Cloud Regulation - Part 4: The Data Act dictates terms for switching cloud services and establishes a contractual framework between service users and cloud providers
The European Data Act, enacted on December 13, 2023 and effective from January 11, 2024, aims to facilitate cloud switching for users of data processing services, such as cloud providers (IaaS, PaaS, SaaS). The Act imposes clear regulations to remove obstacles and foster competition, preventing vendor lock-in and empowering data users.
Key regulations include the requirement for providers to remove all technical, contractual, and other barriers, ensuring customers can terminate contracts and port data easily. Contracts must include specific clauses detailing the right to switch providers within a maximum of 30 days, a maximum notice period of 2 months to initiate switching, specifications about portable data and data transfer procedures, and clear obligations on information provision about switching procedures and data formats.
Customers must be able to switch providers without facing unjustified switching charges. From January 12, 2027, switching charges are banned entirely. Before that date, charges must not exceed actual switching costs incurred by the provider. Early termination penalties remain allowed but separate from switching fees.
Providers must ensure the technical infrastructure supports easy data portability. They must set up interfaces for data transfer, ensure compatibility with interoperability standards, and data must be exportable in structured, commonly used, and machine-readable formats.
The EU Commission will provide a catalogue of standard contract clauses to assist providers in compliance and clarify obligations regarding switching. Chapter VI of the Data Act contains regulations for contractual relationships between data processing services and their customers, making it easier to switch between data processing services.
The Data Act applies directly within the EU from September 12, 2025. All parties involved are obliged to act in good faith. If the provider is unable to comply with the transition period for technical reasons, an extension of the transition period to a maximum of 7 months is possible in individual cases. The data must continue to be accessible for at least 30 days after the end of the transition period.
The respective contract must provide for a binding transition period of a maximum of 30 days. The switching provisions only apply if the "same type of service" exists for the initial and target or switching provider. Upon successful completion of the change, the provider must guarantee the deletion of the customer's exportable data and digital assets.
The Data Act is a part of the European data strategy, aiming to improve interoperability of software and data use, promoting innovation within the EU. It obliges "data processing services", which are digital services that provide ubiquitous and on-demand network access to a shared pool of configurable, scalable, and elastic computing resources. Providers need to update contracts and technical setups accordingly by the Data Act’s main application date (September 12, 2025), with stricter cost rules effective from January 2027.
- Under the European Data Act, competition law is introduced to prevent vendor lock-in and ensure easy data portability for customers, by requiring providers to adhere to specific regulations such as removing technical and contractual barriers, and providing standard data transfer procedures.
- To comply with the European Data Act, providers must abide by the stipulations related to intellectual property rights, ensuring that customers can switch providers without facing unjustified charges, and ensuring data is exportable in machine-readable formats to promote interoperability and technological innovation within the EU.
