Technology regulation is no longer a niche policy discussion. Over the past several years, legislative bodies in the European Union, the United States, the United Kingdom, Canada, and a growing number of other jurisdictions have moved from studying large technology platforms to actively imposing legal requirements on how they operate. The results have been uneven, occasionally counterproductive, and in some cases meaningfully impactful. Parsing what has actually changed from what remains aspirational is a task the coverage tends to skip.
Europe Moved First and Most Decisively
The European Union's Digital Markets Act, which entered full enforcement in 2024, represents the most comprehensive structural intervention in technology platform behavior to date. The DMA designated a set of companies as "gatekeepers" — entities with sufficient market power across specific digital services to warrant additional obligations — and imposed requirements around interoperability, data portability, self-preferencing restrictions, and app store access.
The practical effects have been notable. Apple's App Store economics in Europe have changed substantially. Google has faced requirements around how it displays its own services relative to competitors in search results. Meta has had to adjust data processing practices for advertising. None of these changes have produced the dramatic competitive restructuring that advocates predicted, but they have created measurable shifts in specific markets — mobile app distribution chief among them.
The EU's AI Act, meanwhile, has created a tiered risk framework for AI systems operating in European markets. High-risk applications — those in areas like employment, credit, healthcare, and law enforcement — face significant conformity assessment requirements. General-purpose AI models above certain capability thresholds face transparency and systemic risk evaluation obligations. The practical compliance burden has been substantial, and its effects on which AI products are available in European markets versus globally are beginning to become visible.
The EU has moved more aggressively than any other major jurisdiction on technology platform regulation. — Photo: Unsplash
The United States: Fragmented Progress
The American regulatory picture is considerably more complicated. Federal legislative action on technology has been slower and more fragmented than in Europe, for a combination of structural reasons: a divided Congress, significant lobbying presence from major tech employers, genuine philosophical disagreements about the appropriate scope of government intervention in markets, and a legal tradition more skeptical of ex ante structural regulation.
What has happened is largely at the enforcement level, through the Federal Trade Commission and the Department of Justice's antitrust division. The FTC under successive administrations has pursued significant cases against major technology companies, with mixed results in court. The DOJ's antitrust case against Google's search distribution practices resulted in a landmark finding of monopolization — the remedies from that proceeding are still being litigated and shaped, and their ultimate form remains uncertain.
State-level action has been more aggressive. Several states have passed comprehensive data privacy legislation, creating a patchwork of requirements that — absent federal preemption — major technology companies must navigate market by market. California's privacy framework remains the most influential, functioning in practice as something close to a de facto national standard for many companies due to California's economic size.
Antitrust Theory Has Evolved
One of the more intellectually significant developments in tech regulation over the past decade has been the evolution of antitrust theory as applied to digital markets. The traditional consumer welfare standard — focused primarily on price effects — was poorly suited to analyzing platforms that offered services to consumers at zero monetary cost while monetizing through data and advertising. Academic work, regulatory experimentation in Europe, and sustained pressure from a coalition of critics pushed antitrust enforcement in a direction that takes non-price competition factors more seriously.
This has produced some genuine shifts in how regulators analyze acquisitions and exclusionary conduct. The era of major technology companies acquiring early-stage competitors with minimal regulatory scrutiny has, at minimum, become harder. The FTC's challenge to Meta's acquisition of Instagram (ultimately unsuccessful) and the scrutiny applied to various subsequent deals in the AI infrastructure space reflect a more skeptical posture toward concentration regardless of immediate price effects.
AI Governance: The Next Frontier
The regulatory focus on AI has accelerated faster than most observers predicted. The EU's AI Act is the most comprehensive framework to date, but it is not the only one. The UK has pursued a less prescriptive, sector-specific approach. Canada has proposed its own AI legislation. International coordination through the G7 and OECD has produced shared principles, though implementation remains national.
The challenge specific to AI regulation is the pace of capability development relative to regulatory cycle times. Legislation that takes three to five years to move from proposal to enforcement may be responding to a technology landscape that has changed substantially by the time requirements take effect. This has pushed some regulators toward frameworks based on principles and risk categories rather than specific technical requirements — an approach that offers more durability but less clarity for organizations trying to comply.
The concentration of frontier AI development in a small number of large, well-capitalized organizations has also attracted antitrust attention. Investments and partnerships in the AI space — cloud providers and foundation model developers, in particular — have drawn scrutiny in multiple jurisdictions. The concern is that the significant compute and data advantages held by incumbent major technology companies may translate into structural advantages in AI that replicate or amplify existing platform concentration.
What Regulation Has Not Achieved
It's worth being honest about the limits of what regulatory action has accomplished. The major technology companies subject to the most significant enforcement action remain very large, very profitable, and dominant in their core markets. The DMA's interoperability requirements have created some new competitive dynamics, but the incumbent platforms have adapted to new requirements while largely maintaining their central positions.
The prediction — common in 2019 and 2020 — that vigorous antitrust enforcement would lead to structural breakups of major technology platforms has not materialized. Courts have been reluctant to impose structural remedies even in cases where monopolization findings were made. Behavioral remedies, which leave market structures intact and regulate conduct, have been the more common outcome — and their effectiveness at genuinely restoring competition is contested.
On data privacy, the picture is also mixed. Compliance with data protection regulations has absorbed significant organizational resources. User rights to access, correct, and delete their data have become more real in jurisdictions with enforcement teeth. But the underlying business model of large-scale behavioral advertising, which privacy advocates hoped regulation would substantially disrupt, has proven more resilient than anticipated — adapting to new constraints while maintaining its fundamental logic.
The Long Game
Regulatory effects on complex industries typically operate on longer timescales than election cycles or quarterly earnings reports. The telecommunications frameworks established in the early twentieth century shaped industry structure for decades. Financial regulation after major crises has effects that persist through multiple business cycles. Technology regulation is likely to follow a similar pattern — the frameworks being established now will shape competitive dynamics and innovation incentives well beyond their immediate effects.
What's different about technology regulation is the speed at which the regulated industry evolves. Regulators are attempting to shape industries that may look substantially different within a decade, using legal tools designed for a world that changed much more slowly. Whether the regulatory frameworks being established today will prove adaptable enough to remain relevant as the technology landscape continues to shift is an open question — one that will be answered in practice rather than in policy discussions.