In January, the European Commission proposed a Digital Networks Act (DNA) to “modernize, simplify and harmonize EU rules on connectivity networks.” The legislation would replace the 2018 EU Electronic Communications Code (EECC), and was deemed necessary to “create the conditions for operators to invest into rolling out advanced fiber and mobile networks” required to “enable innovative tech, like Artificial Intelligence and Cloud.”

The proposal states that existing provisions were deemed unsatisfactory because the current legal framework has “resulted in national fragmentation and therefore has failed to deliver a true single market. Operators face divergent general authorisation conditions across Member States and a patchwork of national requirements that disincentivize cross-border operations, increase compliance costs and delay the introduction of new technologies.” Yet the would “merg[e] four legal acts into one directly applicable Regulation,” replacing the EECC, the Body of European Regulators for Electronic Communications Regulation, the Radio Spectrum Policy Programme, and the core parts of the Open Internet Regulation.

If four pieces of regulation have resulted in a fragmented market and failed to induce sufficient and timely investment in new networks, it begs the question of how merging them will result in a different outcome. One wonders whether the DNA is just another manifestation of Europe’s regulatory makeup of path-dependent processes, in which the “solution” to flawed regulation is more (of the same or similar) regulation rather than a resetting of the regulatory paradigm.

To be fair, some of what the DNA proposes is a rational reduction of regulatory overhead by centralizing some processes rather than requiring the same tasks to be carried out in each of the member countries. To facilitate pan-European operations and service provision, the DNA would introduce a “single passport” authorization, with notification in one member state required for a firm to provide network services across the EU. It also proposes to introduce an EU-level satellite spectrum authorization process to coordinate consistent allocation of rights across the community.

But neither of these provisions is revolutionary. Indeed, the DNA would simply place the EU on the same footing as the United States is on already. The US Federal Communications Commission (FCC) governs the provision of services by firms such as AT&T and Verizon across multiple states of the union, rather than requiring the firms to negotiate and register separately in each state, as in Europe. And the FCC also administers the definition and allocation of spectrum rights across all commercial bands across the country. It is no accident that the US has developed the nationwide single market for mobile voice and data services that the EU can only dream about under its current arrangements. Or that low-orbit satellite broadband services were brought to market first by US firms—the US arrangements gave them a single point of negotiation for access to rights over a broad geographic territory, and so proved more efficient for the development of these new services.

On the other hand, other DNA provisions appear unlikely to meet the objective of lowering barriers to competitive entry to US firms, relative to the status quo. The DNA is closely linked to a new Cybersecurity Act (CSA), the draft of which was released on the same day. DNA authorization and spectrum rights are conditional on compliance with CSA supply‑chain security measures, prohibiting the use of designated high‑risk vendors or components in key information and communications technology assets (e.g., fixed and mobile telecommunications, satellite networks, and core and edge infrastructure). The European Commission can designate high‑risk vendors (based on factors like non‑EU state control, supply‑chain risks, and vulnerability history) and impose mitigation measures such as diversification, contractual restrictions, third‑country access bans, or phase‑outs with transitional periods. A geopolitically unstable environment does not exclude the possibility that claims of cybersecurity risks could be used to preclude, for example, a US satellite firm from selling services to EU citizens, or US AI software from being used in network management, in a manner similar to banning Chinese componentry from mobile and broadband networks, as has already occurred in some EU countries.

The DNA proposes carrying over all obligations on firms relating to consumer privacy and network neutrality. However, the current draft stops short of mandating any financial contributions from content providers to network operators, for which EU operators have argued strongly. Instead, the act would introduce a voluntary cooperation mechanism between connectivity providers and digital platforms, including cloud and content companies, to support commercial negotiations on interconnection, traffic efficiency, and related issues, without imposing new financial obligations—in part to avoid regulatory overlap with the Digital Markets Act.

The DNA appears to represent another endeavor by the Brussels regulatory machine to centrally engineer and control the design and development of digital network environments using strict ex ante regulation, rather than facilitating their organic evolution in response to the emergence of new technologies.