Navigating Regulatory Complexity in Tech

Global regulatory intervention disrupts the tech sector in an unprecedented way. The Digital Services Act Package (comprised of the Digital Services Act and Digital Markets Act) is moving into full force and the next wave of regulation, such as the EU AI Act, is already on the horizon. Regulators across the globe have recognized the impact of (big) tech platform companies and technologies on society at large, and, with the European Commission leading the charge, are signalling the start of a new era for tech firms.

Across a wide range of domains touching the core of tech products and services, regulators have shifted from a previously loose stance to a pressing need for stringent control. Chairman of the Dutch Authority for Consumers & Markets, Martijn Snoep, predicts that a regulatory revolution has been initiated that will lead the tech platforms to become equally regulated as financial institutions (Snoep, 2024)^[1]. This poses a challenge for tech platforms. They must further mature their organizations to become effective risk and compliance management machines. And while doing so, tech platforms should remain nimble organizations that deliver great user and partner experiences and further improve cost efficiency. This is an unprecedented challenge!

_{[1] Blog Martijn Snoep: Navigating the Online Platform Regulatory Revolution: Charting a New Course for Regulators - https://www.acm.nl/en/publications/blog-martijn-snoep-navigating-online-platform-regulatory-revolution-charting-new-course-regulators}

Tech platforms are now forced to prevent potential harms arising from their products and services on the individual, businesses, and society at large. Successful organizations recognize that they do not need to comply with individual regulations, but that it is the constant stream of new regulations, with overlapping requirements and conflicting priorities, that must be addressed. An effective compliance strategy aims to build an embedded, sustainable, and reusable compliance operation. Also, tech platforms must embrace compliance as part of their internal culture. Not as a barrier to the business, but as an enabler. At the heart of the strategy, however, remains the platform’s relentless focus on maintaining an outstanding user experience that is underpinned by recognition of trust and safety. A tech platform that will thrive can balance compliance with innovation, in a cost-efficient manner. 

KPMG offers a comprehensive range of services designed to help you become a Trusted Platform by effectively managing the complexities of managing regulatory change. This allows your organization to focus on delivering outstanding customer and employee experiences:

1. Regulatory Horizon Scan and Legal Interpretation: KPMG keeps track of the ever-changing regulatory landscape and supports the interpretation of regulations and the implications on your organization and business model, creating workable packages of information for client implementation teams.
2. Compliance Function Design & Transformation: We can help design, build, and implement your compliance capability of the future. We enable you to deploy a modern, scalable compliance function that ensures compliance across a wide range of regulations in a sustainable and cost-efficient way. We embed good practices from our experience working with the largest platforms in the world on these programs, while combining that experience with our deep-rooted knowledge and experience in regulation-heavy industries such as the financial sector.
3. Assessments & Insights: We provide tailored fit/gaps compliance assessments both pre-launch and ongoing, to proactively identify and manage any gaps in meeting your regulatory obligations and controls, allowing you to innovate with confidence. Furthermore, we can assist with conducting specific types of risk assessments, like systemic risk assessments required under the DSA.
4. Risk & Control Framework Design: KPMG has developed the Big Tech Risk & Control Framework designed to accommodate compliance with multiple new tech regulations, conduct requirement gap analyses, and design and document controls for a systematic approach to compliance – effectively lifting this burden off your shoulders. KPMG also offers tooling solutions in which this integral risk & control framework can be managed.
5. Audit: KPMG is the external auditor of multiple very large online platforms for both the DSA and DMA. We have gained deep expertise in the audit requirements of the latest tech regulations and know how to effectively perform audits for the tech sector. We assist many clients with mock audits, in which we prepare clients for external audits. By doing so, we prevent surprises, while also identifying improvements for your internal control environment.
6. Customer and Partner Experience Design: We support the (re)design of your customer and partner experiences that are impacted by the regulatory-driven transformation. 

By choosing KPMG, you leverage our extensive experience gained from advising large tech clients on complex regulatory matters. We enable tech companies to innovate freely, while ensuring that their compliance needs are comprehensively managed.