The right to privacy is enshrined in many legal traditions around the world. In the United States, it’s protected by the Fourth Amendment; in the European Union, it falls under Article 8 of the European Convention for Human Rights. While definitions differ between jurisdictions, most of us have a right to a reasonable expectation of privacy for our correspondence, in our homes and about our persons.

In the 1970s, businesses, families and individuals started generating data like never before, and the degree to which it fell under existing privacy mandates was increasingly unclear. This proliferation of data was first acknowledged as a problem in the late 70s and picked up pace in the decade that followed. In response, the EU introduced its Data Protection Directive in 1995, guaranteeing certain fundamental rights around the processing of personal data.

The crucial thing to understand in this context is that an EU directive leaves space for member states to determine how it will be incorporated into national laws. It is a recommendation, not a regulation that would legally require members to enforce laws from a set date.

From 1995, the regulation of privacy in the EU trod a well-worn path. Starting as a directive, it eventually developed into the General Data Protection Regulation (GDPR), which became a lawful requirement in 2018.

Related: Biden’s cryptocurrency framework is a step in the right direction

GDPR became the benchmark for privacy law and influenced regulation in other jurisdictions, including the United States. It’s a phenomenon Anu Bradford coined “The Brussels Effect,” where EU law sets the global regulatory standard. We’ve seen it happen in a number of fields besides data privacy, such as environmental law and online hate speech, which often enter the U.S. via a similar mechanism: the “California Effect,” whereby California sets a strict standard that is later widely adopted in the United States.

And now there’s another industry poised to follow this well-trodden path — from EU directive to EU regulation to global regulatory standard.

The case of Tornado Cash — which saw a protocol designed to mask financial transactions and increase privacy shut down by regulators because of its use by bad actors — is an example of why regulation is so vital to decentralized finance (DeFi). Infrastructure must be built along regulatory lines.

Like data in the 1980s, the proliferation of digital securities and the wider DeFi space is inevitable. Regulation will be essential to supporting innovators, promoting innovation and protecting investors, not to mention the widescale adoption of digital securities trading globally.

In the U.S., digital securities fall into a regulatory gray space, with neither the Securities and Exchange Commission nor the Commodities Future Trading Commission willing to put their heads above the parapet and claim responsibility for them.

In California, the regulation of digital assets is an ongoing conversation, and the Senate is expected to push for an amendment to California’s Financial Code to include digital assets: the Digital Financial Asset Law. If passed, it would be enforceable beginning in 2025.

By contrast, EU regulators have been quicker to get to grips with DeFi. The German regulator, in particular, the Federal Financial Supervisory Authority, or BaFin, has gone to great lengths to encourage innovation and offers a regulatory blueprint for DeFi elsewhere. A 2020 amendment to the German Banking Act put crypto assets on parity with traditional securities.

Related: Biden’s anemic crypto framework offered nothing new

In Brussels, regulation is also picking up pace. The EU’s Markets in Crypto-Assets (MiCA) comes into force in the fourth quarter of this year and will kick off an 18-month transition period for member states. Meanwhile, the newly published European Financial Stability and Integration Review 2022 showed a laudable understanding of the sector. It advocated for a rethink of the current regulatory approach, centering regulation on activity rather than an entity.

It’s still early when it comes to DeFi. However, digital securities regulation in the EU could well follow a similar path to the one that led to GDPR. Brussels this year issued an opinion on activity-based regulation, which we ultimately might see incorporated into its Markets in Financial Institutes Directive. (A directive, remember, is a guiding recommendation for member states.) From there, it could become regulation as part of MiCAR.

With a real-world example of DeFi regulation to lean on and decentralized finance becoming the technology layer where ultimately the entire financial market will be moving, other regulators will follow. Indeed, jurisdictions like Israel have made a habit of it. The question is whether the U.S. will be most influenced by the “Brussels Effect” or the “California Effect.”

The right to privacy is enshrined in many legal traditions around the world. In the United States, it’s protected by the Fourth Amendment; in the European Union, it falls under Article 8 of the European Convention for Human Rights. While definitions differ between jurisdictions, most of us have a right to a reasonable expectation of privacy for our correspondence, in our homes and about our persons.

In the 1970s, businesses, families and individuals started generating data like never before, and the degree to which it fell under existing privacy mandates was increasingly unclear. This proliferation of data was first acknowledged as a problem in the late 70s and picked up pace in the decade that followed. In response, the EU introduced its Data Protection Directive in 1995, guaranteeing certain fundamental rights around the processing of personal data.

The crucial thing to understand in this context is that an EU directive leaves space for member states to determine how it will be incorporated into national laws. It is a recommendation, not a regulation that would legally require members to enforce laws from a set date.

From 1995, the regulation of privacy in the EU trod a well-worn path. Starting as a directive, it eventually developed into the General Data Protection Regulation (GDPR), which became a lawful requirement in 2018.

Related: Biden’s cryptocurrency framework is a step in the right direction

GDPR became the benchmark for privacy law and influenced regulation in other jurisdictions, including the United States. It’s a phenomenon Anu Bradford coined “The Brussels Effect,” where EU law sets the global regulatory standard. We’ve seen it happen in a number of fields besides data privacy, such as environmental law and online hate speech, which often enter the U.S. via a similar mechanism: the “California Effect,” whereby California sets a strict standard that is later widely adopted in the United States.

And now there’s another industry poised to follow this well-trodden path — from EU directive to EU regulation to global regulatory standard.

The case of Tornado Cash — which saw a protocol designed to mask financial transactions and increase privacy shut down by regulators because of its use by bad actors — is an example of why regulation is so vital to decentralized finance (DeFi). Infrastructure must be built along regulatory lines.

Like data in the 1980s, the proliferation of digital securities and the wider DeFi space is inevitable. Regulation will be essential to supporting innovators, promoting innovation and protecting investors, not to mention the widescale adoption of digital securities trading globally.

In the U.S., digital securities fall into a regulatory gray space, with neither the Securities and Exchange Commission nor the Commodities Future Trading Commission willing to put their heads above the parapet and claim responsibility for them.

In California, the regulation of digital assets is an ongoing conversation, and the Senate is expected to push for an amendment to California’s Financial Code to include digital assets: the Digital Financial Asset Law. If passed, it would be enforceable beginning in 2025.

By contrast, EU regulators have been quicker to get to grips with DeFi. The German regulator, in particular, the Federal Financial Supervisory Authority, or BaFin, has gone to great lengths to encourage innovation and offers a regulatory blueprint for DeFi elsewhere. A 2020 amendment to the German Banking Act put crypto assets on parity with traditional securities.

Related: Biden’s anemic crypto framework offered nothing new

In Brussels, regulation is also picking up pace. The EU’s Markets in Crypto-Assets (MiCA) comes into force in the fourth quarter of this year and will kick off an 18-month transition period for member states. Meanwhile, the newly published European Financial Stability and Integration Review 2022 showed a laudable understanding of the sector. It advocated for a rethink of the current regulatory approach, centering regulation on activity rather than an entity.

It’s still early when it comes to DeFi. However, digital securities regulation in the EU could well follow a similar path to the one that led to GDPR. Brussels this year issued an opinion on activity-based regulation, which we ultimately might see incorporated into its Markets in Financial Institutes Directive. (A directive, remember, is a guiding recommendation for member states.) From there, it could become regulation as part of MiCAR.

With a real-world example of DeFi regulation to lean on and decentralized finance becoming the technology layer where ultimately the entire financial market will be moving, other regulators will follow. Indeed, jurisdictions like Israel have made a habit of it. The question is whether the U.S. will be most influenced by the “Brussels Effect” or the “California Effect.”