A regulatory package as a long-term political strategy
The European Union’s recent digital laws are often described as a regulatory package. The AI Act, the Data Act, and the emerging Data Union Strategy form a wide experiment in using transparency as infrastructure for the digital economy.
The underlying idea is that digital markets cannot be governed well if users, businesses, regulators, and affected individuals cannot understand how systems work, who controls data, where risks arise, and who is responsible for intervention. Therefore, transparency is becoming a condition for accountability, market access, innovation, and long-term trust that falls under what appears as a long-term strategy to regain data sovereignty.
The EU’s policy bet
The EU regulatory approach is founded on the premise that greater transparency can enhance the governability of complex digital systems. However, the mere disclosure of information does not result directly in a greater understanding of the data available; a company can disclose large amounts of technical material while leaving users no better able to assess risk, compare alternatives, or challenge decisions.
Stay ahead of the geopolitical week.
MD Briefing delivers expert analysis across five global fronts — the Indo-Pacific, energy, geoeconomics, European security, and the Middle East — every Monday morning. Free.
Accordingly, the success of the EU’s transparency framework should not be measured by the sheer volume of regulatory obligations it imposes. Rather, its effectiveness depends on whether those obligations generate information that is genuinely useful in practice. The relevant benchmarks are whether disclosures are meaningful, accessible, timely, and comparable, thereby enabling users and regulators to make informed decisions.
The AI Act’s goal to make AI legible
The AI Act shows the EU’s approach most clearly. Its stated purpose is to improve the functioning of the internal market, promote human-centric and trustworthy AI, protect health, safety, and fundamental rights, and support innovation (Regulation (EU) 2024/1689).
In policy terms, the AI Act tries to make AI systems legible. It assumes that AI risks should not be addressed only after harm occurs. They should be identified, documented, and managed before systems are placed on the market or deployed in sensitive settings.
This is why transparency is linked to risk. High-risk systems face more demanding documentation, monitoring, and information obligations. Lower-risk systems face lighter duties. The European Commission describes the AI Act as the first comprehensive legal framework on AI, designed to address AI risks while fostering trustworthy AI in Europe (European Commission, “Regulatory framework for AI”).
The policy logic is fundamentally pragmatic. Effective regulatory oversight depends on access to adequate information. Likewise, deployers require sufficient information to make informed decisions regarding whether and under what conditions to implement AI systems. Individuals affected by AI-assisted decisions must also have access to relevant information in order to understand how such decisions have been made and, where appropriate, to question or challenge them.
The Data Act attempts to rebalance informational power.
The Data Act uses transparency for a different purpose. Where the AI Act focuses on risk and trust, the Data Act focuses on access, fairness, and economic value. Its objective is to create harmonized rules on fair access to and use of data (Regulation (EU) 2023/2854).
The challenge is that data generated by connected products and digital services is often controlled by a small number of firms. Users may generate valuable data through their use of products but still lack practical access to it. Businesses may need data to innovate, repair products, or offer competing services but face legal, technical, or contractual barriers.
The Commission presents the Data Act as a way to address the challenges and opportunities created by data in the EU, with emphasis on fair access, user rights, and personal data protection (European Commission, “Data Act”).
In this context, transparency functions as a mechanism for redistributing information. Where users are unaware of what data is generated, how it can be accessed, or the conditions under which it may be shared, formally recognized rights of access are unlikely to translate into meaningful practical control. Effective data rights therefore depend not only on their legal recognition but also on the transparency necessary to enable individuals to exercise them.
The Data Union Strategy: From Control to Usable Data
The Data Union Strategy shows the broader direction of EU policy. The Commission frames it around increasing the availability of data for AI development, simplifying EU data rules and strengthening Europe’s position on international data flows (European Commission, “European Data Union Strategy”).
This is significant because it seems that the European Union seeks to pursue two complementary goals simultaneously. On the one hand, it aims to protect fundamental rights and mitigate the risks associated with digital technologies. On the other, it seeks to facilitate greater access to data in order to foster innovation, support the development of artificial intelligence, and enhance European competitiveness. In this way, transparency serves as the connecting principle between these objectives. In fact, by increasing the visibility of how data is collected, processed, and shared, it is intended to strengthen trust in data flows while making them more accessible and capable of supporting innovation.
Why meaningfulness matters most
Meaningfulness is the anchor test. Transparency is useful only if it reveals something that can change decisions or enable scrutiny.
In the AI context, this means information about a system’s purpose, limitations, performance, and risk profile must be specific enough to support procurement, oversight, and challenge. In the data context, it means users must receive information that helps them understand what data exists and how it can be used.
Generic compliance language is not enough. A disclosure that says a system is “risk managed” or that data is “available upon request” may be formally correct but still unhelpful. The real question is whether the information helps someone act.
Information must arrive before decisions are locked in.
Transparency is most useful when it arrives early enough to affect decisions. AI information matters most before procurement and deployment. Data-access information matters most before users become dependent on a particular product, service, or cloud provider.
Post-event transparency can still support audit and enforcement. But it is weaker as a prevention tool. A regime that informs users only after they have lost practical freedom of choice will have limited effect.
Accordingly, comparability occupies a central role in the European Union’s internal market strategy. If transparency is intended to promote competition, facilitate public procurement, and strengthen trust in cross-border digital markets, disclosures must be presented in a manner that enables users, businesses, and regulators to meaningfully compare systems, services, and contractual arrangements.
This objective is particularly relevant in the context of AI procurement, connected product ecosystems, and cloud switching, where informed comparisons are essential to reducing information asymmetries and preventing vendor lock-in. Nevertheless, pursuing comparability inevitably involves trade-offs. While standardized disclosure frameworks can improve the accessibility and consistency of information, they may also obscure sector-specific risks and contextual nuances. Consequently, a uniform template may enhance market discipline and regulatory oversight while simultaneously limiting a more nuanced understanding of the particular risks associated with individual technologies or markets.
The risk of regulatory complexity
The EU’s approach is ambitious, but it is also complex. The AI Act does not operate alone. It sits alongside the GDPR, the Data Act, the Digital Services Act, the Digital Markets Act, the Cyber Resilience Act, and sector-specific rules.
A European Parliament study notes that the AI Act interacts with other digital laws, including the GDPR, Data Act, and Cyber Resilience Act, and that this interplay creates significant regulatory complexity (European Parliament, “Interplay between the AI Act and the EU digital legislative framework”).
Secondary analysis makes a similar point. CEPS has argued that the AI Act may overlap with several horizontal and sector-specific rules, creating possible gaps, inconsistencies, and legal uncertainty (CEPS, “The AI Act and emerging EU digital acquis”).
Competitiveness and the SME problem
The burden of complexity is not shared equally. Large technology firms are better able to absorb compliance costs, hire specialists, and shape standards. Smaller firms may struggle.
Bruegel has warned that EU AI regulation risks imposing disproportionate burdens on smaller firms and may contribute to market concentration if compliance demands are not properly balanced (Bruegel, “The right balance: how to fix European Union artificial intelligence regulation”). This is a key policy tension. The EU wants trustworthy digital markets, but it also wants innovation and technological sovereignty. Transparency can support both goals, but only if it is designed in a way that smaller firms can use and implement.
From disclosure to governance
The EU’s digital strategy should be judged by a practical standard. The question is not whether Europe has created the world’s most elaborate digital rulebook. The question is whether that rulebook produces usable knowledge, enables timely intervention, supports meaningful comparison and redistributes informational power.
If it does, transparency may become genuine governance infrastructure. If it does not, the EU risks building a sophisticated compliance architecture that documents the digital economy without effectively governing it.
