Last quarter, I argued that Europe’s rise to match the US in agrifoodtech funding and to lead in deal flow was less a case of Europe thriving than of Europe “falling less quickly” than the US.
I warned that the EU AI Act, whilst ambitious in its aims, risked tethering its innovators to a regulatory anchor and turning Brussels into a spectator to history’s most important technological revolution. My message was that ambition without pragmatism becomes self-defeating.
As a recovering lawyer, I spent a large part of my career trying to save clients from the law of unintended consequences in the face of corporate and financial regulation. That background has left me wondering whether Europe’s instinct for regulatory overreach might, perversely, create opportunity for tech startups.
I still think the AI Act needs refinement if Europe wants to avoid an outbreak of administrative paralysis. However, my review of the AI Act and other EU regulations most likely to affect corporate activity in the agrifood sector leads me to conclude that the AI Act may also help create a structural moat for deep-tech startups: a “Brussels moat”.
‘Europe’s instinct for regulatory overreach might, perversely, create opportunity for tech startups’
I previously argued that the AI Act could be a major constraint on European innovation. This is true because law moves much more slowly than technology, and regulation inevitably fails to keep pace with technological change.
Yet the AI Act will also push the market towards systems that are documented, auditable and capable of independent scrutiny, especially where the Act designates applications as “high risk”. In practice, this tends to favor products designed for use in the physical world, particularly in markets where the costs of error are high, such as the food system, biology, chemistry, health, materials, energy, and climate.
A good example is our portfolio company, Atinary Technologies, which uses AI to accelerate chemical and materials R&D. In contexts where AI-assisted discovery can have practical consequences, transparency and documentation are integral to making the product deployable in industrial environments.
Early indications of corporate Europe’s readiness suggest a sizable gap exists between aspiration and capability in AI governance and compliance. If that gap persists, it will shape procurement, as buyers seek systems that reduce their compliance burden rather than increase it.
Sustainability reporting and due diligence (CSRD, SCDDD, EUDR)
The same logic is now being applied to corporate sustainability. Over the past few years, Europe has introduced two far-reaching ESG regulations that are shifting sustainability reporting from discretionary to compulsory structured disclosure and, increasingly, to operational due diligence.
As its name suggests, the Corporate Sustainability Reporting Directive (CSRD) expands the scope of entities required to report and significantly increases the level of detail and structure of disclosures. It aims to produce information that is comparable across firms and suitable for assurance.
The most significant conceptual change is the introduction of double materiality, which requires companies to report not only on sustainability risks to the business but also on the business’s impacts on people and the environment. That requires judgement, but it also requires method. Firms must establish a defensible process for identifying material topics, gathering evidence, and maintaining governance around the resulting disclosures. In practice, CSRD is pushing sustainability reporting into the domain of systems, controls, and board-level accountability.
The Corporate Sustainability Due Diligence Directive (CSDDD) goes even further. It requires companies to identify, prevent or mitigate, and remedy adverse human rights and environmental impacts in their operations and, where relevant, their value chains. Unlike annual reporting, due diligence is continuous. It requires ongoing monitoring, contractual and operational measures, and verifiable evidence that the company has done more than publish policies.
The charts below help explain why corporates are finding this difficult, and where the pressure points lie. As you can see, the hardest aspects of CSRD implementation are value-chain integration, data gap analysis and remediation, assurance readiness, and double materiality:
Datamaran, 2025 CSRD Pulse Check Survey: Key Insights from Companies on Value, Engagement, and Challenges
For the vast majority, their existing systems are not designed to capture, verify and maintain decision-useful sustainability data across complex supply chains.
The same survey indicates that corporations regard CSRD information as most valuable when it is framed as impacts, risks and opportunities, as information capable of influencing management decisions rather than as a stand-alone report (see below). This is important because if these requirements are no longer just a once-a-year compliance exercise, they will be crucial in procurement, risk management, and capital allocation.
Datamaran, 2025 CSRD Pulse Check Survey: Key Insights from Companies on Value, Engagement, and Challenges
As scrutiny intensifies, buyers and regulators place greater emphasis on measurement and verification
Clearly, data availability and quality, and value chain complexity, will present major hurdles for corporations operating in Europe, and addressing them will require investment in systems and capabilities.
The European Union Regulation on Deforestation-free Products (EUDR) is another example of how regulation can change the source of commercial power.
Later this year, “traceability” will no longer be a marketing claim but will be a condition of access to the EU market for many commodities.
Operators and traders placing cattle, cocoa, coffee, palm/oil-palm, rubber, soy, and covered derivatives on the EU market must be able to demonstrate credible origin and prove that the products are not linked to deforestation after the relevant cut-off date. The practical effect is to make verified origin a limiting factor.
For the corporations affected, the problem is not drafting another policy, but generating evidence at scale across fragmented supply chains and multiple borders using reporting systems designed for volume rather than verification. Where failure means exclusion, these corporations will pay for tools that provide clarity and produce defensible evidence.
A similar shift is happening in carbon markets. As scrutiny intensifies, buyers and regulators are placing greater emphasis on measurement and verification. The commercial question becomes whether a claim can withstand challenge, not whether it can be packaged persuasively.
Turning compliance into competitive advantage
Against this backdrop, startups can proactively develop AI-enabled solutions that not only meet EU reporting obligations but also create new market niches, alleviating fears of regulatory burden and turning compliance into a competitive advantage.
To meet the ongoing due diligence requirements of the CSDDD, companies need AI-enabled systems that aggregate fragmented value-chain data, standardize it, and improve its quality by identifying gaps and managing remediation. They also need those systems to produce auditor-ready evidence and maintain a defensible record of double materiality and related risk assessments.
The “Brussels moat” may also have consequences for exits. Agrifoodtech has long suffered from modest multiples and slow adoption. But where regulation increases the cost of non-compliance, acquirers will value technologies that reduce compliance risk, shorten the time to meet regulatory requirements, and improve the quality of data available to management, auditors, and regulators.
Acquiring EU experience may also be an efficient way for non-EU corporates to regain credibility in European markets, where compliance expectations are now baked into access. For the founder, this moat is two-fold. It can act as a barrier to entry against competition from less-regulated global markets, and it is also a value driver for corporate customers who will soon seek embedded compliance across their value chain management and reporting systems.
As we saw with the General Data Protection Regulation (GDPR), European standards can become the global gold standard. A startup that masters the ‘Brussels moat’ today is building a product that may well become the compliance standard for the US and Asian markets tomorrow.