[SpicyLemonZest]

Right! Thanks for the link, I remembered reading that quote but couldn't find it. European regulators don't need hyper-specific definitions, because to them it's entirely normal to tell a company that they must do X or can't do Y even though the rules as written seem to authorize their current course of action Z.

All regulatory systems have some informal edge cases, of course. But Americans expect law to in general work more like a list of checkboxes and rely less on divining the regulator's intent. Indeed, that's one of the reasons why the regulatory environment under Trump is so frustrating to many of us; in the American view, there's supposed to be a strict distinction between what the law is and what the people at suchandsuch agency think the law is supposed to be or meant to achieve.

[dgellow]

The EU has pretty good documentation for the various regulations. For example for GDPR they do provide checklists:

- https://www.edpb.europa.eu/sme/be-compliant/respect-individu...

- https://www.edpb.europa.eu/sme/be-compliant/secure-personal-...

And guidance: https://www.edpb.europa.eu/system/files/2026-04/edpb-summary...

[vrganj]

> But Americans expect law to in general work more like a list of checkboxes

To me as a European, this is a very low-trust view of lawmaking that assumes a hostile relationship between a government and its people.

The European approach is a bit more of a living conversation.

In the implementation period there's workshops where you figure out how to best comply in a way that makes sense for your business. There's a lot of flexibility there since you're just aiming for the spirit of the law, not some formal definition that might not make sense in your case.

If you're found out of compliance theres a bit of a back and forth and if you put in a good-faith effort to fix things, nobody has any issues.

The advantage of this approach is that the government doesn't tell you how to run your business and things stay agile as new use cases and business models come up.

It works out pretty well in general, and allows for a more cooperative approach to reaching policy goals.

Problems usually only arise when American companies try their bad-faith technicalities and find that doesn't fly here, like when Facebook changed their ToS to try to argue that using their services itself constitutes consent under the GDPR and predictably got dinged for it.

[logicchains]

>It works out pretty well in general

How can you say that when Europe has completely failed at producing any big, successful tech companies in the past couple decades? China and even India have a lot more staetups-turned-bigtech companies.