Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The EU and its member states must be prepared to enforce laws firmly, even against powerful tech companies. But regulatory independence is easier said than done, Maria Koomen and Raegan MacDonald write.
The past decade has seen the European Union establishing itself as a frontrunner in global technology policy, enacting groundbreaking laws such as the General Data Protection Regulation, Digital Services Act, and Artificial Intelligence Act.
These regulations are designed to foster innovation, ensure fair markets, and uphold democratic principles.
However, the true value of these laws lies in their effective enforcement — if they remain merely a bunch of words on a page, they are useless to Europeans.
Long an overlooked and unloved part of the policy cycle, we are seeing attitudes around this topic shifting in real-time.
In the run-up to the EU elections, there was much talk of the next Commission mandate focusing on implementation and enforcement rather than further proliferation of new policies. As a draft Council of the EU document put it earlier this year, “the implementation of already-adopted regulations should be prioritised over the creation of new laws”.
But such intentions won’t go a long way without real commitments in Brussels and in the capitals.
To harness enforcement effectively, the EU must adopt innovative approaches that ensure laws are not only enacted but also actively upheld. There are four key areas —policy, procedures, people, and politics — where strategic focus can enhance enforcement.
Clear, actionable, and adaptable laws are essential for effective enforcement. Legislators must avoid ambiguities where they can, but at the same time, not be too prescriptive so that legal texts are future-proof.
For instance, the AI Act’s technical specifications are being adapted into standards and codes of practice to remain relevant in a rapidly changing landscape.
Collaboration with civil society and independent experts can further help in the development of clear guidelines for interpreting and enforcing laws, ensuring they remain relevant as technology evolves over time.
On the other hand, a key ambiguity shared by two new laws — the DSA and the AI Act — is the requirement to conduct impact assessments, which include risks to human rights, that companies, auditors, and authorities will have to grapple with soon without clear guidance.
The Commission and member states should deepen collaboration with civil society to set clear guidelines for robust and meaningful impact assessments, building on similar discussions around the European Media Freedom Act.
Effective enforcement requires well-resourced regulators with the technical expertise to oversee complex technology, policy, and legal tasks.
The EU should balance investments in innovation with funding for enforcement agencies — under-resourced regulators won’t suffice. Ensuring regulators have the necessary skills and resources will help avoid potential skills shortages and enhance compliance.
For example, at the national level, EU member states must pay heed to data protection authority complaints of inadequate resources by increasing financial, human, and technical resources for supervisory authorities across the entire EU tech and data policy spectrum.
Across borders, the Commission and member states must lower barriers to joint operations to foster better coordination and harmonise enforcement capacities across the EU. At the EU level, creating a dedicated, independent EU digital enforcement agency could centralise expertise and improve regulatory cohesion.
But we cannot put all our eggs in one basket. Decentralising enforcement responsibilities can also alleviate bottlenecks and improve effectiveness.
Engaging civil society, academia, and other practitioners in monitoring and oversight can enhance enforcement — we are already seeing this with the DSA’s implementation, including civil society participation, which can enhance accountability and distribute the “enforcement burden”.
However, adequate resources and compensation for these contributors are essential to avoid overreliance on under-resourced sectors.
Transparency and public oversight are also crucial. Governments should adopt procedures such as mandatory algorithm registries, publication of impact assessments, and making data accessible to researchers.
These measures can foster broader public involvement and ensure that enforcement is transparent and accountable.
For example, to help avoid capacity constraints faced with the implementation and enforcement of the AI Act in particular, the AI Office can scale and prioritise enforcement funding based on compute trends and work closely with academia and civil society to help shape the codes of practice, or to develop methodologies and benchmarks accordingly.
Effective enforcement must withstand political and economic pressures. The independence of regulators is vital to resist corporate influence and uphold democratic principles.
The EU and its member states must be prepared to enforce laws firmly, even against powerful tech companies. This resilience could serve to reinforce the credibility of regulations and affirm the EU’s regulatory soft power on the global stage.
But regulatory independence is easier said than done. The Fundamental Rights Agency’s 2024 report on the GDPR in practice revealed that most national regulators experience significant challenges in upholding the GDPR’s guarantees of independence.
In order to ensure regulators can do their jobs effectively, it will take continued investment and a meaningful commitment to their independence to carry out their duties.
After 10 years of unprecedented policy activity, it’s time for the EU to translate these new policies into reality. To build up and safeguard regulatory resilience, EU lawmakers and regulators alike must prioritise clear and actionable policies to enforce, ensure adequate financial, human, and technical resources for the people to enforce these policies independently, and buttress enforcement efforts with inclusive and decentralised enforcement procedures.
The next decade will be crucial in reinforcing the EU’s regulatory achievements dedicated to safeguarding democratic principles and human rights. Investing in innovative enforcement strategies now will lay the foundation for a more secure and human-centric future of Europe.
Stronger enforcement can serve to bolster the EU’s regulatory framework, promoting market and societal stability which, ultimately, can foster European innovation and competitiveness.
By setting a high standard for enforcement, the EU can foster an environment where technology serves democracy in an age of accelerating innovation.
The alternative is yielding to monolithic industries, which are fundamentally driven by profit-seeking motives and largely based outside of Europe — in other words, leaving democracy in the hands of unaccountable tech companies.
Maria Koomen is Emerging Technology Governance Director, and Raegan MacDonald is a Senior Fellow at the International Center for Future Generations (ICFG), a Brussels-based think tank.
At Euronews, we believe all views matter. Contact us at [email protected] to send pitches or submissions and be part of the conversation.