The Data Act[i] introduces new rules for switching between providers of data processing services, including cloud services (‘cloud switching’).
The aim is to limit practices that prevent such switching (‘vendor lock-in’), such as high exit fees and technical obstacles, and to ensure the interoperability of cloud services. Let’s take a look at what cloud users should pay particular attention to.
You will not be charged for switching
The Data Act provides for the gradual abolition of fees associated with cloud switching.
Until 12 January 2027, ‘cost-based fees’, which are limited to the actual costs incurred by the provider in connection with the migration process, are still permissible.
After this date, such fees will be prohibited. This means, in particular, that it will be illegal to charge data egress costs and other fees related to the migration process.
At the time of entering into a contract, the cloud service provider must inform the user of all potential costs associated with the switching process during the transition period. This regulation aims to make migration conditions predictable, enabling companies to plan their strategies without the risk of unexpected financial burdens.
Interoperability and functional equivalence
The Data Act places emphasis on the technical possibility of switching and on ensuring the continuity of service functionality.
It defines functional equivalence as ensuring that the destination service provides the customer with at least the minimum level of functionality they experienced with the source service.
In practice, this means that, following a switch, the new cloud service should deliver a comparable outcome when carrying out the same functions and operations.
Equivalence obligations particularly apply to IaaS (Infrastructure as a Service) providers. They must “take all reasonable measures in their power” to ensure that customers achieve functional equivalence after switching providers.
In other words, the current provider should provide the necessary tools, documentation, technical support and capabilities for migrating data and the application environment.
Providers of other types of services, including PaaS and SaaS, are required to provide open interfaces (APIs) for communication and data migration at no additional cost. These interfaces must contain sufficient information about the structure and formats of the data to enable interoperability.
Impact on contracts and technology
The Data Act introduces a number of new requirements regarding the wording of cloud service contracts.
Such a contract should explicitly regulate the switching process and include provisions that enable the customer to:
- Transfer data and functionalities to a new provider or to their on-premises infrastructure ‘without undue delay’ and not after a 30-day migration period
- Terminate the contract after a maximum notice period of 2 months
- Have an exhaustive description of the data to be migrated and that which should be exempted in order to protect trade secrets
- Obtain a guarantee that the data will be retrievable for at least 30 days after migration
- Obtain a guarantee of the full erasure of their data by the service provider once the migration process is complete
- Receive a description of possible switching charges
In addition, the contract may stipulate that, once the notice period has expired, the customer will decide whether to switch to a different provider, port the data to an on-premises infrastructure, or erase it.
Before concluding the contract, the provider must also provide the customer with information on migration procedures and data structures and formats, including technical specifications and standards.
These procedures, along with information on jurisdiction and infrastructure security, should be available on the provider’s website. Finally, the Data Act imposes a general obligation on all parties — the current and destination providers, as well as the customer — to cooperate in good faith to ensure a smooth switching process and continuity of service.
Data Act – exemptions and limitations
The legislature has provided exemptions from switching obligations, which generally apply to data processing service providers (including cloud service providers). These provisions do not require providers to develop new technologies or disclose protected information, particularly trade secrets or copyrighted content.
Furthermore, they do not apply to customised services, i.e. custom-built solutions for a single client that are not offered on a large scale, or trial versions/experimental services made available periodically. Before concluding a contract, providers should explicitly inform users if the service in question is subject to such exemptions.
Summary
The Data Act requires a significant change in approach to cloud services. Companies should review their contracts and start planning updates immediately. It is crucial to introduce appropriate switching provisions and remove or renegotiate exit fees. Companies must also prepare their infrastructure, both technically and organisationally, for interoperability and migration in accordance with the new regulations.
Any questions? Contact us
[i] Regulation (EU) 2023/2854 of the European Parliament and of the Council
