The Fractured Frontier: The Risks of Financial and Technology Regulatory Balkanization in 2026

In partnership with

Steve Boms is the Founder and President of Allon Advocacy, LLC, a financial technology consulting firm, and the Executive Director of the Financial Data and Technology Association of North America, a trade association representing more than three dozen financial technology companies.

The federal financial landscape is undergoing its most significant structural shift in decades. With the 2008 financial crisis fading from institutional memory, federal regulators are now pursuing an intentional period of administrative streamlining and deregulation. While political views differ on the merits and risks of this retrenchment, one reality is clear: decentralization has catalyzed — and will continue to catalyze — a surge in state-level legislation and regulation. 

As Congress struggles to enact comprehensive federal frameworks governing data privacy, digital assets, and artificial intelligence (AI), state legislatures and regulators are increasingly implementing their own regimes. While much ink has been (well) spilled on the compliance challenges created by an increasingly fragmented regulatory environment, an additional threat has emerged in the context of a reorganization of global trade norms and increasingly turbulent geopolitical and macroeconomic trends: The Balkanization of financial and technology regulation now presents real risk to America’s long-term competitive positioning on the global stage. 

To stave off this risk, federal and state policymakers must better coordinate their approaches on data privacy, digital assets, and AI. 

The Data Privacy Patchwork

Several times over the last decade, a bipartisan congressional “gang” has announced, to much fanfare, a breakthrough on a comprehensive federal data privacy framework, only to repeatedly come up short over disputes on state preemption and private rights of action. Amidst this cyclic folly, a Cambrian explosion of state-level statutes has created a fractured compliance environment, which promises to become even more complex in 2026:

• At least 20 states had already enacted state-specific data privacy laws by the end of 2025, with 15 additional state legislatures having considered their own state privacy statutes last year. (IAPP, 2025)

• Beyond the foundational California Consumer Privacy Act (CCPA), 2025 saw states like New Jersey and Maryland implement strict privacy laws that introduce unique requirements for data minimization and “sensitive data” definitions that differ from those in neighboring states.

• New York’s Department of Financial Services further tightened its Part 500 Cybersecurity Requirements in late 2025 to mandate real-time reporting of non-ransomware data breaches — a standard that exceeds current federal requirements for national banks and other states’ requirements (NYDFS, 2025).

The net result of the federal government ceding the privacy playing field to the states has been to create a highest common denominator problem, where the most restrictive state law dictates the national compliance baseline, effectively allowing state legislatures to set national policy. But the longer this approach is allowed to continue unabated, the larger the discord among states’ respective data privacy requirements is likely to become, leading to a reality in which companies that wish to offer their products and services in the United States will be required to comply with 50 distinct state laws. 

The Digital Assets Dual-Track Dilemma

While data privacy has for years been the poster child for regulatory fragmentation in the United States, 2025 saw the digital asset sector become the primary theater for the tension between federal floor-setting and state sovereignty. Though Congress made some progress last year on stablecoin regulation, it simultaneously cemented a fragmented “dual-track” system and once again failed to enact a broader crypto regulatory structure framework. Consider:

• The GENIUS Act established a federal regulatory framework for payment stablecoins, mandating 1:1 reserves and regular audits. Critically, though, the GENIUS Act allows issuers with $10 billion or less in assets to operate under state-level frameworks if they are “substantially similar” to federal standards. This has empowered states like New York to maintain their rigorous BitLicense regime and Wyoming to expand its Special Purpose Depository Institution (SPDI) charters.

• North Dakota’s launch of the “Roughrider Coin” — a state-issued institutional stablecoin — illustrates how states are now creating “parallel monetary universes” that may not be technically interoperable with federal counterparts.

• California’s Digital Financial Assets Law will take full effect on July 1, 2026. It mandates that any business storing, exchanging, or issuing digital assets for California residents must obtain a specific license, with daily penalties for non-compliance reaching up to $100,000 (BPM, 2025).

• While federal regulators confirmed that national banks may hold digital assets for network operations, states are moving ahead with bespoke “Real World Asset” tokenization laws, creating a market where a tokenized Treasury bill might be legal in one state but require a different disclosure regime in another.

Congress’s valiant, but so far Sisyphean, attempts to enact a full-scale, federal crypto market structure law raise the very real prospect of state legislators and regulators taking up this mantle on their own in 2026, creating a 50-state patchwork of digital assets laws and regulations, distinct and in addition to our state data privacy regime. 

AI and Algorithmic Oversight

Recognizing the Balkanization dilemma that has arisen across other markets, President Donald Trump signed an Executive Order intended to ensure “a national framework for artificial intelligence.” This order directs a federal “AI Litigation Task Force” to challenge state AI laws that are deemed “onerous” or inconsistent with national innovation policy, specifically targeting state-level audit and reporting requirements that might burden interstate commerce.

But in the absence of a unified federal AI framework, state governments have moved on their own. In 2025, over 1,000 AI-related bills were introduced across the 50 state legislatures, creating a high-stakes compliance crucible for financial providers that, for example, rely on automated decision tools for lending, insurance, and fraud detection. To wit:

• In Colorado, SB 24-205, the most comprehensive state AI framework, will take full effect in June 2026. It mandates that any “deployer” of AI in “consequential” financial decisions — such as determining creditworthiness or insurance premiums — must maintain a robust risk management program. Crucially, it requires annual impact assessments that document the data used, the purpose of the system, and the specific measures taken to mitigate “algorithmic discrimination.”

• In California, AB 2930, which will enter into force this year, mandates transparency for automated decision tools, requiring financial institutions to notify consumers whenever AI is a “substantial factor” in a financial decision and providing a right to appeal those decisions to a human reviewer.

• In October 2025, the New York Department of Financial Services issued critical guidance regarding AI and third-party service providers. The guidance clarifies that financial institutions cannot “outsource” their compliance; they are now required to ensure that any AI vendor (such as a cloud-based credit scoring model) adheres to the same cybersecurity and anti-bias standards as the bank itself.

The judiciary will almost certainly have the final say on the legality of elements of President Trump’s Executive Order but irrespective of one’s politics, it is an unequivocal statement of fact to point out that state AI governance is fast following data privacy and digital assets as the next frontier in which state policymakers will fast overtake the federal government. 

Global Comparisons and Implications

It is absolutely true that the Balkanization of U.S. financial and technology laws and regulations results in increased costs borne by industry and consumers, and that smaller entities are less able to compete in such environments for lack of resources as compared to their much larger counterparts. But as one of the esteemed founders of this medium has pointed out, “compliance burden” is a frequent and ineffective policy argument.

Instead, zoom out. In the current global context, the emergence of a decentralized federal U.S. approach to financial and technology laws and regulations stands in stark contrast to the unified, single-rulebook approaches favored by other major global economies. Historically, that hasn’t mattered all that much. The U.S. has had the novelty of not having to be overly concerned about global competition in the financial and technology sectors. We’ve enjoyed a large, affluent population, the world’s reliance on the dollar as a reserve currency, and the single largest market for goods and services in the world, with predictable, navigable regulatory requirements. 

But the rest of the world has, for the last several decades, been gaining ground on the size and affluence of the U.S. market, with China and India, among others, at our heels. And in the midst of a massive reorganization of global trade norms, the dollar’s “hegemony has come into question in recent times due to geopolitical and geostrategic shifts.”

As a result, one of the most profound risks of U.S. regulatory Balkanization in the current climate isn’t compliance burden; it’s geopolitical and macroeconomic. 

Consider the European Union (EU) and Canada. Historically, financial and technology firms have struggled to scale in Europe due in large part to individual member states’ refusal or inability to implement pan-European regulatory regimes. Canadian Prime Minister Mark Carney recently called on the “middle powers” of the world to band together and collectively “build a new order.” But at the same time that the U.S. is rapidly creating our own Balkanized regulatory approach, the EU, Canada, and other jurisdictions are working diligently, and in coordination, to harmonize their own. 

The General Data Protection Regulation (GDPR) was a successful effort by the EU to end the era when every European country had its own privacy laws and privacy regulator. Having recognized that the Second Payment Services Directive (PSD2) didn’t solve for fragmentation in Europe’s payment markets, the EU will finalize the Payment Services Regulation (PSR) later this year, which will be legally binding across all member states. And the EU’s Markets in Crypto-Assets (MiCA) and the EU AI Act, which established a common regulatory and legal framework for AI among the EU’s 27 member states, began entering into force in 2024.  

A similar story is playing out in the UK, where the Smart Data Accelerator focuses on national interoperability for open finance. By providing a seamless, unified environment, the UK aims to attract fintech capital that might otherwise be deterred by the complexity of the U.S. market. By contrast, a 50-state approach to data privacy in the U.S., in tandem with a potential impending meaningful step backwards by the Consumer Financial Protection Bureau on its 2024 Section 1033 rulemaking, leaves the path forward for consumer financial data empowerment and privacy in the U.S. significantly more uncertain, and likely to be determined by state lawmakers.

U.S. regulatory fragmentation also complicates the technical plumbing of global finance. As states like Wyoming or North Dakota experiment with localized digital asset charters or state-level stablecoins, the interoperability of the dollar-based system begins to fray. A Federal Reserve report suggests that while the dollar’s dominance is “tested but not broken,” the lack of a unified digital dollar framework has allowed rival systems, specifically the BRICS Bridge and the Digital Euro, to gain traction in cross-border settlements.

Said differently, we shouldn’t assume that the historic strength of the U.S. market, or the world’s traditional reliance on the dollar, will be sufficient to overcome the real challenges posed by regulatory fragmentation in the current macroeconomic and geopolitical environment. 

To understand the scale of this problem, we need only look at the experience of other countries, where the cost of this fragmentation is measurable. The World Economic Forum has issued stark warnings that “geoeconomic fragmentation” could reduce global GDP by up to 5%, or $5.7 trillion, over the next decade. For the U.S., this could manifest itself as a “complexity tax” that discourages foreign direct investment, which fell by more than 15% in fragmented jurisdictions in 2024.

Conclusion

The movement away from strong, preemptive federal financial and technology regulation and towards a state-led, decentralized regulatory environment represents a fundamental paradigm shift in the U.S. approach towards regulating industry. While the retreat of federal oversight is often framed as a victory for industry and state sovereignty, the resulting Balkanization, when combined with very real trade and macroeconomic considerations in the current environment, creates a secondary tier of risks that could threaten the U.S. market’s global financial and technology dominance. 

If the U.S. regulatory framework continues to evolve into a collection of fifty disparate markets, it will lose its ability to project a singular, powerful standard on the world stage, while unified blocs like the EU are diligently, and successfully, working in the other direction to harmonize otherwise complex, fragmented frameworks that have historically made it difficult for industry to invest elsewhere. 

To be clear: decentralization of federal financial and technology regulations very well may be the right approach. But absent coordination among the 50 state governments that will seek to fill the void, the U.S. risks trading its global competitive edge and its domestic dynamism for a fractured system that cedes ground to other markets.

The opinions shared in this article are the author’s own and do not reflect the views of any organization they are affiliated with.

Citations:

• IAPP (2025): "State Privacy Law Tracker: The 2025 Expansion," Nov 2025.

• NYDFS (2025): "Industry Letter: Cybersecurity Risks Related to Third-Party Service Providers," Oct 2025.

• Economist Impact (2025): "Growth at a Crossroads: Measuring the Cost of Financial Fragmentation."

• Chainalysis (2025): "2025 Crypto Regulatory Round-Up: What Changed and What's Ahead," Dec 2025.

• Proskauer (2025): "Licensed to Mint: Inside the GENIUS Act's Game-Changing Rules," Sept 2025.

• Columbia Blue Sky Blog (2025): "The GENIUS Act and North Dakota's Roughrider Coin," Nov 2025.

• BPM (2025): "California Digital Assets Compliance Roadmap," Aug 2025.

• Freshfields (2025). "Tokenising the Future: FCA Consults on Progressing Fund Tokenisation and Real-World Asset (RWA) Rails," October 20, 2025

• White House (2025): "Executive Order: Ensuring a National Policy Framework for Artificial Intelligence," Dec 2025.

• KPMG (2025): "State Series: AI Legislation - Regulatory Alert," Aug 2025.

• Colorado General Assembly (2025): "SB24-205: Consumer Protections for Artificial Intelligence."

• California Privacy Protection Agency (CPPA) (2025). "Finalized Regulations on Automated Decisionmaking Technology (ADMT) and Risk Assessments," September 23, 2025. 

• NYDFS (2025): "Update on Part 500 Cybersecurity Requirements," Oct 2025.

• Pitts, J. (2024). "On Policy Advocacy." December 24, 2024.

• J.P. Morgan (2025). "De-dollarization: Is the US dollar losing its dominance?" Global Research Insights. 

• FCA (2025): "Research Note: Open Banking and Open Finance in the UK," Oct 2025.

• Federal Reserve Board (2025). "Understanding Trade Fragmentation," FEDS Notes, December 12, 2025.

• World Economic Forum (2025): "Navigating Global Financial System Fragmentation," Jan 2025.

• UNCTAD (2025). "Trade and Development Report 2025: On the Brink – Trade, Finance and the Reshaping of the Global Economy." Geneva: United Nations, December 2025.

Open Banker curates and shares policy perspectives in the evolving landscape of financial services for free.

If an idea matters, you’ll find it here. If you find an idea here, it matters. 

Interested in contributing to Open Banker? Send us an email at [email protected].

The Future of Tech. One Daily News Briefing.

AI is moving faster than any other technology cycle in history. New models. New tools. New claims. New noise.

Most people feel like they’re behind. But the people that don’t, aren’t smarter. They’re just better informed.

Forward Future is a daily news briefing for people who want clarity, not hype. In one concise newsletter each day, you’ll get the most important AI and tech developments, learn why they matter, and what they signal about what’s coming next.

We cover real product launches, model updates, policy shifts, and industry moves shaping how AI actually gets built, adopted, and regulated. Written for operators, builders, leaders, and anyone who wants to sound sharp when AI comes up in the meeting.

It takes about five minutes to read, but the edge lasts all day.

Sign Up. Look Smart.