Are you ready for the Data Act?

What is this all about?

Chapter VI of the Data Act introduces new requirements for providers of data processing services to allow customers to switch from one provider to another.

Are you a provider of data processing services?

You probably are if you offer the following services:

• Cloud: IaaS, PaaS, SaaS
• Storage: Storage-as-a-Service, Database-as-a-Service
• Data: Data-as-a-Service, AI-as-a-Service
• Edge: IaaS, PaaS, SaaS

You are excluded if you only offer:

• Hosting: Conventional hosting services (without scalable and elastic resources)
• Other excluded services: Services that do not offer access to shared pools of configurable and scalable distributed computing resources

What you need to do

1. Contract updates

All contracts must include specific clauses on switching, deadlines and data transfer methods

Warning: Existing contracts should also ensure the right to switch to another provider.

2. Technical infrastructure set up

• Set up interfaces for data transfer
• Ensure compatibility with interoperability standards
• Ensure that data are exportable in structured, commonly used and machine-readable formats

3. Abolition of switching charges

• From 12 January 2027 switching charges will be completely banned
• Until then, charges must not exceed the actual costs related to switching
  incurred by the provider
• Price lists and commercial documentation must be updated accordingly
• Early termination penalties will remain possible

4. Implementation of transparency measures

• Document and make available information on switching procedures
• Set up online registers containing details of all the data structures and data formats
• Publish information on the jurisdiction of the infrastructure and on government anti-access measures

Critical points

Required switching timelines

• Prior Notice: Max 2 months
• Transition: Max 30 days
• Data retrieval: Max 30 days

Functional equivalence (IaaS Services)

• Assist the customer in achieving comparable results with the new provider
• Provide capabilities, information, documentation, technical support and, where appropriate, the necessary tools

Accountability and security

• Uphold a high level of security during the switching process
• Maintain business continuity without service disruptions
• Address any security incidents that may affect customer data

Good faith cooperation

• Duty to cooperate in good faith with the customer and new provider to ensure effective switching
• Avoid placing commercial, technical, contractual or organisational obstacles to switching

Specific regimes

You are (partially) excluded if you provide:

• Custom-built: Services tailored for an individual customer (but many obligations still apply)
• Testing: Non-production services (for testing and evaluation purposes, e.g. beta services)

REMEMBER: Under these circumstances, you must clearly inform the customer before entering into the contract!

Was bedeutet „kundenspezifischer Dienst“?

A service whose main features have been tailored to meet the specific requirements of an individual customer, or whose components have been entirely developed for a single customer‘s purposes.                           

Warning: If you subsequently offer this service commercially on a large scale, full obligations will apply.

Which obligations still apply to “custom-built“ services? (non-exhaustive list)

• Make open interfaces available
• Ensure data can be exported in structured format
• Provide all required information for the switching process

Timeline

12 September 2025: All contracts must be compliant. The entire legal framework of Chapter VI of the Data Act becomes enforceable.

12 January 2027: Complete ban on switching charges. Providers will be unable to charge any switching costs.

Are you ready?

• Review your existing services and contracts
• Plan required technical changes
• Update contractual documentation
• Develop adequate switching procedures