Brain data is the new genetic data — and it has no lawyer.

Three founders are sitting in front of me in Eindhoven. They have built a pair of headphones with twelve fabric electrodes hidden in the ear pads. The device captures their users' electroencephalogram continuously, eight hours a day, and infers focus, fatigue, stress, cognitive load. They have raised eight million euros. They have a privacy policy. They believe they are compliant. They are not, and they will discover this in roughly thirty-six months — not because they have done anything wrong, but because the law that will judge them has not yet been written.

I should be reassuring them. That is what lawyers are paid for. Instead I am about to tell them that the eight million they have raised is structurally mispriced, that their data architecture is a liability disguised as an asset, and that the regulatory regime they assume will eventually arrive will not look like the one their compliance budget anticipates. I am going to tell them that every consumer neurotechnology company in Europe is in the same position, and that the smart ones will spend the next eighteen months rebuilding their stack while the rest fund-raise into denial.

I am not telling them this because I enjoy delivering bad news. I am telling them because the alternative is to watch them, and a hundred companies like them, walk into the same wall that consumer genetic testing walked into between 2007 and 2025 — fully visible, fully predictable, fully ignored.

The vacuum they are building in is closing. Most of the people building in it have not noticed.

§ One What is actually happening

The neurotechnology market is no longer speculative. Dedicated consumer neurotech firms now make up roughly sixty per cent of the global neurotechnology landscape; consumer companies have outnumbered medical ones since 2018. Global investment climbed from €582 million in 2022 to €2 billion in 2024, and is forecast to hit €3.5 billion in 2025. The market itself is projected to reach $9 billion by 2033, growing at over twelve per cent compounded annually.

The hardware has caught up to the ambition. Muse's Athena combines EEG and functional near-infrared spectroscopy in a consumer headband. Neurable's MW75 Neuro delivers twelve-channel EEG through fabric sensors hidden in the ear pads of a luxury headphone — a product the company is now licensing to OEMs across "headphones, hats, glasses, and headbands." Samsung has shipped NeuroSense as a mainstream smartphone-tier accessory. Emotiv ships fourteen-channel research-grade EEG kits to consumers. Muse alone has captured over one billion minutes of brain data from its users.

None of this is meaningfully regulated as neurotechnology. The Medical Device Regulation reaches the implantable end of the spectrum — deep-brain stimulators, Synchron-style intracranial devices, Neuralink — but consumer wearables fall outside it almost by definition. The AI Act regulates certain AI uses, including subliminal manipulation, but contains no neuro-specific risk classification. The GDPR, as it stands, does not mention neural data at all. Whether the brain signals streaming out of these devices qualify as Article 9 special category data depends, perversely, on the purpose of recording: medical EEG is health data; the same waveform captured by a meditation app may not be. The Spanish data protection authority and the European Data Protection Supervisor have described this in their joint TechDispatch as a "regulatory asymmetry." That is putting it gently.

The European Charter for Responsible Neurotechnology Development, signed in 2024, recognised brain data stewardship and the prohibition of cognitive manipulation as principles. It is non-binding. It has the legal force of a strongly-worded letter.

§ Two Why this is structurally different

The European data protection establishment will tell you this is fine. The argument runs roughly as follows: brain data is just another sensitive category, the GDPR machinery will eventually extend to cover it the way it covered genetic data and biometric data, and the existing patchwork — Article 9, the MDR, the AI Act, the e-Privacy Directive, sector guidance — is, in the words of one European thinktank head, "quite a comprehensive way" of handling it.

This is wrong. It is wrong in three specific ways that founders should understand, because each of the three breaks one assumption that the current European framework was built on, and none of the three can be fixed by extending what already exists.

The inference problem

The first assumption is that the protection of a data category can be calibrated to the data as recorded. Genetic data is sensitive because of what it directly reveals. Biometric data is sensitive because it identifies. Brain data is different in kind: the raw signal — an oscillation in microvolts captured at the scalp — reveals almost nothing on its own. The sensitivity lies entirely in what can be inferred from it, and inference is a moving target. The same EEG recording, processed with one model in 2026, tells you a user's focus score. Processed with a better model in 2029, the same recording tells you their political orientation, their early Parkinsonian biomarkers, and whether they were lying during a specific minute on Tuesday.

This is not theoretical. Research already shows that neural data can re-identify individuals when cross-referenced with social media photographs of their faces. Algorithms can now infer language, images, dreams, and intentions from neural activity at progressively higher fidelity. The data category is uniquely retroactively informative: the dataset you collected lawfully in 2026 will, in 2029, contain information you did not consent to disclose because no one could yet extract it.

Consent under the GDPR is supposed to be specific and informed. How do you obtain informed consent for inferences that do not yet exist?

The categorisation arbitrage

The second assumption is that purpose-based categorisation — the GDPR's mechanism for deciding what counts as health data — can survive the consumer-medical convergence. It cannot, because companies have learned to game it.

Today, an EEG headset sold for "meditation" sits outside Article 9. The same headset, sold to a clinician for the same use, sits inside it. The same headset, sold to a consumer who then receives an app-generated alert that her brain activity "matches patterns associated with depression," sits — where? Consumer device companies have written their privacy policies and marketing copy specifically to keep one foot outside the medical regime. They sell to "wellness," not "health." They detect "focus," not "attention deficit." They infer "cognitive performance," not "cognitive decline." When their devices, in practice, identify clinical conditions, they describe this in user-facing copy as "general well-being insights."

This is regulatory arbitrage by linguistic choice. It is a strategy with a known shelf life. Every previous category of consumer technology that has been built on linguistic distance from the regulated category — adtech as "audience measurement," scraping as "publicly available data," face recognition as "biometric authentication" — has discovered that regulators eventually look through the language to the function. The neurotech industry is two product cycles away from that moment.

The intra-bodily exception that isn't

The third assumption is the deepest, and it is the one that gives the neurorights movement its philosophical force. European data protection law has always operated on the assumption that there is some space outside the data regime — a sphere of pure interiority where the law has nothing to regulate because nothing can be observed. Cogitationis poenam nemo patitur: no one suffers punishment for thought. The brain has been, for the entire history of liberal legal systems, the paradigm case of the unobservable interior.

Consumer neurotechnology dissolves that assumption. Not metaphorically — physically. The headphones do, in fact, observe the interior. The interior is, in fact, a data stream. The question is no longer whether thought can be private from the law; it is whether the law can guarantee that thought stays private from the platforms.

That is not a question existing data protection frameworks were designed to answer. It is a question that requires either a new framework or an extension so substantial that calling it an extension is misleading.

§ Three The architecture problem

For founders, the question is not whether regulation will arrive. The question is whether the company you built in 2026 is still the same company after it does.

Software companies have learned to treat regulatory shifts as a compliance problem: you update your policy, you renegotiate your DPA, you add a lawful basis, you toggle a setting. This is how most companies survived GDPR. It worked because GDPR, at the moment of enforcement, demanded mostly procedural changes — documentation, lawful bases, DPIAs, controller-processor mapping. Painful, but adjustable.

Brain data regulation will not be a procedural problem. It will be an architectural one. The questions the next generation of European neuro-specific rules will demand answers to are not questions about paperwork. They are questions about how the product was built, and most of those questions have been answered already, in firmware, by engineers, with no lawyer in the room.

Three of those questions matter most.

Where does the inference happen?

A device that streams raw EEG to the cloud is a fundamentally different legal object from a device that processes EEG on-device and transmits only derived metrics. The first creates a permanent, growing dataset of raw neural signal — a dataset whose latent informational content expands every time the inference models improve. The second creates a stream of bounded inferences.

Under the frameworks that are coming — and the signals are everywhere if you know where to look: Considerati's analysis of proposed GDPR revisions, the Parliament Ethics Panel's terms of reference, the architecture of the Connecticut and Colorado statutes, the language of the UNESCO recommendations — the first product will be treated as a high-risk data controller of special category data, with continuing retroactive consent obligations as inference capability grows. The second product, structurally, will not.

The difference between the two architectures is a few thousand lines of firmware. The difference in legal exposure is roughly an order of magnitude. Almost no company in this space is making that trade deliberately. They are making it by default, in favour of the more dangerous architecture, because raw cloud-side data is what trains better models, what justifies higher valuations, and what makes the engineering simpler.

What is the retention model?

The second architectural question is whether the company retains raw signal data at all after inference. The default answer, for any AI-first company in 2026, is yes — because raw data is what trains the next model. The product roadmap depends on accumulating it. The valuation depends on accumulating it. Investors specifically ask, during due diligence, how large the proprietary dataset is.

The same dataset that justifies the Series A is the dataset that, under a future Article 9 amendment, may require retroactive explicit consent from every contributor — consent that, given churn, will be partially uncollectable. The Chilean Supreme Court has already ordered a company to delete a consumer's neural data. Colorado and Connecticut create individual deletion rights that map onto raw signal storage with imperfect grace. The 2025 Senate letter to the FTC explicitly raised the inferability problem.

The companies that will struggle most are not the ones with the best technology. They are the ones with the largest raw-signal corpora and the loosest consent architecture under which that corpus was collected.

What is the inference disclosure regime?

The third question is the one founders find most counter-intuitive. The legal frameworks emerging in Chile, in the Connecticut CTDPA, and in the trajectory of the European Charter all converge on something stronger than transparency. They converge on a duty to disclose, to the user, what is being inferred about them — including inferences the user did not request.

This is a deeper obligation than GDPR's right of access. It is an affirmative duty: if your model infers that the user appears to exhibit early markers of major depressive disorder, the regime will increasingly require you to tell them — or to architect your product so that it does not infer this. There is no third option.

Companies are not building toward this. Their inference models are designed to be commercially extensible: today, "focus." Tomorrow, attention deficit indicators. The day after, mood. Each inference unlocks a new feature, a new partnership, a new revenue line. The legal frameworks emerging will treat each new inference as a new processing purpose, requiring fresh lawful basis and fresh disclosure. The companies that built modular inference architectures will adapt. The companies that built monolithic models, where new inferences fall out of the same underlying processing pipeline, will not.

§ Four The 23andMe parallel, examined

The closest historical analogue is the trajectory of consumer genetic testing between 2007 and 2024. The structural similarities are uncomfortable.

23andMe began shipping direct-to-consumer genetic tests in 2007, on the assumption that the genetic information generated belonged to the consumer who paid for the test. For seven years, the regulatory regime allowed this. In 2013, the FDA ordered 23andMe to stop offering health-related interpretations, a decision the company resolved through long negotiation. The data, meanwhile, accumulated. By 2018, the company had pivoted its commercial model toward selling de-identified genetic data to pharmaceutical research partners — a use the original consumers had agreed to in principle but, in practice, almost certainly did not anticipate when they paid ninety-nine dollars to find out if they were Welsh.

In 2023, 23andMe was breached: nearly seven million customer records, including detailed ancestry and genetic information, were exposed. The legal aftermath has been extensive. The commercial aftermath was worse: the company filed for bankruptcy protection in 2025. The asset of greatest value on its balance sheet — its genetic database — became the asset of greatest legal complexity to sell.

Every step in this trajectory was visible in advance. The collection mechanism, the inferability of new information from old samples, the retroactive consent problem, the architectural impossibility of selectively deleting genetic data from training corpora — all of it was identifiable in 2010. The companies and the regulators and the lawyers who were paying attention saw it. Those who were not paying attention — most of them — built businesses that, fifteen years later, no longer make sense.

The neurotechnology trajectory is rhyming, not repeating. The differences matter, but they make the situation more acute, not less. Neural data is more inferentially dense than genetic data. The inference models improve faster than genetic interpretation models did. The consumer adoption curve is steeper, because the form factor (headphones, glasses, earbuds) is one consumers already wear. The regulatory window between mass collection and binding rules will be shorter, because UNESCO, the European Parliament, Connecticut, Chile, the FTC, and the Spanish DPA are already moving in coordination.

Founders who are building consumer neurotechnology in 2026 are not where 23andMe was in 2007. They are where 23andMe was in 2013, with less time, and more sophisticated regulators watching.

§ Five What founders should actually do

Legal essays that end in checklists are usually selling something. I am, in this section, going to do that anyway, because there are four decisions a founder building in this space can make this week that will determine whether the regulatory turn finds them prepared or finds them in front of the AFM with a deletion order. These are not optimal moves. They are the minimum.

The first decision is to treat brain data as Article 9 special category data now, regardless of whether your specific use case formally requires it. This is more conservative than the law currently demands. It is also dramatically cheaper than retrofitting Article 9 compliance to a corpus of consent records collected on lesser bases. And it is increasingly the only position that survives enterprise procurement diligence — sophisticated buyers in 2027 will not sign with vendors whose consent architecture assumes the regulatory minimum, because they have learned, from adtech and from GDPR, what that costs them later.

The second decision is to architect for on-device inference. Process the signal locally; transmit only the derived metric. Retain raw signal only with separate, granular, revocable consent, and only for explicitly disclosed model-improvement purposes. This is not just better privacy hygiene. It changes the company's classification under every emerging framework. A device that transmits only inferences will be regulated like a fitness tracker. A device that streams raw EEG will, increasingly, be regulated like a medical device — and the gap between those two regulatory regimes is roughly two years of engineering work and ten million euros of legal cost.

The third decision is to build inference modularity into the product from the start. Each inference type — focus, fatigue, mood, attention, stress, anything else — must be a separately consented processing purpose, with its own disclosure, its own lawful basis, and its own deletion endpoint. This will feel painful to engineering. It will feel painful to product. It is also the only architecture that survives a regime in which "we shipped a new inference" becomes a notifiable event.

The fourth decision is the one most founders will refuse to make. It is to write down, in the company's own internal documentation, in language a future regulator could read, that the company is operating in a regulatory vacuum that will close. To budget for the closure. To raise capital that anticipates it, rather than capital that requires the closure not to happen on the deployment horizon. Investors who understand the space — and the number is small but growing — will reward this framing. Investors who do not will fund a different company that fails three years later. There is no third option here either. There is only the question of which kind of investor you are taking money from.

§ Six The lawyer's confession

Lawyers are paid to be cautious. That is, in fact, the deal: you pay us to find reasons your plan might not work, so that you can find ways around them before someone else does. I am about to do something lawyers are not supposed to do, which is to step outside the cautious frame and say something I cannot, in the formal sense, prove.

The European consumer neurotechnology industry, as currently structured, will not survive contact with the regulatory regime that is being written for it. Not most of it. Not the largest companies. Not the best-funded ones. The companies that will survive are the ones that are, today, treating themselves as if the regulation already existed — and that is a vanishingly small number.

The honest description of the current state of European brain data law is that it does not exist. There is no neuro-specific instrument. There is no settled case law. The Spanish DPA and the European Data Protection Supervisor have published a TechDispatch, not enforcement guidance. The Parliament's Ethics Panel is studying. The Charter is non-binding. The GDPR's special category provisions arguably extend, but no court has said so. The MDR clearly does not apply to consumer wearables. The AI Act partly applies, in narrow ways, mostly to manipulation rather than data.

That means a European founder shipping consumer neurotechnology today is operating in a space where what they are doing is legal because nothing has yet been said to make it illegal. That is a coherent legal position. The investor pitch built on top of it is a kind of bet — a bet that the regulators will not arrive before the exit, that the term sheet will price the risk, that the next round will fund the rebuild. It is the same bet that adtech made, that scraping made, that cookie tracking made, that biometric surveillance in public spaces made, and that consumer genetic testing made.

It is worth noting how each of those bets ended. Adtech: GDPR enforcement, business model rewrites, multi-billion-euro fines. Scraping: noyb complaints, CJEU rulings, training data audits. Cookie tracking: forced consent flows, third-party cookie collapse. Biometric surveillance: outright bans in several Member States. Consumer genetic testing: 23andMe bankruptcy, with its genetic database — once the asset that justified the entire valuation — now the asset that nobody knows how to sell, because the consent under which it was collected does not survive what its new owners would do with it.

Each of these industries had lawyers. Each of those lawyers told the founders, in 2008 or 2012 or 2017, that the regulatory position was tenable. Each of those lawyers was, in the narrow legal sense, correct. Each of them was, in the larger sense, wrong, because the question was never whether the regulator could be defeated in court today. The question was whether the company could survive the regulator's eventual arrival. Most could not.

I am writing this because I have read enough term sheets in the neurotech space to know that the founders signing them have not been told this clearly. Their lawyers, who are good lawyers, have told them what the law says today. The lawyers have not told them what the law will say in 2028, because lawyers do not, as a profession, like to make predictions. I will: the law in 2028 will treat raw neural data as Article 9 special category data, will require inference-specific disclosure, will impose deletion obligations that map onto datasets nobody currently knows how to delete from, and will be enforced retroactively against companies whose architectures cannot adapt. The companies whose architectures can adapt will be worth a great deal. The companies whose architectures cannot will not be worth what their last round priced them at.

Brain data is more sensitive than any consumer data category that came before it. It implicates rights — to mental integrity, to cognitive autonomy, to thought itself — that European legal traditions have protected for centuries without ever having to operationalise them, because no technology had existed to threaten them. Now one does. And the law is preparing.

The founders in Eindhoven did not love hearing this. I do not love writing it. But the choice between hearing it now and hearing it later is not actually a choice, because later will be too late to act on. The cost of architectural reform is a function of how much you have built before you start. The cost is, today, low. In two years it will be high. In four years, for most companies, it will exceed the value of the equity that would have to be issued to pay for it.

That, in my professional opinion, is the position. I am happy to be proven wrong.