After a year of constantly hounding technology companies and internet platforms, it is unsurprising that a bipartisan group of senators – Republicans Lindsey Graham and Josh Hawley and Democrat Elizabeth Warren – are supposedly working out a proposal to regulate, and even license, all social media companies.

Some have gone further and insisted that there ought to be a dedicated regulatory agency to oversee “Big Tech” more generally, and Democratic Sen. Michael Bennett has introduced a bill to create such an agency.

Graham – as have many others before him – suggested that the United States should have a regulatory system for tech that is comparable to Europe’s. Indeed, many critics of the large U.S. tech giants have pointed to European Union (EU) regulations as a sign that we’re “falling behind.”

That Europe has jumped ahead of us in their attempts to become the world’s tech regulators, though, doesn’t mean that they are an example to follow. To the contrary, the European Union’s (EU) proclivity for precautionary regulation is one of the reasons that almost none of the large tech companies they aim to govern are actually from Europe.

The EU’s approach appears to be, in sum, “If you can’t innovate, regulate.”

There is a kernel of truth to the “falling behind” narrative; however, in that the EU’s torrent of heavy-handed technology regulations may hinder U.S. leadership’s ability to set standard practices for emerging technologies. For example, the EU’s General Data Protection Regulation (GDPR) has become the de facto global standard for data privacy and security, with companies like Google and Meta already adapting their practices accordingly. The EU is quickly moving toward a similar approach to regulating artificial intelligence (AI), and there are rumblings that the “metaverse” – that is, augmented and virtual reality – may be next.

If we follow Europe’s approach, we’ll pay the price in diminished innovation and competition. As we have seen across various industries, overly prescriptive regulatory burdens create barriers to entry into regulated markets. Large incumbent firms, for example, have the resources to adapt and comply – startups do not. Research already indicates that the GDPR has had this effect by “creating more concentrated market structures and entrenching the market power of those who are already strong.”

These barriers could be particularly devastating if applied to developing technologies like blockchain; augmented and virtual reality; and AI. For example, Europe’s approach to regulating AI has been colored by dystopian thinking that is likely to result in entire uses of AI being preemptively banned, or only allowed on a “mother may I” basis. To quote AI and tech policy analyst Adam Thierer: “European policymakers are essentially forcing their best and brightest innovators to sit on the fence and watch the rest of the world fly right past them on the digital technology and AI front.”

Unfortunately, this techno-dystopian mentality has spread far and wide in the United States with lawmakers on both sides of the aisle at the state and federal level pursuing new laws that generally have little regard for how they would actually affect the tech they seek to regulate. These proposals often claim to be protecting children, or combatting “tech addiction,” “censorship,” or protecting consumers from fraud. But what these proposals boil down to are bans or regulations with seemingly little concern for how companies would abide by them or how they would affect actual consumers.

This is not to say that social media, AI, the metaverse, or other emerging technologies like commercial drones, do not pose some risks of harm or that these technologies should be free from regulation. But the difference in mentality between the United States and Europe has generally been that we regulate to address specific harms that the market can’t solve rather than the ban-it-first-and-ask-questions-later approach of the EU. The United States became the world’s leader in the development of the internet and the digital economy precisely because we let the commercial internet develop with relatively little government interference compared to other industries.

It would serve us well to advance a better, lighter-touch alternative to clunky regulatory regimes like the GDPR, but thus far our sclerotic Congress has proven unable to rise to that task. In the case of the interconnected issues of data privacy and cybersecurity, there has long been consensus across the ideological spectrum that some form of federal-level regulatory framework is necessary. Various bills attempting to create such a framework have been advanced over the last decade, but a handful of narrow points of disagreement between key legislators have prevented any of these from nearing the finish line.

The best outcome would be for Congress and U.S. regulators to engage in dialogue with the tech industry and a broad base of policy experts to produce basic, light-touch frameworks for regulating emerging technologies based upon mitigating actual harms to consumers, but otherwise allowing for permissionless innovation. If Congress can’t achieve this, the next-best approach is not to accept whatever burdensome, flawed set of laws we can get, but to look toward “soft law” and decentralized, multi-stakeholder governance mechanisms that are far more agile in responding to changes in technology than a regulatory bureaucracy.

Either way, U.S. lawmakers (and their constituents) need to give our tech companies, large and small, the space they need to innovate and lead the next great wave of human progress.

Featured Publications