 The EU AI Act is officially law, and its impact won’t be confined to European borders. If history is any guide, we’re watching the early stages of what some are calling “The Brussels Effect 2.0.” Just as GDPR reshaped global data privacy standards, the AI Act is poised to redefine how companies build, govern, and scale artificial intelligence.
But this isn’t just about compliance. It’s about strategy. Companies that treat the AI Act as a bureaucratic nuisance will play catch-up. The smart ones—those that start aligning their models, governance, and transparency practices now—stand to gain a lasting edge. Why? Because EU standards have a way of becoming global defaults, whether or not your business is based in Brussels, Boston, or Bangalore. In this piece, I unpack:
📖 Read the full long-form essay here on Substack: 👉 https://open.substack.com/pub/axelnewe/p/the-brussels-effect-20-building-ai
0 Comments
As someone who’s worked in healthcare IT for years—mainly as a consultant—HIPAA compliance isn’t a side note. It’s baked into everything: client conversations, technical roadmaps, and yes, the required annual training. Frameworks like HITRUST CSF, NIST, and COBIT aren’t just concepts—they guide the real-world systems we help clients build and secure. But lately, I’ve noticed something unsettling: rules that were once firm are starting to feel… optional. Are These Protections Being Ignored? Or Reinterpreted? No, HIPAA hasn’t been repealed. But that doesn’t mean its protections are always honored. Across the country, we’re seeing signs that long-standing patient privacy rules are being bypassed when they conflict with political priorities:
These aren’t alternative narratives. They’re signals that the rules we’ve relied on may not be as solid as they seem. Legal Rules vs. Frameworks: Why the Difference Matters We often talk about HIPAA and HITRUST in the same breath—but there’s a big difference. Legally Binding HIPAA, HITECH, 21st Century Cures Act Frameworks HITRUST CSF, NIST, COBIT (Not enforceable laws) When laws are weakened—or simply ignored—frameworks alone can’t protect sensitive health data. Why This Matters to Clients and Consultants This isn’t just theory. It directly affects the work we do:
If this trend continues, we could see innovation slow, legal risk increase, and state-by-state fragmentation in data handling rules. All of this will make our job more difficult, as many of our products are, and much of our thought leadership is, built around compliance. What Can We Do About It? Here’s what I recommend to peers and clients:
Final Thought I’m not raising this concern as an alarmist or conspiracy theorist; I don't think I am either. As an integrator and consultant, I’m speaking as someone who has lived in the trenches of healthcare IT compliance. If we let the protections slip—even slowly—it’s not just privacy that suffers, it’s trust. Additional thoughts or experiences on this topic are greatly appreciated. I’d love to hear how others in the field are navigating the shifting landscape. Sources
Official References & Frameworks Recent Reporting
|
AuthorAxel Newe is a strategic partnerships and GTM leader with a background in healthcare, SaaS, and digital transformation. He’s also a Navy veteran, cyclist, and lifelong problem solver. Lately, he’s been writing not just from the field and the road—but from the gut—on democracy, civic engagement, and current events (minus the rage memes). This blog is where clarity meets commentary, one honest post at a time. ArchivesCategories
All
|
RSS Feed