A European regulator threw down the gauntlet on new rules governing when, if, and how data gets shared across the Atlantic Ocean, basically telling her American counterparts that it’s their job to figure it out.
“It is now for the U.S. to come back with their answers” said Vera Jourova, the European commissioner for Justice and Consumers, according to IDG News Service. Jourova spoke during a press conference in Brussels on Friday.
Last month, the European Court of Justice jettisoned the 15-year-old Safe Harbor agreement that had governed such data transfers until now. Under that pact, companies could move customer data across the Atlantic without asking the customers’ permission first, but the court held that the agreement violated citizen privacy rights.
Last month, European regulators said that the new framework should be set within three months so the clock is ticking.
This is a huge deal for U.S. tech companies, including Microsoft (MSFT), Google (GOOG), and Salesforce (CRM), which cater to an international customer base and store petabytes of user data in data centers worldwide. Microsoft president and general counsel Brad Smith recently proposed broad guidelines as to how the new framework should look.
Companies can use standard contract clauses that spell out rules for getting consent to transfer data, but that puts the onus on the company originating that transfer. Until the U.S. and Europe establish a new agreement, data transfers will be a much more complex process.
And please subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.