For more than 50 years, Moore’s Law has stood as a core principle of technology innovation, asserting that computers would rapidly and consistently get faster and cheaper. The same rules of speed do not apply to government and policy. For years, innovation has outpaced the law and consumer protections, but now Big Tech and global governments have come to a head, and change is underway.

The major tech firms that we rely on today have run user privacy flat. Each day, it seems as if there is another data breach, or a report on how our data is re-packaged and sold. These abuses of trust have eroded public trust in the services and companies that we use. Now, legislators across the globe have started to take notice and begin what can only be described as a protective crackdown.

Sentiments are changing and are creating a backlash against many firms. Equifax, Facebook, Twitter, even Uber have all suffered as a result of the backlash from leaked data. The demand for oversight boards on AI and autonomous vehicles has increased as these technologies have advanced further. What business needs to realize is that regulation is here, and whether they like it or not. If they don’t adapt, they face steep financial fines and lasting reputational damage.

The main driver for this is, of course, the de facto user privacy and internet rights legislation: GDPR. Whilst this kind of regulation is typically restricted by geopolitical borders, GDPR is not, and has power beyond any one legislator’s jurisdiction. The EU knows this and has willingly embraced its newfound position as the worldwide enforcer and protector of internet rights.

The right to privacy and data protection that the new regulation imposes is undoubtedly good for society, but will it also pose a new challenge to today’s tech industry, where Silicon Valley remains the center of gravity. The challenge? Adjust to playing the game by someone else’s rules or lose your leadership position in the technology food chain.

The new frontier of data privacy

At the dawn of the digital world as we know it today, the United States regulators passed the Sarbanes-Oxley Act of 2002 to increase data transparency, competition, but also crucially – accountability. The U.S. set the tone on a global scale – Sarbanes-Oxley was strict, backed up by hefty penalties for non-compliance, and companies across the globe adopted SOX as their own. Today, these same powers apply to GDPR, giving France and Germany – the leaders of a post-Brexit EU – regulatory authority that will span most of the western world.

Given the EU’s economic reach and influence, businesses will have a few options. The first will be to build alternative systems and processes for different legislatures – this will be expensive, time consuming, and complex. Or they can defer to someone else’s rules – that of the EU. This is less difficult; as we’ve already seen, GDPR has quickly become the default for standards in privacy across the net from the U.S., to Germany, to everywhere in between.

The ability to turn local laws into global de-facto standards requires legislative power and massive economic influence. Currently, only the United States, China, and European Union fit the bill. In the U.S., a deeply divided and gridlocked Congress has meant data and privacy legislation is being tackled at the state level. China is largely absent from this conversation as their internet and stance on privacy has diverged from the west. And if the U.K. does leave the EU, Its market will be too small and the government likely too fragmented to drive global policy without EU backing.

Facebook Data Privacy An illustration picture taken through a magnifying glass shows the icon for the social networking app Facebook on a smartphone screen in Moscow, March 28, 2018. Photo: MLADEN ANTONOV/AFP/Getty Images

A break from the EU would leave the U.K. in a similar position to Australia, where major tech companies threaten to cut jobs and products rather than bend to the will of legislators.

The next holder of the digital map

Despite the common rhetoric stating otherwise, policy and innovation do work together and are complementary. Throughout history, different approaches from governments have enabled innovation to thrive, whether through subsidies, tax breaks or exemptions.

Though the era of an unchecked internet is coming to an end, innovation itself will continue to sail ahead. In fact, two new camps will emerge – new technology encompassing robotics and AI, and innovation rooted in compliance, encryption, and security, helping people gain sovereignty over how companies collect and retain their personal data.

The governing body that leads the regulatory wave will heavily influence how businesses of the future operate and innovate. Due to its legislative gridlock, the U.S. is looking less able to define the next chapter, leaving Europe wide open to take the lead. That means tech companies must give up some of their Silicon Valley Frontierism for Emmanuel Macron’s “l’Europe qui protège,” or “The Europe that protects.”

While the details of policies and predictions of the outcome are worth debating, the clear worst-case scenario is taking no action. If the west cannot stand united, China will readily take advantage of the opportunity to widen its influence. This would be a devastating loss for democracy and privacy advocates around the world.

Leadership over the next generation of the internet is up for grabs, but much more than that is at stake, who emerges from the power struggle will influence our views on innovation, privacy, and personal freedom for years to come? Let’s hope they have our best interests at heart.

(Emmanuel Schalit is the CEO of Dashlane)