Last month, the European Commission officially adopted the Privacy Shield, which boasted stronger protection for transatlantic data flows while also providing greater clarity for businesses. U.S. companies were invited to certify with the U.S. Department of Commerce beginning Aug. 1. So far? So slow.

According to The Wall Street Journal, only around 40 other companies have applied so far, including Microsoft, which applied on day one. The tepid response has been explained as many companies waiting and seeing if the Privacy Shield holds up in the European Court of Justice under an expected challenge from European privacy advocates. Some see the Privacy Shield withstanding the challenge, while model clauses — “standardized data-protection language preapproved for addition to contracts with customers” — are expected to fail. So many of the companies that do apply now see the certification as giving them a competitive edge, particularly over their competitors that use model clauses.

To be fair, when the Safe Harbor agreement was in place, the response was also lackluster. According to The Wall Street Journal, certification numbers eventually reached around 4,000. The same is expected for Privacy Shield numbers, just not anytime soon.