The regulatory dance: why politics and business must move in step

"This is actually the best part of the job," Marie Nicholson told a room full of marketing directors and communications heads in Stockholm recently. "To talk to people that are going to be using the rules and regulations that we are working on."

The Swedish Member of Parliament wasn't delivering political platitudes. She was making a confession that most politicians wouldn't dare voice publicly: lawmakers desperately need business leaders to help them get regulation right, because politics is always, by design, a step behind innovation.

This admission came during a roundtable discussion about GDPR, AI regulation, and the future of data privacy. What emerged wasn't the typical adversarial narrative of business versus bureaucracy, but something far more strategically valuable: effective regulation requires an ongoing dance between politics and business, where both partners must learn each other's steps.

The step-behind problem

The fundamental challenge isn't a failure of communication, it's built into democratic governance. Politics must be reactive rather than proactive when it comes to technological innovation. It's  designed to protect citizens from unintended consequences of rapid change.

Consider GDPR's timeline. The regulation was the EU's response to decades of invasive data collection practices and growing public concern about digital privacy. By the time lawmakers could build consensus around comprehensive rules, companies like Facebook and Google had already reshaped how personal information flows through the global economy.

This reactive nature creates what Nicholson describes as ‘inherent tension’. "Technology moves at the speed of innovation, but legislation moves at the speed of democracy”, she says. The result is a perpetual gap between what's technically possible and what's legally permissible.

The challenge becomes complex when lawmakers try to anticipate future developments. GDPR's ‘right to be forgotten’ seemed reasonable for traditional databases. But as one roundtable participant noted, "The way that models are trained is actually impossible" to fully comply with data deletion requests. Once personal information trains an AI model, removing that data whilst preserving functionality presents technical challenges lawmakers couldn't have anticipated.

But here's where it gets interesting: the most successful regulatory frameworks emerge when this lag is acknowledged and actively managed through ongoing dialogue between innovators and lawmakers. The alternative - reactive regulation written in crisis mode without industry input - typically produces rules that are either ineffective or economically damaging.

When the dance works

Despite inherent challenges, there are compelling examples of successful collaboration - moments when the regulatory dance produces outcomes serving both innovation and public interest. The Stockholm roundtable provided a glimpse into how this works, particularly within the Nordic model of governance.

Nicholson's approach exemplifies effective collaboration. Rather than relying solely on academic research, she actively seeks input from practitioners implementing the regulations she helps create. "Legislation is an ongoing process," she explains, "and I do need to spend quite a lot of time talking to people that are going to be using the rules."

This isn't just good politics, it's good policy. When lawmakers understand practical implications of their decisions, they're more likely to create regulations achieving intended goals without creating unnecessary barriers to innovation.

The Nordic approach offers an instructive model. Countries like Sweden, Denmark, and Norway have built institutional frameworks encouraging ongoing dialogue between government, industry, and civil society throughout policymaking. This collaborative approach has produced some of the world's most effective digital governance frameworks.

The GDPR learning laboratory

Five years after implementation, GDPR has become unprecedented in technology regulation: a real-world laboratory for understanding what works, what doesn't, and what needs changing as technology evolves.

The successes are undeniable. GDPR "brought some order to previously chaotic data practices," as one roundtable participant noted. Before 2018, data handling across European companies was chaotic - a patchwork of national regulations and corporate policies varying wildly in effectiveness. GDPR created a common framework forcing companies to think systematically about data collection and protection.

Most importantly, GDPR established extraterritorial jurisdiction for digital regulations. Companies operating in Europe must comply with European rules regardless of location. This created the "Brussels Effect" - European regulations becoming global standards because it's more efficient for multinational companies to adopt single, high-standard approaches.

However, implementation revealed significant challenges. The "right to be forgotten" has proven nearly impossible to implement effectively. As Marie acknowledged, "Current AI models make it difficult to completely delete data once it has been used for training."

The transparency requirements proved complex too. GDPR requires companies to explain data usage in language consumers understand. But as one marketing director observed, "People are not interested" in these explanations. This creates the "transparency paradox": regulations require transparency, but transparency is only meaningful if consumers engage with the information.

European policymakers are already working on "GDPR 2.0" - adjustments based on implementation experience. These changes will include more nuanced approaches to the right to be forgotten and redesigned transparency requirements that are more meaningful to consumers whilst remaining technically feasible.

The AI regulation challenge

If GDPR revealed complexity of regulating data, artificial intelligence is exposing limitations of traditional regulatory approaches altogether. AI systems operate in ways that don't map neatly onto existing legal frameworks.

Marie's description of the "black box problem" captures this challenge. When an AI system makes a decision - approving loans, recommending content, filtering applications - the specific reasoning may be impossible to explain in human terms. The system has learned patterns from vast data and encoded them into mathematical relationships even creators may not understand.

This creates immediate challenges for existing regulations. GDPR's requirement for "meaningful information about logic involved" becomes meaningless when the logic itself is incomprehensible. Transparency requirements become even more complex when technical details may be so complex that even interested users couldn't understand them.

The proposed AI tax illustrates both potential and pitfalls of regulating AI without sufficient industry input. European policymakers are considering taxing companies implementing AI technologies, using revenue to offset job losses from automation. But practical implications are complex: How do you define "implementing AI" when capabilities are increasingly embedded in standard software tools?

These complexities illustrate why AI regulation requires more sophisticated approaches than traditional command-and-control regulation. The EU's AI Act attempts this by focusing on specific use cases and risk levels rather than regulating technology itself.

Making the dance work for your business

The Stockholm roundtable points to a clear strategic imperative: companies engaging proactively with regulatory development will have significant competitive advantages over those simply reacting to new rules after they're finalised.

The traditional model treats regulation as external constraint managed by legal teams. This reactive approach may have been sufficient when regulations changed slowly, but it's inadequate for the current environment of rapid technological change and cross-sector regulatory impact.

The collaborative model suggests treating regulatory engagement as core business capability creating competitive advantage. This means moving beyond compliance to become active participants in shaping the regulatory environment.

Nicholson’s openness to industry input illustrates the opportunity. "I'm really interested in hearing your feedback on a lot of these questions," she told participants. This isn't just political courtesy, it's genuine recognition that effective regulation requires input from implementers.

The most effective regulatory engagement focuses on shared problems rather than narrow business interests. When companies help policymakers understand implementation challenges or develop more effective approaches to achieving policy goals, they're providing genuine value beyond lobbying.

Building these relationships requires long-term thinking and consistent engagement. Companies with the most influence on regulatory development engage with policymakers before they need something specific. This means participating in industry associations, contributing to policy consultations, and building relationships across the regulatory ecosystem.

The AI regulation challenge illustrates why this collaborative approach is essential. Technical complexity means regulators genuinely need industry input to develop effective rules. Companies that can explain not just what they want from regulation, but why certain approaches will or won't work in practice, are providing valuable public service whilst advancing their interests.

The competitive advantage of collaboration

The regulatory landscape facing European businesses is becoming more complex, not less. The AI Act is just the beginning of new digital regulations reshaping how companies operate across sectors. The companies that thrive will view regulatory engagement as strategic capability rather than compliance burden.

The Stockholm roundtable revealed something most business leaders understand but rarely act upon: people writing rules genuinely want input from implementers. This creates unprecedented opportunity for business leaders willing to engage constructively with regulatory processes.

The practical steps are straightforward. Start by identifying regulatory developments most likely to affect your business over the next three to five years. Develop internal capabilities for engaging with these processes. Most importantly, approach regulatory engagement as genuine partnership rather than lobbying exercise.

The regulatory dance between politics and business will continue, and the music is getting faster. Companies that learn to move in step with policymakers, acknowledging inherent tension between innovation and protection whilst working collaboratively toward solutions, will have significant competitive advantages over those simply reacting to regulatory changes.

The opportunity is there for companies willing to engage. The question is whether you'll help write the rules or simply live with whatever gets written without your input. In an era where regulatory compliance is becoming core business capability, companies that influence regulatory development will have lasting competitive advantages.

The dance continues. The question is whether you'll learn the steps or watch from the sidelines.