12 Sep 2025
7 minute read

Cloud switching under the EU Data Act

Action planning and contract drafting in light of interoperability and provider changes

A central component of the European data strategy is Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 (hereinafter referred to as the ‘Data Act’), which entered into force on 11 January 2024. Of the eleven chapters of the Data Act, the requirements for ‘data sharing’ (in particular Chapters II to IV of the Data Act) have attracted the most attention so far (click here for our article).

In contrast, the topic of cloud switching and interoperability (in particular Chapter VI of the Data Act) has received relatively little attention to date, despite the sometimes far-reaching requirements. In view of the immediate applicability of the Data Act throughout the EU from 12 September 2025, this is likely to change. Companies are therefore well advised to consider the implications for their business models and contract design.

Christopher Eduard Bösch, LL.M.
Dr. Till Contzen

Why were the cloud switching provisions introduced?

With the provisions on cloud switching (Chapter VI – Articles 23-31 of the Data Act), the EU plans to promote competition and innovation and prevent so-called ‘lock-in effects’ by facilitating the switch between ‘data processing services’ and reducing costs. To this end, mandatory requirements for removing barriers to switching data processing services are being introduced.

Who is affected?

According to the cloud switching requirements, customers must be able to switch to another data processing service or to their own ICT infrastructure. In order to understand what is covered by these regulations and who benefits from them, it is first necessary to have a clear understanding of the terminology:

The scope of this definition is very broad. In summary, data processing services are understood to mean edge and cloud applications in the broadest sense, in particular typical cloud services such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS), as well as "Storage as a Service" and "Database as a Service". The very abstract definition of a data processing service is ‘a digital service that enables ubiquitous and on-demand network access to a shared pool of configurable, scalable and elastic computing resources of a centralised, distributed or highly distributed nature that can be rapidly provisioned and released with minimal management effort or service provider interaction’.
See Art. 2 No. 8 Data Act and Recital 81.

‘Customer’ means a natural or legal person that has entered into a contractual relationship with a provider of data processing services with the objective of using one or more data processing services.
See Art. 2 No. 30 Data Act.

As part of a ‘switch’, the data is transferred from the ‘source provider of data processing services’ to a ‘destination provider of data processing services’ or to the customer's ‘on-premises ICT infrastructure’ through extracting, transforming and uploading the data.
See Art. 2 No. 34 Data Act.

Understanding the concept of cloud switching and planning measures

Chapter VI of the Data Act contains various requirements for cloud switching. In some cases, the exact scope of the requirements is still unclear and must therefore be clarified on a case-by-case basis based on the specific circumstances.

Principles of cloud switching (Art. 23, 24, 27 Data Act):

The general principles prohibit providers of data processing services from creating ‘pre-commercial, commercial, technical, contractual and organisational obstacles’ to switching to another provider. All parties involved are obliged to cooperate in good faith to facilitate a switch.

Information and transparency obligations (Art. 26, 28 Data Act):

Providers of data processing services shall provide customers with comprehensive information on their website or by other means.

  • Information on available procedures for switching and porting methods and formats, as well as any restrictions and technical limitations which are known to the provider of data processing services. This also includes information about cases where switching is not possible in exceptional circumstances (see Art. 31(3) Data Act).
  • Details of all data structures and data formats (including relevant interoperability specifications) for the exportable data (see Art. 2 No. 38 Data Act for the definition).
  • Transparency obligations regarding the ICT infrastructure and measures to protect data from unauthorised access (Art. 28 Data Act).  

Technical details (Art. 30, 31 Data Act):

Different requirements apply depending on the type of data processing service.

  • For data processing services that offer IaaS, providers must take appropriate measures to enable ‘functional equivalence’ (Art. 30 (1) Data Act). Functional equivalence means a ‘minimum level of functionality in the environment of a new data processing service of the same service type after the switching process" (see Art. 2 No. 37 Data Act).
  • All other data processing services must at least provide open interfaces free of charge to enable the switch. These must contain sufficient documentation so that appropriate interoperable software can be developed. If there are no priority specifications for interoperability, the data must at least be provided in a structured, commonly used and machine-readable format (see Art. 30 (5) Data Act).

Contractual requirements (Art. 25 Data Act):

The provisions of Section 25 of the Data Act are probably the most far-reaching in Chapter VI, as they directly interfere with the parties' freedom of contract and impose strict notice periods and exit support. However, there are still some ambiguities across the different language versions of the Data Act. The requirements to be included in the contract relate in particular to:

  • A notice period of no more than two months (Section 25 (2) (d) of the Data Act). For data processing services, however, it is possible to impose ‘proportionate early termination penalties’ (see Section 29 (4) of the Data Act and Recital 89).
  • After termination/request for change, a ‘transitional period’ begins, which is usually 30 days (Art. 25 (2) (a) Data Act) and may be extended to up to seven months for a change in exceptional cases (Art. 25 (4)).
  • Creation of an ‘exhaustive specification of all categories of data and digital assets that can be ported during the switching process’ (Art. 25 (2) (e) Data Act).
  • Regulation of switching charges incurred (Art. 25 (2) (i) Data Act).

Restriction of switching charges (Art. 29 Data Act):

The possibility of imposing switching charges will be gradually reduced and is set to be eliminated from 2027.

  • Cost-covering switching charges are permitted until 12 January 2027 (Art. 29 (2) Data Act).
  • From 12 January 2027, switching charges will be completely prohibited (Art. 29 (2) Data Act).
  • A fee may still be charged for services related to a switch that go beyond the minimum requirements of the Data Act (premium features). For example: preparation or conversion of data into a specific format; acceleration of the switch or extension of the period for data retrieval on the old environment. A precise distinction from the switching charge still needs to be established.

What do you need to do?

  • Review the need for adjustments to existing and new contracts
  • Review the need for adjustments to the business and pricing model and agree on a procedure for prematurely terminated contracts
  • Fulfil information obligations in contract documents and on the website
  • Make operational and technical adjustments to enable cloud switching
  • Review existing contracts and check whether early termination or a switch would be advantageous.
  • Check potential savings: customers of data processing services with delayed or insufficient implementation of the Data Act can use this to their own advantage

How can we support you?

We are happy to support you throughout your entire EU Data Act journey, from compliance (e.g. information obligations, interoperability requirements, contract adjustments) to business model adjustments, service processing and the fulfilment of cloud switching requests. We are also happy to help you make the most of the potential and opportunities offered by the Data Act. To do this, we draw on proven accelerators such as our EU Data Act Compliance Framework (for maturity assessments and action planning) and a broad network of regulatory, technical and strategic experts.

Please feel free to contact us.

Further reading

Reach out

Christopher Eduard Bösch, LL.M.

Christopher Eduard Bösch, LL.M.

Senior Associate | Digital Law
+49 69 7191 88457
Dr. Till Contzen

Dr. Till Contzen

Partner | Lead Digital Law
+49 69 719188439

Did you find this useful?

Yes
No

Thanks for your feedback

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?

Recommendations

Cross-jurisdictional Data protection, cybersecurity and AI overview - third edition

In today's digital economy, Data is king. Yet, harnessing its power requires navigating a complex and evolving legal landscape. This report provides a comprehensive overview of recent developments and future trends in Data protection, cybersecurity and artificial intelligence across 50 jurisdictions.
Analysis
5 minute read

Digital Law: Intangibles, Data & Technology

Digitalization and technology do not only foster today's growth and jobs, but are also essential for tomorrow’s innovation and competitiveness.
Service

Deloitte Survey: Scepticism towards EU AI Act

The EU AI Act has officially been in force since the beginning of August and must now be implemented in the EU member states. But how ready are German companies for the new AI regulation? Are they missing an important step on the road to the future of AI? Will the new EU AI Act even hinder AI development in Europe?
Research

Data & Data Security

Data and data protection law encompass comprehensive advisory and representation services in all matters related to the protection, processing, and lawful use of data, particularly personal data. Our goal is to enable clients to comply with regulatory frameworks while minimizing legal risks in their data management practices.
Service