Regulations Can Create the Monopolies They’re Meant to Prevent

Why do large companies sometimes lobby for regulation in their own industries? When major crypto exchanges advocate for licensing or tech companies urge regulation of artificial intelligence, the explanation may be simpler than it appears: These companies understand how regulatory costs affect market structure.

Regulations designed to protect consumers can reshape competitive dynamics in ways lawmakers don’t anticipate. The mechanism is straightforward economics: Regulatory compliance creates fixed costs, and fixed costs affect smaller competitors and new entrants differently than they affect established firms. While incumbents can absorb compliance costs as a part of doing business, smaller competitors may struggle or fail, and potential new entrants to the market may never emerge. The result can transform consumer protection into competitor elimination, regardless of the original intentions behind the regulation.

The European Union’s General Data Protection Regulation (GDPR) offers a clear example of this effect. When the data privacy and security legislation took effect in May 2018, the impact on Europe’s technology market structure was both immediate and measurable. Within one week of implementation, market concentration among web technology vendors increased by 17 percent as websites dropped smaller service providers in favor of larger platforms. One week was all it took. The regulation didn’t gradually reshape the market over months and years, it triggered immediate consolidation.

The impact of GDPR on companies varied dramatically based on their size. Small IT firms experienced a 12 percent drop in profits following GDPR implementation while large IT firms saw only a 4.6 percent decline. Researchers at MIT’s Sloan School of Management found that GDPR has effectively functioned like a 25 percent tax on smaller companies despite applying the same rules to everyone processing European data.

What explains the variation in outcomes from a uniform set of rules? Simply put, compliance infrastructure doesn’t scale linearly with firm size. Large companies can employ hundreds of compliance specialists, privacy engineers, and legal experts who can implement new requirements efficiently. They can spread these fixed costs across enormous revenue bases. 

Smaller competitors face a different calculation. A startup with 50 employees and $10 million in revenue needs to hire or contract GDPR specialists and implement the same systems. Three compliance specialists and infrastructure costing $500,000 annually would represent a 5 percent hit to revenue. This burden is dramatically different from the one a large firm would experience.

The competitive disadvantage compounds through the law’s mechanisms for user consent, which requires that consumers must specifically agree to permit firms to collect their data and specify for what purpose it’s collected. Large platforms like Meta or Google with multiple consumer-facing products can more easily obtain the user permissions required under GDPR, while smaller, less well-known companies struggle to convince users to consent to data collection from unfamiliar services. The regulatory structure itself creates a competitive advantage independent of product quality.

This pattern illustrates how regulatory complexity can create monopolistic markets by favoring the organizations with resources to navigate that complexity. Consumer protection regulations can inadvertently eliminate competitors independent of the original intent of policymakers.

While GDPR provides a dramatic example, it illustrates a broader economic principle. Regulatory barriers affect different companies disproportionately because of scale differences. A $2 million compliance burden represents 0.2 percent of revenue for a billion-dollar company compared to 20 percent for a $10 million startup. This creates barriers to market entry unrelated to innovation or product quality. 

This compliance monopoly effect has appeared across industries and decades. This suggests that market consolidation being driven by regulatory costs represents a systemic feature of regulated markets rather than isolated incidents.

The 2008 financial crisis prompted comprehensive financial regulation through the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. The legislation explicitly aimed to prevent banks from becoming “too big to fail” by imposing stricter capital requirements, stress testing, and enhanced regulatory oversight on large financial institutions.

The actual results contradicted the legislation’s stated goals. The compliance burden fell disproportionately on smaller institutions despite the law’s stated intent to constrain large banks. Community banks—those with less than $10 billion in assets—faced the same regulatory framework as megabanks but lacked the scale to absorb compliance costs efficiently.

Research by the American Action Forum that tracked Dodd-Frank implementation found that by 2018 compliance costs exceeded $38.9 billion with more than 82.9 million hours of paperwork burden. Large banks can employ thousands of compliance specialists. For most community banks, these requirements exceeded their total workforce capacity, forcing them to hire external consultants or divert existing staff from revenue-generating activities.

Between 2012 and 2019, the number of community banks declined from 6,802 to 4,750, a 30 percent reduction, according to a 2020 FDIC study. Market concentration among the largest banks increased substantially. The regulation designed to constrain the largest banks instead accelerated the elimination of their smaller competitors.

The agricultural sector demonstrates similar dynamics as a result of the Food Safety Modernization Act (FSMA). Signed into law in 2011, the FSMA requires extensive testing, documentation, and facility upgrades that create substantially different burdens across farm sizes.

The Food and Drug Administration’s own analysis found that very small farms, those with annual sales between $25,000 and $250,000, spend 6 percent of their gross sales on compliance measures. Since the Department of Agriculture estimates that average net farm income equals approximately 10 percent of gross sales, this means that compliance costs consume roughly roughly 60 percent of small farm profits. Academic research has shown compliance costs do not rise proportionally with acreage, meaning that these burdens affect small farms more severely than large operations.

Large industrial producers spread compliance costs across massive production volumes. Small farms and artisanal producers face proportionally heavier burdens and, as a result, agricultural consolidation continues.

The problems these regulations seek to address are real. The 2008 financial crisis destroyed trillions in wealth. Food contamination sickens thousands annually. Data breaches expose millions of people to privacy violations. But the policy choice isn’t simply between government regulation and inaction. Markets already create powerful incentives for safety and quality. Banks without adequate capital fail. Food companies that poison customers go bankrupt. Polluters face liability. The relevant question is whether increasing the burden of regulatory compliance delivers better outcomes than liability, reputation, and competition already provide. If regulation is necessary, one must evaluate whether specific regulatory designs achieve their stated goals without creating market distortions that may cause worse outcomes than the problems they seek to address.

When regulation is warranted, design choices matter enormously. Consider the difference between mandating specific compliance infrastructure versus establishing clear liability standards. Infrastructure-based regulations dictate that companies must have “X monitoring system, Y reporting process, Z compliance staff.” This approach creates fixed costs that disproportionately burden smaller firms. These regulations also tend to enshrine current technology and best practices, potentially making innovation more expensive.

The financial sector illustrates this distinction. Dodd-Frank mandated similar stress-testing infrastructure for institutions with vastly different risk profiles. A community bank with $500 million in assets and no derivatives trading doesn’t pose systemic risk comparable to a “too big to fail” bank. Yet Dodd-Frank’s architecture treated them as variants of the same problem, requiring similar compliance infrastructure. Community banks closed, while large banks grew even larger.

A more market-oriented approach might recognize that different institutions pose different risks and face different competitive pressures. Banks that take excessive risks should face consequences, but those consequences might come through higher insurance premiums, loss of deposits, or market discipline rather than through compliance infrastructure that primarily serves to eliminate smaller competitors.

None of this suggests that all regulation is illegitimate or that all harms can be addressed through market mechanisms alone. It does suggest that when policymakers design regulatory solutions, they should account for competitive effects and consider potential unintended consequences. Regulations that entrench incumbents might prevent some harms while creating others, including reduced competition, higher prices, and less innovation.

The goal should be addressing genuine market failures without creating regulatory structures that produce worse outcomes than the issues they’re meant to solve.

Today’s technology sector shows examples of this dynamic unfolding in real time. Major cryptocurrency exchanges built extensive compliance infrastructure, then advocated for federal licensing requirements that would favor firms with the capabilities they had already developed. Coinbase spent $2.9 million on lobbying in 2023 while advocating for “regulatory clarity” through frameworks that would require precisely the systems they possess.

Similarly, in 2023, when OpenAI’s leadership testified before Congress advocating for AI licensing, observers noted that proposed requirements would tend to favor established players while potentially hindering newer competitors. The pattern appears consistent: Incumbent firms advocate for regulations they’re equipped to handle while supporting requirements that may create barriers for emerging competition.

This represents rational business strategy rather than conspiracy. If regulation appears inevitable (and in complex technical fields, it often does) then established players have strong incentives to shape that regulation in ways that leverage their existing advantages. They can genuinely advocate for safety and consumer protection while simultaneously protecting their market position.

Markets generate innovation and efficiency through competition, but regulatory complexity can systematically reduce this competitive pressure. The resulting consolidation may represent policy failure rather than market failure, as regulations designed to constrain market power instead create it by establishing barriers that favor incumbents over upstarts.

Pro-business policies are not necessarily pro-market policies. Incumbent firms can benefit from regulations that raise barriers to entry, even when compliance costs are substantial. They can absorb these costs more efficiently than smaller competitors and potential entrants, potentially transforming regulatory compliance from constraint into competitive advantage.

Understanding this dynamic requires evaluating regulatory policy proposals beyond their stated intentions. The question isn’t whether regulations protect consumers or pursue legitimate public interests, as many can accomplish this goal. It’s whether the compliance structure creates systematic advantages for larger players while eliminating smaller competitors, independent of product quality or innovation.