Survey: The impact of EU Data strategy regulations on CEE startups

The European Union is at a crossroads, trying to balance its core values - like respect for individuals’ privacy and human rights - while also helping European businesses, including startups, stay or become globally competitive. In the past five years, we've seen a wave of new data and tech regulations come into play. Mario Draghi has pointed out that too much regulation could actually hold back tech innovation in Europe, and the European Commission has promised to cut the administrative burden for Europeans over the next five. 

Consumer Choice Center Europe (CCCE) dived into Central and Eastern European (CEE) startups’ experience with the EU’s data strategy regulations (including General Data Protection Regulation (GDPR), Digital Services Act (DSA), Digital Markets Act (DMA), Data Act (DA), Data Governance Act (DGA) and Artificial Intelligence Act (AI Act).

Startup representatives from 11 CEE countries (Bulgaria, Romania, Slovenia, Croatia, Hungary, Slovakia, Czechia, Poland, Lithuania, Latvia, and Estonia) shared their thoughts on the impact of EU data strategy regulations on their operations, innovation potential, their experiences when interacting with national regulators and recommendations for both national and EU policymakers and regulators.

Surveyed CEE startups expressed the need for clearer guidelines, introducing a ‘one-stop-shop’ approach among regulators, completing the Single Digital Market, among other suggestions.

Respondents expressed that policymakers don’t fully understand the challenges of building a globally competitive product and urged EU and national policymakers to look to the US, where a less restrictive regulatory environment has allowed the rise not only of unicorns but also decacorns.

Click here to download the full report

Click here to download the executive summary

1. The impact of EU data strategy elements on their operations

54,6% of respondents viewed the impact as either negative or very negative, 9,1 % saw it as positive, and 36,4% remained neutral.

27.3% of respondents reported that the regulations have moderately increased their operating costs, 9.1% stated that the costs have increased significantly, 45.5% noted a slight increase, and 18.2% reported no impact on costs.

1. Respondents indicated that EU data strategy regulations have increased the burden on workflows and resulted in additional compliance expenses, limiting the global competitiveness of CEE startups.

   1.1.  Most respondents indicated they experienced the need for additional legal personnel or increased legal costs, as well as the creation of new positions within their organizational structure, as a result of EU data strategy regulations.

   1.2.  Some mentioned increased certification costs as a consequence. 

   1.3.  Some indicated they now must maintain flexible system architecture to adapt more easily to evolving EU regulations.

   1.4.  Some respondents noted that compliance requirements had slowed down their product roadmaps, too.

2. Part of the respondents emphasized that regulatory uncertainty and frequently changing regulations have increased their operational costs via legal fees and technical adaptation.

3. Many respondents mentioned competitive disadvantages for the EU startups compared to US startups, with some admitting that these regulations were the final push for relocating outside of the EU.

4. Respondents indicated that the GDPR is their main compliance hurdle to date while admitting they expect more issues arising soon.

.

2. The EU data strategy regulation simplicity and certainty for CEE startups

The majority, 81.9%, viewed the regulations as either very or moderately complicated, while 9.1% found them slightly complicated, and 9.1% considered them not complicated at all.

Most respondents admitted they had to adapt to European data privacy regulations. However, 27.3% considered avoiding the EU market altogether, and 4.5% had to delay the entry.

1. Respondents admitted that the volume of EU regulations is difficult for small companies to comply with, often leading to increased costs and a shift in focus from product development to compliance efforts.

2. Moreover, many startups lack awareness of the frequent updates and changes to regulations, making it harder to stay compliant.

3. Respondents admitted that the complexity of compliance increases as the companies scale, adding more challenges over time.

4. Many respondents addressed the future of data-based startups in the EU, stating that the regulations are slowing down the technological progress of EU companies, while others openly admitted the future for data-based companies in the EU remains unclear due to the ongoing (and increasing) regulatory burden.

5. CEE startups have addressed the absence of a Single Digital market as a big burden, which, together with the complexity of EU regulations, are particularly challenging for data-based startups, which often lack the financial resources to handle compliance effectively.

6. Some advocated that while transparency and user protection are important goals, the current regulations place an undue burden on startups, which need flexibility and momentum to grow.

7. Some believe that regions outside of the EU, with less complex regulatory regimes, allow companies to focus more on innovation and growth.

8. When questioned about the climate for startups in the EU and if they ever considered relocating due to the scope of regulations in the EU, startup representatives were honest:

   8.1.  Most complied with EU regulations without considering relocation. However, some noted that they had to make a difficult decision between operating in the EU or the US, weighing regulatory complexity against business growth.

   8.2.  Others admitted to trying to avoid the EU market whenever possible due to the regulatory complexity

   8.3.  Some respondents mentioned they might consider relocating after scaling due to increasing regulatory challenges.

3.  EU data strategy & innovation in CEE startups  

The majority, 63.6%, believed the regulations hinder innovation, 18.2% believed it creates challenges but opportunities as well, and 13.6% believed the regulations have no impact on innovation.

1. While some found no correlation between regulation and innovation, many respondents highlighted that the immediate need to focus on compliance poses a hurdle to innovation.

2. Some respondents expressed a more pessimistic view, indicating that the  EU data strategy does not help foster innovation in startups.

3. Some respondents were completely honest about the fact they have to take risks and know of some not fully complying with all regulations in order to grow

4. CEE startups’ experience with EU or national regulatory authorities

Only 9.1% of respondents admitted that they often seek guidance or clarification on EU data strategy regulations from EU or national authorities (multiple times a year). The majority  - 45.5% - do this 1 to 2 times a year, 4.5 % do so less than once a year, and a whopping 40.9% have no interactions with regulators at either the national or EU level.

On a positive note, only 4.5% of respondents viewed their interactions with the authorities as negative. Meanwhile, 9.1% viewed them positively, 45.5% were neutral, and 40.9% admitted they didn’t interact with these authorities at all.

1. Respondents believe there is a visible willingness from regulators to help and be supportive. However, the response rate is slow for the fast-paced needs of startups, with some waiting over a week for replies.

2. Respondents indicated that many regulators often seem unsure or lack confidence in explaining regulations, leading to unclear and ad hoc responses.

3. Many of the respondents emphasized the absence of a 'one-stop shop' for regulatory guidance, requiring them to consult multiple regulators to obtain clear answers.

5. CEE startups’ recommendations for policymakers and regulators at the EU and national levels

1. More simplicity in regulation and reporting processes - CEE startups expressed the need for clearer guidelines and simplified reporting requirements to reduce the administrative burden on startups.

2. A 'one-stop shop' among national regulators - many requested either a single agency or better collaboration between regulators to clarify EU data strategy compliance requirements for startups. They also suggested introducing digital tools, possibly AI-powered, to streamline the compliance process for startup representatives.

3. Enhanced cooperation between EU and national regulators - some see this as crucial for creating more consistent and coherent regulations across different jurisdictions, aiding the move toward a Single Digital Market through practical measures.

4. Exemptions for startups in their early phases - while some respondents advocated for temporary exemptions from regulations during the initial stages of growth, they were also honest about the fact they will face increasing regulatory scrutiny once they scale.

5. Learn from the US - some respondents feel that policymakers don’t fully understand the challenges of building a globally competitive product and underestimate the burden that regulatory complexity places on that journey. They urge EU and national policymakers to look to the US, where a less restrictive regulatory environment has allowed the rise not only of unicorns but also decacorns.

6. Complete the digital single market - respondents emphasized the need for a fully integrated market with unified regulations is essential to reducing fragmentation, like inconsistent GDPR enforcement across 27+ authorities, enabling innovative companies to navigate rules efficiently.

7. Be careful with future regulations - respondents feel like EU’s future regulations should undergo competitiveness tests, balancing economic priorities, innovation, and societal objectives, while ensuring regulators adopt risk-based approaches that support the right to innovate.

8. GDPR-specific recommendations:

   8.1.  More incentives for startups - some respondents believe there is a noticeable lack of incentives from national authorities for startups in the form of practical recommendations, good practice examples, friendly and functioning regulatory sandboxes, checklists and similar practical tools to support innovation while ensuring compliance. 

   8.2.  Narrow the scope of personal data - some respondents believe that the current treatment of almost all data as personal data makes its practical use for product development nearly impossible. Proper anonymization, while intended to help, often renders the data unusable for product development.

   8.3.  Rebalance data subjects' access rights - some respondents argued that the right to access data is currently too absolute, with local privacy bodies requesting access to data that might include sensitive trade secrets, which could jeopardize business continuity.