Dear Global Leaders, Regulators, and Policymakers,
We, the members of ACT, are innovative small technology businesses and independent developers driving growth and competition in the global digital economy. From AI-enabled tools, IoT-driven solutions, encrypted services, safer online experiences, and standards-based technologies that enable interoperability, our teams build consumer and enterprise products that solve everyday problems.
As policymakers around the world set their 2026 policy agendas, many are pursuing similar goals: enabling businesses to grow and to serve consumers responsibly. Those goals require a policy environment that provides a risk-based framework for AI governance, strengthens privacy and security, rewards innovation, and protects consumers online. For startups and small businesses like ours, those are the same goals that we focus on every day. The challenge is that the path to compliance is rarely the same. In a connected digital economy, rules do not stop at the borders where they are written. The nature of the connected industry means the effects of poorly crafted rules ripple across markets and supply chains, and that volatility quickly becomes a material business constraint.
When policymakers don’t consider small businesses in the regulatory process the impact is felt immediately. Unclear, fragmented, and overly-expansive regulations force redesigns, delay launches, and divert limited resources from product development to increased legal and compliance overhead. Investors price that uncertainty early, and the result is fewer startups able to enter new markets, raise capital, hire, and scale. We urge balanced, forward-looking approaches that establish clear expectations and practical paths to compliance. Done correctly, durable rules strengthen trust and security while preserving the conditions small businesses need to compete. Below is an outline of our top policy priorities for policymakers and regulators globally in 2026.
Market Access and Capital Formation
For small businesses and independent developers, growth depends on two things: the ability to reach customers and access to capital. Digital trade rules that protect cross-border data flows and prevent discriminatory or protectionist barriers are essential for small tech companies competing in global markets.
At the same time, capital formation in the digital economy depends on predictable pathways to scale and achieve liquidity, particularly through pro-competitive mergers and acquisitions. For startups, a barrier to exit is a barrier to entry. When merger policy becomes overly expansive, slow, or unpredictable, it doesn’t simply affect dealmaking at the end of a company’s journey. It raises perceived risk at the beginning, reducing investor appetite, tightening terms, and leaving small businesses with fewer viable options to finance growth, hire, and bring new products to market.
Member Ask: Global policy leaders should enable cross-border data flows, resist data localisation mandates, and reduce unnecessary barriers to global market access for small tech businesses. Lawmakers should also ensure that merger policy is grounded in demonstrated harms and provides clearer, more predictable review processes, so that pro-competitive deals are not discouraged, and small innovators can access the investment needed to scale and compete globally.
Artificial Intelligence
Artificial intelligence (AI) is already powering tools across healthcare, agriculture, logistics, accessibility, fraud prevention, and productivity. Many of these products are being built by startups and small tech businesses, but the global AI policy landscape is moving fast and in different directions, creating a compliance maze that smaller teams feel first. As governments roll out new AI rules, the details of implementation increasingly shape whether smaller companies succeed across markets.
Member Ask: Any regulation policymakers consider must be risk-based and scalable, accounting for AI’s context and intended uses. A technology-neutral approach is essential to fostering innovation while managing risks. Overregulation jeopardises investment in AI-driven solutions and widens the gap between large incumbents and small innovators.
Competition and Curated Online Marketplaces
For startups and independent developers, curated online marketplaces (COMs) are the infrastructure that helps small teams successfully reach users. COMs reduce distribution friction and provide infrastructure that small companies cannot easily replicate on their own, including payments, fraud prevention, security review, and user confidence that a product or service is legitimate. Global competition proposals modeled after the EU’s Digital Markets Act (DMA) are increasingly targeting these ecosystems with broad ‘access’ requirements, including pressure for sideloading, alternative app stores, and broad mandates that limit how marketplaces manage risk and protect users. When rules are vague or keep shifting through guidance and enforcement, small developers feel the disruption, derailing release cycles, increasing security burden, and making it harder to plan, grow, or access capital.
Member Ask: Policymakers should pursue a regulatory environment that encourages that COMs support small business growth and consumer choice without weakening the safeguards that make curated marketplaces reliable and secure. Policymakers must avoid one-size-fits-all mandates that default to sideloading, forced catalog sharing, or broadly restrictive marketplace protections. Instead they should advance targeted, evidence-led measures with clear requirements, workable timelines, and space for proportionate compliance that small teams can actually meet.
Standard-Essential Patents
Balanced standard-essential patent (SEP) licensing frameworks are important for ensuring small businesses can use standardised technologies (Wi-Fi, 5G, Video Encoding) to interoperate and compete. Unfortunately, some SEP holders who have voluntarily contributed their patents to a standard aren’t living up to their commitments. When SEP holders break their promises to license on fair, reasonable, and non-discriminatory (FRAND) terms, it harms competition and creates significant problems for small innovators. As small tech companies increasingly innovate in rapidly advancing fields like AI and the internet of things (IoT), many are not only implementers of standards but also potential SEP holders and contributors to the next generation of standardised technologies. SEP licensing rules must work for both sides of the ecosystem by supporting the efficient use of standardised technologies for licensees while preserving fair and reasonable compensation for the value of the SEP for licensors.
Member Ask: Policymakers must support clear and transparent SEP licensing frameworks, which ensures fairness, prevents anti-competitive behaviours, and upholds the integrity of FRAND commitments. This will empower small businesses like ours and drive innovation, particularly in areas where emerging technologies like AI and IoT play a pivotal role in economic growth and consumer value.
Privacy, Encryption, and Children’s Online Safety
We support measures that protect children online from privacy violations and harmful content. But a growing set of ‘safety’ proposals are steering services toward two high-risk defaults: intrusive age verification and weakened encryption. Age gates often depend on collecting IDs, facial images, or behavioural signals, turning routine access into surveillance and forcing developers to store and protect sensitive data they never needed in the first place. When that data is exposed, the harm is immediate and real, as the “Tea breach” made painfully clear. These systems are also easy to bypass in practice, which means smaller teams can end up facing the liability and trust fallout. At the same time, efforts to introduce client-side scanning or backdoors weaken end-to-end encryption and create new breach opportunities across the digital economy, putting everyone at risk for identity theft and financial ruin.
Member Ask: Policymakers should pursue child-safety policies that have rational data collection requirements, reduce patchwork compliance burdens, and target risk where it is highest. Protecting kids online should not require building a surveillance infrastructure that puts users at greater risk. Finally, leaders and policymakers should protect strong encryption as essential infrastructure for privacy and trust and reject proposals that would weaken end-to-end encryption.
Innovation thrives when policymakers create clear, durable rules that allow businesses of all sizes to compete and succeed. Overly broad, fragmented, or unpredictable requirements raise compliance costs, delay product development, and chill the investment small tech businesses need to grow. We remain committed to working with leaders around the globe to advance these priorities and ensure that small tech can continue to create jobs and deliver real-world solutions in the global digital economy.
Sincerely,
ACT and 107 of our members from 36 countries:
| 1564B | 365.Training | 3DXR |
| 3dzasl | A Jar of Insights | Abhilekh Verma Consultancy OPC Private Limited |
| AccelCity | Acute XR | Ai 2nd Opinion |
| AI Skill Studio | AITECH and Engineering | AlterSapiens LTD. |
| Appnalysis | ArthaChanakya LTD (UK) | BadVR, Inc. |
| Blue Badge Insights, Inc. | BQWare | BR Tech Ltd |
| Business Amoeba | Busy Bee Studios | Fernandez |
| CheckTxt | Colorado Technology Consultants | Deverium |
| DoctorAI Ltd | Dogtown Media | ELDHOW |
| Endlesstec Limited | Epic Reach, LLC. | Ever AI Technologies |
| EYREACT OÜ | Factoree | floe technology |
| FMS, Inc. | Footfalls & Heartbeats | Fortified |
| GGEZ1 | Glazed Solutions, Lda | GlobalForce Tech Consulting, LLC |
| GMT Holding llc | kvary.network | Harbor Technology Group | HiByron |
| Homnick Systems | Hopewell Solutions Services Limited | INSINTO |
| Kin. | Layers Studio Ltd | Lazy Moose |
| LightmGroup | Local Community Vendors LLC | Lucid Circus |
| LunarLab Benefit LLC | Manulytica Ltd | Manyfast Inc. |
| MARKETING DIGITAL CENTER | Medical Society of Northern Virginia | Meniuz |
| Menopausey | Modern college business and sciences | My-Money S.r.l. |
| MyPrintPod | Nebula Labs | Nespra |
| Novatura Ltd | Nuke From Orbit | Obsidian Inc |
| Ohcargo Limited | OnScene | Oxiwear |
| Paleo Tech Group | Pills2Me | PreventScripts |
| ProximAI | Qlerify AB | Quanthub |
| Quanthym | Qube Catalyst | Quokka |
| RDT Health LLC | REMODID | Rhuna |
| Rimidi | Sellstar Ltd t/a iimpro | Shoo Social Media Ltd |
| Simply Stories | Skillora Sports | Southern DNA |
| SPENDID | Staple | Superset Labs |
| Synesthesia srl SB | TechNeed | TH-Habitat |
| The Blue Box | The Training Boss LLC | TL Tech Ltd |
| Traceless | UnaliWear | Untile |
| uQualio Video4Learning | vaic.at | Viber Alert |
| ViWear | Vonn | VOX EPOWER |
| Wellbeyond | Huckaby |