Publication
Why Europe needs a regulatory technology innovation ecosystem
Published
12.10.2023
Paul Fehlinger
In today’s rapidly evolving digital landscape, regulation and policy frameworks play a crucial role in shaping the responsible use of technology. The European Union (EU) has introduced an unprecedented wave of regulation to build a values-based data economy and a single digital market that covers all 27 member states. However, as these regulations are extensive and together form a complex picture, questions arise as to how smaller companies in particular can comply without compromising their ability to innovate and compete.
This memorandum explores the concept of Regulatory Technology, or RegTech, as a solution to the challenges posed by the extensive regulation of technology and data. Drawing parallels with the financial sector in the aftermath of the 2008 global financial crisis, this report highlights the transformative potential of RegTech in the technology sector. Just as RegTech solutions emerged as a catalyst for responsible growth in the heavily regulated financial industry, they can empower companies to navigate complex policy landscapes and grow responsibly in the digital age.
By providing a conceptual definition of RegTech and analysing its market potential in the context of the five new regulations stemming from the European Data Strategy of 2020, this report aims to stimulate discussion and drive action among policymakers, entrepreneurs, investors, and businesses. It offers concrete recommendations on how to accelerate the development of a thriving RegTech innovation ecosystem that enables the responsible use of technology at scale, ultimately driving the twin transition towards a sustainable future in the EU and beyond.
We would like to thank Paul Fehlinger, the author, whose unique blend of understanding of technologies, digital governance and innovation ecosystems made him the ideal contributor to this report. In addition, we are grateful for the invaluable input from participants representing the European Commission, member states, public authorities, NGOs, and companies at the roundtable event co-hosted with the European Policy Centre in Brussels, in June 2023. This collaborative effort, part of our Data Strategy 2.0 initiative, has greatly enriched the development of the report by providing insights and recommendations to advance European data policy.
This discussion paper is a call to action, inviting stakeholders to explore the potential of RegTech and create the necessary innovation ecosystems. It is our hope that by embracing RegTech, Europe can remain attractive and competitive in the global digital economy while ensuring the responsible and compliant use of technology for the benefit of us all.
27 September 2023
Laura HaleniusProject Director, Roadmap for a Fair Data Economy, Sitra
The European Union (EU) is embarking on a historic wave of regulation to govern digital technologies responsibly. The Digital Services Act (DSA), the Digital Markets Act (DMA), the Artificial Intelligence Act (AIA), the Data Act, and the Data Governance Act (DGA) will create unprecedented rules for the development, deployment, and governance of technologies and digitally stored information. These ‘Big Five’ regulations aim to shape the framework for a trustworthy and human-centred digital decade.
This new regulatory environment is complex and poses a pressing challenge: how will companies of all sizes that fall into the scope of application of the Big Five regulations implement these ambitious rules while remaining innovative and competitive? Regulatory Technology (RegTech) is a new field of software and infrastructure solutions that can power a regulated digital economy at scale.
This memorandum shows that RegTech solutions have the potential to become the enabling backbone spurring digital innovation and growth in Europe’s regulated digital economy. Just as RegTech revolutionised financial services after the 2008 global financial crisis by absorbing regulatory complexities, it can now catalyse responsible and cutting-edge software and technology development in data, Web 3.0, extended reality or artificial intelligence.
If there are two major challenges in the 21st century – climate change and digitalisation – then RegTech is to responsible technology what ClimateTech, such as carbon capture or fusion technology, is to climate change: the enabler of regulatory impact at scale.
RegTech solutions can achieve regulatory efficiency at scale, create regulatory fairness by giving smaller players the tools to be highly innovative yet compliant, and increase regulatory agility by reducing the cost of regulatory experimentation for cutting-edge innovations through sandboxes and other approaches. They are both a vector for regulatory enforcement and for building a highly innovative and high-performing digital economy.
We define five key RegTech categories for the digital economy:
Enabling responsible growth and innovation in Europe requires coordinated action by governments, investors, entrepreneurs, and experts. This memorandum makes four concrete recommendations that can be taken now:
This memorandum aims to stimulate policy, business and investment discussions on the potential of enabling RegTech and ultimately create innovation ecosystems to catalyse the emergence of RegTech solutions to power the European economy.
There is a window of opportunity for Europe to become a global leader in the development and use of RegTech for the digital economy, demonstrating how technological solutions can enable companies across sectors to be responsible, highly innovative, and globally competitive.
Under European Commission President Ursula von der Leyen, the agendas “A Europe fit for the digital age” (2020a) and the “European Data Strategy” (2020b) initiated a globally unprecedented wave of regulation of the use of digital technologies and services. The agendas aimed to lay the foundations for a values-based data economy and digital single market inscribed in the larger strategic goal of the ‘twin transition’ to create a sustainable future for Europe.
Only a few years after the 2016 General Data Protection Regulation (GDPR), the Digital Services Act (DSA), Digital Market Act (DMA), Artificial Intelligence Act (AIA), Data Act, Data Governance Act (DGA) (the so-called ‘Big Five’ proposals for the data economy) and other initiatives stemming from the European Data Strategy create groundbreaking rules for the fair and responsible use of data and digital technologies in the 27-member bloc (see Bräutigam et al. 2022).
Moreover, as with the “Brussels effect” of the GDPR, these new requirements for digital services, technologies, and data uses are set to serve as inspiration for governments around the world to pass similar new and far-reaching regulatory frameworks for digital technologies.
But this historic wave of new rules for the responsible use of technologies begs crucial questions:
This historic wave of new rules for the responsible use of technologies begs crucial questions, such as: how will unprecedented regulation of this scale work in practice?
This new era of regulated technology poses unprecedented challenges for both companies and regulators.
As the EU takes the lead in regulating the responsible use of technology, it must find the right solutions to remain attractive and competitive in the global digital economy. European providers of technology solutions and services, as well as their clients, must now demonstrate how to develop, deploy and use technology responsibly while being highly performant. This will require agile approaches to the implementation of the Big Five regulations, ranging from public-private partnerships and better-funded regulators to experimental sandboxes.
But to enable the responsible use of technology easily, efficiently and at scale, initiatives to impose regulatory standards on technology must be driven by the technology itself – a concept known as Regulatory Technology or RegTech.
RegTech is an emerging field of innovative start-ups that provide ethical, risk management, compliance, and supervisory services as software tools. It also involves the development of novel standards and enabling infrastructures that businesses need to operate their digital services, AI systems, or data spaces effectively and responsibly.
As this report will show, for businesses to flourish in the digital decade of regulated technologies, we can learn from parallels with the financial sector in the aftermath of the 2008 global financial crisis. Almost 15 years ago, Europe and other regions of the world gradually adopted far-reaching new financial regulatory frameworks for the banking sector. The highly digitalised financial industry suddenly looked for new solutions to operate competitively and responsibly in a fast-paced, highly regulated, cross-border environment. In response to this demand, RegTech solutions emerged as a major enabling innovation catalyst in the burgeoning financial technology (fintech) sector, enabling companies to navigate a complex cross-border policy and compliance landscape and to grow and operate responsibly in a highly regulated market.
This report aims to stimulate policy, entrepreneurial, and investment discussion on the potential of enabling RegTech to drive the technology sector in Europe and globally, and how to create corresponding innovation ecosystems to catalyse its emergence.
This report begins with a conceptual definition of RegTech for the digital economy and draws historical comparisons with the emergence of RegTech in the fintech sector following the 2008 global financial crisis. For each of the five new digital regulations in the EU (Big Five), it analyses the potential of RegTech solutions to address the challenges of their implementation from the perspective of different actors in the data economy. The report also presents case studies of RegTech providers of relevant solutions.
The report concludes with concrete recommendations on what European stakeholders, including the EU institutions, member states, venture capital investors, and businesses, can do to accelerate a thriving RegTech innovation ecosystem that enables the responsible use of technologies at scale to drive the twin transition.
While one can argue that regulation has always been enabled by technology – from the invention of paper that allowed the spread of administrative rules at scale, to punch cards, or digital spreadsheets to report on risks and compliance – RegTech is a fairly new phenomenon.
RegTech as a term is mainly associated with a subcategory of financial technology, fintech, that emerged in the 2010s and encompasses the use of digital technologies in financial services. With the advent of stricter financial regulations after the 2008 financial crisis, which coincided with the mainstream adoption of such new technological innovations, RegTech established itself as a fast-growing fintech vertical.
The 2008 global financial crisis, also known as the Great Recession, was a severe economic downturn caused by the collapse of the US housing market, which led to a domino effect of financial institution failures, credit freezes, and widespread job losses, triggering a global recession with lasting impacts on economies worldwide. The crisis exposed vulnerabilities in the global financial system and raised concerns about the adequacy of regulatory oversight and risk management practices.
After the 2008 crisis, the financial sector saw two major developments in the EU: the rise of regulation to increase stability in the financial system through extensive new reporting and compliance requirements and the emergence of fintech. The latter has blended traditional financial services with big data, artificial intelligence, digital identity or blockchain technologies to create new applications and services in both B2B and B2C segments, thereby creating new risks through the use of new disruptive technologies in financial services.
In the EU, major regulatory initiatives since the 2010s have created extensive compliance requirements for the developers, providers and users of financial services.
These regulations, further enhanced by the EU’s General Data Protection Regulation (GDPR), have led to a growing need in the financial services industry to search for technological solutions to manage the implementation of new and far-reaching regulatory reporting requirements and corresponding risk and compliance management. Likewise, regulators had to find solutions to collect and analyse ever-increasing amounts of financial data in order to audit the industry.
The confluence of the data-heavy and digitalised financial services industry and the new regulatory requirements in the aftermath of the financial crisis thus made it possible for RegTech software solutions to emerge and be adopted, leading to the rise of a thriving financial RegTech ecosystem in Europe.
RegTech has fundamentally transformed the financial services market. The mainstream availability of RegTech solutions to businesses has become a key enabler of responsible behaviour in the financial industry at scale and across different jurisdictions. Without the RegTech solutions, financial services as we know them today would not be able to operate, as the next section shows.
RegTech has become a major investment focus for venture capitalists, triggering the emergence of specialised incubation and acceleration structures in the fintech ecosystem across Europe. According to a market study, there were over 140 RegTech solutions in the financial sector in Europe in 2019 (Franco-German VC XAnge 2019). For example, the annual industry compliance cost of the EU Markets in Financial Instruments Directive II was estimated at €689 million in Europe, which explains why RegTech and process automation solutions are in high demand.
In 2022 alone, an estimated €17 billion was invested worldwide in RegTech companies specialised in solutions for the financial sector through venture capital, private equity, or mergers and acquisitions investments, up from €10.8 billion the year before, despite the overall decline in fintech investment (Statista, 2023). In the financial sector, regulation in multiple jurisdictions worldwide has de facto generated the need and demand for a new RegTech market, which forecasters estimate will grow into a €183 billion sub-industry of the financial sector by 2026 (Juniper Research, 2022).
With its vision of the digital decade that is “human-centric” and “sustainable” and empowers both “citizens and businesses”, the European Union, under the Commission’s leadership of President Ursula von der Leyen, has created an unprecedented and globally pioneering comprehensive regulatory framework for the digital economy (European Commission, 2021).
The Digital Services Act (DSA), Digital Markets Act (DMA), Artificial Intelligence Act (AI Act), Data Act, and Data Governance Act (DGA) will create groundbreaking guidelines and obligations for the digital economy to operate responsibly in a similar way to what the General Data Protection Regulation (GDPR) of 2016 has already done in the past in the field of privacy.
If we compare the financial market with the digital economy, the potential for RegTech is of both political and economic importance. Politically, enabling the responsible use of digital technologies at scale is a current priority in the EU. Economically, the scale of European innovation and productivity that could be responsibly driven by RegTech is considerable.
As for the financial sector, many companies deploying or using digital technologies will find it prohibitive to develop complex internal processes from scratch, let alone streamlined and robust corresponding software or technology solutions. Concerns about complexity, fears of high legal consulting costs and insufficient resources for additional staff members to manage risk and compliance are therefore creating a strong demand for RegTech solutions that enable the responsible use of technology at scale.
The digital services, data, and artificial intelligence sectors, ranging from developers and providers to their corporate users, have the potential to surpass the fintech sector. The combined Gross Value Added (GVA) of the finance and insurance sectors to Europe’s economic growth was EUR 588 billion in 2022 (Atomico, 2022). The technology sector already surpassed these traditional European powerhouse industries in 2017, contributing €735 billion to EU GVA in 2022. The value of the data economy in the EU27 alone is estimated to be 5.8 per cent of EU GDP or €829 billion by 2025 (European Commission, 2020c). We are thus witnessing the historic regulation of a market larger than the financial services industry.
Before analysing each of the new digital regulations in the EU (the Big Five) in the next chapter, we will take a closer look at the five categories of RegTech for the digital economy. We can identify the same three areas for RegTech that we already know from the financial services sector, as described above (Table 1), as well as two new ones.
A defining dynamic of the data-driven economy is the rapid pace of innovation and the constant new ethical challenges related to potentially disruptive uses of new technologies. Cutting-edge companies find themselves in situations where, as private actors, they have to set norms and rules in the absence of clear and granular public regulation. The time between disruptive technologies entering the markets and the design of ex-post regulation is a recurring and well-known challenge for both policymakers and innovative enterprises, to which RegTech tools (see Ethical Tech) could provide a partial solution.
This section presents each of the Big Five regulations and the potential for the different types of RegTech tools outlined in the previous section. The potential is linked to the provisions introduced by the Big Five, further highlighted with use cases.
The Big Five refers to the legislative proposals that emerged from the European Data Strategy of February 2020 (Bräutigam et al. 2022): the Digital Services Act (DSA), the Artificial Intelligence Act (AIA), the Data Governance Act (DGA), the Data Act, and the Digital Markets Act (DMA).
The DSA, which updates the rules governing digital services in the EU two decades after the 2000 e-Commerce Directive, was first tabled in December 2020 and adopted in October 2022. Providers of a wide variety of digital services in the European market will have to comply with the DSA from February 2024 onwards.
The DSA aims to clarify the responsibilities and obligations of online platforms with regard to the provision and moderation of content and the offering of products for sale on online marketplaces while retaining the key principles of the e-Commerce Directive (Bräutigam et al. 2022). To achieve its goal of a safer and more trustworthy online environment, the DSA introduces specific responsibilities for different types of providers of digital services:
The supervision of the DSA is a shared responsibility between member states and the European Commission.
In April 2021, the European Commission published the proposal for a framework for trustworthy AI, the Artificial Intelligence Act (AIA). This aims to ensure the human-centred and ethical development of AI by striking a balance between the security of citizens and the development of new, innovative technologies. The AIA aims to ensure that AI systems placed on the market or put into service in the EU are safe and respect existing laws on fundamental rights and European values (Bräutigam et al., 2022).
If adopted, the AIA will introduce requirements for the providers, deployers, importers, distributors and users of AI systems in the EU to adhere to strict rules on data quality, accountability, human oversight and transparency. The AIA is notably based on a technology-neutral definition of AI systems, and its obligations distinguish between the uses of AI that create:
The supervision of the AIA is managed in each member state by competent authorities. In addition, the Commission has proposed the formation of an AI Board as an additional governance structure to assist member states in the implementation of the Act.
In November 2020, the European Commission proposed the Data Governance Act (DGA) as a first step towards the implementation of the European Data Strategy. It aims to establish an effective governance framework for European data spaces as well as strengthen confidence and trust among stakeholders in the data market (Bräutigam et al. 2022). The DGA was adopted in June 2022 and entered into force in September 2023.
The DGA applies to protected data that is already subject to someone else’s right (for example personal data, trade secrets, intellectual property rights) and aims to create a framework within which such protected data can be used.
The DGA includes:
The DGA leaves the definition of sanctions and enforcement measures to member states.
In February 2022, the European Commission published its proposal for the Data Act. The Data Act aims to clarify the rules around sharing data from connected devices between users, providers, and third parties. This way, it aims to promote data-driven innovation and will help to unlock troves of industrial data that are currently unused as well as ensure fairness in the data value chain among all those within the data economy (Bräutigam et al. 2022).
The Data Act includes:
The supervision and sanctions are left for member states to determine.
The Digital Markets Act (DMA) was proposed by the European Commission alongside the DSA in December 2020. It was adopted in September 2022, and the so-called gatekeepers must comply with its obligations by March 2024 at the latest.
The DMA aims to restore real competition to the European single market and prevent it from being dominated by the biggest providers of digital services, often originating outside the EU with ex-ante provisions (Bräutigam et al. 2022). The DMA only applies to so-called gatekeepers, which are the largest providers of intermediary services as identified by the European Commission. Gatekeepers operate between business users and end users, provide a core platform service in at least three member states, and hold a significant and lasting position in the market. Core platform services include a long list of services, such as search engines, social media services, video-sharing platforms, instant messaging services, operating systems, smartphone app stores, cloud services, learning platforms and advertising services.
The DMA establishes several prohibitions and requirements that designated gatekeepers must comply with if they wish to offer their services to European users:
Gatekeepers risk fines of up to 10 per cent of global turnover for violations of the DMA and up to 20 per cent for repeated offences.
Now is the time for the European Union to develop a bold vision for RegTech and the future of responsible technology.
The rise of the ecosystem of RegTech solutions in the financial sector in the EU has been the result of several regulatory measures, without an overarching vision of the role of RegTech solutions prior to the introduction of the measures (Buckley et al. 2019).
With the lessons learned from the RegTech solutions in the financial sector, the 2020s as the decade of digital regulation calls for a proactive approach to harness the opportunities of RegTech to promote a responsible and innovative digital economy in Europe.
Three factors support the strategic adoption of RegTech solutions in the EU. This topic is particularly timely as the EU continues to implement the Data Strategy.
As shown, RegTech has important enabling benefits that should make it a key strategic vector for European tech competitiveness, innovation policy, and entrepreneurship.
A thriving RegTech innovation ecosystem is key to ensuring the EU’s digital competitiveness and the successful implementation of the European Data Strategy. It could even produce RegTech champions in the EU who could find demand for their services in other jurisdictions around the world grappling with similar challenges and establish Europe as a global leader in the development and use of RegTech solutions.
To catalyse such a thriving ecosystem, the following recommendations should be considered:
1. Shape a common European vision on the potential of RegTech for the implementation of the European Data Strategy and the new decade of responsible technology.
European stakeholders spanning policymakers, entrepreneurs, investors and experts, need to construct a shared vision encompassing both the economic and social benefits of RegTech solutions. Policymakers should include RegTech in the design of future agile and dynamic regulatory frameworks.
2. Coalesce a European RegTech ecosystem.
So far, there are no federated structures for RegTech in Europe. For reasons of both public interest and private market incentive, stakeholders – including entrepreneurs, developers, regulators, digital companies and experts – could come together to set the entrepreneurial innovation agenda for RegTech solutions and create corresponding incubation and acceleration structures.
RegTech solutions could also benefit from trust labels, accreditation or other officially recognised solutions as this would create visibility and foster trust to better rely on the solutions.
3. Create funding structures supporting RegTech solutions.
There needs to be sufficient capital to support RegTech ventures. To achieve this, European and national authorities, such as the European Investment Fund and national investment banks, should establish competitive and lean funding vehicles specialised in enabling regulatory technology. In addition, the EU and national capitals could incentivise public and private capital providers to develop tailored early-stage and growth funding mechanisms, for example by giving such investments special recognition and visibility.
Furthermore, Europe should address the concern that certain RegTech companies in the US are experiencing faster scaling due to a historical and structural difference between the EU and US venture capital markets: higher investments, particularly in areas such as AI RegTech. As a pioneer in digital regulation, Europe has a unique opportunity to lead in the tech RegTech sector and champion responsible technology usage. However, swift action to mobilise capital is now imperative to maintain competitiveness and foster innovation.
Last but not least, in order to advance Europe’s digital economy competitiveness and innovation power in the era of regulated technology use, there may be an interest to create, especially for Enabling Infrastructure Tech, additional targeted funding vehicles that invest in public interest solutions to pre-empt the development of proprietary solutions that could be less accessible to smaller actors and new market entrants.
4. Include RegTech as part of sustainability reporting.
The responsible use of new digital technologies and data could be a sub-category of environmental, social, and governance (ESG) reporting obligations for public limited partners funding venture capital funds. This move would garner more attention to the RegTech sector and incentivise dedicated impact investment in RegTech.
5. Set an entrepreneurial agenda.
Few entrepreneurs are yet aware of the scope of digital regulation in Europe and the corresponding business opportunities that solving some complex challenges potentially entails.
European policymakers and other stakeholders can create the necessary structures so that innovators are better informed about upcoming regulations and the needs and demands of the RegTech market.
Early impact assessments of regulatory proposals could already contain information about future RegTech potential across the five categories (Ethical Tech, Risk & Operations Tech, Compliance & Reporting Tech, Supervisory Tech, Enabling Infrastructure Tech), as well as clearer statistics on what type of companies will be affected by upcoming legislation and how, in a language that is understandable to a broad audience of entrepreneurs, engineers and investors, to stimulate the anticipated development of RegTech solutions that can be market-ready when regulatory instruments come into force.
European stakeholders from EU institutions, member states, investors, incumbents, entrepreneurs, and experts have the choice to either wait for the RegTech market to emerge by accident, as was the case in the fintech sector, or to actively shape a common vision and proactively create an ambitious EU-based RegTech innovation ecosystem for the digital economy.
In addition to market demand, which incentivises entrepreneurs to develop RegTech solutions that facilitate responsible technology development, deployment and regulation, there is a compelling public interest imperative for the European Union, member states, the private sector, investors, experts, and innovators to collaborate and forge an innovation ecosystem. This collaboration aims to accelerate the development of RegTech, increase efficiency and significantly reduce compliance costs. The ultimate goal is to provide the technological backbone of a responsible, highly innovative, and globally competitive digital economy.
1001 Lakes (2023). Building trust in data ecosystems. Retrieved on August 4, 2023.
Atomico (2022). State of European Tech 2022. Retrieved on August 4, 2023.
Bräutigam, T. & Cunningham, F., Toivanen, M., Aholainen, M., Geus, M., and Kukorelli, F. (2022).
EU Regulation Builds a Fairer Data Economy. Sitra Working Paper. Retrieved on August 3, 2023.
Buckley, R. P., Arner, D. W., Zetzsche, D. A., & Weber, R. H. (2019). The road to RegTech: the (astonishing) example of the European Union. Journal of Banking Regulation. Springer.
DSNP (2023). Delivering the Social Network as Core Internet Functionality.
Deloitte (2023). RegTech Universe. Retrieved on August 4, 2023.
Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (PSD II).
Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU) No 1095/2010 (AIFMD).
Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (CRD IV/CRR). http://data.europa.eu/eli/dir/2013/36/oj
Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (MiFID II).
European Banking Authority (2021). Analysis of RegTech in the EU.
uropean Commission (2020a). A Europe fit for the digital age.
European Commission (2020b). A European strategy for data.
European Commission (2020c). The European Data Strategy. Retrieved on August 4, 2023.
European Commission (2021). Shaping Europe’s Digital Future. Retrieved on May 27, 2023.
European Commission (2022). Shaping Europe’s future – European Data Governance Act. Retrieved on August 4, 2023.
European Parliament (2023). Amendments adopted by the European Parliament on 14 June 2023 on the proposal for a regulation of the European Parliament and of the Council on laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain Union legislative acts (COM(2021)0206 – C9-0146/2021 – 2021/0106(COD)).
Goujard, C., & Scott, M. (2023, January 17). EU looks to turn Big Tech dropouts into content-law enforcers. Politico. Retrieved August 4, 2023.
Jiménez Arandia, Pablo (2023). What to expect from Europe’s first AI oversight agency. Algorighm Watch. Retrieved August 6, 2023.
Juniper Research (2022). RegTech: Market forecasts, emerging trends & regulatory impact 2022-2026. Retrieved on May 8, 2023.
Miller, Ron (2020, December 21). OneTrust nabs $300M Series C on $5.1B valuation to expand privacy platform. Retrieved on August 4, 2023.
N.d. (2023). Tremau. Crunchbase.
OneTrust (2020). Inc. 500: OneTrust named America’s #1 fastest-growing company. Retrieved on August 4, 2023.
Proposal for a Regulation of the European Parliament and of the Council on European data governance (Data Governance Act) COM/2020/767 final.
Proposal for a Regulation of the European Parliament and of the Counc on harmonised rules on fair access to and use of data (Data Act) COM/2022/68 final.
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act).
Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act).
Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937
Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012.
Regulation (EU) No 648/2012 of the European Parliament and of the Council of 4 July 2012 on OTC derivatives, central counterparties and trade repositories (EMIR).
Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (eIDAS).
Schizas, E., McKain, G., Zhang, B. Z., Garvey, K., Ganbold, A., Hussain, H., Kumar, P., Huang, E., Wang, S., & Yerolemou, N. (2019). The Global RegTech Industry Benchmark Report. Retrieved on May 8, 2023.
Singh, Navrina (2022). Credo AI Announces $12.8M Series A Funding Round for Responsible AI. Retrieved on August 4, 2023.
Statista Research Department (2023). Global VC, PE, and M&A investment activity in regtech 2019-2022. Retrieved on May 8, 2023.
Vastuu Group (2020). A MyData Operator White Paper. Retrieved on August 4, 2023.
XAnge (2019). The State of European RegTechs. Medium. Retrieved on May 8, 2023.
Paul Fehlinger is an expert in multi-stakeholder innovation ecosystems and the governance of digital technologies at the intersection of policy, entrepreneurship and capital. He is the Director of Policy, Governance Innovation & Impact at Project Liberty’s Institute, focusing on responsible innovation and ethical governance in areas such as Web 3.0 and AI. He is affiliated with the Berkman Klein Center for Internet & Society at Harvard University and is a Senior Fellow at the Hertie School of Governance.
Previously, he co-founded and led the Internet & Jurisdiction Policy Network, involving more than 400 entities in over 70 countries and receiving endorsements from G7, UN, and OECD. His insights on the global digital economy have been featured in various media outlets and publications.
He has been appointed to advisory and expert groups by organisations such as the World Economic Forum, the Global Commission on Internet Governance, and the Council of Europe. Paul holds degrees from Sciences Po Paris, Maastricht University, and is an alumnus of the Newton Venture Program at London Business School.
Enabling the responsible use of technology at scale
Sitra
Helsinki
2023
978-952-347-354-6
2737-1034
European Union, legislation, digitalisation, digital technologies, digital services, markets, regulations, data, data management, regulatory technology, RegTech, platform economy, data economy, innovation
Tools for applying digital regulation in business