knowledge 17 September 2025 |

EU Data Act: Switching Cloud Provider

The EU Data Act¹ introduces mandatory ‘switching rights’ for customers of data processing services (e.g. SaaS, IaaS and PaaS) making it easier for customers to switch provider and to prevent vendor lock-in. The Data Act is aimed at creating a more competitive and innovative digital market. Our previous briefing provided an overview of the Data Act, with this briefing focusing on the switching rights under Chapter VI. These present new obligations for providers and new opportunities for customers of data processing services.

Who falls within scope?

The switching rights can be exercised by customers of providers of data processing services:

• A ‘data processing service' is defined in broad terms as a digital service that provides on-demand network access to a shared pool of configurable, scalable and elastic computing resources that can be rapidly provisioned and released. It essentially captures most cloud services. The recitals to the Data Act note that data processing services typically fall into one or more of the following three delivery models: (i) Infrastructure-as-a-Service (IaaS); (ii) Platform-as-a-Service (PaaS) and (iii) Software-as-a-Service (SaaS). Additionally, the recitals note that emerging delivery models such as Database-as-a-Service (DbaaS) and Storage-as-a-Service are also within scope.
• A ‘customer’ can be either an individual or a legal person (e.g. a corporate entity) that has a contract with the provider for the use of one or more data processing services.

The Data Act has extraterritorial application and applies to providers of data processing services, irrespective of where they are established, if they are providing their services to customers in the EU. As such, cloud providers based in the United States or elsewhere that provide services to customers in the EU are within scope. 

What are the switching rights?

The switching rights introduced by the Data Act are not limited solely to enabling customers to switch cloud provider. In this regard, customers have the following switching rights:

1. Customers can request that the provider ports their ‘exportable data’ and ‘digital assets’ to a different provider of the same service type or to several providers of data processing services at the same time (i.e. a multi-cloud approach).
2. Customers can request that the provider exports their ‘exportable data’ and ‘digital assets’ to an on-premises ICT infrastructure.
3. Customers can request that the provider erases their ‘exportable data’ and ‘digital assets’ upon service termination. The customer does not have to move provider to exercise this right.

What constitutes ‘exportable data’ and ‘digital assets’?

The switching rights apply to ‘exportable data’ and ‘digital assets’.

Exportable data

‘Exportable data’ is defined in the Data Act as “the input and output data, including metadata, directly or indirectly generated or cogenerated, by the customer’s use of the data processing service, excluding any assets or data protected by intellectual property rights, or constituting a trade secret, of providers of data processing services or third parties” (emphasis added).  In short, the switching rights apply to input and output data, including metadata, generated or co-generated through the customer’s use of the service. However, the definition specifically excludes data or assets protected by intellectual property rights (e.g. algorithms) or which constitute a trade secret. This exclusion is to ensure that the switching rights do not compromise the provider’s or a third party’s intellectual property rights. Additionally, the recitals to the Data Act state that exportable data does not include data relating to the integrity and security of the service, the export of which could expose the provider to cybersecurity vulnerabilities.

Digital assets

‘Digital assets’ are defined as “elements in digital form, including applications, for which the customer has the right of use, independently from the contractual relationship with the data processing service it intends to switch from”. The European Commission’s FAQ on the Data Act explains that ‘digital assets’ are elements that the customer needs to effectively use their data in the new environment and would include configuration of settings and controls rights management. Importantly, the customer is only entitled to those digital assets that it has the right to use independently of its contract with the provider that it is switching from.

What are the main obligations?

Some of the main obligations that apply to providers of data processing services include:

Removing Obstacles to Switching

Providers of data processing services are required to remove obstacles (whether they are pre-commercial, commercial, technical or organisational in nature) which inhibit customers from:

• terminating a contract with their existing provider;
• concluding new contracts with a different provider;
• porting exportable data and digital assets to a different provider or an on-premises ICT infrastructure;
• achieving functional equivalence in a new IaaS environment; and
• unbundling of services to enable the choosing of a different provider for an individual service.

Updating Contracts

As discussed in our previous briefing, providers of data processing services must update their contracts with customers to include the mandatory provisions prescribed by the Data Act. Some of the matters to be addressed contractually include:

• Notice period to be given by the customer for exercising its switching rights (which must not exceed two months);
• Obligation of the provider to complete the switch within 30 calendar days, unless it is technically unfeasible for the provider to do so (in which case the period can be extended by up to 7 months) or the customer elects to extend the switching period to one that is more appropriate to its own purposes;
• The assistance and support to be given by the provider;
• Minimum period for data retrieval;
• A guarantee of full erasure of all exportable data and digital assets after the expiry of the data retrieval period (or alternative period agreed);
• Switching charges; and
• Termination of the contract.

The Data Act requires the European Commission to adopt Standard Contractual Clauses (SCCs) on cloud computing to address the switching rights. At the time of publication, the SCCs have not been adopted and the European Commission’s Press Release on 12 September mentions this as one of its next steps. In 2022, the European Commission established an Expert Group on B2B Data Sharing and Cloud Computing to assist it in developing these SCCs. In April, the Expert Group published its Final Report which included a draft template of SCCs. While the draft SCCs may serve as a starting point, they go beyond what is required and would need to be considered carefully by any provider.

Information Obligations

Providers of data processing services are required to comply with the information and transparency obligations that apply under the Data Act. In this regard, customers must be provided with:

(a) Information on the available procedures for switching and porting to the data processing service; and

(b) A reference to an online register hosted by the provider which contains details of the data structures and formats (including standards and open interoperability specifications) in which the exportable data are available.

Additionally, the provider’s website must include information on the following:

(a) The jurisdiction to which the ICT infrastructure that is deployed to provide the data processing services is subject; and

(b) A general description of the technical, organisational and contractual measures adopted by the provider to prevent international government access to or transfer of non-personal data held in the EU.

The website information obligations reflect a growing concern around foreign government access to EU data and data sovereignty.

Withdrawal of Switching Charges

Switching charges are to be phased out by 12 January 2027. In the meantime, providers can charge reduced switching charges which must not exceed the costs incurred by the provider that are directly linked to the switching process concerned.

How we can assist

For assistance in complying with the Data Act or availing of the opportunities it presents, please contact one of the key contacts below or your usual McCann FitzGerald LLP contact.