing irregular orders, regardless of the difference in planning value between the two relationships.

Third, the bill imposes a disclosure obligation that has no counterpart in the RPA. Federal law does not give buyers the right to compel disclosure of the terms a supplier offers to other customers. S8563’s 14-day disclosure requirement would convert competitively sensitive pricing information into a quasi-public document. The economic implications of this mandate are discussed in Section VI.

Fourth, S8563 introduces a conditional duty-to-deal rule that extends beyond the RPA’s framework. The RPA regulates discriminatory pricing, but it does not generally require suppliers to sell to any particular buyer. By contrast, S8563 prohibits suppliers from refusing to sell to certain non-dominant retailers unless they can demonstrate a “commercially reasonable justification.” In practice, this provision creates a de facto obligation to deal. U.S. antitrust law has long treated unilateral refusals to deal as legitimate business decisions, subject to narrow exceptions, as recognized in Aspen Skiing Co. v. Aspen Highlands Skiing Corp.[29] S8563 significantly narrows that discretion.

Finally, the bill applies only to firms above specified revenue thresholds—$6 billion for suppliers and $18 billion for retailers. The RPA contains no such size limitations; it applies to all sellers engaged in interstate commerce. By targeting firms based on scale alone, S8563 reflects a “big is bad” approach that sits uneasily with the competitive-effects analysis that governs modern antitrust law.

V. The ‘Waterbed Effect’: Theory, Evidence, and Misapplication

The central economic justification offered for S8563 rests on the “waterbed effect”—the theory that price concessions to large buyers force suppliers to raise prices for smaller buyers. The sponsor’s memo asserts that “suppliers make up lost profits from discounted sales to dominant buyers by charging higher prices to smaller buyers,” contributing to the affordability pressures facing independent grocers.[30]

The metaphor derives from the behavior of a water-filled mattress: pressing down in one place causes another part to rise. Applied to retail markets, the concept suggests that lowering prices for one group of buyers may cause prices to increase for others.

A. The Waterbed Effect in Economic Theory

The modern formulation of the waterbed effect in retail markets originates with Roman Inderst and Tommaso Valletti. [31] Their 2011 paper provides the primary theoretical framework for the claim. [32]

Their model describes a market in which a large buyer negotiates a lower wholesale price from a supplier. The lower input cost allows the large buyer to reduce its retail price and capture market share from smaller rivals. As smaller retailers lose volume, their bargaining power with the supplier weakens. Because lower sales volume reduces the supplier’s incentive to maintain favorable terms, the supplier may charge those smaller buyers higher wholesale prices. Those higher input costs may then be passed through to consumers shopping at smaller stores.

Inderst and Valletti also identify the conditions under which a waterbed effect could harm consumers overall. Consumer harm occurs only if the price increase paid by customers of smaller retailers exceeds the price decrease enjoyed by customers of the large retailer. That outcome requires two conditions:

1. smaller retailers must account for a substantial share of the market, and
2. the large retailer must pass through its wholesale savings to consumers at a relatively low rate.

Absent those conditions, the price reductions offered by large retailers dominate the effect of any higher prices faced by smaller stores.

B. Antitrust Courts Treat Waterbed Claims Skeptically

Courts have generally treated waterbed claims with skepticism. In DeHoog v. Anheuser-Busch InBev, plaintiffs argued that Anheuser-Busch InBev’s acquisition of SABMiller would produce a waterbed effect in the market for beer ingredients.[33]

Under the plaintiffs’ theory, the newly enlarged ABI would gain substantial bargaining power over suppliers of hops, a key input in brewing. Suppliers forced to lower prices for ABI would supposedly recoup those losses by charging higher prices to smaller brewers, including craft breweries.

The court rejected the theory as speculative. The judge noted that antitrust law primarily protects the suppliers who might be squeezed by a large buyer, not the buyer’s competitors. The court also observed that the claim was internally inconsistent. If suppliers truly faced persistent price pressure from large brewers, they could simply shift production toward more profitable varieties of hops rather than accept lower prices indefinitely.

A similar claim arising in grocery markets would likely face the same doctrinal obstacles. Antitrust law addresses monopsony concerns primarily to protect suppliers, not competing retailers. Absent clear evidence of consumer harm, allegations that wholesale prices may shift across buyers would likely be treated as conjectural.

C. Empirical Evidence from Competition Authorities

Empirical evidence for a waterbed effect in retail markets remains limited. The United Kingdom’s competition authorities have repeatedly examined the theory in grocery-sector investigations and found little support for it.

In its 2003 investigation of the Safeway merger, the U.K. Competition Commission concluded there was “little evidence” of an immediate waterbed effect and insufficient data to suggest that further consolidation would exacerbate price disadvantages for smaller retailers.

Overall, therefore, there is little evidence of an immediate or short-term “waterbed” effect. … [O]ur surveys produced insufficient evidence on this point for us to conclude that any waterbed effect would be exacerbated by any of the mergers.[34]

Similarly, the Office of Fair Trading reported in 2006 that significant theoretical questions remained unresolved. These included why suppliers would persistently price below cost for large supermarkets or how they could charge smaller retailers above-market prices without being undercut by competing suppliers. [35] UK authorities ultimately viewed the waterbed effect as a theory lacking both a robust empirical foundation and practical applicability to the complex dynamics of grocery retail markets.

D. Why the Sponsor Memo Misapplies the Theory

The S8563 sponsor’s memo appears to conflate two distinct arguments.

The first is the Inderst–Valletti equilibrium model, which predicts a waterbed effect only under specific market conditions. The second is a simpler “subsidy” claim—that suppliers must raise prices for smaller buyers in order to recoup losses from discounts granted to larger buyers.

The subsidy claim is not consistent with standard microeconomic theory. Suppliers set prices for each buyer based on the demand conditions and competitive alternatives associated with that particular relationship. If a supplier could profitably charge higher prices to small grocers, profit-maximizing behavior predicts it would already do so—regardless of the terms offered to large retailers such as Costco, Walmart, or Target.

A discount granted to one buyer does not create a “gap” that must be filled by charging higher prices to another. Bruce Kobayashi and Timothy Muris describe this subsidy framing as an “incoherent notion” that misunderstands how profit maximization operates in markets with heterogeneous buyers.[36] Suppliers facing buyers with different demand elasticities naturally engage in price discrimination. The resulting pattern of higher and lower prices reflects differences in demand conditions, not cross-subsidization between buyers.

While the Inderst–Valletti model identifies conditions under which a waterbed effect could harm consumers, the drafters of S8563 make no attempt to assess whether those conditions exist in New York grocery markets. The legislation cites no empirical evidence regarding the market share of independent grocers, the rate at which large retailers pass wholesale savings through to consumers, or the magnitude of wholesale price differences attributable to bargaining power, rather than cost.

Absent that analysis, the waterbed theory functions less as an empirical finding than as a rhetorical justification for the legislation.

VI. The Disclosure Mandate and the Risk of Coordination

Section 350-k(2) of S8563 requires covered suppliers to disclose contract terms to requesting buyers. Within 14 days of a written request, a supplier must provide anonymized terms of sale from all contracts with dominant covered retailers for the same covered good and volume unit basis during the prior 180 days. The provision operates as a transparency rule. Armed with information about what Target, Stop & Shop (Ahold Delhaize), or Acme Markets (Albertsons) paid for a truckload of branded cereal, a regional independent grocer can demand equivalent terms.

A. The Bill’s Disclosure Requirement

The disclosure rule converts competitively sensitive pricing information into a shared market reference point. A supplier must reveal the terms offered to dominant retailers whenever another covered retailer asks for them. The bill assumes that these disclosures can be effectively anonymized.

That assumption may be unrealistic. Recent research shows that large language models can reidentify individuals or entities from ostensibly anonymized text by extracting identity-relevant features and matching them with external data sources.[37] With only a small number of retailers subject to the bill’s disclosure requirements, the risk of reidentification increases substantially. Even if supplier contracts omit retailer names, market participants may still infer which chain received which terms.

B. Transparency, Information Exchange, and Coordination Risk

The economics literature has long recognized that increased price transparency can weaken competition. George Stigler’s classic paper, “A Theory of Oligopoly,” shows that sustained coordination among firms depends on the ability to detect and punish deviations from a shared pricing norm.[38] Greater transparency makes that monitoring easier. When firms can observe pricing behavior more clearly, the threat of retaliation becomes more credible and the incentive to undercut rivals declines.

Competition authorities have reached similar conclusions. The OECD Competition Committee’s 2010 roundtable on information exchanges among competitors concluded that enhanced transparency can facilitate collusion, particularly when pricing information becomes widely observable.[39] The risk depends on several factors, including market structure, the nature of the information exchanged, and the frequency of disclosure. In its submission to the OECD roundtable, the United States likewise observed that, while information sharing may generate efficiencies, exchanges involving pricing data can create coordination risks and therefore receive rule-of-reason scrutiny under U.S. antitrust law.[40]

C. The Disclosure Rule Might Suppress Competitive Discounting

S8563’s disclosure mechanism operates through a vertical channel—supplier to retailer—rather than the horizontal information exchanges typically discussed in antitrust literature. The underlying economic logic nonetheless applies. Only a small number of firms qualify as dominant covered retailers—roughly a dozen chains listed in Table 1. In such a concentrated environment, anonymized disclosures may still allow market participants to infer which retailer received which price.

Once disclosed, the price becomes a market benchmark. A regional grocer that receives anonymized data showing that a dominant retailer paid $X per unit for a particular product can demand that same price. Because the statute requires disclosure within 14 days and applies to all similarly situated buyers, any discount offered to one retailer effectively becomes available to every retailer that requests it.

The result is a practical floor on competitive discounting. The lowest price offered to any dominant retailer becomes the minimum price that other buyers can demand. Suppliers therefore have little incentive to negotiate deep discounts with any individual buyer, because those concessions cannot remain private.

Evidence from other markets illustrates a similar mechanism. Research on pay transparency in labor markets finds that when wages become widely observable, employers often respond by compressing wage differences rather than maintaining individualized negotiations. Zoë Cullen and Bobak Pakzad-Hurson find that increased wage transparency leads firms to offer lower average wages in order to avoid triggering costly renegotiations across workers.[41]

The same logic applies to wholesale grocery pricing. When discounts cannot remain private, the equilibrium response is fewer discounts.

VII. Pricing, Competition, and Consumer Welfare

The central economic problem with S8563 and similar same-terms mandates is that they transform competitive discounts into compulsory across-the-board price concessions. Under current law, a supplier may offer Walmart a 12% discount because Walmart’s scale, logistics capabilities, and purchasing predictability reduce the supplier’s costs. Bilateral negotiation—backed by Walmart’s credible ability to switch suppliers or expand private-label offerings—creates competitive pressure that ultimately benefits consumers. The resulting discount reflects firm-specific efficiencies and market bargaining dynamics.

S8563 eliminates that firm-specific character. If a supplier grants a 12% discount to Walmart on a truckload purchase, the supplier must extend that same discount to any covered buyer purchasing on the same “volume unit basis,” regardless of whether those buyers generate comparable cost savings or strategic value. The discount ceases to be a targeted response to a particular buyer’s efficiencies and instead becomes a legally mandated public price term.

Faced with that rule, suppliers cannot confine discounts to transactions that justify them economically. Any discount offered to one major buyer automatically propagates to others. The rational response is therefore to reduce or eliminate targeted discounts and move toward a higher uniform price. Rather than protecting small retailers, the statute risks suppressing the bargaining process that produces lower prices for consumers.

A. Why Same-Terms Mandates Differ from MFNs

This mechanism differs fundamentally from a most-favored-nation (MFN) clause. An MFN is a privately negotiated contractual provision that ties a seller’s pricing across particular sales channels or counterparties. It does not require a seller to offer a discount; it merely restricts selective price reductions once granted.

A same-terms mandate operates differently. It is a statutory, market-wide obligation imposed on suppliers regardless of their contractual preferences. It applies to all covered transactions, eliminates the ability to tailor pricing to buyer-specific efficiencies, and transforms negotiated concessions into mandatory system-wide pricing commitments.

In short, MFNs operate within individual contracts and limit how a seller may vary prices among specific counterparties. Same-terms mandates apply across the market and shape how suppliers set wholesale prices more broadly. By requiring that discounts offered to one buyer be extended to others, same-terms mandates alter suppliers’ incentives to offer negotiated discounts in the first place.

B. Evidence from Robinson-Patman Enforcement

Historical experience with the Robinson-Patman Act illustrates this dynamic. The Antitrust Modernization Commission’s 2007 report concluded that price-discrimination liability often discouraged firms from offering discounts and instead pushed them toward rigid, uniform pricing to avoid litigation risk.

It is difficult to know the frequency and amounts of price discounts and corresponding savings for consumers that the Robinson-Patman Act has deterred. … Nonetheless, anecdotal evidence and informed judgment based on economic theory suggests that the additional costs to consumers of seventy years of forgone discounts are likely substantial. The Act’s continued existence can discourage firms from taking procompetitive actions because doing so might lead to litigation asserting Robinson-Patman Act claims that, even were the litigation to be resolved in the company’s favor, would involve distractions, expenses, and risks that make the procompetitive course of action not worth the cost of pursuing it.[42]

The commission concluded that the statute’s chilling effect on discounting likely increased retail prices relative to a world without Robinson-Patman enforcement.

C. Who Bears the Cost?

The distributional consequences of reduced discounting are not neutral. Emek Basker’s review of the literature on Walmart’s role in grocery markets finds that Walmart’s grocery prices are, on average, about 10% lower than those of its competitors. The entry of a Walmart Supercenter typically prompts competing grocery stores to reduce their prices by roughly 1% to 3%.[43] Walmart’s presence therefore lowers prices not only for its own customers but also for consumers who shop at competing stores.[44]

Jerry Hausman and Ephraim Leibtag similarly estimate, using household panel data, that the expansion of large-format supercenters generates substantial consumer-welfare gains. Low-income households benefit disproportionately because they shop at price-sensitive formats more frequently than higher-income households.[45]

If S8563 leads suppliers to reduce or eliminate volume discounts in order to avoid market-wide matching obligations, the price advantage currently offered by high-volume retailers will narrow or disappear. The consumers most affected by that change will be those who rely on low-price retail formats and have the fewest alternatives—the same population the sponsor’s memo identifies as the bill’s intended beneficiaries.

D. Effects on Non-Price Competition

S8563’s definition of “terms of sale” extends beyond price. The statute covers marketing devices, merchandising arrangements, and distribution terms—the full range of non-price benefits that suppliers provide retailers as part of broader supply relationships.

These arrangements are not interchangeable across retailers. National chains operate sophisticated retail media networks—digital advertising platforms through which suppliers purchase targeted placements based on consumer purchase data. A retailer such as Walmart can offer suppliers advertising placements on its digital platform that a neighborhood grocery store with 500 weekly customers cannot replicate.

Requiring that these arrangements be offered on “proportionally equal terms” does not create equivalent access. Instead, it creates legal exposure for any supplier that offers specialized programs to dominant retailers. The predictable response is to withdraw those arrangements altogether or remove them from supplier contracts with dominant retailers to avoid disclosure and matching obligations.

Consumers bear the cost of that withdrawal. Retail media revenue helps subsidize grocery prices at large retailers by offsetting other operating costs. Eliminating those arrangements reduces the ability of retailers to pass those savings through to shoppers.

VIII.  Litigation Risk and Compliance Costs

S8563’s treble-damages enforcement structure exposes covered suppliers to substantial litigation risk. The statute authorizes enforcement actions by the New York attorney general and private plaintiffs. As a result, routine pricing decisions could become the basis for lawsuits alleging unlawful price discrimination.

This exposure is significant because the statute regulates not only list prices but also discounts, rebates, promotional allowances, merchandising arrangements, and other “terms of sale.” Each difference in pricing or contractual treatment across buyers could become a potential cause of action. The combination of broad substantive coverage and treble damages creates strong incentives for litigation.

A. The Difficulty of the Cost-Justification Defense

The statute includes a cost-justification defense that allows suppliers to defend pricing differences by showing that they are “predominantly attributable” to genuine cost efficiencies. In practice, however, this defense has proven difficult to apply.

As John Yun explains in the context of the Robinson-Patman Act:

[W]hile the [RPA] permits cost differences as a defense for differential pricing, reliably separating cost-justified differences from price discrimination is difficult. What if 80% of a price difference is explained by costs but 20% is not? Is that still a violation? This line-drawing problem is not trivial. It imposes (a) significant evidentiary and administrative burdens on firms, enforcers, and courts and (b) social costs related to false positives, given that quantity discounts are ubiquitous in a market economy.[46]

These evidentiary challenges create legal uncertainty even when pricing differences reflect legitimate efficiencies. Suppliers may struggle to demonstrate precisely how logistical, manufacturing, or administrative cost savings translate into specific price differences across transactions.

B. Operational Compliance Costs

The practical burden of complying with the statute would be substantial. Covered suppliers selling hundreds of products to dozens of retailers in New York would need to maintain detailed documentation explaining the cost basis for every pricing difference across buyers.

That documentation would need to track the logistical, manufacturing, and administrative cost drivers associated with each product, buyer, and transaction. Without such records, suppliers would face significant litigation risk in private treble-damages actions—even when their pricing decisions reflect legitimate economic considerations.

Maintaining this level of transaction-specific cost documentation would impose significant administrative costs. Those compliance expenses ultimately flow through supply chains and into retail prices, reducing any consumer benefits the legislation’s proponents anticipate.

IX. Food Deserts: Evidence and Policy Mismatch

S8563’s sponsor memo asserts that pricing practices by dominant retailers have forced independent grocers to close, leaving low-income neighborhoods without access to fresh, nutritious food. This claim links the bill to a body of public health and food-policy research on “food deserts”—areas where residents have limited access to affordable, nutritious food.

A. What ‘Food Deserts’ Are—and How Common They Are

The U.S. Department of Agriculture’s (USDA) Economic Research Service (ERS) defines low-income, low-access census tracts as areas where at least 500 residents, or 33% of the population, live more than one mile from a supermarket in urban areas or more than 10 miles from a supermarket in rural areas.[47] The ERS estimated in its 2009 Report to Congress that roughly 23.5 million Americans live in low-income, low-access areas. At the same time, only about 2.3 million households—roughly 10% of that population—both lack access to a vehicle and live more than one mile from a supermarket.[48]

These figures highlight an important point: while geographic access to grocery stores varies across communities, most households in low-income, low-access areas retain the ability to travel to supermarkets outside their immediate neighborhoods. Limited food access therefore reflects a combination of transportation constraints, residential patterns, and consumer behavior—not simply the absence of nearby stores.

B. What the Research Shows About the Causes of Food Deserts

The empirical literature finds that wholesale pricing differentials play only a limited role in determining where supermarkets locate or why nutritional inequality persists.

Hunt Allcott and his co-authors combine evidence from supermarket entry events and household moves across neighborhoods with a structural model of grocery demand to simulate the effects of equalizing access to stores and prices across income groups.[49] Their counterfactual simulation finds that giving low-income households the same grocery access and prices as higher-income households would reduce nutritional inequality—measured by the healthfulness of food purchases—by roughly 10%. The remaining 90% of the gap reflects differences in demand patterns across income levels.

This finding does not render food access irrelevant. It instead suggests that access constraints are a secondary driver of nutritional inequality. Policies that operate only through the access channel—such as legislation intended to improve independent grocers’ wholesale purchasing conditions—address a margin that explains only a small portion of the observed disparity. S8563 also operates even further upstream: it targets wholesale pricing practices, rather than retail access itself.

Steven Cummins, Ellen Flint, and Stephen Matthews provide additional evidence from a natural experiment involving the opening of a new supermarket in a Philadelphia food desert.[50] Using a controlled pre-post quasi-experimental longitudinal design, they find that the new store improved residents’ perceptions of food access. Six months after the store opened, however, residents’ fruit and vegetable consumption and body mass index showed no measurable change. Improvements in retail infrastructure alone therefore may not produce the expected changes in consumption patterns.

C. How S8563 Could Worsen Food Access

The mechanisms described in earlier sections suggest that S8563 could worsen the very access problems it aims to address. The same forces that raise retail prices under a mandatory parity regime—reduced supplier discounting, withdrawal of promotional support, and compliance-driven price standardization—raise costs for all retailers.

Stores operating on thin margins in low-income urban neighborhoods face particularly high operating costs, including security, spoilage, and insurance. These stores are therefore more sensitive to increases in wholesale prices than supermarkets serving higher-income, higher-volume suburban markets. If S8563 compresses the wholesale price advantages currently available to high-volume retailers, it simultaneously raises cost pressures on the marginal stores most likely to close—small independent grocers operating in underserved communities.

The legislation may also discourage the expansion of high-volume retail formats in New York. Hausman and Leibtag show that the entry of supercenters produces consumer-welfare gains that disproportionately benefit low-income households.[51] If national chains conclude that New York’s regulatory environment makes aggressive wholesale negotiation legally risky, the expected returns from opening new stores in the state decline. Communities with limited retail infrastructure are the most dependent on such entry.

Finally, suppliers responding to the bill’s same-terms mandates may simplify their pricing structures by offering fewer products in fewer configurations. Because complex, differentiated contracts create legal exposure, standardization reduces litigation risk. The result could be narrower product assortments across retail formats. A statutory parity mandate thus creates incentives for suppliers to reduce differentiation, sacrificing variety in order to minimize compliance risk.

X. Error Costs and Antitrust Policy

A central concern in law & economics analysis of antitrust policy is the cost of errors—specifically, the asymmetric consequences of condemning efficient conduct (a false positive, or Type I error) versus failing to condemn genuinely harmful conduct (a false negative, or Type II error). Antitrust rules that cast too wide a net risk deterring procompetitive behavior, while rules that are too permissive risk allowing genuinely anticompetitive practices to persist.

Because competitive markets rely on experimentation in pricing, contracting, and distribution, false positives tend to impose especially high costs. When lawful conduct is mistakenly condemned, firms often respond by abandoning practices that benefit consumers, even if those practices ultimately would have been upheld in court. The result is a chilling effect on competitive behavior.

A. The Risk of False Positives Under S8563

S8563 and similar legislation increase the risk of false positives by treating any difference in terms of sale between buyers on the same volume unit basis as presumptively unlawful. Under this framework, every negotiated discount, customized promotional arrangement, or logistics-adjusted rebate becomes a potential statutory violation—regardless of whether the pricing difference reflects legitimate cost savings, demand differences, or ordinary competitive bargaining.

The consequences of a false positive under the statute are substantial. A covered supplier found liable faces treble damages, injunctive relief requiring it to restructure its pricing across all buyers in the state, and the legal and compliance costs associated with defending the litigation. Even suppliers that ultimately prevail at trial must bear the cost and uncertainty of the process.

These incentives encourage defensive behavior. Firms may abandon competitive discounting practices simply to reduce litigation exposure. As discussed in Section VIII, the Antitrust Modernization Commission documented precisely this response in the context of Robinson-Patman enforcement. Firms often adopted rigid, uniform pricing rather than risk litigation over selective discounts. S8563’s private right of action and treble-damages structure create at least as strong an incentive for such defensive pricing strategies.

B. False Negatives Are Already Addressed Under Existing Law

The cost of a false negative in this setting—failing to detect a case in which a dominant retailer coerces a supplier into offering discriminatory terms that harm competition—is comparatively limited because existing legal tools already address such conduct.

The Robinson-Patman Act remains available to challenge discriminatory pricing practices that threaten competition. More broadly, anticompetitive uses of buyer power can be pursued under Section 2 of the Sherman Act or under Section 5 of the FTC Act. These statutes allow regulators and private plaintiffs to challenge conduct that produces genuine competitive harm without imposing a categorical ban on negotiated pricing differences.

The relevant policy question is therefore not whether any instance of buyer-power abuse might escape scrutiny under existing law. The relevant question is whether a categorical prohibition on price differences—one that eliminates the competitive-effects screen used in modern antitrust analysis—produces a better balance of error costs than targeted enforcement under existing statutes. The available evidence suggests that it does not.

XI. More Effective Policy Alternatives

The concerns motivating S8563 and similar bills—rising grocery prices, declining viability of independent grocers, and inadequate food access in low-income neighborhoods—are real. The legislation’s diagnosis of those problems, however, is incomplete. More targeted policy instruments exist to address each concern directly.

A. Targeted Antitrust Enforcement

Existing antitrust law already provides tools to address coercive conduct by dominant retailers. Practices such as credible threats to delist suppliers who refuse exclusionary terms, demands for payments lacking a plausible efficiency justification, or contractual arrangements designed to raise rivals’ costs can be challenged under current law.

The FTC, state attorneys general, and private plaintiffs all possess authority to bring such cases. Targeted enforcement against specific anticompetitive practices addresses genuine abuses of buyer power without imposing a categorical prohibition on negotiated pricing differences that often reflect legitimate efficiencies.

B. Direct Policies to Improve Food Access

Food access challenges in particular communities stem largely from transportation constraints and the costs of operating grocery stores in underserved neighborhoods. The USDA’s 2009 Report to Congress emphasizes the importance of these factors in shaping food access patterns.

Policies that directly address those constraints are more likely to improve outcomes. Zoning reforms that reduce barriers to grocery-store entry and transportation investments that connect residents to existing retail locations can improve access without distorting wholesale pricing relationships.

New York already operates programs designed to address these issues, including tax incentives and financing initiatives that encourage grocery investment in underserved areas. These targeted interventions operate directly on the factors that determine store entry and access, making them more effective tools than a statewide mandate governing supplier pricing practices.

C. Targeted Enforcement Against Harmful Information Exchanges

Anticompetitive information exchanges can also be addressed through existing antitrust tools. Competition authorities in the United States and abroad have identified specific practices that raise coordination concerns, including coordinated price announcements, exchanges of forward-looking pricing information, and hub-and-spoke arrangements that facilitate collusion.

Targeted enforcement against these practices addresses genuine risks to competition. By contrast, S8563 mandates broad disclosure of pricing information as a remedy. Rather than preventing harmful exchanges, the statute risks creating the very transparency conditions that can facilitate coordination among market participants.

XII. Conclusion

State-level grocery “pricing fairness” legislation attempts to address concerns about grocery affordability and food access by restricting how suppliers and retailers negotiate prices. The economic evidence, however, suggests these bills misunderstand how pricing works in competitive supply chains. Discounts offered to large retailers are not simply transfers that disadvantage smaller stores. They often reflect cost savings, bargaining dynamics, and operational efficiencies that translate into lower retail prices for consumers.

By requiring suppliers to offer identical terms across buyers, S8563 would likely discourage these discounts and push suppliers toward uniform, higher wholesale prices. The bill’s disclosure requirements and litigation risks could further weaken competitive negotiation and increase compliance costs. Those costs would ultimately be passed through the supply chain to consumers.

For these reasons, S8563 and similar proposals risk producing outcomes that run counter to their stated goals. Rather than protecting small grocers or improving food access, the policy could raise grocery prices, reduce product variety, and discourage investment in high-volume retail formats that currently deliver some of the lowest prices for low-income households.

Addressing concerns about market power, grocery affordability, and food deserts requires more targeted policy tools. Policymakers seeking to improve consumer outcomes would be better served by strengthening existing enforcement mechanisms and pursuing policies that directly address transportation, zoning, and investment barriers in underserved communities.

[1] S. 8563, 2025–2026 Reg. Sess. (N.Y. 2025), https://legislation.nysenate.gov/pdf/bills/2025/S8563.

[2] Sponsor’s Mem. (Cleare), Bill No. S. 8563 (N.Y. 2025), https://www.nysenate.gov/legislation/bills/2025/S8563 [hereinafter Sponsor’s Memo].

[3] Figures reflect the most recently reported fiscal year.

[4] Reflects Amazon’s ownership of Whole Foods Market stores.

[5] Amazon Staff, Amazon Doubles Down on Online Grocery Delivery and Whole Foods Market Expansion to Reach More Customers, Amazon News (Jan. 27, 2026), https://www.aboutamazon.com/news/company-news/amazon-fresh-go-stores-closing-expanding-whole-foods (“Amazon is one of the top three grocers in the United States, with over $150 billion in gross sales.”).

[6] Koninklijke Ahold Delhaize N.V., Annual Report 2025 (2026), https://cms.aholddelhaize.com/media/toibtcys/ahold-delhaize-annual-report-2025-interactive.pdf.

[7] See The PG 100: Annual Ranking of Top Food Retailers, Progressive Grocer (May 19, 2025), https://progressivegrocer.com/pg-100-annual-ranking-top-food-retailers. The ranking includes revenue from non-grocery sales, such as fuel and general merchandise.

[8] A “covered good” includes the typical inventory found in supermarkets. The bill defines the term broadly to include standard grocery items—specifically those classified as “eligible foods” under federal SNAP regulations, 7 C.F.R. § 271—as well as general consumer packaged goods. It excludes gasoline, prescription drugs, tobacco, and alcoholic beverages.

[9] Food Processing’s Top 100—2024, Food Processing (Aug. 2024), https://www.foodprocessing.com/top100/2024chart.

[10] The provision may raise First Amendment concerns, though a full analysis lies beyond the scope of this issue brief. See, e.g., Petition for Writ of Certiorari, PhRMA v. O’Day, No. 25-1018 (U.S. Feb. 20, 2026), https://www.supremecourt.gov/DocketPDF/25/25-1018/396860/20260220123331355_PhRMA-OR–Petition%2002-20%20rtf.pdf. The petition challenges Oregon’s requirement that drug manufacturers publicly justify their pricing in reports intended to address “information asymmetries” and protect smaller retailers or consumers. It argues that compelled disclosure of pricing information violates the First Amendment and the Takings Clause by forcing the release of trade secrets. S. 8563 similarly targets “terms of sale” and “pricing differentials,” potentially requiring suppliers to disclose pricing terms offered to retailers. The Supreme Court’s resolution of whether such disclosure mandates trigger strict or intermediate scrutiny could therefore affect New York’s authority to enforce S. 8563’s reporting requirements.

[11] H.F. 2149, 94th Leg., Reg. Sess. (Minn. 2025), https://www.revisor.mn.gov/bills/94/2025/0/HF/2149.

[12] S.F. 2556, 94th Leg., Reg. Sess. (Minn. 2025), https://www.revisor.mn.gov/bills/94/2025/0/SF/2556.

[13] Lisa Kaczke, Supporters Say Pricing Fairness Bill Would Level Playing Field for Local Grocers, Minn. House of Reps.: Session Daily (Mar. 26, 2025), https://www.house.mn.gov/sessiondaily/Story/18654.

[14] S.B. 1226, 57th Leg., 2d Reg. Sess. (Ariz. 2026), https://www.azleg.gov/legtext/57leg/2R/bills/SB1226P.pdf; H.B. 2948, 57th Leg., 2d Reg. Sess. (Ariz. 2026), https://www.azleg.gov/legtext/57leg/2R/bills/HB2948P.pdf.

[15] H.R. 7514, 2026 Gen. Assemb., Jan. Sess. (R.I. 2026), https://webserver.rilegislature.gov/BillText/BillText26/HouseText26/H7514.pdf.

[16] L.D. 1894, 132d Leg., 1st Spec. Sess. (Me. 2025) (as introduced May 5, 2025), https://legislature.maine.gov/legis/bills/getPDF.asp?paper=HP1265&item=1&snum=132.

[17] L.D. 1894, 132d Leg., 1st Spec. Sess. (Me. 2023) (Comm. Amend. H-____), https://legislature.maine.gov/legis/bills/getPDF.asp?paper=HP1265&item=2&snum=132.

[18] See, e.g., Timothy J. Muris & Jonathan E. Nuechterlein, Chicago and Its Discontents, 87 U. Chi. L. Rev. 495 (2020); see also John M. Yun, From Discount to Discrimination: The Strange Economics of Anti-Competitive Antitrust, Truth on the Mkt. (Feb. 23, 2026), https://truthonthemarket.com/2026/02/23/from-discount-to-discrimination-the-strange-economics-of-anti-competitive-antitrust.

[19] D. Daniel Sokol, Analyzing Robinson-Patman, 83 Geo. Wash. L. Rev. 2064 (2015).

[20] Antitrust Modernization Comm’n, Report and Recommendations 317–18 (2007), https://govinfo.library.unt.edu/amc/report_recommendation/amc_final_report.pdf.

[21] Brooke Grp. Ltd. v. Brown & Williamson Tobacco Corp., 509 U.S. 209, 220 (1993).

[22] Volvo Trucks N. Am., Inc. v. Reeder-Simco GMC, Inc., 546 U.S. 164 (2006).

[23] FTC v. PepsiCo, Inc., FTC Docket No. 9429 (2025).

[24] Press Release, Fed. Trade Comm’n, FTC Dismisses Lawsuit Against PepsiCo (May 22, 2025), https://www.ftc.gov/news-events/news/press-releases/2025/05/ftc-dismisses-lawsuit-against-pepsico.

[25] Complaint, FTC v. S. Glazer’s Wine & Spirits, LLC, No. 8:24-cv-02684 (C.D. Cal. Dec. 12, 2024).

[26] Id. (order denying defendant’s motion to dismiss) (Apr. 17, 2025).

[27] LA Int’l Corp. v. Prestige Brands Holdings, Inc., Nos. 24-3776, 24-5009, 24-5227, slip op. (9th Cir. Feb. 24, 2026), https://cdn.ca9.uscourts.gov/datastore/opinions/2026/02/24/24-5009.pdf.

[28] See, e.g., Bruce’s Juices, Inc. v. Am. Can Co., 330 U.S. 743, 752–53 (1947) (“The [Robinson-Patman Act] does not prohibit all quantity discounts, but expressly permits them under certain conditions. … Quantity discounts are among the oldest, most widely employed, and best-known discount practices.”); see also Statement of Comm’r Alvaro M. Bedoya, Joined by Chair Lina M. Khan & Comm’r Rebecca Kelly Slaughter, In the Matter of S. Glazer’s Wine & Spirits, LLC, FTC File No. 211-0155 (Dec. 12, 2024), https://www.ftc.gov/system/files/ftc_gov/pdf/statement-bedoya-joined-by-khan-slaughter-southern-glazers.pdf (“Section 2(a) clarified that the Clayton Act’s prohibition on price discrimination permits price differences reflecting bona fide efficiencies from bulk purchases—specifically, lower costs associated with the ‘manufacture, sale, or delivery’ of large quantities of goods.”).

[29] Texaco Inc. v. Hasbrouck, 496 U.S. 543 (1990).

[30] Sponsor’s Memo, supra note 2.

[31] For a history of the development of the economics of the “waterbed effect,” see Eric Fruits, Sloshing Around with the ‘Waterbed Effect’, Truth on the Mkt. (Sept. 5, 2023), https://truthonthemarket.com/2023/09/05/sloshing-around-with-the-waterbed-effect.

[32] Roman Inderst & Tommaso M. Valletti, Buyer Power and the “Waterbed Effect”, 59 J. Indus. Econ. 1 (2011).

[33] DeHoog v. Anheuser-Busch InBev, SA/NV, No. 1:15-CV-02250-CL, 2016 U.S. Dist. LEXIS 137759 (D. Or. July 22, 2016).

[34] U.K. Competition Comm’n, Safeway plc and Asda Group Ltd. (owned by Wal-Mart Stores Inc); Wm Morrison Supermarkets plc; J Sainsbury plc; and Tesco plc: A Report on the Mergers in Contemplation ¶ 2.246 (2003), https://webarchive.nationalarchives.gov.uk/ukgwa/20120119144540/http://www.competition-commission.org.uk/rep_pub/reports/2003/481safeway.htm#full.

[35] U.K. Office of Fair Trading, The Grocery Market: The OFT’s Reasons for Making a Reference to the Competition Commission (OFT845) ¶ 6.13 (2006), https://assets.publishing.service.gov.uk/media/555de47840f0b669c4000141/oft845.pdf.

[36] Bruce H. Kobayashi & Timothy J. Muris, Stop Making Sense: Reviving the Robinson-Patman Act and the Economics of Intermediate Price Discrimination, Competitive Enter. Inst. (Feb. 18, 2026), https://cei.org/wp-content/uploads/2026/02/Stop-Making-Sense-260218-FINAL.pdf.

[37] See, e.g., Simon Lermen, Daniel Paleka, Joshua Swanson, Michael Aerni, Nicholas Carlini & Florian Tramèr, Large-scale Online Deanonymization with LLMs, arXiv (Feb. 18, 2026), https://doi.org/10.48550/arXiv.2602.16800.

[38] George J. Stigler, A Theory of Oligopoly, 72 J. Pol. Econ. 44 (1964).

[39] Organisation for Econ. Co-operation & Dev. (OECD), Information Exchanges Between Competitors under Competition Law, DAF/COMP(2010)37, at 10 (2010), https://www.oecd.org/content/dam/oecd/en/publications/reports/2011/07/information-exchanges-between-competitors-under-competition-law_bd644d8b/327f7dd3-en.pdf (“Notwithstanding its benefits, enhanced transparency can also facilitate the attainment of collusive equilibria among competitors or result in non-coordinated anticompetitive effects.”).

[40] Note by the United States, Roundtable on Information Exchanges Between Competitors under Competition Law, DAF/COMP/WD(2010)117 ¶ 3 (Oct. 2010), https://www.ftc.gov/sites/default/files/attachments/us-submissions-oecd-and-other-international-competition-fora/1010informationexchanges.pdf (“The antitrust concern is that information exchanges may facilitate anticompetitive harm by improving competing sellers’ ability either to collude or to tacitly coordinate in ways that lessen competition. For example, exchanges about price may lead to illegal price coordination. Information exchanges may also facilitate collective behavior by downstream firms against upstream suppliers.”).

[41] Zoë Cullen & Bobak Pakzad-Hurson, Equilibrium Effects of Pay Transparency, 91 Econometrica 765 (2023) (“Our model predicts that transparency reduces workers’ individual bargaining power, leading to lower average wages. Employers credibly refuse to offer higher wages to any one worker to avoid triggering costly renegotiations with others.”).

[42] Antitrust Modernization Comm’n, supra note 20, at 322.

[43] Emek Basker, The Causes and Consequences of Wal-Mart’s Growth, 21 J. Econ. Persp. 177 (2007).

[44] Id. at 188.

[45] Jerry Hausman & Ephraim Leibtag, Consumer Benefits from Increased Competition in Shopping Outlets: Measuring the Effect of Wal-Mart, 22 J. Appl. Econ. 1157 (2007).

[46] Yun, supra note 18.

[47] Michele Ver Ploeg et al., Access to Affordable and Nutritious Food: Measuring and Understanding Food Deserts and Their Consequences, USDA Econ. Research Serv., Report to Congress (AP-036, 2009), https://ers.usda.gov/sites/default/files/_laserfiche/publications/42711/12716_ap036_1_.pdf?v=32613.

[48] Id.

[49] Hunt Allcott, Rebecca Diamond, Jean-Pierre Dubé, Jessie Handbury, Ilya Rahkovsky & Molly Schnell, Food Deserts and the Causes of Nutritional Inequality, 134 Q.J. Econ. 1793 (2019).

[50] Steven Cummins, Ellen Flint & Stephen A. Matthews, New Neighborhood Grocery Store Increased Awareness of Food Access but Did Not Alter Dietary Habits or Obesity, 33 Health Aff. 283 (2014).

[51] Hausman & Leibtag, supra note 44.

The U.S. Supreme Court just made it much harder to hold at least some internet intermediaries liable for what their users do. And in the process, it may have made key statutory safe harbors largely irrelevant.

The Court’s unanimous reversal of the billion-dollar copyright verdict against Cox Communications has drawn predictable headlines. Some commentators cast it as a reprieve for “mere conduit” internet service providers (ISPs) from overzealous copyright enforcement. At a doctrinal level, that’s at least directionally right: an ISP that provides undifferentiated internet access does not incur secondary copyright liability simply because some subscribers use that connection to pirate content.

But the decision’s real significance likely lies elsewhere. Its importance extends beyond the immediate holding to a more consequential question: how courts calibrate legal protections for online platforms and their management of user-generated content.

That shift deserves closer attention. It signals a growing judicial willingness to revisit longstanding immunities. Cox fits into an emerging line of cases—including Twitter v. Taamneh and Gonzalez v. Google—that increasingly render statutory safe harbors decorative by narrowing the scope of background secondary liability. The implications reach directly to issues we, along with Kristian Stout, explored in “Who Moderates the Moderators?: A Law & Economics Approach to Holding Online Platforms Accountable Without Destroying the Internet.”

Read the full piece here.

Apair of jury verdicts last week, along with a quiet settlement, may mark a turning point for the American internet—and not one that favors free expression.

For years, digital platforms have relied on two core protections: the First Amendment and Section 230. Together, they let companies host, organize, and moderate speech without facing crushing liability. In a 48-hour span, that foundation took a hit.

A New Mexico jury delivered a $375 million verdict tied to child safety claims against Meta.  A California jury found Meta and Google (YouTube) liable for allegedly addictive design features. Meanwhile, Missouri v. Biden—the case over government pressure on social media—ended in a settlement that promises restraint but sets little precedent.

Taken together, these developments push platforms toward tighter speech controls. They also showcase a rising legal strategy: recasting editorial decisions as defective-product design.

At the same time, the Missouri v. Biden settlement leaves largely intact the government’s ability to pressure platforms behind the scenes. Little now prevents government officials—or even private litigants—from pushing social media companies to significantly reduce speech without any formal legislative or regulatory action.

Read the full piece here.

Markets might be able to price truth. Whether anyone wants to buy it is another question.

In a recent post, we looked at a small cluster of systems that try to use markets to correct misinformation.

Start with a simple analogy: bad information is a kind of pollution, a familiar problem in law & economics. In this case, the pollution manifests as a market failure in journalism and social media. A well-designed “truth-bounty” system could, in theory, reward those who earn public trust and capture attention by being right. That would increase the production and spread of high-quality news, while pushing misinformation to the margins.

Some of these proposals cut out authors and publishers altogether. Prediction markets and “retrodiction markets” would let anyone with a view—and some cash—bet on what’s true. Think the moon landing was faked? Buy “Yes” or “No.” Maybe the 1977 film “Capricorn One” (about a staged Mars landing) reflected conspiracy culture. Or maybe it was, depending on your priors, closer to documentary.

This is not entirely hypothetical. Financial markets already host a version of it. Certain firms do investigative work to uncover fraud and mismanagement in publicly traded companies, then take positions that pay off when the information becomes public. Short-selling ahead of the reveal can be quite profitable. That’s the “Hindenburg model,” named for Hindenburg Research, an early and prominent practitioner.

All of this sounds elegant in theory. In practice, these incentive-aligned truth machines face serious obstacles—especially when one tries to export them from finance into the messier world of politics and social discourse, where reliable information is in short supply and trust is even scarcer.

Read the full piece here.

Washington has a choice: let AI policy fragment into 50 competing regimes, or set a clear federal baseline that keeps innovation moving. The Trump administration’s new artificial intelligence (AI) legislative framework stakes out the latter path—but leaves important gaps.

The framework sketches broad principles to guide federal policymaking on a technology at risk of a balkanized patchwork of state-level rules. Left unchecked, those rules could curb development, competition, and innovation by layering cumulative compliance burdens on businesses.

But the framework itself is thin on details, and Congress may never translate it fully into law. Still, as Kristian Stout notes elsewhere in these pages, it commendably advances a “light-touch federal approach, grounded in existing legal doctrines, and focused on harms rather than speculative risks,” while avoiding premature or overly centralized interventions.

Even so, the framework leaves out several policies and ideas policymakers should consider. Without them, regulatory guardrails for responsible AI development and deployment could end up constraining American competitiveness, innovation, and the economic opportunities that follow.

Read the full piece here.

In a recent podcast, New York Times journalist Ezra Klein hosted lawyer Tim Wu and writer Cory Doctorow for a conversation titled “We Didn’t Ask for This Internet.” They ran through a familiar bill of indictment against the modern internet: surveillance, manipulation, algorithmic pricing, the squeezing of creators, spam, fraud, and the dehumanization of work. It was an engaging discussion among three thoughtful people. It was also, in important respects, wrong.

I don’t claim expertise across every issue they covered—and, unlike them, I won’t pretend otherwise. But I have spent considerable time studying the evolution of online consumer protection: how trust emerged in a radically new environment, how entrepreneurs built the mechanisms that made online commerce possible, and how those mechanisms continue to evolve in response to AI. On those questions, the Klein-Wu-Doctorow narrative gets the story—and its causes—wrong.

Read the full piece here.

In a seventh-season episode of The Simpsons, Bart tunes in to the Impulse Buying Network and spends $350 on an animation cel from The Itchy & Scratchy Show. As part of the pitch, an IBN huckster proclaims: “Each one is absolutely positively 100% guaranteed to increase in value!” An immediate disclaimer follows: “not a guarantee.” The joke lands on a familiar premise—guarantees aren’t real.

But they are real. Evidence shows guarantees can signal quality and encourage transactions. Firms that guarantee products or services often see substantial gains in business.

At a recent conference in Boston, we examined proposals for “truth guarantees” and similar market-oriented approaches aimed at mitigating “misinformation.” Guaranteeing truth could improve content quality, increase trust in journalism, and bolster the reliability of social media—especially if platforms boost guaranteed items. These proposals, however, face several challenges.

Read the full piece here.

The push to restrict teens’ access to social media is accelerating worldwide, even as the underlying evidence remains uncertain.

In recent years, policymakers across various jurisdictions have proposed restricting or banning minors’ access to social media platforms. Governments across a growing number of jurisdictions are considering age-based restrictions, mandatory parental-consent requirements, or outright bans for younger users. Recent global tracking indicates that at least 42 countries are considering, proposing, or implementing some form of social media age restriction. Several have already enacted or adopted legislation limiting minors’ access to online platforms. In the United States, two jury trials this week found Meta and Google liable for harms to children tied to product design, including claims that the companies failed to adequately verify users’ ages before allowing them to create profiles.

This surge in regulatory activity reflects a broader policy narrative that social media drives rising rates of adolescent anxiety and depression. As concerns about youth mental health and online safety intensify, policymakers have turned to blunt regulatory tools, including blanket bans and parental-consent regimes with strict age-verification requirements, to address perceived harms.

Despite strong political momentum, the empirical basis for broad restrictions remains contested. The causal relationship between social media use and teen mental health remains uncertain. At the same time, the rapid expansion of regulatory initiatives across jurisdictions risks creating a fragmented global policy landscape.

Read the full piece here.

Voluntary in form, coercive in tone

The recent non-jurisdictional agreement of the Spanish Supreme Court on pending truck cartel appeals should not be mistaken for a genuine turn to mediation. Formally, the Court merely proposes referral to mediation. In substance, however, it is doing something rather different: it is trying to convert the predictability generated by its own case law into settlement pressure. The message to the parties is clear enough. After years of rulings on these appeals, they already know -more or less- how most of them will end; insisting on a judgment rather than a consensual solution may therefore have consequences in legal costs. Voluntary in form, coercive in tone, the agreement is less an endorsement of mediation as a suitable form of dispute resolution than a managerial response to a mass of repetitive appeals the Court no longer wishes to decide one by one.  It is an extraordinary institutional response trying to manage an impossible docket.

Read the full piece here.

Merger-control debates tend to repeat themselves. As new transaction forms emerge, regulators often move quickly to respond before harm becomes irreversible. Over the past decade, this pattern played out in debates over “killer acquisitions,” and earlier, minority shareholdings. Today, a similar dynamic surrounds so-called “acquihires.”

Acquihires are transactions aimed primarily at acquiring a firm’s workforce, rather than its products or other assets. They differ from “license-and-hire” agreements, in which the acquirer also licenses the target’s technology. In recent years, acquihires have drawn increasing policy attention. Critics argue they allow large incumbents to consolidate power, hoard talent, and sidestep merger-control thresholds. Federal Trade Commission (FTC) Chair Andrew Ferguson captured this concern when he announced that the agency would investigate such deals “to make sure they are not a way to get around” merger review.

These concerns are especially acute in fast-growing sectors like artificial intelligence (AI), where human capital drives innovation. Recent transactions have served to intensify the scrutiny. Microsoft hired Inflection AI’s top talent while licensing its technology. Google entered a similar arrangement with Character.ai, and Amazon with Adept.

This debate echoes earlier concerns about killer acquisitions. That literature focused on dominant firms acquiring nascent rivals to shut them down and preempt future competition. Empirical support emerged in pharmaceutical markets, but evidence from other sectors like digital markets remained limited. That distinction did little to slow policy momentum. Regulators and commentators increasingly treated large technology acquisitions as inherently suspect, even when the empirical record was mixed.

Acquihires and similar arrangements now play a comparable rhetorical role, particularly in discussions of AI. Commentators sometimes describe AI as a “first-class fire accelerator” of anticompetitive conduct. This framing elevates a transaction form that is neither new nor empirically settled into a systemic threat.

That narrative risks repeating the analytical missteps of the early killer acquisition debate. The point is not that acquihires cannot be anticompetitive. Rather, current discussions often rest on questionable assumptions. This post examines three: that acquihires are designed to evade regulatory scrutiny; that they are inherently anticompetitive; and that existing enforcement tools are inadequate, requiring regulatory expansion. A more effective approach is to analyze these transactions within the existing merger-control framework.

Read the full piece here.

The Trump administration’s newly released national legislative framework for artificial intelligence is, in many respects, a welcome set of guidelines for US regulation of Artificial Intelligence (AI). At a moment when AI policy risks collapsing into either overbroad precaution or fragmented state-level experimentation, the framework instead gestures toward something closer to institutional restraint: a light-touch federal approach, grounded in existing legal doctrines, and focused on harms rather than speculative risks.

Whether Congress can translate that posture into durable legislation remains an open question. But as a statement of direction, the framework gets more right than wrong.

Read the full piece here.

The European Union’s Digital Markets Act (DMA) does not just regulate competition—it redesigns how digital products work.

The DMA is often framed as a pro-consumer reform—a necessary intervention to “rein in gatekeepers” and restore fairness and contestability in digital markets. That framing obscures a more ambitious—and more troubling—project. At its core, the DMA empowers EU regulators to dictate the architecture of the digital experience itself.

The DMA reflects a deep suspicion of integration. Services that work seamlessly together—search and maps, maps and bookings, messaging and payments—once stood as user-facing innovations. Regulators now treat them as potential forms of “self-preferencing,” and therefore as threats to competition or, at minimum, to “fairness.”

This approach drives a clear regulatory vision: digital services must either interoperate with rivals on mandated terms or remain artificially separate.

Markets do not typically evolve this way. But it is how regulators design systems.

Read the full piece here.

Apple Inc. is being forced to open its ecosystem—just not everywhere, and not all at once. From Tokyo to Seoul to Brussels, regulators are rewriting the rules of platform governance, often with different assumptions, tools, and end goals. The result is not a single global standard, but a growing patchwork of experiments in how much control platforms should retain—and at what cost.

This post examines what those experiments reveal. It explores the shift toward ex ante regulation, the tension between openness and design, the rise of regulatory benchmarking across jurisdictions, and the evolving economics of the so-called “Apple Tax.” Along the way, it asks a broader question: whether regulators can—and should—be calibrating complex digital ecosystems, or whether that task is better left to competition, experimentation, and consumer choice.

Read the full piece here.

Brent crude hit $118 a barrel today for obvious reasons: a supply shock. The Strait of Hormuz, through which roughly 20 percent of the world’s seaborne oil normally flows, has been closed since the U.S. and Israel struck Iran in late February. Tanker traffic is down 70 percent.

A lot of news stories have turned that into a discussion about inflation and recessions. I think we need to be careful about how we think about this, especially if we are just thinking about the U.S. economy.

Read the full piece here.

TL;DR

Background: Brazil’s Congress has fast-tracked Bill 4,675/2025, a proposal to establish ex ante competition regulation Unlike Brazil’s current framework, which relies on ex post enforcement by the Administrative Council for Economic Defense (CADE), the bill would grant CADE authority to designate “systemically relevant economic agents in digital markets” in advance and impose “special obligations.”

But… Brazil already faces the notorious “Custo Brasil” (Brazil Cost), a bureaucratic and regulatory burden estimated at nearly 19.5% of gross domestic product that raises the cost of doing business. Against this backdrop, Bill 4,675/2025 would add a new layer of ex ante digital regulation without a Regulatory Impact Assessment (RIA), the formal process used to evaluate the likely economic, social, and administrative effects of proposed rules. Without that cost-benefit analysis, the legislation risks compounding inefficiencies and further constraining economic growth.

Moreover… Early evidence from Europe’s Digital Markets Act (DMA), the primary inspiration for Bill 4,675/2025, suggests that rigid ex ante rules can delay the rollout of advanced technologies, increase user friction, and strip away integrated features that consumers value. Importing this model to Brazil would likely slow access to new technologies, reduce productivity, and weaken incentives to invest in locally tailored innovation.

KEY TAKEAWAYS

Europe’s Cautionary Tale

Proponents of Bill 4,675/2025 often point to the European Union’s Digital Markets Act (DMA) as a model for promoting market contestability. The European experience, however, suggests Brazil’s bill could impose significant economic costs.

Former European Central Bank President Mario Draghi has identified Europe’s heavily regulated technology sector as a key driver of the productivity gap with the United States. That gap is stark: only four of the world’s top 50 technology companies are European.

The DMA has required platforms to remove efficient integrations, increasing friction for users and businesses. Routine digital searches can take up to 50% longer for heavy users, while firms face billions in potential revenue losses. At the same time, the regulation’s core promise of “contestability” remains largely aspirational. Evidence of increased switching is limited, there is no clear evidence of lower prices, no major digital platforms have emerged in Europe, and 80% of consumers remain unaware the regulation exists.

Brazil’s legislators should weigh these outcomes carefully. Adopting a similar framework risks importing not only Europe’s regulatory model, but also its economic tradeoffs.

When Rules Outrun Markets

Innovation in digital markets outpaces regulation. Rigid rules risk freezing business models before they evolve. Ex ante regimes heighten that risk by discarding the contextual, effects-based analysis central to traditional competition law and increasing false positives that condemn pro-competitive conduct.

Bill 4,675/2025 illustrates the problem. Article 47-E(IV)(c) would, at CADE’s discretion, prohibit designated firms from favoring their own products or services over those of rivals, a ban on self-preferencing that treats as suspect what is often consumer-benefiting vertical integration (e.g., a search engine displaying its own maps or price-comparison tools). Article 47-E(IV)(d) could similarly prohibit tying, even though bundling often lowers costs and improves the user experience.

The bill’s interoperability and data-portability mandates (Art. 47-E(V)(a)–(b)) raise similar concerns. They could force platforms to open systems in ways that compromise security and privacy without evidence of user demand.

Under traditional competition law, each practice requires a showing of consumer harm. The bill gestures toward flexibility by keeping enforcement within CADE, allowing “economic justifications,” and adopting a more discretionary framework. Those features, however, do not sufficiently limit regulatory overreach without robust judicial review.

Regulation Without Reckoning

Under the Brazilian Economic Freedom Act (Law 13.874/2019), regulators must conduct a rigorous Regulatory Impact Assessment (RIA) before adopting new rules. Bill 4,675/2025 is a legislative initiative, not a formal regulation, yet the government has advanced it without any comparable cost-benefit analysis.

That omission is especially concerning given Brazil’s existing regulatory burden. The country faces the well-documented “Custo Brasil,” with structural inefficiencies estimated at R$1.7 trillion annually, and it ranks as the fifth worst of 51 countries on the Organisation for Economic Co-operation and Development’s (OECD) Product Market Regulation indicators.

In an already overregulated environment, new mandates should meet a higher bar. Policymakers should confirm that the bill addresses a clearly identified domestic market failure and that expected consumer benefits outweigh the risks of overenforcement, reduced innovation, and higher compliance costs. Without that showing, the proposed cure risks proving worse than the disease.

Pause Before You Regulate

Rather than rushing to import an untested regulatory model, Brazilian policymakers should take three steps.

First, conduct a proper Regulatory Impact Assessment (RIA) before any vote. Brazil’s Economic Freedom Act recognizes cost-benefit analysis as foundational to sound regulation, and there is no justification for bypassing it—especially given the limited legislative scrutiny associated with the bill’s fast-tracked process.

Second, rely on existing tools. The Administrative Council for Economic Defense’s (CADE) competition-enforcement powers remain underused. Its December 2025 settlement with Apple, which secured meaningful concessions on app-store practices, shows that Brazil’s current framework can achieve outcomes similar to ex ante regimes while preserving case-specific analysis and reducing collateral harm.

Third, wait for further evidence from Europe. The DMA remains in its early stages, and initial results raise concerns. Brazil sacrifices nothing by observing how these policies evolve before committing to a framework that may prove costly and ineffective. Speed offers little advantage when the risk is entrenching regulatory errors that compound over time.

For further analysis, see ICLE’s forthcoming working paper about digital regulation in Brazil.

The Federal Communications Commission (FCC) is close to finishing a long-running transition away from legacy telecom regulation—but outdated rules still pay carriers to stay in the past. Last month, the FCC adopted a notice of proposed rulemaking (NPRM) to eliminate payments to legacy telecommunications carriers that have not upgraded to networks based on internet protocols (IP). The proposal forms part of a broader effort to retire copper networks that rely on costly, outdated time-division multiplexing (TDM) switching and to accelerate the transition to IP-based fiber networks.

As International Center for Law & Economics (ICLE) scholars explained in comments to the FCC in a separate proceeding, intercarrier compensation (ICC) rules still on the books for some rate-of-return regulated carriers—particularly rural and competitive local exchange carriers (LECs)—create perverse incentives. These rules encourage legacy carriers to maintain copper networks to generate revenue from ICC fees.

The FCC should complete ICC reform by fully transitioning to a bill-and-keep model. Under this approach, carriers recover service costs from their own customers, rather than extracting call termination and origination fees from interconnecting carriers. This shift would eliminate remaining arbitrage schemes in which legacy carriers partner with high-traffic callers to stimulate access charges, imposing additional costs on carriers that have already transitioned to IP-based networks.

The agency should also phase out Universal Service Fund (USF) distributions to legacy carriers that rely on subsidies to offset lost ICC revenue. Doing so would reduce strain on the USF and help address concerns about rising contribution fees.

Read the full piece here.

Predictions of AI-driven monopoly have outpaced the evidence. Several years into the generative AI boom, regulators have investigated, firms have invested, and markets have shifted—yet durable market power and demonstrable competitive harm remain elusive.

More than a year ago, Dirk Auer and I challenged the “hyperbolic and dystopian” narrative dominating discussions about competition in artificial-intelligence (AI) markets. We argued that concerns about competition risks—and calls for tougher enforcement—were unwarranted or overstated. AI markets were, in general, highly competitive. More importantly, the AI revolution offered an opportunity to revisit some of the assumptions driving competition concerns in digital services, including data as a barrier to entry and the role of network effects.

AI markets continue to evolve at breakneck speed. This makes it useful to revisit recent developments through the lens of economic and legal principles that inform competition policy. This post is the first in a biweekly series tracking those developments.

Rather than chase the news cycle, I will focus on concrete changes across the AI stack—compute, models, data, integration, and governance. The aim is to reassess, and where necessary push back on, common claims about competition, concentration, and market power. Over time, the series will examine infrastructure investment, talent mobility, model development, new products and services, partnership dynamics, and regulatory responses.

The goal is to connect real-world developments to the competition-policy and enforcement debate, and to test maximalist claims about inevitable concentration or competitive harm against observed market evidence.

The guiding question remains straightforward: Has the AI industry evolved toward monopolistic control of key inputs or demonstrable harm to competition, or toward layered, dynamic competition?

Read the full piece here.

The Trump administration says it wants to end federal censorship. Its recent statements suggest something else.

In the executive order “Restoring Freedom of Speech and Ending Federal Censorship,” the White House asserted:

The First Amendment to the United States Constitution, an amendment essential to the success of our Republic, enshrines the right of the American people to speak freely in the public square without Government interference.  Over the last 4 years, the previous administration trampled free speech rights by censoring Americans’ speech on online platforms, often by exerting substantial coercive pressure on third parties, such as social media companies, to moderate, deplatform, or otherwise suppress speech that the Federal Government did not approve.  Under the guise of combatting “misinformation,” “disinformation,” and “malinformation,” the Federal Government infringed on the constitutionally protected speech rights of American citizens across the United States in a manner that advanced the Government’s preferred narrative about significant matters of public debate.  Government censorship of speech is intolerable in a free society.

The order declared it the policy of the United States to “ensure that no Federal Government officer, employee, or agent engages in or facilitates any conduct that would unconstitutionally abridge the free speech of any American citizen.”

Despite that stated commitment, the administration has signaled a willingness to combat so-called “fake news” through a little-used and difficult-to-enforce news-distortion policy. Federal Communications Commission (FCC) Chairman Brendan Carr recently amplified that position on social media, posting a screenshot of President Donald Trump’s Truth Social statement criticizing coverage of the conflict in Iran and warning broadcasters:

Broadcasters that are running hoaxes and news distortions – also known as the fake news – have a chance now to correct course before their license renewals come up. The law is clear. Broadcasters must operate in the public interest, and they will lose their licenses if they do not.

The problem requires precision. The FCC may plausibly claim legal authority to pursue this approach. That possibility makes the policy more—not less—concerning. This is not merely regulatory overreach. It is a long-dormant power that has remained on the books for decades, available to any administration willing to use it.

Congress should revisit that authority and eliminate it. No matter which party controls the White House, empowering a federal agency to make open-ended judgments about what qualifies as legitimate news coverage conflicts with core free-speech principles.

This discussion proceeds in two parts. First, it traces the origins of the news-distortion policy and explains why it no longer fits the modern media landscape. Second, it shows that, even under existing legal standards, no alleged facts would suffice to establish news distortion in broadcasters’ coverage of the conflict in Iran.

Read the full piece here.

Antitrust law once imposed a simple rule on dominant firms: stay in your lane. That idea fell out of favor. Unfortunately, its logic did not.

The clearest example comes from midcentury enforcement. In 1956, the U.S. Department of Justice (DOJ) imposed a sweeping antitrust remedy on AT&T. The DOJ consent decree required AT&T’s research arm, Bell Labs, to license its existing patents for free and to grant access to future patents on reasonable terms. Those two measures made a difference. But the most consequential element was a third prong: a bar on entering industries not directly related to telecommunications.

The goal was straightforward—to prevent a monopolist from leveraging its market power into adjacent and emerging markets. The effects were anything but modest. Shielded in part from AT&T, International Business Machines Corp. (IBM) consolidated its position in computing. Intel, Microsoft, and Apple followed. The “quarantine” remedy, as it came to be known, helped shape an entire industry—and, given the ubiquity of computing, much of the modern world.

That approach, however, did not last. The quarantine remedy has largely fallen out of favor in the United States. Some scholars—notably Tim Wu—have urged its revival  in digital platform markets, but those proposals have gained little traction with enforcers. The European Union has never formally adopted this type of remedy. Although some have proposed other, arguably equally “radical,” tools to address anticompetitive conduct, quarantine remedies remain outside the EU’s competition-law toolkit.

Yet abandoning the label has not eliminated the underlying effect. Modern enforcement often produces functionally similar outcomes. Even when agencies do not describe them in these terms, several actions have blocked or significantly impeded dominant firms from entering emerging markets.

This disconnect reflects a familiar feature—perhaps a bug—of antitrust enforcement. Antitrust rules often diverge from how authorities apply them, as Dan Crane has shown. Remedies designed to address one concern can produce very different effects in practice. In particular, efforts to level the playing field in digital markets may create de facto quarantine remedies. Those outcomes can limit entry into adjacent markets and weaken competition.

Read the full piece here.

The Live Nation/Ticketmaster antitrust trial now presents a paradox. The U.S. Department of Justice (DOJ) reportedly has settled its claims, yet the litigation continues—with a skeptical judge and 32 state plaintiffs still pressing for a breakup. That unusual posture raises deeper concerns about economics, separation of powers, and the limits of antitrust federalism.

U.S. District Judge Arum Subramanian, who reportedly described the DOJ–Live Nation/Ticketmaster settlement as “absolutely unacceptable,” will continue to preside over the trial with the existing jury. Reports indicate that the judge was frustrated by what he described as a “lack of communication” regarding the DOJ’s settlement negotiations with Live Nation.

The handling of the LNTM case raises serious questions about economic efficiency and the separation of powers. A judicial order requiring divestiture of Ticketmaster also would create significant antitrust federalism tensions.

Read the full piece here.

TL;DR

Background: Several states, including New York, are considering “grocery pricing fairness” legislation aimed at supporting small independent grocers. These proposals—such as New York’s Senate Bill S8563—would require large grocery suppliers to offer identical prices and contract terms to all retailers that purchase the same quantity of goods. Supporters argue that large retailers use their buying power to secure discounts that squeeze smaller stores and contribute to food deserts in low-income communities.

But… Mandating identical wholesale pricing removes suppliers’ incentive to offer discounts and would likely raise grocery prices across the board. In competitive markets, price differences typically reflect real efficiencies. Large retailers that buy in high volumes sharply reduce suppliers’ distribution and marketing costs. 

Laws that require suppliers to extend any discount immediately to all buyers would discourage discounting altogether. Suppliers would instead adopt uniform—and higher—prices to reduce legal risk. The so-called “waterbed effect” invoked to justify this legislation has extremely limited empirical support.

Moreover… The bills’ strict disclosure requirements could unintentionally weaken competition. By forcing suppliers to share ostensibly anonymized pricing terms, the legislation may facilitate price coordination. Economic research shows that greater price transparency in concentrated markets makes it easier for firms to detect deviations from prevailing price levels. That dynamic discourages competitive discounting and can lead to higher average prices for consumers.

KEY TAKEAWAYS

A Leaky Theory

Proponents of pricing-fairness bills argue that when dominant retailers secure deep wholesale discounts, suppliers offset the lost revenue by charging smaller grocers higher prices. This “waterbed effect” claims discounts for large buyers force suppliers to raise prices for smaller ones, harming consumers overall. The theory applies only under narrow market conditions that these state bills do not empirically establish.

In practice, suppliers price based on what each buyer is willing and able to pay. If suppliers could profitably charge small grocers more, standard microeconomic theory suggests they would already do so.

Courts and regulators have also rejected the theory in real-world cases. In DeHoog v. Anheuser-Busch InBev, the court dismissed a waterbed claim as overly speculative, noting that antitrust law protects allegedly squeezed sellers—not the buyer’s competitors. Likewise, the United Kingdom’s Competition Commission investigated the grocery sector and found “little evidence” of an immediate waterbed effect, concluding the theory had limited practical relevance in retail food markets.

Transparency’s Dark Side

Legislation like New York’s S8563 would require large suppliers to provide anonymized terms of sale from contracts with dominant retailers within 14 days of a formal request. Lawmakers frame the requirement as a transparency measure. Turning highly competitive, private pricing information into a quasi-public document risks enabling market coordination.

Nobel laureate George Stigler’s foundational paper, “A Theory of Oligopoly,” explains why. Sustained coordination in concentrated markets depends on firms’ ability to detect deviations from a shared pricing norm. When companies can readily observe each other’s pricing, the threat of rapid retaliation becomes credible. The incentive to undercut coordinated prices largely disappears.

The assumption that these disclosures can remain truly “anonymized” is also outdated. Recent peer-reviewed research shows that large language models can readily re-identify corporate entities from supposedly anonymized text.

The Discount That Disappears

If the law forces suppliers to extend identical wholesale discounts to all buyers—regardless of genuine economic efficiencies like predictable bulk ordering or streamlined logistics—suppliers will respond rationally. They will eliminate targeted discounts and move to uniform, higher prices. Standardizing prices in this way would have strongly regressive effects.

Economist Emek Basker reviewed the grocery-retail literature and found that Walmart’s grocery prices are typically about 10% lower than those of its competitors. Walmart’s entry into a local market also forces incumbent traditional stores to cut prices by 1% to 3%.

Jerry Hausman and Ephraim Leibtag used comprehensive household panel data to estimate that large-format supercenters generate substantial consumer-welfare gains, with disproportionately large benefits for low-income households. Legislation that effectively bans the volume discounts supporting these large-format stores would quickly erase that retail price advantage—imposing the greatest burden on the same low-income consumers the bills claim to protect.

Looking in the Wrong Aisle

These bills are partly justified as a response to “food deserts”—areas with limited access to affordable, nutritious food. Robust empirical research suggests wholesale pricing differences play only a minor role in long-term nutritional inequality.

Economist Hunt Allcott and his co-authors simulated what would happen if low-income households had the same physical store access and identical prices as higher-income households. They found that equalizing access and prices would reduce overall nutritional inequality by only about 10%. The remaining 90% reflects persistent differences in consumer demand patterns.

Legislation that targets wholesale grocery pricing therefore operates on the margins and does little to address the deeper causes of localized food deserts.

Discounts on Trial

The enforcement mechanisms embedded in these bills—such as private lawsuits and treble damages for perceived violations—create substantial litigation risk that will deter procompetitive behavior.

The bipartisan Antitrust Modernization Commission’s 2007 report documented a nearly identical dynamic under the federal Robinson-Patman Act. The commission found that the constant threat of litigation led risk-averse firms to abandon aggressive discounting, resulting in higher prices for consumers.

Policymakers seeking to improve food access should instead pursue targeted interventions, such as municipal zoning reforms and improvements to transit networks.

For further analysis, see the ICLE issue brief “The Waterbed Effect and the Price of ‘Pricing Fairness.’”

Earlier this month, Federal Communications Commission (FCC) Chairman Brendan Carr asked a pointed question: what happens to local broadcasting if live sports keep migrating to streaming platforms?

In a public notice, the FCC seeks comment on sports-broadcasting practices and market developments. The agency focuses on the growing shift of live sports from national broadcast networks to online streaming services—either simulcast alongside local broadcasts or offered exclusively online. The FCC worries that this shift could weaken local broadcasters’ ability to remain solvent and to fund local news and public-affairs coverage.

Those concerns carry some weight. Viewers have steadily moved away from traditional linear television toward on-demand streaming. As audiences fragment, linear-TV viewership has fallen sharply. Live sports have long resisted that trend. Because sports unfold in real time, they remain one of the few categories that still anchor the linear-TV model. As leagues and distributors move those games to streaming platforms, local broadcasters risk losing both viewers and the advertising revenue that supports their local programming.

The FCC’s concern, though, applies to local broadcasting as a distribution channel—not to the underlying production of local content. Just as television shows and movies migrated online, local news and community commentary increasingly appear on digital platforms. Local bloggers, YouTubers, and independent outlets now perform many of the same functions once dominated by local television anchors, often tailoring coverage to niche community interests. Even if local broadcast stations struggle, the overall production of local content may continue to expand.

Broadcast television could still play a role in the sports ecosystem. Many fans do not want to subscribe to multiple streaming services just to follow their teams. For those viewers, some franchises might prefer broadcast deals with local stations that offer broader reach. League-wide rules often restrict those arrangements. Ordinarily, such collective restraints would face antitrust scrutiny. Joint agreements among teams in the four major U.S. professional leagues—the National Football League (NFL), National Basketball Association (NBA), Major League Baseball (MLB), and National Hockey League (NHL)—receive special treatment under federal law. The Sports Broadcasting Act (SBA) exempts certain league agreements for “sponsored telecasting” from antitrust liability.

If federal policymakers want to give local broadcasters a fair chance to compete with digital rivals, Congress should reconsider that exemption. Repealing the SBA would subject league-wide broadcast restrictions to antitrust law’s rule-of-reason analysis. If those restraints genuinely enhance competition, courts will uphold them. If they do not, the law should not shield them.

Read the full piece here.

The European Commission’s first major enforcement action under the Digital Services Act (DSA) offers an early glimpse of how the European Union intends to regulate large digital platforms—and how far that approach may diverge from the U.S. model.

The DSA is an EU regulation governing how online intermediary services operate, including social-media platforms, online marketplaces, app stores, and online booking services. Because it is a regulation rather than a directive, it applies directly across all EU Member States and does not require each country to pass its own implementing law. Rather than focusing primarily on whether specific pieces of content are legal or illegal, the DSA targets how platforms are structured and run. Oversight extends to how “very large online platforms” (VLOPs) design their interfaces, how transparent they are about advertising, and how accessible their data is to outside scrutiny. The DSA classifies platforms with at least 45 million monthly active users in the EU as VLOPs.

The European Commission’s enforcement action against X marks the first major attempt to apply this framework in practice. In April 2023, the Commission designated X (formerly Twitter) as a VLOP pursuant to Article 33(4) of the DSA. In December 2025, the Commission fined X €120 million for “breaching its transparency obligations under the Digital Services Act (DSA).” The Commission cited three alleged infringements: the design of X’s “blue checkmark,” deficiencies in its advertising-transparency tools, and restrictions on researchers’ access to public data.

The decision offers an early case study of how the DSA may be enforced. It also raises broader questions about the scope of EU platform regulation, the role of transparency as a regulatory tool, and the growing divergence between European and U.S. approaches to governing digital markets.

Understanding the decision requires understanding what the DSA does—and does not—do. The regulation does not redefine what speech is legal or illegal; those determinations remain governed by existing EU and national law. Instead, the DSA imposes procedural and structural obligations on large platforms aimed at creating a safer, more transparent, and more accountable online environment. In practice, that means requiring transparency tools, systemic-risk assessments, and data-access mechanisms designed to make platform operations more visible and subject to outside scrutiny.

Read the full piece here.

Canada’s economy doesn’t labour under the burden of too much economic muscle. It suffers from too little.

In the opening months of 2026, corporate Canada has shown rare signs of momentum. Firms have moved to bulk up, cut costs, and compete in a world where scale often determines who survives. Eldorado Gold’s $3.8-billion bid for Foran Mining and Ricoh Canada’s acquisition of ET Group reflect the same instinct: grow or get left behind on the global stage.

That instinct now runs straight into Ottawa.

With the Competition Bureau’s Feb. 11 deadline for public comment passed, its draft Merger Enforcement Guidelines reveal a sharp turn toward rigid, interventionist enforcement. The Bureau promises lower prices and stronger competition. Instead, it advances a guilty-until-proven-innocent framework that treats size itself as suspect. For a country mired in a productivity slump, this is the wrong fight at the wrong moment.

Read the full piece here.

Meta’s decision to limit third-party AI access to WhatsApp Business has quickly drawn antitrust scrutiny across multiple jurisdictions. The Common Market for Eastern and Southern Africa (COMESA) Competition and Consumer Commission (CCCC) is the latest authority to open an investigation. But before the case can answer whether Meta’s conduct harms competition, a more basic question arises: what theory of harm actually fits the facts?

The CCCC on Feb. 17 announced an investigation into Meta Platforms Ireland Ltd. for alleged abuse of dominance. The probe stems from Meta’s October 2025 amendment to its WhatsApp Business Solution Terms. Those changes prohibit providers of general-purpose artificial-intelligence (AI) services from accessing WhatsApp’s Business Application Programming Interface (API), while—according to the commission—“preserving and preferentially integrating Meta’s own AI service.”

The European Commission and Italy’s Autorità Garante della Concorrenza e del Mercato (AGCM) had already opened proceedings on the same issue. COMESA’s notice followed, echoing those concerns.

Competition investigations of large technology platforms have become routine. Routine scrutiny does not, however, guarantee sound analysis or procompetitive outcomes. The COMESA notice appears to apply the wrong doctrinal standard—a mistake that could undermine the investigation’s aim of protecting competition and consumers.

Even setting that error aside, the available theories of harm face serious obstacles on the current facts. This post examines those difficulties and asks whether any coherent theory ultimately survives.

Read the full piece here.

TL;DR

Background: State legislatures are increasingly targeting digital “stickiness” with mandates for data portability and technical interoperability. Supporters argue these rules reduce switching costs by letting users move their digital lives between services. Utah enacted such a law in 2025. Other states—including Virginia, through SB 85—are considering measures that would require platforms to maintain continuous, third-party-accessible interfaces for real-time data sharing.

But… These mandates rest on a flawed premise: that data is a modular asset that can be extracted without affecting the service that generates it. In practice, requiring “continuous” and “real-time” access through open protocols turns secure, closed systems into permanent “live wires” for third-party extraction.This design also creates a privacy externality. When one user ports a social graph, they export the private interactions and metadata of their entire network—including people who never consented to third-party transfers.

Moreover… Mandatory interoperability can undermine the consumer-protection goals it claims to advance. If platforms must interoperate with any third-party service that meets a vague technical threshold, they lose the ability to screen for bad actors or insecure operators. The result is a regulatory loophole. Once data moves, it may fall under the recipient’s potentially nonexistent privacy protections—bypassing the safeguards users expect from established platforms.

KEY TAKEAWAYS

The Social Graph Privacy Problem

Social data is relational, not purely individual. Many proposals define “social graph data” broadly to include connections, mentions, and “responses to the content of other users.” As Mikolaj Barczentewicz notes, this conflicts with existing privacy frameworks.

If Person A moves their data to an insecure startup, the private messages, shared photos, and threaded comments of Person B—who remains on the original platform—may be exported without Person B’s knowledge or consent.

This “multi-party data” problem strips nonconsenting users of meaningful control over their digital footprint. By treating shared interactions as the property of a single porting user, these bills ignore the privacy externalities inherent in networked platforms. The result risks turning data portability into a mechanism for large-scale, unauthorized data harvesting.

Security Risks and Technical Limits

Mandating “continuous, real-time” data sharing through open APIs would sharply expand cybersecurity risks. Moving from occasional downloads to always-on access points creates a much larger attack surface. Many proposals also include “non-discrimination” or “equal access” provisions that could prevent platforms from vetting third-party recipients.

A breach at a single poorly secured recipient could expose the data of millions of users on the original platform.

These mandates also strain platform-specific content-moderation systems. Moderation tools rely on signals and norms unique to each service. Forcing data and content across platforms pushes those systems into environments they were not designed to govern.

The result is an enforcement gap. Authorities have limited ability to monitor misuse of open interfaces in real time, particularly when bad actors operate outside the United States. Receiving platforms may also lack the capacity—or the incentive—to moderate imported content. A weakly secured or malicious recipient could exploit mandated access points to extract data or spread harmful content at scale.

Applying these mandates to AI systems introduces additional problems. Modern large language models (LLMs) use different architectures, and no standard format exists for transferring contextual data or model-generated inferences among them. An output from one model may be unusable to another.

Mandating such transfers would not meaningfully improve portability. Instead, it risks exposing proprietary information—including trade secrets and model-weighting structures—effectively forcing firms to disclose core intellectual property in the name of “user choice.”

Constitutional Limits

State interoperability mandates raise serious constitutional and federalism concerns. Requiring a global digital platform to redesign its architecture to satisfy a single state’s rules may violate the Dormant Commerce Clause. Because digital services operate nationally and internationally, a state-level mandate could effectively impose a national design standard.

As Geoffrey Manne notes, forced infrastructure sharing is an extraordinary remedy traditionally reserved for “essential facilities” or natural monopolies. Modern social-media and AI platforms do not meet that standard under antitrust law. Requiring firms to open proprietary servers to third parties may also raise Fifth Amendment concerns as an uncompensated taking and implicate First Amendment editorial discretion.

The analogy often invoked to justify these mandates—telephone-number portability—fails. Telephone numbers are standardized identifiers within a single regulated network. Social-media platforms are heterogeneous services built around distinct norms, interaction models, and expressive environments.

A pseudonymous discussion thread on Reddit serves a different function from a professional profile on LinkedIn or an ephemeral story on Instagram. Users maintain separate identities across these services because the platforms are intentionally differentiated products serving distinct communicative purposes.

Treating them as interchangeable commodities subject to common-carrier-style mandates imposes a legal fiction of functional equivalence. In practice, it would force platforms to restructure both their technical architecture and editorial environments—raising core First Amendment concerns about compelled speech and association.

The Burden of Proof

These mandates prioritize protecting nascent competitors over protecting consumers. By elevating “openness” above architectural integrity, lawmakers risk weakening the secure, moderated environments users rely on.

Forced interoperability at scale remains an untested, high-risk experiment. It could expose users to systemic privacy and security harms while delivering only speculative economic benefits. The more likely result is a race to the bottom in privacy and security standards.

States considering Utah’s approach should note an important signal: Utah amended the law before it even took effect. Genuine user empowerment requires identifying a real problem, not imposing technical mandates that trade measurable harms for uncertain gains.

The burden of proof rests with the mandates’ proponents. So far, that burden remains unmet.

For more on this issue, see “ICLE Comments to the Virginia Senate on SB 85” and Mikolaj Barczentewicz’s blog post at Truth on the Market “Privacy and Security Risks of Interoperability and Sideloading Mandates.”

The U.S. Department of Justice (DOJ) and U.S. Patent and Trademark Office’s (USPTO) Feb. 27 joint statement of interest in Collision Communications v. Samsung signals a possible shift back toward the first Trump administration’s “New Madison Approach” to patent policy. That framework—largely abandoned during the Biden administration—treated patents as property rights and defended the central role of injunctions in protecting them.

The filing suggests the current administration may be moving to restore that approach. If so, the implications for patent remedies—and for innovation policy more broadly—could be significant.

A brief look at the economic role of patent injunctions, and at what the Collision Communications statement of interest (CCSOI) actually says, helps explain why. It also raises the possibility that even stronger pro-patent initiatives may soon follow.

Read the full piece here.

Peruvian competition law and policy proved relatively quiet in 2025, especially compared with the turbulence of recent years. The calm cut both ways. On the positive side, the year brought institutional stability. Leadership at the National Institute for the Defense of Competition and the Protection of Intellectual Property (INDECOPI) remained unchanged, and no publicly visible threats to the agency’s independence emerged. In a country marked by persistent political instability—and in a region where competition authorities often face political pressure—such continuity should not be taken for granted.

The downside was limited enforcement. The agency brought relatively few anticompetitive-conduct cases, and both cartel and abuse-of-dominance investigations moved slowly. Resource allocation likely explains part of the shift. Merger control, unlike conduct enforcement, runs on strict statutory deadlines and requires prompt decisions to avoid chilling investment. INDECOPI appears to have prioritized those proceedings. The Commission for the Defense of Free Competition (the “Commission”) handled merger review in a timely and technically sound manner throughout the year.

The year also revived a recurring institutional debate. Congress again considered a constitutional reform that would grant INDECOPI autonomous constitutional status. The proposal failed to secure the qualified majority required for constitutional amendment, meaning adoption would now require a referendum—a difficult path for a technical institutional reform. If approved, the change could strengthen the agency’s institutional, technical, and budgetary autonomy. Greater budgetary independence, in particular, may prove necessary if the authority is to expand its capacity to pursue complex anticompetitive conduct, especially cartel cases.

Meanwhile, the Commission continued to rely on soft-law instruments. It published market studies and guidelines aimed at competition advocacy and at providing greater legal certainty to market participants.

Read the full piece here.

The Federal Trade Commission (FTC) has a new plan to “protect children online.” It starts by relaxing enforcement of the very privacy law designed to protect them.

In a new enforcement policy statement on the Children’s Online Privacy Protection Act (COPPA), the FTC signals that it will decline to pursue enforcement actions against companies that collect personal information for age-verification purposes before obtaining verifiable parental consent (VPC). In effect, the agency is inviting companies to gather additional data—including from children—in order to determine users’ ages.

That move sits uneasily with COPPA’s statutory design. It also reflects a broader policy shift: rather than mandating age verification directly, the FTC appears to be encouraging it indirectly through selective non-enforcement.

Read the full piece here.

Resumen: Los mercados de fabricación semiconductores se encuentran entre los más importantes y, paradójicamente, menos estudiados y comprendidos del mundo. Consideramos que un análisis estático de estos mercados (tradicionalmente sustentado en métricas de concentración y cuotas de mercado), ofreciendo una imagen incompleta de cómo funciona realmente esta industria.

El presente artículo reseña un paper recientemente publicado por los autores (en coautoría con David J. Teece) que examina la evolución de la industria de fabricación de semiconductores a la luz de las fuerzas tecnológicas y económicas detrás de la denominada “Ley de Moore” y la menos conocida “Ley de Rock”.

Nuestros hallazgos demuestran que se trata de una industria definida por competencia “schumpeteriana”: una rivalidad impulsada por innovación continua donde el liderazgo debe re-ganarse en cada generación tecnológica. Aunque presenta barreras de entrada significativas y dinámicas “winner-takes-most”, la competencia se entiende mejor como una serie de carreras recurrentes por el mercado, en lugar de una rivalidad estática en el mercado.

Read the full piece here.

TL;DR

Background: America’s telecommunications landscape has moved from copper-based “plain old telephone service” (POTS) to fiber-optic and wireless networks. Yet the Federal Communications Commission (FCC) still enforces legacy rules—particularly under Sections 214 and 251 of the Communications Act—that require carriers to keep aging copper lines in service.

In recent research, Eric Fruits and Brian Albrecht of the International Center for Law & Economics (ICLE) show these requirements force providers to maintain networks for a small, shrinking subscriber base. As customers leave copper, per-user costs rise, distorting investment and competition. 

But… The policy ignores consumers’ revealed preferences. Americans have largely abandoned landlines for mobile and Voice over Internet Protocol (VoIP) services. By 2024, about 79% of adults lived in wireless-only households, while fewer than 1% relied exclusively on landlines. Maintaining a parallel, obsolete network acts as a hidden tax on infrastructure investment, diverting capital and skilled labor from expanding fiber and other modern technologies that could help close the digital divide.

Moreover… Keeping copper networks creates a public-safety risk. As the global price of copper climbed toward $6 per pound in early 2026, theft of telecommunications wiring surged. Each incident costs an average of $8,735 to repair and can trigger outages that disrupt 911 systems, hospital communications, and military facilities. By compelling carriers to maintain copper lines, regulators leave a ready supply of valuable metal in the ground—effectively subsidizing organized theft and undermining the public-safety goals the rules aim to advance.

KEY TAKEAWAYS

Consumers Have Moved On

The FCC’s most recent “Voice Telephone Services” report shows how quickly the market has changed. From 2014 to 2024, subscribers using switched-access lines fell 77%, from nearly 73 million to just over 16 million. Copper local-loop—or “last-mile”—connections declined even faster, dropping 81% from almost 66 million to about 12.5 million.

Copper’s share of the remaining wireline market also shrank. In 2014, 60% of wireline subscribers relied on copper last-mile connections; by 2024, only 28% did. Over the same period, mobile subscriptions rose from 322 million to 391 million, a 21% increase.

The Centers for Disease Control and Prevention’s (CDC) National Health Interview Survey confirms the consumer response. In 2024, about 79% of adults lived in wireless-only households, while just 0.9% lived in landline-only households.

Copper’s Hidden Costs

Maintaining a legacy network is not just a cost of doing business—it materially drains revenue. AT&T reported spending about $6 billion in 2023—roughly 5% of total revenue—to keep its copper network operating. In California alone, the company spends about $1 billion per year to serve customers who now account for roughly 3% of households in its service territory.

Much of the expense reflects copper’s fragility. Unlike fiber, copper is vulnerable to moisture and corrosion, requiring frequent “truck rolls” (maintenance dispatches) that cost $150 to $500 per visit. Verizon, by contrast, found that migrating customers to fiber cut maintenance dispatches 60%, producing about $180 million in annual operational savings. In 2025, the International Center for Law & Economics (ICLE) filed comments with the FCC noting that these savings could fund next-generation deployment rather than continued “firefighting” of deteriorating 20th-century technology.

Copper’s Energy Penalty

Legacy copper systems use far more energy than modern networks. Transmitting electrical signals over long distances and powering aging central-office equipment requires substantial electricity. Altafiber (formerly Cincinnati Bell) reported that its copper network uses about 172 kWh per subscriber each year, compared with 6 kWh for fiber—a 97% reduction in energy intensity.

AT&T estimates its shift from copper to fiber saved 340,000 megawatt-hours of electricity in 2024 alone. A Ramboll report similarly finds fiber at least 100 times more energy-efficient than copper during operation. Requiring carriers to keep copper networks running conflicts with environmental and net-zero goals, as legacy switches consume eight to 10 times the energy of the servers that replace them.

Obsolete Hardware, Rising Risk

Delayed retirement also means relying on obsolete hardware. Major switching systems, including the Lucent 5ESS and the Nortel DMS-100, have not been manufactured for decades. Nortel filed for bankruptcy in 2009, and Siemens issued “Product Phase Out” notices for its digital switches as early as 2007.

Carriers now scour secondary markets for refurbished parts. In one case, Tinker Air Force Base had to buy replacement switching components on eBay because they were no longer commercially available. Dependence on this gray market creates reliability risks and raises labor costs, as fewer technicians still possess the specialized knowledge needed to maintain legacy equipment.

Let Copper Retire

ICLE’s 202 comments to the FCC urged the agency to use its Section 10 forbearance authority. ICLE asked the commission to waive network-change notice rules under Section 251(c)(5) and service-discontinuance requirements under Section 214 where competitive alternatives exist. The comments argued current rules create unnecessary transaction costs and deadweight loss—economic value destroyed by regulation rather than market failure.

International evidence points the same way. A 2020 WIK-Consult study for the FTTH Council Europe found notice periods of up to five years significantly delayed copper retirement even where fiber was widely available, and recommended shorter timelines where coverage exists. An Accenture analysis for Australia’s government-owned broadband operator projected AU$10.4 billion in cumulative GDP gains from 2026 to 2034 from completing its fiber upgrade.

Fruits and Albrecht note in their ICLE issue brief that remaining copper subscribers—often older and more rural—deserve attention during any transition. The FCC’s proposed framework addresses this through notice and the availability of wireless and Voice over Internet Protocol (VoIP) alternatives. The policy question, the brief explains, is not whether transition costs exist but whether they justify spending billions each year to maintain infrastructure serving a shrinking customer base that is already leaving voluntarily.

For more on this issue, see Eric Fruits and Brian Albrecht’s ICLE issue brief “Paying to Stand Still: Legacy Copper Mandates in a Fiber World” and ICLE’s August 2025 comments to the FCC on “Reducing Barriers to Network Improvements and Service Changes.”

Abstract

What is adaptive regulation? Why does it matter? How can it be measured, and how can regulation be made more adaptive? I answer each of these four questions.

Read the full piece at SSRN.

Abstract

This essay traces the evolution of online consumer protection from the opening of the Internet to commerce in the mid-1990s through to the challenges posed by artificial intelligence, arguing that trust has always been the central problem and that entrepreneurs, driven by competitive pressure and consumer demand, have repeatedly built the solutions.

I. Trust and Online Commerce

Until the mid-1990s, there was only a modest need for “online consumer protection” because the Internet was essentially free from commerce.[1] This was by design: the main U.S. Internet backbone was operated by the National Science Foundation, which applied an acceptable use policy that restricted commercial activity.[2] In 1992, Congress amended the NSF’s statutory authority to permit the Internet to be used for “additional purposes.”[3] Three years later, the NSF shut down NSFNET, after which the acceptable use policy no longer applied as all Internet traffic ran over commercial backbones.[4]

Once Internet commerce was no longer prohibited, entrepreneurs quickly identified ways to make it possible. For any form of commerce, the key challenge is establishing trust between parties. In-person, trust is built by repetition, reputation, reliable identification, and legal protection. Reputation creates incentives for vendors to maintain quality. Reliable identification is fundamental: without it, repetition is impossible, reputation irrelevant, and legal enforcement futile.[5]

The first attempts to solve the trust problem came from private networks such as CompuServe, Prodigy, and America Online, which starting in the mid-1980s created walled gardens with secure dialup connections, limiting purchases to authorized parties and leveraging their brands and partnerships with brick-and-mortar companies.[6] But this walled garden approach limited users to a single network, constraining the scale of commerce. Outside these gardens, traditional trust mechanisms were largely absent. Building the commercial internet required new tools.

A. Identity and Security

The first challenge was enabling consumers to verify that a website is what it claims to be and that communications are secure. The solution, developed by Taher Elgamal’s team at Netscape, was Secure Sockets Layer (“SSL”), which used public key infrastructure (“PKI”) to authenticate websites through digital certificates and asymmetric cryptography.

When you visit a website over HTTPS (now using transport layer security (“TLS”) rather than SSL but the model remains the same), the server presents a digital certificate that contains the site’s public key, its domain name, and crucially, a digital signature from a Certificate Authority (“CA”).[7] The browser, which maintains a list of trusted CA root certificates, can then verify the certificate by tracing it back to a trusted root.

SSL (and later TLS) also encrypted information between browser and server. The padlock icon in the browser URL bar reassured users that their connection was secure.

B. User Ratings as a Means of Enhancing Trust

User ratings are now so ubiquitous as to seem inseparable from the web. The first significant deployment appears to have been the “feedback forum” that Pierre Omidyar introduced on eBay in February 1996. At launch, he included this note:

“Most people are honest. And they mean well. Some people go out of their way to make things right. I’ve heard great stories about the honesty of people here. But some people are dishonest. Or deceptive. This is true here, in the newsgroups, in the classifieds, and right next door. It’s a fact of life. But here, those people can’t hide. We’ll drive them away. Protect others from them. This grand hope depends on your active participation. Become a registered user. Use our feedback forum. Give praise where it is due; make complaints where appropriate.”[8]

The forum became very popular and Omidyar credits it with much of eBay’s success because it enabled users to generate trust with one another.[9] User ratings also became intrinsic to the success of many other web businesses, including Amazon, Uber, and Airbnb.

Online ratings systems are of course far from perfect and sites must continuously invest in innovation not only to improve their effectiveness but also to avoid contamination from fake reviews (whether generated by humans or bots). Examples of such innovations include: verification of purchase, verification of reviewer, proofs of humanity (e.g. Captcha), and AI-based fraud detection.[10]  But the granularity of user ratings and the degree to which they enable preference matching, combined with the continuous improvements that websites and apps must develop and implement arguably makes them superior to other forms of regulation — especially top-down licenses.[11]

C. Credit Cards, Online Security and Trust

Online commerce requires a means of payment. Early attempts at online money relied on centralized accounts, which floundered for the same reason as the walled gardens: the inability to transact outside a closed network.

Credit cards offered a ready-made solution. Card networks needed only to adapt rules already developed for “card not present” (“CNP”) transactions such as telephone sales.

Merchants trust card issuers because they credibly commit to pay as long as the merchant authenticates properly and consumers find card issuers’ zero-liability fraud guarantees attractive for online transactions.

But Internet transactions posed novel problems: issuers and cardholders feared stolen card details, while merchants feared chargebacks from fraudulent use. Enhanced security on both sides was needed. As noted, SSL/TLS provided part of that solution. Payment networks supplemented these first with their own security standards and then in 2004 with PCI DSS.[12]

Another piece of the puzzle was solved in 1999 with the launch of PayPal, whose most important function has been as a payment gateway — a trusted intermediary processing card payments. Many other online payment gateways, including Worldpay, Stripe, and Square/Block, also now act as a trust layer in the online payments ecosystem.[13]

D. Peer-to-Peer Payments, Stablecoins and Escrow

Over the past 20 years, peer-to-peer systems such as PayPal, Venmo, CashApp, Google Pay, and Apple Cash have become increasingly popular for paying for goods and services, with similar services in India, China, Thailand, Brazil, and elsewhere.[14] Stablecoins are beginning to offer similar functionality, especially in jurisdictions with high inflation.

The near-instant payment finality of such systems is advantageous between trusted counterparties. But for transactions with significant counterparty risk — unknown vendors, undelivered goods, uncertain quality — irreversibility becomes a problem.

In the U.S. and Europe, credit card chargebacks addressed this. In China, where credit card penetration was low, Alibaba developed AliPay in 2003 as a micro-escrow service holding funds until receipt is acknowledged. Similar escrow systems might address counterparty risk for real-time payments and stablecoins.

II. The Implications of AI

The increasingly widespread use of sophisticated AIs presents new issues for online consumer protection. As with the emergent Internet in the mid-1990s, the key issue is trust. In this case, there are three related problems: First, can we trust that the material being presented to us is real (or at least not generated by AI)? Second, can websites trust that the entities seeking to interact with them are real humans (or at least bots authorized to act by real humans)? Third, how can either side trust that the counterparty is who they say they are?

A. Digital Content Credentials and Digital Watermarks

One way to ensure that a digital object was made by a human is for the creator to apply a digital content credential. These use cryptographic signatures to create an auditable history of content (audio, video, text, etc.), documenting who and/or what produced it and altered it.

The most significant such project is the Coalition for Content Provenance and Authenticity (C2PA), with over 5,000 members including Adobe, Google, Meta, Microsoft, OpenAI, and Sony. C2PA uses PKI to establish the origin and history of digital content.[15] C2PA digital credentials are embedded in metadata, so are not part of the content itself, but can be identified by software capable of authenticating the claims.[16] The C2PA standard is open source, so can be implemented by anyone without payment (as long as they abide by the requirements of the Creative Commons license).

OpenAI and Google add C2PA metadata to all visual content produced by their models.[17] As such, an unadulterated image produced by their models should be detectable as such by using a browser extension or C2PA’s tool. However, at least at the time of writing adoption of the browser extension seems muted to say the least (the Chrome version reports 1,000 users).[18]

Surveys suggest about three quarters of consumers in the U.S. are concerned about the authenticity of content.[19] Despite this and despite wide membership on the content side, however, so far there is little evidence of uptake of C2PA or other content authentication systems among content producers, distributors or consumers.[20]

One reason for low consumer-side adoption may be that metadata can be stripped when copying, making C2PA in its original form unreliable. To address this, companies have developed digital watermarks embedded imperceptibly in content itself. Google’s SynthID, for example, attaches unique identifiers to pixels in AI-generated images.[21] Meanwhile, the revised C2PA standard adds a digital watermark or “soft binding,” which acts as a bridge between the asset and its original metadata. If the asset’s metadata is stripped, the watermark can be detected by compatible software, which then queries a “Manifest Repository” to restore the original Content Credentials.

Another explanation is that it is early days. When SSL was first introduced, only ecommerce sites used it. Adoption was gradual until 2014, when Cloudflare’s free Universal SSL reportedly doubled it almost overnight. Similar factors — demonstrable benefits, wider availability, and reduced costs — will likely drive adoption of content authenticity standards.[22]

On the other hand, we might simply learn to live with most forms of AI adulteration, much as CGI is taken for granted in film, and synthesizers and electronic manipulation are widely accepted in music. In that case, the role of identifiers such C2PA and AI detection might be limited to the prevention and prosecution of IP theft and impersonation.

B. The Bot Wars

The problem of bots seeking to fool websites goes back to 1997, when spammers manipulated AltaVista’s search rankings by mass-submitting URLs. AltaVista responded by requiring users to recognize characters displayed so that bots could not easily interpret them.[23]

In the early 2000s, at the request of Yahoo!, Louis van Ahn and colleagues at Carnegie Mellon University developed the Completely Automated Public Turing test to tell Humans and Computers Apart (“CAPTCHA”), which required website users to perform tasks that would be easy for humans but impossible for computers — originally recognition of a word displayed in a manner similar to the AltaVista solution.[24] The first commercial implementation of CAPTCHA was the Gausebeck-Levchin test implemented by PayPal in 2001 to prevent bots from creating fraudulent accounts.[25]

Programmers quickly developed algorithms to defeat CAPTCHAs, sparking an arms race. In 2007, von Ahn developed reCAPTCHA, displaying two words — one known to the computer, one unknown. Aggregating user responses improved machine text recognition. In 2009, von Ahn sold reCAPTCHA to Google, which used it for Google Books and other recognition projects. Von Ahn and Google had strong incentives to ensure reCAPTCHA was effective while minimizing friction, because doing so maximized its use and thereby its value.[26][27][28]

The past 20 years has seen an arms race between CAPTCHA systems and AI. In 2018, Intuition Machines launched a competitor, hCaptcha, which requires users to identify a series of objects and is adaptive to user responses, making it highly effective against AI models. hCaptcha also has an inherently privacy-preserving design; in contrast to Google’s reCAPTCHA, its main source of revenue is the sale of labelled data to train AI models.[29] Also, unlike reCAPTCHA, which is merely free for most customers, hCaptcha pays high-volume websites.

Spam email was another bot-related problem. Matthew Prince and Lee Holloway established Project Honey Pot to track spam sources and enable blocking of malicious IP addresses. The project grew to track threats including DDoS attacks and its creators then developed it into a full-fledged solution called Cloudflare.[30]

Cloudflare’s solutions have become increasingly valuable to website hosts. W3Techs estimates that the company is now responsible for between 21 percent of all internet traff ic, up from about 4 percent in 2016, and represents over 80 percent of all reverse proxy server traffic.[31] In 2020, Cloudf lare switched from reCAPTCHA to hCaptcha, dramatically increasing demand for that service,[32] and in 2023 it switched again, this time to its own alternative called Turnstile.[33] Moreover, all the main bot protection services (reCAPTCHA, hCaptcha, and Turnstile) now offer versions that mainly work in the background, utilizing user analytics that enable them to distinguish humans from bots with considerable accuracy and minimal friction.

These systems protect users whose sensitive data would otherwise be at risk. Innovation driven by entrepreneurial insight and dynamic competition has produced a high level of consumer protection online — and these systems will continue to evolve as AI threats grow more sophisticated.

C.   Online Identity

The third concern raised by AI is its ability to mimic human identity. Criminals use generative AI to create fake identities for various frauds — most being modern versions of old scams such as the sham company: establish a fake company with a name similar to a real company, open a bank account, invoice for fictitious goods or services, transfer funds out immediately they are received, and shut down the company and accounts — leaving little trace of the fraudster’s identity.

Payments with instant finality (e.g. blockchain and real-time payments) and generative AI (which enables quick and easy creation of highly plausible fake IDs) have reduced the cost of implementing sham company frauds.

Fraudsters also use generative AI for impersonation of real humans in real time using deepfake voices and/or video. In one notable case, swindlers held a video call featuring deepfakes of the CFO and various colleagues of engineering firm Arup, thereby convincing an employee of the firm in Hong Kong to send $25 million to a sham company.[34]

Both these frauds are fundamentally examples of impersonation or passing off. While modern technology can make them easier and cheaper (and thereby increase the incentives to undertake them), it also offers solutions to such frauds. Multi-factor authentication (“MFA”) is one relatively simple and inexpensive measure that can be taken: requiring counterparties to prove their identity not only through voice or video but by sharing other trustworthy and ideally immutable evidence.

Similarly, in the case of sham company attacks, company registries that verify beneficial ownership can make such frauds more costly — and in principle make it easier to trace the perpetrators.

Unfortunately, standard MFA documents such a utility bills, drivers’ licenses, and passports can be spoofed by AI. These are widely used for “know your customer” (“KYC”) and beneficial ownership checks and, ironically, can expose personal information to fraudsters when emailed without encryption (as is common).

One form of authentication that is more difficult to spoof and reduces the risk of interception is an immutable digital identity, especially when it is linked to a reliable certificate authority (such as a registry that itself relies on MFA). Jurisdictions such as Estonia and Norway that have implemented such digital IDs have seen rates of fraud decline.[35]

A centralized digital ID registry creates a honeypot risk. Estonia addressed this with the X-Road, a decentralized data exchange architecture with multiple registries each containing limited data. Citizens use a PKI-based eID protected by 2FA: entering a PIN on a physical card unlocks a private key that digitally signs a challenge, confirming identity and authorizing access to specific database(s).[36]

Ideally, one would share a limited credential proving a required fact without revealing underlying personal data. Zero-knowledge proofs (ZKPs) enable this: proving a claim is true without disclosing the sensitive information behind it. Self-sovereign IDs such as Iden3 and PolygonID adopt this model, as does the Yivi app in the Netherlands.

D. AI Agents Creating Fake Human Identities

So far, we have focused mainly on ways in which humans might use AI tools to perpetrate and/or prevent fraud — and how cryptographic solutions can help defeat this threat. More worrying, perhaps, is the possibility of AIs masquerading as humans — a persistent theme of dystopian science fiction.

In principle, digital IDs that require biometric MFA (e.g. facial recognition) might overcome this problem, at least with respect to direct authorization. A further set of problems arise, however, in the context of agentic AIs acting on behalf of humans. First, there is the problem of humans trusting their agents to act as intended. Second, there is the problem of agents being trusted by counterparties.

The recent release of Claude Code, Cowork, OpenClaw, and similar products has created considerable excitement about the prospect that each of us will soon have an army of virtual assistants doing our bidding. At the same time, adoption has likely been slower than it would be if we could trust those agents to do what we want them to do – and if counterparties could reliably trust our agents.

The history of travel agents offers insights. Human agents maintain formal supplier relationships through accreditation  bodies such as ARC or IATA, posting bonds, carrying insurance, and assuming liability. If an agent fails to remit payment, suppliers claim against the bond. Accreditation and financial guarantees make suppliers willing to accept bookings without direct customer relationships.

Online travel agencies like Expedia digitized this model, obtaining the same accreditations and financial guarantees. Their bots were trusted not independently but as authorized arms of accredited, bonded entities.

The innovation was not in the trust model — which remained a known, financially accountable intermediary — but in scale and automation. The supplier trusts the intermediary, which manages all downstream risk.

Autonomous AI agents probably will not be trusted as independent actors anytime soon. Rather, they will operate under accountable intermediaries liable to suppliers. The supplier’s question remains: “do I trust this intermediary?”

This also offers insights into one possible solution to the first problem: trust as an emergent property of agents in general. If third party intermediaries act as a layer between AI agents and suppliers of goods and services, they would effectively signal to consumers which agents are trustworthy.

III. Conclusion

This brief survey of the history and current status of online consumer protection shows how entrepreneurs have addressed trust problems relating to online commerce and how they might now address similar problems in relation to AI.

These developments took place within background conditions favorable to decentralized market solutions: enforceable contracts and the removal of NSF barriers to online commerce. Absent these conditions, it is unclear that online commerce would have emerged as it did.

The specific innovations surveyed illustrate how entrepreneurs build and maintain architectures of trust when background conditions permit. If governments maintain those conditions, entrepreneurs can continue to develop trust architectures that support strong online consumer protection in a world of AI.

[1] See, e.g., Barry M. Leiner et al., Brief History of the Internet, Internet Soc’y (1997), https://www.internetsociety.org/internet/history-internet/brief-history-internet.

[2] National Sci. Found., NSFNET Backbone Servs. Acceptable Use Pol’y (June 1992); see also Nat’l Sci. Found. Off. of Inspector Gen., Review of NSFNET (Mar. 23, 1993).

[3] Scientific and Advanced-Technology Act of 1992, Pub. L. No. 102-476, 106 Stat. 2297 (amending the National Science Foundation Act of 1950 to authorize the National Science Foundation to support access to computer networks that “may be used substantially for additional purposes”).

[4] Susan R. Harris & Elise Gerich, Retiring the NSFNET Backbone Serv.: Chronicling the End of an Era, ConneXions (Apr. 1996), at 2–11. NSFNET was decommissioned Apr. 30, 1995.

[5] This dynamic is illustrated by a simple two-player game with the following payoffs: (cooperate, cooperate = 2,2; cooperate, defect = −1,3; defect, cooperate = 3,−1; defect, defect = 0,0). In a one-shot game without collusion, both players defect, yielding a payoff of 0 for each. If the game repeats indefinitely, however, each player has an incentive to cooperate, producing a payoff of 2 for both. See, e.g., Robert Axelrod & William D. Hamilton, The Evolution of Cooperation, 211 Science 1390 (1981).

[6] See, e.g., Shane Greenstein, How the Internet Became Commercial: Innovation, Privatization, and the Birth of a New Network 109–45 (2015) (describing the “walled-garden” model of early online services).

[7] A certificate authority (CA) acts as a trusted third party. Early providers included VeriSign and Thawte (which VeriSign acquired in 1999). Today, the most widely used CAs include Let’s Encrypt, GlobalSign, Sectigo, and GoDaddy. See, e.g., SSL Certificate Authorities Market Share, W3Techs, https://w3techs.com/technologies/history_overview/ssl_certificate.

[8] Pierre Omidyar, Founder’s Letter, eBay (Feb. 26, 1996), https://pages.ebay.co.uk/services/forum/feedback-foundersnote.html.

[9] Interview with Pierre Omidyar, Founder, eBay Inc., at 4:55, On Innovation (The Henry Ford YouTube channel), https://www.youtube.com/watch?v=RKVmsifohgM&t=295s.

[10] See, e.g., Amazon, How Amazon Is Using AI to Detect Fake Product Reviews and Ensure Authentic Customer Feedback (Aug. 27, 2024), https://www.aboutamazon.com/news/policy-news-views/how-ai-spots-fake-reviews-amazon (describing Amazon’s use of verified-purchase labels, large-language-model and graph-neural-network fraud detection, and expert investigators to block hundreds of millions of suspected fake reviews); Michael Luca & Georgios Zervas, Fake It Till You Make It: Reputation, Competition, and Yelp Review Fraud, 62 Mgmt. Sci. 3412 (2016) (finding that Yelp’s automated filter flagged about 16% of restaurant reviews as suspicious).

[11] Julian Morris, Consumer Protection in the 21st Century, ICLE Issue Brief 2023-02-24, at 1 (Feb. 24, 2023), https://laweconcenter.org/wp-content/uploads/2023/02/Morris-consumer-protection-in-the-21st-century-2-24-23.pdf.

[12] PCI Sec. Standards Council, https://www.pcisecuritystandards.org (last visited Feb. 19, 2026).

[13] PayPal Editorial Staff, What Is a Payment Gateway and How Does It Work?, PayPal Bus. Res. Ctr. (June 18, 2024), https://www.paypal.com/us/brc/article/what-is-a-payment-gateway.

[14] Julian Morris, Peer-to-Peer and Real-Time Payments: A Primer, ICLE Issue Brief (Aug. 21, 2023), https://laweconcenter.org/wp-content/uploads/2023/08/RTP-primer.pdf.

[15] Coalition for Content Provenance and Authenticity, https://c2pa.org (last visited Feb. 19, 2026).

[16] The Coalition for Content Provenance and Authenticity (C2PA) uses the X.509 digital-certificate standard, the same standard underlying Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

[17] OpenAI, C2PA in ChatGPT Images, OpenAI Help Ctr., https://help.openai.com/en/articles/8912793-c2pa-in-chatgpt-images (last visited Feb. 19, 2026). C2PA metadata embedded in images generated with ChatGPT or OpenAI’s API allows users to verify provenance information—such as whether an image was created using ChatGPT or the DALL·E-3 model—unless the metadata has been removed.

[18] Digimarc Labs, C2PA Content Credentials, Chrome Web Store, https://chromewebstore.google.com/detail/c2pa-content-credentials/mjkaocdlpjmphfkjndocehcdhbigaafp (last visited Feb. 19, 2026). The extension allows users to verify whether images, audio, or video files contain C2PA manifests and to validate those manifests to reveal information about the content’s origin and history.

[19] See, e.g., Adobe, Content Authenticity and AI Survey (2024) (finding that about 77% of U.S. consumers are concerned about distinguishing real from AI-generated content).

[20] The limited adoption of C2PA browser extensions—see note 17—is one indicator. As of mid-2025, no major social-media platform or news outlet had implemented consumer-facing C2PA verification at scale.

[21] See, e.g., Google DeepMind, SynthID, https://deepmind.google/science/synthid (describing a system that embeds imperceptible digital watermarks in AI-generated images, audio, text, and video so that the content can later be identified as machine-generated); Emma Roth, Google’s SynthID Watermark Can Identify AI-Generated Images, The Verge (Aug. 29, 2023), https://www.theverge.com/2023/8/29/23849107/synthid-google-deepmind-ai-image-detector. SynthID embeds invisible digital watermarks directly into AI-generated media so that they remain imperceptible to users but detectable by specialized tools, helping identify whether content was produced by generative AI.

[22] See, e.g., SSL Certificate Authorities: Historical Yearly Trends in Usage Statistics, W3Techs, https://w3techs.com/technologies/history_overview/ssl_certificate; Cloudflare, Introducing Universal SSL (Sept. 29, 2014), https://blog.cloudflare.com/introducing-universal-ssl (noting that Cloudflare doubled the number of HTTPS sites on the internet when it launched free Universal SSL in 2014).

[23] See, e.g., Andrei Z. Broder et al., Syntactic Clustering of the Web, 29 Computer Networks & ISDN Sys. 1157 (1997); GeeTest, History of CAPTCHA—The Origin Story, https://www.geetest.com/en/article/captcha-origin.

[24] Luis von Ahn, Manuel Blum, Nicholas J. Hopper & John Langford, CAPTCHA: Using Hard AI Problems for Security, in Advances in Cryptology—EUROCRYPT 2003 294 (Eli Biham ed., 2003).

[25] Gausebeck-Levchin Test, Golden, https://golden.com/wiki/Gausebeck-Levchin_test-EKMBKKR (last visited Feb. 19, 2026).

[26] Luis von Ahn et al., reCAPTCHA: Human-Based Character Recognition via Web Security Measures, 321 Science 1465 (2008).

[27] Id.; see also Google, Teaching Computers to Read: Google Acquires reCAPTCHA (Sept. 16, 2009), https://googleblog.blogspot.com/2009/09/teaching-computers-to-read-google.html.

[28] What Is CAPTCHA?, IBM Think, https://www.ibm.com/think/topics/captcha (last visited Feb. 19, 2026); Ciarán Daly, “I’m Not a Robot”: Google’s Anti-Robot reCAPTCHA Trains Their Robots to See, AI Bus. (Oct. 25, 2017), https://aibusiness.com/companies/-i-m-not-a-robot-google-s-anti-robot-recaptcha-trains-their-robots-to-see.

[29] Katharine Schwab, Suspicious of Google’s reCAPTCHA? Here’s a Popular Alternative, Fast Company (July 17, 2019), https://www.fastcompany.com/90377406/suspicious-of-googles-recaptcha-heres-a-popular-alternative; Intuition Machines, About hCaptcha, https://www.hcaptcha.com/about.

[30] Cloudflare, Our Story, https://www.cloudflare.com/our-story (describing how Matthew Prince and Lee Holloway founded Project Honey Pot in 2004 to track how spammers harvested email addresses); see also Project Honey Pot, https://www.projecthoneypot.org (last visited Feb. 19, 2026); Matthew Prince, Cloudflare’s First Birthday, Cloudflare Blog (Sept. 27, 2011), https://blog.cloudflare.com/cloudflares-first-birthday.

[31] Historical Yearly Trends in the Usage Statistics of Reverse Proxy Services for Websites, W3Techs, https://w3techs.com/technologies/history_overview/proxy/all/y.

[32] Thomas Claburn, Cloudflare Dumps Google’s reCAPTCHA, Moves to hCaptcha as Free Ride Ends (and Something About Privacy), The Register (Apr. 9, 2020), https://www.theregister.com/2020/04/09/cloudflare_dumps_recaptcha.

[33] Reid Tatoris, Adam Martinetti & Benedikt Wolters, Cloudflare Is Free of CAPTCHAs; Turnstile Is Free for Everyone, Cloudflare Blog (Sept. 28, 2023), https://blog.cloudflare.com/turnstile-ga; Migrate from hCaptcha, Cloudflare Turnstile Docs, https://developers.cloudflare.com/turnstile/migration/hcaptcha (last visited Feb. 19, 2026).

[34] Heather Chen & Kathleen Magramo, Finance Worker Pays Out $25 Million After Video Call with Deepfake ‘Chief Financial Officer’, CNN (Feb. 4, 2024), https://www.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk.

[35] See, e.g., Estonian Digital Identity, e-Estonia, https://e-estonia.com/solutions/e-identity/id-card; see also BankID Norge, Norwegian Digitisation Agency, https://www.bankid.no.

[36] X-Road Architecture, X-Road, https://x-road.global/architecture; Republic of Est. Info. Sys. Auth., X-Road Factsheet, https://www.ria.ee/en/state-information-system/x-tee; see also Privacy Int’l, ID Systems Analysed: e-Estonia (2021), https://privacyinternational.org/case-study/4737/id-systems-analysed-e-estonia; Nordic Inst. for Interoperability Sols. (NIIS), X-Road World Map, https://x-road.global/xroad-world-map (showing implementations in Finland, Iceland, Japan, Ukraine, and other jurisdictions); see also Nordic Inst. for Interoperability Sols. (NIIS), About NIIS, https://niis.org.

Threads from ICLE scholars on trending issues for the month of March 2026.

Had a busy week or so with three new pieces related to issues of online speech. A ?

— Ben Sperry (@RBenSperry) March 31, 2026

#CompetitionLaw #Germany
?? Did you know about the recent “fuel market intervention package” rushed through the German parliament this week? I think it deserves serious scrutiny from the antitrust/Competition community. It’s presented as an “urgent” response to rising gas… pic.twitter.com/XS58nTYtmc

— Mario Zúñiga (@MZunigaP) March 25, 2026

Lazar Radic has a very good post in TOTM on the war against consumer preferences that has become the EU's Digital Markets Act. A good warning to those in the USA thinking about reviving any movement to pass something similar. https://t.co/K8GUGi7djB

— Herbert hovenkamp (@Sherman1890) March 24, 2026

1/ In my interview with @AsiaTechLens, I make a simple point: you can’t regulate prices in one place and expect them to stay put. So, when firms like Apple face direct price regulation (e.g. app store fees), they don’t just absorb the loss. They adjust.https://t.co/eLYtygzbr8

— Lazar Radic (@laz_radic) March 19, 2026

With today's Senate Commerce hearing, Liability or Deniability? Platform Power as Section 230 Turns 30, it is worth discussing why Section 230 is important and how to think about reform (a short ?):https://t.co/ybLEhMMN6O

— Ben Sperry (@RBenSperry) March 18, 2026

Ian Adams (@IAtheTeapot): Ottawa’s war on size is a gift to Canada’s global rivalshttps://t.co/oFcX8QCdoJ

— The Hub (@TheHubCanada) March 9, 2026