When I joined N26 as CTO, my first real job had nothing to do with building an app. I was asked to help get a banking licence and build up a core banking system from scratch. I had never worked in finance and had never sat across from a regulator.
When I joined N26 as CTO, my first real job had nothing to do with building an app. I was asked to help get a banking licence and build up a core banking system from scratch. I had never worked in finance and had never sat across from a regulator.
For months the work felt slow and heavy, full of requirements I did not understand and could not shortcut. This, I thought, was the part of building in Europe that everyone had warned me about.
I was wrong about what that experience was teaching me. A few years later I built Vivy, a digital health platform that handled the sensitive medical data of people across dozens of insurers. Health data is about as regulated as data gets, and once again my instinct was to treat the constraints as a tax on speed.
Over time I saw them differently. The rules were pushing us to build something that is genuinely hard to build, and even harder to copy: Trust.
I want to be honest about the cost, because pretending it does not exist helps no one.
The 2024 Draghi report on European competitiveness found that more than 60% of EU companies see regulation as an obstacle to investment, and 55% of small and medium-sized companies name regulatory and administrative burden as their single biggest challenge.
Fragmented rules across 27 member states, slow processes and uneven enforcement are a real drag, and founders feel it every week. Anyone who tells you regulation is simply a gift has never tried to deliver under it. The part that often gets missed is what those same constraints do to a company that takes them seriously.
In most consumer software, the buyer mainly wants to know whether your product is good. In regulated markets like FinTech and HealthTech, the buyer carries a heavier question – can they trust you with their customers’ money or their patients’ records, and will you still be standing, and compliant, in five years?
A hospital, a bank or an insurer is buying that confidence as much as any feature. A startup that has absorbed the rules into how it builds takes that fear off the table, and a faster competitor cannot simply bolt that on later. That was the key lesson for me and this i where Europe underrates itself.
American startups are often admired for moving first and asking permission afterwards. That works well until the product touches money, health, children or critical infrastructure, and then the missing trust becomes very expensive.
The genetics company 23andMe marketed health reports to consumers for years, and in 2013 the US Food and Drug Administration ordered the company to stop selling them until it could show the tests were valid. It pulled its health product for nearly two years to complete the regulatory work it had tried to skip.
European founders who have learned to build inside hard constraints are training for exactly the markets where that discipline is the price of entry, often without realising it. And the skill is very much transferable. Once you know how to ship a compliant product without losing your sanity, you can do it again in the next regulated category.
The same argument is about to repeat itself with AI. The EU AI Act, the first comprehensive law of its kind, has been and continues to be phased in over the next few years, with the heaviest obligations landing on high-risk uses in areas such as hiring, finance and health. I hear founders describe it the way I once described that banking licence: a brake, a burden, a reason Europe will fall behind.
I understand the frustration, and I would still ask them to look one step further. The companies that learn to build AI that is transparent, well governed and safe will win the regulated sectors where AI is audited and paid for. In AI too, trust is becoming the product.
None of this means the rules should stay as they are. The Draghi report is right that the burden needs to fall, that the rules should be simpler and that enforcement should be consistent across the single market.
Founders should push hard for all of it. What I argue against is the reflex to see every rule as a wall, and to envy the speed of companies playing an easier game. Speed is not the only moat. The ability to build something people can safely depend on is a moat too, and building in Europe is unusually good at teaching it.



