The EU's Fine Regime Is a Costly Policy Problem Washington Cannot Afford to Ignore

The EU is increasingly imposing arbitrary fines for violations of its digital regulations, levying more than $7 billion (€6 billion) in penalties against “Big Tech” firms in the past two years alone. The EU calculates these penalties as a percentage of a firm's global turnover rather than local revenue, a structure that disproportionately targets U.S. technology firms with large global footprints, such as Apple, Meta, Google, and X, all of which have faced fines in recent years. As similar approaches spread beyond Europe, U.S. policymakers should act to counter the growing threat these penalties pose to American competitiveness and technological leadership.

All the EU’s major digital legislation—including the General Data Protection Regulation (GDPR), the Digital Services Act (DSA), the Digital Markets Act (DMA), and now the Artificial Intelligence Act (AI Act)—set fines as a percentage of a company’s global revenue. These fines can be substantial, ranging from 4 to 20 percent of global turnover, as shown in Table 1.

Figure 1: Maximum fines for various EU digital laws

These fines disproportionately impact large U.S. tech firms, whose global operations expose them to significantly higher costs than those faced by any European competitor. For example, in 2023, the Irish Data Protection Commission (DPC) fined Meta €1.2 billion in a dispute over the interpretation of the EU’s data protection law as applied to its Facebook service. The amount represented about 1.1 percent of Meta’s global revenue in 2022. But a closer look shows the true excess of this fine.

Meta’s revenue comes primarily from three sources: Facebook, Instagram, and Reality Labs (Meta’s AR/VR products). In 2022, it had total global revenue of approximately $116.6 billion, with Facebook accounting for $81.4 billion, Instagram $33 billion, and Reality Labs $2.2 billion. Approximately $26.7 billion of this revenue came from Europe. However, that number inflates the EU’s contribution, since it includes non-EU countries. Given that Facebook had approximately 34 million users in the UK out of its 408 million users in Europe, the EU share of revenue was only about $24.5 billion. That means the fine accounted for 5.3 percent of all EU revenue and 7.5 percent of the company’s Facebook revenue from the EU.

It is also important to note that most of the alleged violations are highly technical in nature, based on ambiguity in the underlying law, not attempts by U.S. firms to avoid compliance. For example, the massive fine the Irish DPC levied against Meta in 2023 stemmed from a structural conflict between EU privacy laws and U.S. national security surveillance mandates, resulting in a penalty that the Irish DPC itself initially opposed on the grounds that the company had acted in good faith using the EU's own approved data-transfer mechanisms. Indeed, most of the EU’s digital policies allow for fines for technical or procedural violations, even when these actions cause no quantifiable consumer harm. The result is fines that are often disproportionate to the alleged violations.

As American companies face mounting compliance costs and unpredictable enforcement in the EU, Chinese firms stand ready to replace them. With a smaller footprint in the EU market, they attract far less regulatory attention than U.S. platforms, but unlike European startups, they have the scale and experience to compete globally. 

And the problem does not stop at Europe's borders. Countries such as India, Brazil, and South Korea have adopted regulations modeled after the EU's approach, including applying similar frameworks that calculate penalties based on global revenue. The result is a growing multitude of overlapping obligations across jurisdictions that compounds the cumulative compliance burden U.S. firms carry. American firms are the cornerstone of technological innovation, yet as fines consume an increasing share of resources, firms direct less capital toward research and development and frontier innovation, steadily eroding the competitive edge and technological leadership that defines the United States. 

U.S. policymakers should respond decisively by leveraging trade negotiations to secure binding commitments from the EU and other countries adopting similar digital regulations. Specifically, the U.S. government should push for concrete structural reforms to the European enforcement regimes, such as removing global turnover as the metric for calculating fines, establishing a transparent and structured framework that prioritizes compliance over penalties, grounding fines in real harms rather than hypothetical ones, and explicitly requiring that regulators apply all digital laws in good faith without unfairly targeting U.S. technology firms. 

The United States should use every tool at its disposal—including trade leverage, diplomatic pressure, and formal trade enforcement mechanisms—to secure fairer treatment of American tech firms abroad. Washington needs to act swiftly before the regulatory precedents set in Brussels become the global standard, foreclosing the opportunity to shape a transatlantic framework that is conducive to digital innovation.