Through 2024 and most of 2025, U.S. opposition to the DMA and DSA was a corporate matter — affected firms challenged decisions in court, paid fines, and made adjustments. In December 2025, the picture changed.
What happened
The Office of the U.S. Trade Representative (USTR) opened an investigation into foreign digital regulations, including the European DMA and DSA. , USTR statement on EU regulatory measures targeting U.S. service providers , 2025-12-16 · link · archived
In December 2025, the Information Technology & Innovation Foundation (ITIF) published a report identifying the DMA as a "discriminatory trade barrier" damaging American firms. , Defending American Tech in Global Markets , 2025-12-01 · link · archived
Most significantly, the Trump administration explicitly threatened retaliation: Fortune in December 2025 cited the naming of specific European firms — Mistral, SAP, Spotify, Siemens, Accenture, DHL — as potential targets of retaliatory measures. , The Trump administration says it could go after Spotify if Europe doesn't back off American tech companies , 2025-12-17 · link · archived Forms of threat included tariffs, antitrust investigations, and restrictions on access to the U.S. market.
What this changes strategically
EU regulation toward American tech firms becomes a part of broader trade diplomacy, not an isolated legal matter. The EU is in a position where tightening DMA enforcement against American gatekeepers can trigger U.S. retaliation — and that retaliation falls not on the EU as a whole, but on specific European firms that have nothing to do with the original dispute. SAP, Spotify, Siemens — the firms named in the U.S. retaliation material — are not DMA gatekeepers; they are collateral targets.
For European CISOs and CIOs this means a new layer of uncertainty: the regulatory environment in which you operate is not just a matter of EU legislation, but also of geopolitical reaction to it.
What this implies for European firms
Three implications:
- The leverage thesis sharpens. Without alternatives, EU regulation is a paper tiger that produces fines, withdrawals, and trade retaliation. With alternatives — the kind the partnerships strategy and operations roadmap build — regulation has actual force, and the U.S. retaliation calculus is recalibrated against the cost of losing access to a European market that has its own viable substitutes.
- European firms must hedge against being collateral targets. Even firms with no direct DMA exposure (SAP, Spotify) need to understand where their U.S. market access is structurally vulnerable, and what contingencies are available.
- The traditional regulatory diplomacy framework is now insufficient. The Trade and Technology Council, the joint working groups, the diplomatic mechanisms developed over decades — these are designed for trade disputes that do not include the names of specific firms as retaliation targets. The current dynamic is qualitatively different.
What this does not mean
It is not the case that EU regulation should be abandoned. Several of the regulations under question (GDPR, NIS2, DORA, the Cyber Resilience Act) are uncontroversial in their substance and broadly accepted by U.S. firms operating in the EU. The contention is concentrated specifically in the DMA and the DSA, where the substance — restructuring market behaviour of gatekeepers — is what makes them politically sensitive.
The right framing: regulation must be paired with industrial policy and partnership architecture to be more than a fines-and-fights mechanism. The balance chapter develops this synthesis.
Sources cited
- Office of the U.S. Trade Representative, USTR statement on EU regulatory measures targeting U.S. service providers , 2025-12-16 . link · archived
- Information Technology and Innovation Foundation, Defending American Tech in Global Markets , 2025-12-01 . link · archived
- Fortune, The Trump administration says it could go after Spotify if Europe doesn't back off American tech companies , 2025-12-17 . link · archived