New survey reveals: CEE startups want more urgent action from national regulators

Today, the Consumer Choice Center Europe (CCCE) released survey results examining how EU data strategy regulations impact operations and innovation potential among startups in Central and Eastern Europe (CEE). Full report can be found here, and the executive summary can be found here.

Representatives from startups in 11 CEE countries - Bulgaria, Romania, Slovenia, Croatia, Hungary, Slovakia, Czechia, Poland, Lithuania, Latvia, and Estonia - shared their insights and offered recommendations for both national and EU policymakers and regulators.

The survey assessed the effects of key regulations, including the General Data Protection Regulation (GDPR), Digital Services Act (DSA), Digital Markets Act (DMA), Data Act (DA), Data Governance Act (DGA), and Artificial Intelligence Act (AI Act). 

The majority of Central Eastern European startups admitted they lack the resources and time to keep up with updates of the EU regulatory framework, let alone active participation in policymaking dialogue.

Compliance with EU data strategy regulations has significantly impacted their operations, particularly in smaller startups.

While most startups expressed positive attitudes towards national regulators, they nonetheless requested that these regulators enhance their operations to provide better internal coordination and quicker support for fast-moving startups:

Many survey respondents discussed the future of data-driven startups in the EU, stating that the regulations are slowing the technological progress of EU companies. Others openly acknowledged that the future for data-driven companies in the EU remains uncertain due to the increasing regulatory burden.

CEE startups also highlighted the absence of a Single Digital Market as a significant burden. Combined with the complexity of EU regulations, this poses particular challenges for data-driven startups, which often lack the financial resources to manage compliance effectively:

CEE startups remain realistic - they are prepared to comply with EU data strategy regulations and want the EU to succeed. However, they do not rule out relocating after scaling if the regulatory burden becomes too heavy. Many expressed a desire for EU and national policymakers to strike a better balance between ensuring data privacy and enabling technological growth at scale.

Main survey findings

Most of CEE startups find EU data strategy regulations having negative impact on their operations, yet they don’t blame national regulators for it:

1. 54,6% reported the impact of EU data strategy regulations as negative. 54.6% of respondents viewed the impact of EU data strategy regulations as either negative or very negative, 9.1% saw it as positive, and 36.4% remained neutral. 
2. 81,9% stated the regulations have increased their operational costs, with 36,4% experiencing moderate and significant costs. 27.3% of respondents reported that the aforementioned regulations have moderately increased their operating costs, 9.1% stated that the costs have increased significantly, 45.5% noted a slight increase, and 18.2% reported no impact on costs.
3. 18,2% believe the regulations created new opportunities for them. 63.6%, believed these regulations hinder their innovation potential, 18.2% believed it creates challenges but opportunities as well, and 13.6% believed the regulations have no impact on innovation. 
4. Only 9,1% interact with national authorities regularly. Only 9.1% of respondents admitted that they often seek guidance or clarification on EU data strategy regulations from EU or national authorities (multiple times a year). The majority - 45.5% - do this 1 to 2 times a year, 4.5% do so less than once a year, and a whopping 40.9% have no interactions with regulators at either the national or EU level.
5. No negative feelings towards national authorities - only 4.5% of respondents viewed their interactions with the authorities as negative. Meanwhile, 9.1% viewed them positively, 45.5% were neutral, and 40.9% admitted they didn’t interact with these authorities at all.

CEE startups’ recommendations and requests for regulators: 

1. More simplicity in regulation and reporting processes - CEE startups need clearer guidelines and simplified reporting requirements to reduce the administrative burden.
2. A 'one-stop shop' among national regulators - many requested either a single agency or better collaboration between regulators to clarify EU data strategy compliance requirements for startups. They also suggested introducing digital tools, possibly AI-powered, to streamline the compliance process for startup representatives.
3. Enhancing cooperation between EU and national regulators - some see this as crucial for creating more consistent and coherent regulations across different jurisdictions, aiding the move toward a Single Digital Market through practical measures.
4. Exemptions for startups in their early phases - while some respondents advocated for temporary exemptions from regulations during the initial stages of growth, they were also honest about the fact they will face increasing regulatory scrutiny once they scale. 
5. Learn from the US - some respondents feel that policymakers don’t fully understand the challenges of building a globally competitive product and underestimate the burden that regulatory complexity places on that journey. They urge EU and national policymakers to look to the US, where a less restrictive regulatory environment has allowed the rise not only of unicorns but also decacorns.
6. Complete the digital single market - respondents emphasized the need for a fully integrated market with unified regulations is essential to reducing fragmentation, like inconsistent GDPR enforcement across 27+ authorities, enabling innovative companies to navigate rules efficiently.
7. Be careful with future regulations - respondents feel like EU’s future regulations should undergo competitiveness tests, balancing economic priorities, innovation, and societal objectives, while ensuring regulators adopt risk-based approaches that support the right to innovate.
8. GDPR-specific recommendations:
   1. More incentives for startups - some respondents believe there is a noticeable lack of incentives from national authorities for startups in the form of practical recommendations, good practice examples, friendly and functioning regulatory sandboxes, checklists and similar practical tools to support innovation while ensuring compliance. 
   2. Reconsider the scope of personal data - some respondents believe that the current treatment of almost all data as personal data makes its practical use for product development nearly impossible. Proper anonymization, while intended to help, often renders the data unusable for product development.
   3. Rebalance data subjects' access rights - some respondents argued that the right to access data is currently too absolute, with local privacy bodies requesting access to data that might include sensitive trade secrets, which could jeopardize business continuity.