Regulatory Pressure: A Threat to Innovation and Cybersecurity?
BLOG – When companies must comply with laws and regulations that differ in each country, we often see two responses. Neither approach is optimal.
Some companies limit their activities or withdraw entirely from regions where regulations are perceived as too burdensome. Markets with high compliance costs and disproportionate resource requirements become less attractive, slowing technological progress and cybersecurity development in these regions.
Other companies choose to comply with the strictest standards and apply them universally. While this pragmatic approach ensures compliance, it results in higher operational costs and restrictions, ultimately stifling innovation across all markets.
Fragmentation
In an ideal world, regulations would be coordinated at a global level to prevent fragmentation between jurisdictions. In the absence of such coordination, businesses spend significant time and money on compliance—resources that could otherwise be directed toward proactive cybersecurity measures.
Without a global framework, interoperability between countries is crucial. Normative harmonization at both national and supranational levels is essential to foster the responsible development of new technologies. This need for harmonization goes beyond cost savings; it also shapes the development of technological solutions that can function in diverse environments and be adopted worldwide.
The Balance Between Rapid Innovation and Security Remains a Challenge
Take AI, for example. Over the past year, nearly 700 AI-related legislative proposals were introduced across 45 states, with 113 being enacted. These proposals reflect differing local priorities, creating regulatory fragmentation that hinders innovation and leaves security gaps. Innovative companies must adapt their products and services to a complex regulatory environment while remaining competitive.
Regulatory Fragmentation
While much legislation aims to enhance organizational security, the increasing number of regulations leads to a fragmentation of resources. As a result, businesses focus more on compliance than on proactive cybersecurity measures. Managing these regulations raises costs and introduces vulnerabilities.
Compliance is not just about following laws; it’s also about effective risk management. When companies must navigate conflicting requirements, their ability to anticipate and respond to cyber threats diminishes. This underscores the importance of a regulatory framework that is both stringent and flexible.
Supranational Regulation
In 2025, new regulations on cybersecurity and AI are expected at both national and supranational levels. While voluntary, less rigid frameworks can encourage innovation, there is a risk that new discrepancies will reinforce existing fragmentation.
Europe can use regional initiatives such as the AI Act and the NIS 2 Directive to establish common standards. However, without global initiatives, individual countries and international institutions will take the lead, potentially exacerbating regulatory fragmentation. Striking a balance between rapid innovation and security remains a challenge—one that requires strengthened cooperation between the public and private sectors to establish global standards.
Public Affairs
In a fragmented regulatory landscape, companies must adopt a proactive and strategic approach. Public affairs teams play a crucial role in monitoring legislative developments, engaging with policymakers, and advocating for regulatory harmonization to reduce burdens.
Automation, risk-based compliance, and collaboration between legal, IT, and security teams will become even more critical. By embracing this approach, businesses can turn regulatory constraints into opportunities and ensure a future where innovation and security go hand in hand.
