In recent years, the Government has steadily introduced a slew of policies to govern its growing digital ecosystem. Most notably, these include the Digital Personal Data Protection Act, 2023 (DPDP Act), the Draft Digital Competition Bill, 2024 (DCB) and regulatory proposals to govern artificial intelligence (AI). While these policies are rooted in legitimate concerns around data privacy, fair competition and user safety, among others, their direction and design appear to have drawn inspiration from Europe – a region now reconsidering its own approach to digital regulation.

Between 2016 and 2024, the European Union (EU) introduced several legislations to govern its digital ecosystem: the General Data Protection Regulation (GDPR), the Digital Markets Act (DMA), the Digital Services Act and the Artificial Intelligence Act (AI Act), to name a few. These legislations lay down a complex web of rules and regulations governing the conduct of companies operating in the digital sphere.

Yet the EU now appears to be rethinking its approach. In 2024, the former President of the European Central Bank, Mario Draghi, presented his report on the Future of European Competitiveness (Draghi Report) to the European Commission.[1] The Draghi Report identifies the EU’s regulatory approach as a central factor limiting the growth of its digital economy. Specifically, it highlights multiple tech-focused laws, ex-ante regulations, and restrictions on data storage and processing as key regulatory constraints on Europe’s digital sector. The net effect of EU’s regulatory approach, Draghi adds, is that only larger non-EU based companies have the financial capacity to bear compliance costs, putting Europe’s own digital industry at a competitive disadvantage and stymieing its growth.

More recently, the European Commission adopted the Digital Omnibus Regulation Proposal. Part of the European Commission’s push for regulatory simplification, the Digital Omnibus reflects the recommendations of the Draghi Report and proposes a series of amendments to digital legislations in Europe, posited as necessary to drive down compliance costs, and boost competitiveness and innovation.

As Europe rethinks its own regulatory approach to the digital economy, the fact that India’s policymakers appear to still be borrowing from Europe is worrying, considering India’s thriving digital sector. While India’s original intermediary safe-harbour framework was inspired by the United States of America (USA), more recent initiatives such as the DPDP Act, the Draft DCB, and proposed AI regulations draw from European models.

India’s experience with data protection regulation offers a cautionary tale. The 2019 Personal Data Protection Bill, heavily modelled on the GDPR, was eventually withdrawn amid concerns that it would disproportionately harm a still-maturing digital economy. While the DPDP Act notified in 2023 did away with some of the more onerous provisions, the Act and its accompanying rules remain aligned with the GDPR, and, in some respects, are even more stringent, such as grounds for processing personal data, obtaining verifiable parental consent, and time-bound data deletion obligations for certain classes of data fiduciaries.

Like the GDPR, India’s DPDP Act adopts a blanket, sector agnostic approach to data protection. This stands in contrast to the USA, which has multiple targeted legislations addressing key areas such as health, finance and child protection. A one-size-fits-all framework risks imposing disproportionate compliance costs on startups and smaller enterprises, potentially slowing innovation. Notably, Mario Draghi has described the GDPR as “self-defeating” and warned that it is “killing our small companies,” pointing to estimates showing that complying with the GDPR led to a more than 15% reduction in the profits of small tech companies.[2]

India’s DCB is fraught with similar concerns. It draws heavily from the EU’s DMA, proposing ex-ante restrictions on digital firms designated as ‘Systemically Significant Digital Enterprises’ (SSDE) based on arbitrarily set quantitative and qualitative criteria. The overly broad criteria for SSDE could cover a large section of India’s digital sector, increasing compliance burdens for companies and constraining their growth. Moreover, with the introduction of an overlapping regime under the DCB, a tech company will be put under a dual regulatory framework for competition, complying with both the Competition Act, 2002 as well as the DCB, with other sectors continuing to be governed only by the former.

India’s approach to AI regulation further reflects European influence. Amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 proposed in October 2025 sought to mandate labelling of synthetically generated content, appearing to draw from Europe’s AI Act which places similar obligations upon providers and deployers of AI systems. Overly broad labelling requirements risk unintended consequences. The pervasive use of AI tools in content creation and editing, coupled with an all-encompassing definition of what constitutes ‘synthetically generated’ content, the rules could end up covering virtually all content on the internet. Critical questions around what constitutes material AI use, the accuracy of detection tools and treatment of content posted by users outside India remain unanswered. Notably, the EU itself has proposed postponing the implementation of several provisions of its AI Act.

In pursuit of its goal of a trillion-dollar digital economy, India will do well to learn from the Europe’s regulatory missteps, while acknowledging its own unique challenges and the contours of its digital sector. In doing so, India can design a digital governance framework that delivers not just good intentions, but constructive outcomes.

This article was originally published in ET Edge Insights on the 31st of March 2026 and can be accessed here.

The authors are policy professionals at the Internet and Mobile Association of India (IAMAI). Views expressed are personal, and do not represent the views of IAMAI.

Sources: