The simple version
When a tech giant says it supports regulation, it often means it wants to help write the rules, and the rules it writes tend to make life harder for smaller competitors while leaving its own business mostly intact.
Why the support is genuine (and that is the problem)
The instinct is to call this hypocrisy. It is more useful to call it strategy.
Mark Zuckerberg has testified before Congress calling for federal privacy legislation. Google has published white papers endorsing AI governance frameworks. Microsoft has positioned itself as the responsible adult in AI development, backing oversight mechanisms it claims the industry needs. These statements are not purely performative. The executives making them often believe them, at least in part.
The catch is that “supporting regulation” and “supporting specific regulations” are two very different things. The public comments go into the congressional record. The lobbyists go into the room where the bill gets written.
Meta spent over $20 million on lobbying in 2023. Alphabet (Google’s parent company) spent more than $12 million in the same period. Amazon and Microsoft were not far behind. This is not secret. These figures are disclosed under federal law. What is less visible is where that money points: frequently toward weakening the enforcement teeth of the very frameworks these companies endorse in press releases.
The competitive moat hiding inside compliance costs
Here is the core mechanic: regulation is expensive to comply with, and large companies can afford compliance in ways that startups cannot.
GDPR, the European Union’s privacy framework that passed in 2018, is instructive. Major tech platforms publicly welcomed it (with caveats). They could afford the compliance infrastructure. Many smaller European startups could not, and some shut down or relocated rather than navigate the requirements. The companies that already had legal teams, data engineers, and government affairs staff absorbed the cost. The companies that didn’t, often couldn’t.
This is not a conspiracy. It is arithmetic. A regulation that costs $10 million a year to comply with is a minor line item for a company with $50 billion in annual revenue. For a startup with $2 million in the bank, it is a death sentence. The incumbent effectively purchases a barrier to entry with its compliance budget, and it gets to call that barrier “consumer protection.”
Economists have a name for this: regulatory capture. The regulated industry shapes the regulatory process until the regulation serves the regulated industry’s interests. What is underappreciated is how often this happens not through corruption but through information asymmetry. Regulators need to understand complex technical systems. The companies that build those systems have the engineers who can explain them. Lobbyists become translators, and translations are never neutral.
The two-track playbook
The mechanics of tech’s regulatory two-step are fairly consistent across companies and policy areas.
Track one is public positioning. The company releases a policy paper, its CEO gives a speech, a senior executive testifies to Congress about the importance of thoughtful regulation. The message: we take this seriously, we want to work with government, we believe there should be a framework. This generates goodwill, media coverage, and a record that can be cited later.
Track two is technical lobbying. This is where the money goes. Specific bill language gets targeted. Definitions get narrowed (if the law bans “harmful algorithmic amplification” and your lawyers wrote the definition of “harmful,” you can probably comply without changing much). Enforcement mechanisms get softened. Preemption clauses get inserted to block stricter state laws. Safe harbor provisions appear. Private rights of action, which would allow consumers to sue directly, get stripped out, because class action lawyers are often more effective enforcement agents than underfunded federal agencies.
The result is a law that the company can say it supported, because it did support its existence, while having systematically removed the provisions that would have constrained its behavior. The headline reads “Tech Giant Backs New Privacy Law.” The fine print explains that the law’s definition of “personal data” excludes most of the data the company actually monetizes.
Why this is harder to fix than it looks
The obvious reform is campaign finance limits, stricter lobbying disclosure, or cooling-off periods for regulators who move into industry jobs. These are reasonable. They are also insufficient on their own.
The deeper problem is complexity. Modern technology platforms are genuinely difficult to regulate well. Writing rules for algorithmic recommendation systems, for data portability, for AI training pipelines requires technical fluency that takes years to develop. Congress does not have years. It has staffers, and those staffers’ counterparts at tech companies are better paid and more specialized.
This is why the companies that most vocally support regulation also most aggressively fund the revolving door between government and industry. They are not just buying access. They are building the informational infrastructure that makes them indispensable to the regulatory process.
The EU’s approach has been different: hire technical experts, fund independent researchers, build regulatory capacity that does not depend on industry briefings. The results are imperfect but the fines are real and the behavior changes are measurable. American regulators, chronically underfunded, are playing a different game.
What to watch for
The tell is specificity. When a tech company “supports” a regulation, watch what it says about enforcement, about private rights of action, about the scope of covered entities, about preemption of state laws. Genuine support looks like fighting for strong enforcement mechanisms even when they might apply to you. Strategic support looks like endorsing a framework while lobbying to defang every mechanism that has ever actually changed company behavior.
The irony is that some of the most effective competitive pressure on big tech has come not from regulation but from better-resourced smaller rivals. Regulation that entrenches incumbents does not just fail consumers. It often fails to fix the underlying competitive dynamics that made regulation seem necessary in the first place.
Tech companies have learned something that every mature industry eventually learns: if regulation is coming, it is better to be in the room shaping it than outside the room being shaped by it. That is rational. It is also precisely why you should not confuse a company’s presence in the room for an endorsement of what the room produces.
