How Angst Is Shutting Down Europe as a Place to Do Business

This was published earlier on my Substack. You can subscribe to my Substack if you don’t want to miss my articles. 

Through my work, I regularly work with European tech companies. Many of them are early-stage start-ups or scale-ups.

The founders of those companies are people who are not merely managing inherited structures or stepping into something pre-built, but trying to create something new with real skin in the game.”

What consistently impresses me about these founders is that they build their companies despite an environment that makes their lives unnecessarily difficult.

It’s no secret that Europe isn’t exactly a “founder’s paradise.” Venture capital is scarce, regulation is abundant, and in practice, the Single Market is often far less unified than it looks on paper.

And yet, ambitious companies continue to emerge, particularly in pharma (BioNTech), finance (Revolut, Klarna, Trade Republic), SaaS (Personio, Spotify), and defense (Helsing).

Remarkably, the people founding these companies are often the ones complaining the least about the European environment. They have a point, of course, as complaining doesn’t build a product.

But if you ask yourself why Europe, despite all its talent, continues to fall further behind the United States technologically and thus economically, it is worth taking a closer look.

I can only share my perspective, but I think the problem is not just the regulation. The problem is the fear of non-compliance and the timidity that accompanies it.

Where my view comes from

As a lawyer, I regularly advise software businesses that must reconcile dense European compliance requirements with the commercial pace of North American markets, particularly the US market.

In that position, you quickly notice that Europe’s problem is not just that it regulates heavily. It is that regulation is often internalized in a way that slows decision-making long before any authority has actually drawn a hard line.

As legal questions do not remain abstract for long, I saw how regulatory language developed in Brussels can create immediate operational drag for teams simply trying to build useful products and get them into customers’ hands.

At the same time, I repeatedly notice that the transatlantic gap is not only about law.

It is also about business acumen. American companies are often more willing to move under uncertainty, while European organizations are more likely to treat uncertainty itself as a reason to stop.

But let’s start from the beginning.

Never bet against the United States

For as long as I can remember, I have heard the same mantra in Europe about the “declining US economy.” Depending on the era, Japan, China, or India is hailed as the potential heir.

When Europeans talk this way, there is always a cozy hint of smugness attached: “See, our big brother isn’t doing any better.”

Europe seems to relish the idea that the United States (after liberating the continent from the Nazis and enabling Germany’s economic rebirth through the Marshall Plan) is no longer above it all.

But the story of the supposedly declining United States is told, and it has turned out to be a fairy tale.

Regardless of your political leanings, when you look at the United States today, you can only conclude that it is currently projecting military and economic strength.

When the German Chancellor, Friedrich Merz, spoke in late February regarding the legal classification of the attack on Iran under international law, and said:

„Bei allen Zweifeln teilen wir viele ihrer Ziele, ohne selbst imstande zu sein, sie auch tatsächlich zu erreichen.“

Despite all our doubts, we share many of their goals without being capable of actually achieving them ourselves.

… it was an admission of geopolitical irrelevance and a surrender to the fact that Europe no longer operates on an equal diplomatic footing with the United States.

This imbalance continues relentlessly in the economic sphere. In 2024 and 2023, EU GDP growth stood at 1.025% and 0.456%, while the US GDP, with growth rates of 2.797% and 2.888%, continues to pull further and further ahead of Europe.

Anyone who doubts the economic hegemony of the United States due to its many internal political crises should consider the following:

The biggest American companies are so huge and powerful that they make money even when European companies sell products in Europe to European customers.

Since the rise of tech platforms, European companies have essentially been paying “quasi-taxes” to the United States:

• The infrastructure tax: Since Europe lacks a proprietary cloud infrastructure, every European cloud company pays a tax to AWS, Google Cloud, or Microsoft Azure, who host the respective services. It is effectively a “founding and survival tax” that comes due every year.
• The marketing tax: Every Euro that European companies spend on visibility with Google, Meta, or Amazon is a cost of revenue for them, and pure profit for US companies.
• The AI tax: Now, a levy for efficiency gains is being added. Since Europe lacks a dominant proprietary AI company operating at the scale of OpenAI, Anthropic, or Alphabet, European companies dutifully transfer their AI licensing fees overseas.

These three bullet points illustrate the US strength.

But they also show that Europe has slept through every major technological leap of the last twenty years. First the cloud, then the platform economy with its network effects, and now, evidently, within just two years, AI as well.

Shy attempts to establish AI start-ups in Europe have either imploded (like Aleph Alpha), were absorbed early on (see Black Forest Labs or OpenClaw founder Peter Steinberger, who joined OpenAI), or no longer play a major role (see Mistral on the AI leaderboard).

It is painful to see how the continent that invented democracy, the printing press, and the Enlightenment era has become merely a wide-eyed observer of every technological milestone in the digital age.

Fool me once…

Of course, this development cannot be explained by mere bad luck.

Blaming regulation as the sole cause falls short, even if the criticism is justified

Many people explain the backwardness of the European founder culture through overbearing bureaucracy and state overreach.

This criticism is fundamentally justified. No founder would describe Europe as a “start-up paradise.” And yes, venture capital is also scarce in Europe. What we have in abundance, however, are rules, directives, and regulations.

To name just a few (non-exhaustive) examples from a B2B SaaS perspective that companies in Europe have had to grapple with in recent months and years:

• AI Act
• Data Act
• DORA
• EU Cyber Resilience Act
• NIS-2 Directive

All of these initiatives come with product requirements that p o t e n t i a l l y affect SaaS products.

Why “potentially”?

Because it is often unclear whether they even apply to pure SaaS products in the first place. This is especially true for the Data Act (apologies, things get a bit legalistic):

• The Data Act grants customers of “data processing services” the right to terminate their contracts at any time with just two months’ notice.
• For cloud companies, whose subscription models rely on one- or two-year contracts, this would be a worst-case scenario. These longer contract terms are often what allow SaaS providers to recoup high upfront marketing and hosting costs.
• One could already criticize the European Commission for intervening so aggressively in the B2B (!) market. Is it really unreasonable to expect a company to honor a two-year contract it entered into of its own volition?
• But regardless of this fundamental question, it is absurd that the Data Act remains silent on whether these data processing services must refund prepaid fees when they let customers leave early.
• It is also entirely unclear to what extent SaaS is even classified as a “data processing service.” While SaaS is explicitly mentioned in the recitals, hardly any SaaS company has adjusted its product or terms of use accordingly. Why? Because if you dig deep enough, you can find arguments for why not every B2B SaaS product actually falls under the Data Act.

It is crazy.

The European Commission is flooding the market with opinions and guidance, yet it fails to provide a clear line on whether a classic standalone SaaS product falls under a regulation as pivotal as the Data Act.

The result? Engineers spend more time with the legal department than with their customers. It’s no longer about what the market needs, but about what the EU allows.

This consumes massive amounts of capacity and creates uncertainty for both SaaS providers and their customers. After all, customers are expected to procure only software that is “fully compliant with applicable law.” This leads to an absurd practice (one that is far more pronounced in Europe than in the US):

• SaaS providers now have to fill out mountains of individual security questionnaires that go far beyond typical KYC forms before a single line of code is even sold.
• Companies send their Codes of Conduct to each other. These are reviewed, eventually signed, sent back, and then stored somewhere, never (and I mean never) to be looked at again.

But those who cite only bureaucracy and state overreach are taking the easy way out.

And this brings me to a crucial point that is often overlooked when discussing the causes of Europe’s hesitant start-up culture:

Fear.

Employees in European companies either adopt an “I don’t care” attitude or live in fear of non-compliance. In an abundance of caution, driven by external consultants who make a fortune selling that very fear, they establish internal requirements that go even beyond what the European legal framework actually demands.

For example:

• A European company hosts its data in Europe but uses US data centers for its AI services.
• From a GDPR perspective, there are ways to set this up in a perfectly compliant manner. Yet, every other Data Protection Officer (DPO) will flag this as a “big risk” simply because a data transfer to a non-EEA country is involved.

This timidity helps no one. Not data protection, and certainly not Europe as a business hub. It helps neither the European company looking for a cloud solution to solve its problems, nor the European company trying to sell that solution.

The current mindset in Europe has shifted from “anything not explicitly allowed is risky” to “if it isn’t clearly forbidden, let’s do it.”

The classic legal-theoretical conflict between “prohibition with the possibility of permission” and “permission with the possibility of prohibition” has therefore been decided in Europe in favor of the former.

So, while Legal, Procurement, and IT are busy arguing over whether an interface is “risky,” their US competitor has already improved its tool three times over and captured the market.

Who is to blame for this European fear?

Part of this European risk avoidance is fueled by institutions whose very reason to exist is to make risks visible. Data protection authorities, regulatory bodies, and state agencies are structurally designed to identify problems, not to enable opportunities.

Many consultants have built entire businesses around flagging risks without offering solutions (which, in many cases, they aren’t even allowed to provide because they lack the license to offer formal legal services).

Furthermore, in the interest of well-intentioned transparency, the European Commission usually circulates drafts before directives or regulations are even enacted. These drafts are commented on in consultations, debated in expert groups, and refined over many months.

Once formally adopted, they are often followed by guidelines, Q&A documents, or interpretive aids from the Commission and the relevant supervisory authorities.

While this process fulfills a very high democratic standard, in practice, it often leads to prolonged periods of regulatory blurring. Companies see multiple versions of potential rules, hear conflicting interpretations from working groups, and read guidelines that are deliberately formulated to be open-ended.

The problem obviously isn’t a lack of goodwill. The problem is the economic impact. Every new opinion, every additional interpretive note, and every cautionary press release shifts the perception a step further toward caution.

A legal possibility on the horizon quickly morphs into a perceived risk. And internally, a risk often becomes an implicit “no-go zone.”

A particularly absurd example of this is the so-called “Omnibus” procedure. Here, the European Commission regularly attempts to retroactively bundle, adjust, or “simplify” settled frameworks like the AI Act.

It is particularly audacious in this context when the Commission comments on such an initiative as follows:

Europe’s businesses, from factories to start-ups, will spend less time on administrative work and compliance and more time innovating and scaling-up, thanks to the European Commission’s new digital package. This initiative opens opportunities for European companies to grow and to stay at the forefront of technology while at the same time promoting Europe’s highest standards of fundamental rights, data protection, safety and fairness. (Source: press statement)

For companies, however, this often results in the opposite of clarity.

While compliance teams are still busy implementing a new directive, changes are already being discussed in parallel, transition periods are being renegotiated, or individual obligations are being called back into question. The result is a state of “permanent regulatory construction,” which paralyzes companies that actually want to take legal frameworks seriously. Instead of relying on stable rules, companies must constantly monitor which interpretation currently holds sway and which adjustment comes next.

This is compounded by a structural problem within many large European organizations. The individuals tasked with making operational decisions rarely carry any entrepreneurial risk and see little personal gain from the potential success of a bold move. The personal incentives are therefore clearly skewed: a project that fails can damage a career, whereas a project that is never started due to excessive caution usually carries no consequences at all.

This asymmetric risk architecture leads to a culture of defensive decision-making. Instead of evaluating opportunities, risks are maximized. The safest path is often to do nothing, or at least to act much later than the competition.

Large European companies are often the product of decades of optimization for stability, efficiency, and regulatory compliance. These structures work brilliantly in established industries. They are, however, poorly suited for technological “leapfrog” innovations. When a corporation with five layers of hierarchy, global compliance manuals, and complex procurement processes tries to compete with a fifteen-person start-up from California, the result is predictable.

Look at companies like Volkswagen: it is well known that they force their own contract templates onto vendors (for productivity tools, for instance), only to ask those same vendors after signing whether they are aware of any confidentiality obligations between the two parties (incredibly, they don’t seem to know their own templates, leaving it to their contract partners to explain the terms to them).

The debacle surrounding Cariad at a global German corporation like Volkswagen stands as a particularly poignant example of this sad incompetence.

The idea was actually a good one.

Volkswagen no longer wanted to treat software as a supplied component, but as a core competency. In 2020, the Group founded the software unit Cariad to develop one operating system and a software platform for all Volkswagen brands. This was intended to transform Volkswagen into a “software-defined car company” and allow it to close the technological gap with Tesla.

But instead of an agile software organization, a cumbersome “corporation within a corporation” emerged almost immediately. Cariad grew to around 6,000 employees, many of them pulled together from various brands and supplier structures, without clear decision-making processes or product ownership.

The consequences were predictable. Internal power struggles between brands, a lack of decision-making authority, and an excessive number of coordination meetings made rapid software development practically impossible. Employees reported dozens of status meetings per week, while central architectural decisions remained unresolved for months.

In the end, Volkswagen pulled the emergency brake. Instead of continuing to develop its own platform, the Group is now increasingly relying on external partners like Rivian, gradually demoting Cariad to a mere integrator of third-party software.

To reiterate: Cariad was the flagship software project in Germany, founded by one of the world’s largest car manufacturers.

And it failed spectacularly (more on that here).

Europe has shifted from an ex post abuse control system toward a culture of preventive permission

Historically, European economic law was based on the principle of freedom with boundaries: companies could act freely, and if they abused their power or broke the rules, the state intervened ex post. This retrospective abuse control was efficient because it didn’t block innovation while still punishing excesses. It was a classic “permission with the possibility of prohibition” world.

In recent years, this principle has stealthily inverted. We are witnessing the rise of a preventive permission culture that tilts increasingly toward “prohibition with the possibility of permission.” Today, you often have to prove a product is “harmless” before you are even allowed to bring it to market.

This shift was gradual and isn’t written as a guiding principle in any charter.

In my view, it is explained primarily by a sense of powerlessness against US tech giants.

A prominent example is Meta’s (then Facebook) acquisition of Instagram and WhatsApp. These takeovers, and the resulting dominance, couldn’t be caught by existing merger controls because, at the time, Instagram and WhatsApp didn’t meet the necessary revenue thresholds. Competition authorities were forced to watch helplessly as Facebook effectively announced its hegemony over social platforms in the Western world.

The lesson European institutions learned from such cases is understandable. If traditional antitrust tools act too late, you simply try to intervene earlier. This is exactly where many of today’s digital regulations originated.

• The Digital Markets Act (DMA) aims to prevent platforms from abusing their power.
• The AI Act seeks to limit the risks of new technologies upfront.
• The Data Act aims to secure data access and competition before, or precisely because, individual providers can become dominant gatekeepers.

All these instruments follow a shared logic: risks should be identified and regulated as early as possible.

However, while no one seriously denies that abuse of market power or algorithmic discrimination are real issues, these endeavors come with a massive price tag.

Europe is trying to regulate risks before the underlying industry has even emerged or before players have established themselves who could actually take on the big US competitors. While US companies first build products and create markets before facing regulation, Europe often tries to fully anticipate every possible negative consequence in advance.

But innovation rarely works linearly. Many of today’s dominant technologies would likely never have emerged under strictly preventive regulation. Neither social networks, nor cloud platforms, nor generative AI could have been neatly categorized into risk brackets during their early development phases.

The AI Act is a perfect example.

• When the Commission presented the first draft in April 2021, generative AI played almost no role. Large language models like GPT-4 didn’t exist yet.
• Accordingly, the original proposal focused on clearly defined systems: facial recognition, credit scoring, or AI in safety-critical products.
• With ChatGPT’s breakthrough in late 2022, it became clear that “foundation models” represented an entirely new category. They weren’t even envisioned in the original draft. Only during 2023 did the European Parliament react, hastily adding new regulations for “general-purpose AI” into the text.

In other words, while the technology was already being rolled out globally, European legislators were trying to retroactively fit it into a regulatory grid meant for something else entirely.

AI proves that technological breakthroughs usually happen in an environment of experimental freedom. Europe is increasingly reversing this order. Before a product scales, we discuss the theoretical risks. Before a market exists, we design the rules to structure it.

The result is paradoxical.

Europe regulates industries that are largely created outside of Europe. The DMA targets a handful of American platforms, and the AI Act regulates technologies developed by US or Chinese firms. European companies are formally “protected,” but in practice, they remain spectators in markets whose rules they don’t help write.

And there is another layer.

Europe doesn’t just want to manage risks preventively.

It wants to plan the entire product like a project in advance. One example is the Rebuild initiative by a Danish NGO, backed by Margrethe Vestager (a long-time EU Commissioner for Competition). It attempts to act as a “catalyst” for a new generation of European social media platforms by the end of 2026.

The goal to reclaim digital sovereignty through a network of entrepreneurs and investors to connect, present products, and exchange ideas with stakeholders is honorable.

But on closer inspection, it is a simple attempt to copy or “rebuild” products with some private equity buzzwords like “the boost”, or “the shift”.

I don’t want to belittle these initiatives because they are trying to strengthen Europe.

Every attempt is laudable.

But still, these attempts are a sign of desperation, and this is sad.

Identity politics as corporate culture

In recent years, many European organizations have begun to deeply integrate socio-political goals into their internal processes and external communication.

Issues such as diversity, sustainability, inclusion, and corporate social responsibility are fundamentally legitimate. After all, companies are part of society and cannot act as if they exist outside of social realities. The problem arises, however, when social sensitivity turns into moral oversteering, creating an additional layer of risk aversion.

The Green Deal is a prime example of the European tendency to plan complex societal transformations not as technological opportunities, but as massive bureaucratic projects through the lens of social engineering.

Originally announced as “Europe’s moonshot,” it became a structural barrier to innovation. While the EU has managed to set the world’s strictest climate framework, it is now struggling desperately to ensure this framework doesn’t crush its own economy in the face of global competition, because without a strong industrial base, the call for climate protection becomes increasingly untenable politically.

To be fair, socio-political debates certainly exist in the United States as well.

There, too, companies are regularly at the center of cultural conflicts. The decisive difference, however, lies in the prioritization.

American companies build products and markets first. Europe, by contrast, frequently attempts to fully integrate this evaluation before the work even begins.

The way out

I am a strong proponent of a single European market. Such a market, with more than 400 million inhabitants (compared to 340 million in the US), holds unbelievable potential. The solution, therefore, cannot be to abolish the EU.

And, of course, it should be clear that there is no simple solution to a cultural problem. However, Europe can still make several key adjustments:

• The current system produces vast amounts of text with corresponding room for interpretation, but very little in the way of a clear line. Companies can deal with hard obligations. What paralyzes them are vague definitions, open-ended balancing clauses, and a constant stream of drafts, FAQs, and interpretations.
• Europe has grown accustomed to solving problems preventively. This sounds responsible, but in dynamic markets, it is often a growth barrier. In many areas, it would be more sensible to return to stronger ex post regulation. A return to retrospective abuse control should therefore become the default.
• Europe must put significantly more money on the table. Amazon, Microsoft, Google, Meta, and Oracle have massively increased their CapEx to build data center infrastructure where AI applications will eventually run.

• In Europe, investments of €1bn in data centers are celebrated as milestones by the media and politicians alike. The European Commission proudly announces investments of €307mn in AI and related technologies. But these are peanuts. They do absolutely nothing to move the needle in the right direction. When it comes to data centers, the EU has to push companies to invest €20bn in five large-scale facilities. And this is being framed as a success. €20bn. Sounds like a lot. But in the end, Amazon and Microsoft spent roughly ten times(!) that on CapEx last year.

• If we don’t lower the tax and social security burden for employees, we will remain nothing more than a second-rate choice in the global “war for talent.” Why would someone choose Berlin or Paris, only to find that they not only earn less but also pay a massive portion of their salary into social systems they may never use, all while running headfirst into a wall of bureaucracy?

Europe has settled into a comfort blanket of moral superiority while the economic foundation beneath it crumbles. To foster economic development and maintain any right to assert itself on the international stage, Europe needs a dose of rational pragmatism in the design of its economic framework.

It is a simple, almost banal truth that is being criminally ignored in Brussels and the national capitals: prosperity is the foundation for values, not the other way around.

Thank you so much for reading. The European View’s Newsletter is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

You can support me by subscribing to my Substack.