Move fast and drown in paperwork

Startups move fast. Regulations don’t.

For early-stage companies, compliance often feels like sand in the gears. You’ve got a scrappy team, a tight runway, and a product to build—but instead, you're elbow-deep in cookie banners and policy templates. And the worst part is, it’s usually essential.

Especially if you’re handling anything remotely sensitive—like, say, health data. Which, when you work in health and wellbeing tech like I do, is pretty much a given,

This was the case for Mana Medical, one of my clients, where I supported one of the founders to make her way through the laborious process of achieving GDPR, Cyber Essentials and Cyber Essentials Plus accreditation.

She worked on it full time for months, doing the whole process herself, aside from occasional technical support from me and other advisors. That was time that could have been spent on their mission to improve the lives of rheumatoid arthritis sufferers.

I’m now working through the process myself for Towards, and feeling the pain firsthand, despite being able to afford helpful but expensive SaaS tools to support the process.

It’s a frustrating paradox: the more important your product, the more time you spend proving you're not a liability.

And yet, speed without survival is pointless. Compliance is the tortoise in the “move fast and break things” race—slow, expensive, deeply unsexy—but still somehow alive at the finish line.

That’s the tension: you can’t afford to ignore regulation, but the process of engaging with it can kill momentum. Ergodicity 101—future gains don’t matter if you’re dead in the present.

This isn’t a call to give up on standards. It’s a call to find a better way through them.

More tomorrow.