9

Cloud migration after the Data Act: new rights, lower costs and greater freedom

20 October 2025 | Knowledge, News, The Right Focus

The Data Act[i] introduces new rules for switching between providers of data processing services, including cloud services (‘cloud switching’).

The aim is to limit practices that prevent such switching (‘vendor lock-in’), such as high exit fees and technical obstacles, and to ensure the interoperability of cloud services. Let’s take a look at what cloud users should pay particular attention to.

You will not be charged for switching

The Data Act provides for the gradual abolition of fees associated with cloud switching.

Until 12 January 2027, ‘cost-based fees’, which are limited to the actual costs incurred by the provider in connection with the migration process, are still permissible.

After this date, such fees will be prohibited. This means, in particular, that it will be illegal to charge data egress costs and other fees related to the migration process.

At the time of entering into a contract, the cloud service provider must inform the user of all potential costs associated with the switching process during the transition period. This regulation aims to make migration conditions predictable, enabling companies to plan their strategies without the risk of unexpected financial burdens.

Interoperability and functional equivalence

The Data Act places emphasis on the technical possibility of switching and on ensuring the continuity of service functionality.

It defines functional equivalence as ensuring that the destination service provides the customer with at least the minimum level of functionality they experienced with the source service.

In practice, this means that, following a switch, the new cloud service should deliver a comparable outcome when carrying out the same functions and operations.

Equivalence obligations particularly apply to IaaS (Infrastructure as a Service) providers. They must “take all reasonable measures in their power” to ensure that customers achieve functional equivalence after switching providers.

In other words, the current provider should provide the necessary tools, documentation, technical support and capabilities for migrating data and the application environment.

Providers of other types of services, including PaaS and SaaS, are required to provide open interfaces (APIs) for communication and data migration at no additional cost. These interfaces must contain sufficient information about the structure and formats of the data to enable interoperability.

Impact on contracts and technology

The Data Act introduces a number of new requirements regarding the wording of cloud service contracts.

Such a contract should explicitly regulate the switching process and include provisions that enable the customer to:

  • Transfer data and functionalities to a new provider or to their on-premises infrastructure ‘without undue delay’ and not after a 30-day migration period
  • Terminate the contract after a maximum notice period of 2 months
  • Have an exhaustive description of the data to be migrated and that which should be exempted in order to protect trade secrets
  • Obtain a guarantee that the data will be retrievable for at least 30 days after migration
  • Obtain a guarantee of the full erasure of their data by the service provider once the migration process is complete
  • Receive a description of possible switching charges

In addition, the contract may stipulate that, once the notice period has expired, the customer will decide whether to switch to a different provider, port the data to an on-premises infrastructure, or erase it.

Before concluding the contract, the provider must also provide the customer with information on migration procedures and data structures and formats, including technical specifications and standards.

These procedures, along with information on jurisdiction and infrastructure security, should be available on the provider’s website. Finally, the Data Act imposes a general obligation on all parties — the current and destination providers, as well as the customer — to cooperate in good faith to ensure a smooth switching process and continuity of service.

Data Act – exemptions and limitations

The legislature has provided exemptions from switching obligations, which generally apply to data processing service providers (including cloud service providers). These provisions do not require providers to develop new technologies or disclose protected information, particularly trade secrets or copyrighted content.

Furthermore, they do not apply to customised services, i.e. custom-built solutions for a single client that are not offered on a large scale, or trial versions/experimental services made available periodically. Before concluding a contract, providers should explicitly inform users if the service in question is subject to such exemptions.

Summary

The Data Act requires a significant change in approach to cloud services. Companies should review their contracts and start planning updates immediately. It is crucial to introduce appropriate switching provisions and remove or renegotiate exit fees. Companies must also prepare their infrastructure, both technically and organisationally, for interoperability and migration in accordance with the new regulations.

Any questions? Contact us

 

 

[i] Regulation (EU) 2023/2854 of the European Parliament and of the Council

 

Latest Knowledge

The new National Cybersecurity System

The amendment to the Act on the National Cybersecurity System (UKSC) is one of the most significant regulatory reforms in recent years. Its main objective is to align Polish law with Directive (EU) 2022/2555 of the European Parliament and of the Council. The directive, also known as NIS2, substantially raises digital security requirements across the Union. The Polish Act on the National Cybersecurity System has undergone a thorough overhaul, covering more organisations (with estimates suggesting nearly 40,000 entities), introducing more demanding obligations, statutory personal liability for management board members, and even more stringent rules for imposing financial penalties. In the case of the most serious violations, these penalties can reach 100 million PLN.

‘Made in Europe’ is no longer just a slogan. It is becoming law

Until recently, ‘Made in Europe’ was just a label. While it was useful for marketing purposes, it lacked any hard, normative content. This may soon change. On 4 March, the European Commission published a proposal for the Industrial Accelerator Act, stipulating that, from 2027 onwards, the Union origin of components will be a prerequisite for participating in renewable energy auctions, accessing public funding, and for being eligible to participate in public procurement procedures. The slogan ‘Buy European’ could become a concrete instrument for supporting local production and controlling foreign investment.

Non-obvious cases of transferring an establishment to a new employer

The transfer of all or part of an establishment (zakład pracy) is a special concept in labour law relating to changes in ownership. Put simply, it is the automatic transfer of all the rights and obligations of the employer from one entity to another, without the need for any additional actions or consents from the parties involved. However, this must be preceded by the fulfilment of a range of informing obligations by both the new and former employers. Let’s take a look at what the process should involve.

Protecting yourself against tax risks in the deposit-return system

The deposit-return system has been in place since October 2025, raising significant tax concerns from the outset. Although the regulations came into force, it was unclear for a long time how to apply them in practice. Some of the regulations needed clarification, some solutions were missing and the published explanations did not cover all the key issues. Consequently, the market began to develop its own operating standards.

Banking sector overview | Banking today and tomorrow | March 2026

On 12 February 2026, the Court of Justice of the European Union (CJEU) issued a judgment concerning the use of the WIBOR index in loan agreements. The CJEU judges confirmed that, in consumer cases, courts cannot examine the correctness of the WIBOR calculation. The banks had correctly informed their clients about the reference rate in accordance with national and EU law.

The issue of the National Labour Inspectorate reform has resurfaced

A new draft law proposing changes to the way the National Labour Inspectorate operates has been submitted to the Sejm. During its first reading on 25 February, the draft was not rejected and was therefore referred to the Social Policy and Family Committee for further consideration. Despite the concerns and controversies raised so far, including by businesses, the legislature continues to pursue the thorough modernisation of Poland’s employment model, which involves increased supervision of the labour market and curbing the abuse of civil law contracts. In this article, we will take a look at the proposals included in the new draft and explain what they mean for businesses.

Polish AI boom

According to the latest data, nearly 15,000 companies dealing with artificial intelligence were registered in Poland in 2025.[1] This testifies to an undoubted boom in AI, as well as to the dynamic changes related to the development of this technology. However, amid the rush to implement AI, do companies consider the most important issue: securing the outcomes of their work and protecting themselves against competitors? In this article, we explore this issue and suggest ways to avoid costly problems.

Contact us:

Robert Brodzik

Robert Brodzik

Advocate / Counsel / NewTech / Data Protection and Cybersecurity

+48 532 206 479

r.brodzik@kochanski.pl