Europe wants to win in AI, chips, and quantum, but it also wants to stay the global reference for privacy and user protection. That double ambition is not easy to manage.

Some founders complain that rules like GDPR, the Digital Markets Act (DMA) and the Digital Services Act (DSA) slow them down. Others argue that these same rules are the reason people trust European services in the first place.

So the big question is simple but sharp: should the EU simplify rules for tech companies, or accept weaker digital rights? This article takes a clear line. Europe needs smarter simplification, not weaker protection. In other words, less red tape, the same or stronger rights.

Control-Alt-Deliver, a report on a digital grand strategy for the EU sums up the problem well: Europe has global influence as a regulator, but not the same strength as a tech power. The task now is to close that gap without throwing rights in the bin.

Why the EU Feels Behind in the Global Tech Race

Photo by Nataliya Vaitkevich

When people compare Europe with the United States and China, three gaps come up again and again.

First, scale of big tech companies. The US hosts most of the world’s largest digital platforms, from cloud to social media to AI foundation models. China has giants in e‑commerce, payments, and social apps tightly linked to state goals. Europe has a few large players, but nothing on the same scale.

Second, venture capital and risk funding. US startups often find big cheques early and can grow fast. Chinese firms benefit from state support and large domestic markets. European founders still report smaller rounds, more cautious investors, and more time spent convincing banks and funds.

Third, speed of deployment. American and Chinese firms tend to push products to market, learn from users, and adjust. European firms often need to deal with 27 member states, several regulators, and rules that do not always align.

A recent analysis on EU technological innovation and regulation points out that Europe lags in frontier AI models and semiconductor capacity compared with the US and China. That matches what many founders already feel in practice.

At the same time, Europe is not weak across the board. It shines in research and strategic niches.

• The Netherlands-based company ASML is essential for high end chipmaking machines.
• Many of the best research labs in quantum and AI sit in European universities and centres.
• The EU and member states invest large sums in basic science and public research.

An academic study on EU innovation policy asks whether the EU can turn this strength in rules and science into real tech power, and links part of the problem to lower GDP growth and tighter budgets compared with rivals like the US and China. You can see that argument in more detail in Between Regulation and Global Influence in this MDPI article.

The missing link is clear: Europe is good at ideas and rules, less good at turning those ideas into global platforms and broad AI tools.

How EU rules like GDPR, DMA and DSA affect innovation

Let us quickly unpack three core EU laws that shape digital business.

• GDPR: data protection rules that give people control over personal data, such as consent, access rights, and limits on profiling.
• DSA (Digital Services Act): rules to make online services safer, such as notice and action for illegal content and more transparency around recommender systems.
• DMA (Digital Markets Act): rules for very large online platforms, called gatekeepers, to stop unfair practices like self‑preferencing.

These laws clearly help users. Thanks to GDPR, data abuse is harder, at least in theory. With the DSA, users have more tools to flag fake products or illegal hate speech. The DMA tries to stop dominant platforms from blocking smaller rivals.

The problem lies in how companies have to comply. Every law brings:

• extra paperwork
• more legal checks
• higher costs for audits and documentation

For a large platform with thousands of staff, that is annoying but manageable. For a small AI startup or a medium retailer that wants to sell across the EU, this can feel heavy. They must:

• interpret dense legal texts
• follow guidance from several regulators
• handle different national interpretations of the same rule

Some industry voices argue that this patchwork slows innovation and scares off investors. Civil society organisations reply that watering down GDPR and related laws would only help the biggest global players, not smaller European firms. The Irish Council for Civil Liberties makes this point sharply in its piece Cutting GDPR will harm EU tech competitiveness.

Both sides agree on at least one thing: the current system is too complex, especially for smaller firms.

Research strength but weak tech scale up

The EU spends heavily on Horizon Europe and other research programmes. In some fields, public research spending even beats China. Private firms and public labs publish a lot of high quality papers.

Yet when you look at global consumer apps or widely used AI tools, US and Chinese products dominate. The same pattern appears in cloud platforms and app stores. Europe generates ideas, others package and sell them.

Several barriers keep holding Europe back:

• Fragmented markets: 27 member states, different languages, different consumer habits.
• Slow decision making: funding programmes and permits can take years, while rivals move in months.
• Different national readings of EU rules: one country says a data use is fine, another says it is not.

Reports like Tech 2030: A Roadmap for Europe‑US Tech Cooperation argue that without better alignment and more focus on scale, Europe will stay a rule maker, not a full tech power.

So the question is not whether the EU should regulate. It already does, and will keep doing so. The question is how to make those rules clearer and lighter to follow, so ideas can move from lab to market faster.

Simplification for Tech Companies: What Can Change Without Hurting Consumers?

The current debate is often described as a choice between “more regulation” or “less regulation”. That is too simple.

The real choice is between:

• confusing, overlapping rules that waste time, or
• clear, well designed rules that protect people and are easy to follow.

The European Commission now talks about a “digital omnibus” package. This is a large update of existing digital and data laws. The goal is to remove overlaps, align definitions, and cut reporting where it adds little value. The Commission frames it as a way to save companies time and money without lowering consumer and privacy protections, as described on its page on the Digital Package and digital omnibus.

If this is done well, it could help tech firms move faster while keeping Europe’s high standards.

From red tape to smart rules: cutting duplication and confusion

So what does “smart simplification” look like in practice?

Here are a few concrete ideas that do not weaken rights:

• One single risk assessment: Many laws demand some kind of risk review, for example the AI Act, cybersecurity rules, and sector rules. A single, well designed assessment template could cover several laws at once.
• One reporting channel for incidents: When a security breach happens, firms often need to notify different regulators. A one‑stop notification portal, which then forwards reports to the right authority, would save time while still alerting the state quickly.
• Consistent definitions: Terms like “high risk AI”, “profiling”, or “online platform” should mean the same thing across laws. That reduces legal uncertainty and long email chains with lawyers.
• Clearer guidance for SMEs: Many smaller firms simply want to know “What do I need to do, step by step?” Short, practical guides and checklists, written in plain language, would help more than 200‑page legal commentaries.

These changes do not touch the level of protection. They adjust the path to compliance.

Think of it like road signs. You can keep the speed limit to protect people, but use clearer signs and better maps so drivers know what to do.

The role of the EU digital omnibus package

The planned digital omnibus package is the EU’s attempt at such a clean up.

The idea is simple: take a bunch of existing rules on data, AI, cybersecurity, and platforms, then align them. According to the Commission’s recent announcement on simpler EU digital rules and new digital wallets, the package aims to:

• clarify how the AI Act and GDPR interact
• simplify obligations for data intermediaries and other low risk services
• cut duplicate reporting duties
• create more proportional rules, so the smallest firms face lighter burdens

Civil society groups are worried that some changes could quietly hollow out protections. For instance, European Digital Rights (EDRi) warns that the Digital Omnibus could be a rollback of EU digital protections. Media reports, such as this Reuters piece on easing AI and privacy rules, highlight similar fears that the EU might “cave in” to big tech pressure.

The political promise is that protection will stay strong, while compliance becomes easier. Whether that promise holds will depend on the final wording and, just as important, how regulators apply it day to day.

Helping startups and SMEs comply without drowning in costs

Complex rules hit small and medium‑sized enterprises (SMEs) hardest. A global platform can hire a whole team of lawyers. A 10‑person startup cannot.

If the EU wants more home‑grown success stories, it needs to make compliance less painful for these firms, without treating users as test subjects.

Practical measures could include:

• Standard templates: Pre‑approved privacy notices, AI transparency statements, and cookie banners that founders can adapt, rather than write from scratch.
• Free or low‑cost advisory services: Public agencies or chambers of commerce that answer concrete questions from SMEs, in their language, with examples from their sector.
• Regulatory sandboxes: Safe spaces where firms test new AI or data services under supervision, with clear rules and feedback instead of vague fear of breaking the law.
• Digital compliance tools: Simple software that helps auto‑generate parts of the paperwork based on a few key questions.

Some telcos and large firms already invest in shared infrastructure to support European projects, such as the “AI factories” and data centres described in Telefónica’s blog on European technological autonomy. Public authorities could back similar tools for compliance, so smaller firms do not reinvent the wheel.

Why Weakening Digital Rights Would Be a Mistake for Europe

Cutting digital rights might look like an easy way to speed up innovation. In reality, it would almost certainly backfire.

Europe built its identity as a values‑based market. Rights to privacy, free expression, and non‑discrimination are not optional extras. They come from the EU Treaties and national constitutions.

If lawmakers start trading away those rights to chase short term growth, three things are at risk:

• trust
• democracy
• long term competitiveness

Trust and rights are not nice‑to‑have add ons. They are part of Europe’s brand and, if used well, an advantage in global tech.

Trust as a competitive advantage in AI and digital services

In AI and data driven services, people ask simple questions: “Can I trust this?” “What happens to my data?” “Will this system treat me fairly?”

Strong rules can give honest firms a real edge. Privacy by design, clear consent choices, and easy ways to opt out or delete data can be selling points.

A European health app that explains, in plain language, how it uses your medical data and who can see it, may gain more loyal users than a rival that hides behind vague terms. A company that opens its AI systems to audit by public bodies or trusted researchers can gain more trust from governments and business partners.

Comparative work on AI rules, like this analysis of global AI governance across the EU, US, China and others, shows that many countries are looking to Europe for ideas on rights and accountability. That is a sign that strong rights can help Europe set standards abroad.

Risks of a race to the bottom on data and consumer rights

If the EU starts dropping protections, the short term effect might be a small boost to some metrics. Over time, the costs would grow.

We would likely see:

• more data breaches and identity theft
• more dark patterns that nudge users into sharing more than they want
• weaker control over profiling and automated decisions
• more harm to children and vulnerable users, who rely on strong rules the most

Once trust breaks, it is hard to rebuild. People may avoid local services, use heavy ad‑blockers and VPNs, or shift to foreign tools they think are stricter, even if that belief is wrong.

There is also a political risk. Data driven systems can affect elections, public debate, and protest. Weak rights around profiling, face recognition, and targeted messaging would clash with European values of dignity, autonomy, and democracy.

Learning from the US and China without copying their weakest points

The US and China both show paths that Europe should study, but not copy in full.

• The US has looser federal privacy rules and strong venture capital. This helped fast scaling and bold bets, but also led to repeated privacy scandals and data misuse.
• China combines heavy state control, industrial planning, and weaker individual rights. It can direct large resources quickly, but at the cost of free expression and personal autonomy.

Europe should borrow what works from each:

• from the US: strong startup funding, deep tech focus, and links between research, industry, and defence where appropriate
• from China: clear industrial strategies in areas like chips and quantum

What it should not copy is the casual attitude to rights. European competitiveness should come from quality, safety, and fairness, not from cutting corners on users.

Reports that compare these models, like Tech 2030 above and work on a digital grand strategy for the EU, tend to reach the same conclusion. Europe should follow its own path, not act as a weaker copy of someone else.

A Balanced Path Forward: Smarter EU Rules For Innovation and Protection

So where does this leave us?

The picture that emerges is not one of “regulation versus innovation”, but of good rules versus bad rules. Europe needs simpler, clearer, more coherent laws, paired with strong protections and real support for firms that want to comply and grow.

Key ideas for policymakers: simplify workloads, keep high standards

For lawmakers and regulators, a balanced path could include:

• One stop shops for reporting security incidents and data breaches across several laws.
• Better coordination between national regulators, with joint guidance and shared tools.
• Proportional duties so that a tiny startup does not face the same reporting load as a global gatekeeper.
• More investment in infrastructure and skills, from AI chips to digital public services and training for workers.
• Regular evaluations and feedback loops, where rules that do not work in practice are fixed, not defended out of habit.

A digital rulebook that is stable, clear, and predictable helps both investors and citizens. Businesses can plan. Users know what to expect.

What tech companies can do today to be both agile and responsible

Public policy is only half of the story. Companies have agency too.

Firms that want to succeed in Europe and beyond can:

• build privacy and security into design from day one, not as an afterthought
• appoint someone, even part time in small firms, to track EU guidance and new rules
• use standard tools and certifications where available, such as security labels and data protection seals
• be open with users about data and AI: plain language, clear options, and honest answers

These steps cost time in the short run, but they cut legal risk and build trust. They also open doors to public sector contracts and partnerships, where compliance with EU values is not just welcome but often required.

Conclusion

Europe does not need to pick a side between helping tech companies and protecting people. It can trim useless red tape, simplify overlapping rules, and support startups, while keeping strong digital rights at the heart of its model.

The digital omnibus, the AI Act, and updates to GDPR practice will shape that balance in the next few years. If policymakers hold their nerve on rights, and work hard on simplification, Europe can be both innovative and fair in the global tech race.

As a citizen, founder, or policymaker, the challenge is the same: defend your rights, and at the same time call for smarter, clearer regulation. The prize is a digital future where European firms compete on trust and quality, not on who can weaken protections the fastest.