Europe’s last legislative term was driven by a clear political narrative: protect consumers, suspicion to technology and regulate first.
Lawmakers, often cautious and not always deeply familiar with the sector, kept tightening the screws. The justification was real: boom of new fintech technologies and tools, which make it difficult to orient in, but also negative aspects like rising online fraud, manipulative dark patterns, and a steady stream of cyber incidents. But good intentions came with a cost.
The outcome is familiar to anyone involved in fintech. MiCA unified crypto within a single framework. DORA significantly strengthened cyber-resilience requirements. The AI Act designated large parts of financial services as “high risk,” which, in practice, means AI will largely stay in back-office use cases for now.
Each of these regulations follows its own logic. However, collectively, they create a compliance burden that many fintech companies simply struggle to handle. And the regulatory burden is only part of the story.
In several key areas for fintech, the European framework remains unfinished. Open finance is still unfinished, and legal clarity in the payments ecosystem continues to fall behind. Tokenisation of capital markets, along with a functional pan-European digital identity that could significantly reduce KYC costs, remains somewhere between policy ambition and institutional inertia.
Europe has approximately 11,000 fintech companies. However, the IMF estimates that obstacles within the missing European single market for services still impose costs equivalent to tariffs exceeding 100 percent. That should make for uncomfortable reading in the Berlaymont.
New vocabulary in town
The Letta and Draghi reports largely confirmed what many in the industry already suspected: Europe is losing ground. Compared with the United States, the EU produces roughly 80% fewer scale-ups and approximately 85% fewer unicorns. More than a quarter of those that do emerge eventually relocate their headquarters elsewhere.
Both reports introduced new vocabulary into the corridors of the Commission. Suddenly, the dominant frame shifts from ESG and consumer protection to focus more on competitiveness, innovation, and economic resilience.
Anyone who has spent time in Brussels knows how quickly the language can evolve and how much legislation usually lags behind.
The 28th regime. The big bet
The most ambitious structural proposal currently under discussion, and clear reaction on EU single market need, is the so-called 28th legal regime, an optional supranational framework that would enable companies to incorporate as “European” from the outset, bypassing the complexity of 27 national systems.
The concept includes single digital registration, unified investment standards, and ESOP frameworks that would finally operate seamlessly across borders. In principle, the concept makes a lot of sense. Politically, however, it may prove challenging. Several member states are already cautious, and the proposal has not yet been formally tabled.
Within Council working groups, the familiar debate has already begun; Regulation or directive? The distinction may sound technical, but it is important. A directive risks being implemented differently across member states, which would undermine the entire point. Anyone who remembers how PSD2 was transposed across Europe knows how that story tends to unfold.
The digital package. Small steps, real impact
More immediately, the Commission’s Digital Package could deliver some practical improvements. The Digital Omnibus aims to simplify regulations for SMEs across the AI Act, NIS2, GDPR, and DORA, with estimated annual savings of up to €225 million.
The European Business Wallet seeks to provide a unified digital company identity, allowing firms to sign, store, and share authenticated documents across the EU. Some estimates suggest potential administrative savings of up to €150 billion per year.
The Data Union Strategy aims to improve data access for AI while strengthening controls over sensitive European data exiting the bloc.
Another potentially significant development is the revival of the DLT Pilot Regime. Since its launch in 2023, technical and legal obstacles have limited its utilisation. ESMA is now looking into ways to make the framework more appealing – possibly permanent – and to broaden the range of eligible assets, including e-money tokens and tokenised deposits.
On the payments side, PSD3 and PSR negotiations are largely finished, and implementation is now beginning. Meanwhile, FIDA, the open finance framework, remains crucial for fintech firms whose business models depend on predictable and standardised data access.
What would actually help?
Remove the policy language, and the industry’s wish list is straightforward.
Easier market access, whether through the 28th regime or, at the very least, simpler cross-border licence transfers and unified, pan-European KYC based on the EU Digital Identity Wallet.
A lighter compliance burden through consolidated reporting and proportionate regulation.
Regulatory frameworks that are genuinely interoperable across the single market, not just harmonised on paper. And functioning ESOP rules. Because trying to compete for talent with US and Asian firms without them puts European startups at a clear disadvantage.
For once, there are signs that political might exist. The Commission increasingly recognises that fintech is part of Europe’s financial infrastructure, and a vital element of strategic autonomy in a world dominated by foreign payment networks and Big Tech platforms.
Whether that recognition survives the realities of member-state politics and the legislative process is, as always in Brussels, the true test.
