Two opposite gestures at the same time
European digital policy in 2026 is best understood as two simultaneous moves that appear to contradict each other. With one hand, Brussels tightens: it collects fines, opens investigations and promises sustained enforcement against the world’s largest tech companies. With the other, it loosens: it is preparing to simplify its own body of rules to reduce burdens. Both happen at once, under the same Commission, and understanding why is the key to reading where global digital regulation is heading.
The tightening gesture was sealed with a milestone. After two years of investigation, the European Commission imposed in December 2025 its first fine under the Digital Services Act (DSA): a 120-million-euro penalty against X, Elon Musk’s platform. It was no ordinary fine: it was the inauguration of an instrument. The decision cited breaches including deceptive use of its blue verification mark, lack of transparency over ads, and failure to provide access to public data for research.
The loosening gesture is less visible but just as real. Brussels officials confirmed to the Financial Times that the Commission plans to step up enforcement of the DMA and DSA in 2026, even as it prepares to simplify the rules of those laws through new legislation. That is the heart of the paradox: more enforcement and less bureaucracy, announced in the same breath. The explanation is not incoherence but strategy, and it is worth taking apart piece by piece.
The hand that fines: the record of penalties
The figures tell Brussels’s determination better than any statement. In April 2025, under the big-platform antitrust law, Apple and Meta were fined 500 million and 200 million euros respectively for failing to comply with the DMA. In September 2025, Google was hit with a 2,950-million-euro fine for distorting competition in the advertising technology industry. And in December came the 120-million fine on X, the first under the DSA.
The reason for each fine matters, because it defines what conduct Europe punishes. Apple was sanctioned for preventing app developers from freely communicating alternative offers to consumers outside its store; Meta, for its “pay or consent” model, which forced users to surrender their personal data unless they paid a subscription. They are not fines for the size of the companies, but for concrete practices: blocking competition, forcing consent, hiding transparency.
The companies’ reaction revealed the scale of the clash. Meta called the decision a “multibillion-dollar tariff” and accused the Commission of “attempting to handicap successful American businesses while allowing Chinese and European companies to operate under different standards.” Apple went so far as to demand the DMA be scrapped entirely. The tech companies’ reading is that these rules are protectionism in disguise; Brussels’s, that they are fair market conditions. That dispute over narrative is, at bottom, the real battle.
The hand that simplifies: why Europe loosens
Here comes the second move, the one that wrong-foots anyone who sees only the punishing face. The Commission is required by Article 53 to evaluate the DMA before 3 May 2026 and repeat the process every three years, assessing whether the law met its aims, its impact on businesses — especially SMEs — and whether modifications are needed. That periodic review is the door through which simplification enters.
The result of the first review was telling. The Commission designated seven gatekeepers in total, and the first formal review of the regulation, published in April 2026, declared the DMA still “fit for purpose.” That is: Europe reviewed its flagship law, concluded it works, and yet opened the door to lightening it. Simplification is born not of a failure of the model, but of the combined pressure of the companies, of Washington, and of Europe’s own agenda to cut regulatory burden.
The argument that the model does deliver concrete benefits has evidence. The most visible impacts of the DMA are new choice screens and expanded default options: EU iPhone users can set rival browsers or payment apps as defaults, install outside apps, and use third-party payment solutions; in Germany they pay via PayPal and in Scandinavia with local payment apps. Cross-platform messaging, a dream for digital rights advocates, has begun to materialize. For Brussels, that proves the rule changed the user’s life; simplifying it without dismantling those gains is the delicate balance it is attempting.
The moving front: from content to the cloud
European enforcement does not stand still in social media and search; it advances toward infrastructure. In November 2025, regulators opened gatekeeper probes into the cloud computing of Amazon and Microsoft, signaling that Brussels’s regulatory ambitions extend beyond social networks and search engines into the infrastructure layer of the internet. It is a substantive leap: moving from watching what is published to watching where everything is hosted.
The open investigations sketch the map of the coming clashes. Meta’s WhatsApp is under scrutiny for allegedly blocking rival AI developers; Google faces pressure for scraping online material to train AI without clear permission; and TikTok is on the radar for possible election interference, while marketplaces like Temu and Shein must tighten safety under the DSA. European regulation pursues, at once, cloud competition, AI training and marketplace safety.
The initial focus, however, was strategic, not frontal. The focus was placed first on protecting minors online, on the safety of marketplaces like Temu and Shein, and on fighting online financial fraud, issues with agreement on both sides of the Atlantic, given the geopolitical sensitivity over the DSA. Brussels chose to start with what no one disputes — children, fraud, dangerous products — before entering the minefield of content moderation, where the clash with Washington is inevitable.
Washington’s counter-move
Because the other actor in this story is not in Brussels but in Washington, and it plays against. The Trump administration has demanded changes to the bloc’s tech rules and threatened to impose tariffs in retaliation for the EU’s actions against Silicon Valley groups. The threat is not rhetorical: it links digital regulation to trade, turning every European fine into a potential tariff trigger.
The pressure escalated to the personal. Just before Christmas, the State Department issued visa restrictions against five EU officials and NGO executives it accused of coercing digital platforms into censoring Americans’ speech; among those named was former commissioner Thierry Breton. Barring European regulators from entering the United States for doing their job is a move without recent precedent among allies.
The European response was one of calculated firmness. The EU’s competition chief, Teresa Ribera, told the Financial Times: “There have been moments when I have needed to stand up and say: sorry, but we are not going to undo our regulation just because you don’t like it.” That phrase is the European doctrine in one line: regulatory sovereignty is not negotiated under external pressure. But the subtext is more complex, because at the same time Ribera stands firm, the Commission prepares the simplification Washington asks for. Firmness in the discourse, flexibility in the fine print.
The contest of narratives: censorship versus sovereignty
Behind the fines lies a war of narratives worth taking apart, because each side describes the same facts with opposite words. The United States Trade Representative accused the EU of pursuing policies that restrict, limit and deter the competitiveness of US tech companies through discriminatory means, and warned that, absent a change of course, Washington would use “every tool at its disposal” to counter those measures. In that reading, European regulation is a disguised trade barrier against American firms.
The European version inverts the frame entirely. Former European commissioners published a commentary in January 2026 arguing that the US administration’s narrative fundamentally misrepresents the purpose of the regulation. For Brussels, the rules do not discriminate by nationality: they apply to whoever has gatekeeper size, and if the large platforms turn out to be American, that reflects the structure of the market, not a bias of the law. The distinction is legally central: a rule that punishes conduct, not origins, is not discriminatory even if its main targets share a flag.
The clash over the word “censorship” is the thorniest. Washington presents the DSA as a censorship mechanism that coerces platforms into silencing speech, particularly that of US citizens. Brussels responds that the DSA does not regulate lawful content, but transparency, the moderation of illegal content and researcher access to data. Who is right depends on how the rules are applied in each concrete case, and that is precisely the grey zone where the conflict will keep being fought: not in the text of the law, but in each enforcement decision that can be read as user protection or as pressure on speech.
The anatomy of a sanction: the “pay or consent” case
To understand what Europe really punishes, it helps to dwell on the case that best illustrates it: Meta’s model. The Commission issued in April a non-compliance decision against Meta over its “pay or consent” model, which offered users a choice between paying a subscription for an ad-free version or surrendering their data for personalized advertising, without an equivalent less-intrusive alternative. The regulatory problem was not charging nor showing ads, but the absence of a third option: less data without paying.
Meta’s response shows how a company can adjust without giving up litigation. The company announced that, from January 2026, it would give EU users the choice between sharing all their data to see fully personalized advertising or sharing less data to see more limited personalized advertising. The Commission, however, was still evaluating that option and fined the company for the prior period of non-compliance. It is the typical mechanics of the DMA: the fine covers the past, the adjustment looks to the future, and the regulator reserves the right to judge whether the change is enough.
That sequence reveals the real “teeth” of the European model. The premise meant to make DMA enforcement effective was being “fast and furious,” compensating for past grievances in the application of competition rules in digital markets with speed and remedies. The design seeks to avoid the decade-long court battles that characterized old antitrust law: instead of proving harm case by case over years, the DMA sets clear obligations in advance and fines non-compliance quickly. For the platforms, that changes the calculus: they can no longer litigate indefinitely; they must adjust or pay while they litigate.
Why this matters outside Europe and the United States
For a country that is neither the EU nor the US — Panama, the Latin American region, any mid-sized economy — this dispute is not a distant spectacle. It defines the regulatory environment those countries will inherit, because digital rules tend to be exported. The so-called “Brussels effect” describes how European norms become a global standard: a company that adjusts its product to comply with the DMA in Europe rarely keeps two versions, so it applies the European one everywhere. When the EU forces Apple to open its store or Meta to offer less tracking, the Panamanian user may end up benefiting from a rule they never voted on.
That mechanism has a flip side worth naming: the imported rule does not always fit the local context. A norm designed for a market of 450 million consumers with robust competition authorities is transferred to economies that lack that enforcement capacity, so the benefit arrives but the power to enforce it does not. The result is a silent dependence: small countries enjoy protections that hinge on a regulator thousands of kilometers away keeping its nerve. If Brussels loosens, the remote user loses without noticing.
The symmetrical risk is being caught in the crossfire. If Washington turns digital regulation into a tariff matter, third countries that depend on trade with both blocs may be pressured to pick a side or to absorb collateral damage. A small, open country that lives off trade and off serving as a bridge has a direct interest in this dispute not escalating into a tech trade war. Digital regulation stopped being a technical matter to become a chapter of geopolitics.
There is also a lesson in model. Europe shows it is possible to regulate the world’s largest companies without being their home — none of the big tech firms is European — by leaning on the size of its market. For regions that also do not host those giants, the European case is a manual on how regulatory power can substitute, in part, for industrial power. You do not need to build the platforms to set their rules; you need a market they do not want to lose.
The balance Europe is trying to hold
The paradox of fining and simplifying at once is not, up close, a contradiction, but a calculation. Europe is betting it can keep the edge of its enforcement — the fines that discipline, the investigations that open new fronts — while filing down the bureaucratic edges that irritate companies and give Washington ammunition. The open question is whether that balance is stable or whether one of the two hands will end up overriding the other.
The risk scenario is that simplification, presented as burden reduction, ends up hollowing out the rules the fines are meant to enforce. If the norm is lightened so much that sanctionable conduct shrinks, enforcement is left without an object. The opposite scenario is that Ribera’s firmness prevails and the simplification is merely cosmetic, in which case the clash with Washington will keep escalating. Between those two extremes European digital policy will move through the rest of 2026.
What no actor disputes is that the center of gravity of global tech regulation still sits in Brussels, not in Washington nor in Silicon Valley. The United States can threaten tariffs and ban visas, the companies can call the fines disguised tariffs, but the rule that defines how a platform operates for hundreds of millions of users is written, for now, in Europe. The 2026 paradox — tightening and loosening at the same time — is the method by which Europe tries to keep that center of gravity without breaking the cord that binds it, commercially and politically, to its biggest ally and now its biggest critic.