Rules on switching cloud service providers under the Data Act

A data processing service under the Data Act means services that provide users with flexible and scalable access to shared IT resources, such as networks, servers, software, and applications, without significant administration or interaction with the service provider. Services can be implemented in different ways, such as infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), or variations thereof. These services can be used on different devices and adapt to user needs and demand fluctuations, enabling rapid addition or reduction of resources. It therefore sounds like a very wide range of different IT services, although, for example, services tailored to the customer and non-standard services offered for a limited time for testing are excluded from the scope of application.

Looking at the definition of a data processing service, one easily gets the impression that it covers a very wide range of services. However, the "-- with minimal management effort or service provider interaction --" section becomes a significant part of the definition and a limiting factor for applicability. In practice, it would seem that if the commissioning of the service requires any non-insignificant action by the service provider, it would exclude such a service from the scope of application. Thus, the subject of the regulation would be primarily "self-service" type services, where the customer is able to rapidly and unilaterally activate, deactivate, and scale the service. Despite this restriction, there are at least thousands of data processing service providers within the definition and a very significant proportion of all companies as customers. On the other hand, consumers also benefit from the requirements set by the Data Act for data processing service providers, as the obligations are also valid in B2C relationships.

The aim of Chapter VI of the Data Act is to ease the switching of cloud service providers (or the transfer of the service to the customer's own infrastructure) and thus to lower the costs of data processing through increased competition. In particular, it is stated that service providers shall not impose and shall remove pre-commercial, commercial, technical, contractual and organizational obstacles which inhibit customers from switching service providers or transferring data out of the service. At a practical level, this means that the service provider is obliged to carry out, for example, the following measures:

• Fulfill various obligations related to informing customers at different stages of the service

• Certain conditions must be included in the contracts concerning the service

• Extracting, converting, and porting data to the customer in a standardized format upon request and deleting the data after a specified data retrieval period has expired

• Providing reasonable assistance in the switching process

• Acting diligently to maintain the continuity of service functionalities

• Providing information on risks to the continuity of the service related to the switch

• Arranging a secure data transfer mechanism so that security remains at level with the service

• Establishing an online register with detailed information on the data structures of the service and other matters

• Cooperating in good faith with the customer and the new service provider to ensure that the switching process is efficient, timely, and the continuity of the service is guaranteed

• Opening interfaces for transferring data

• Compatibility requirements in accordance with a standard to be published later

In addition to the increased obligations, the ability of service providers to charge fees for switching services is limited. Switching charges have typically been charged both to cover the costs incurred by the service provider in the switching process and to create an artificial economic additional deterrent to the customer considering the switch. As a result of the immediate entry into force of the Data Act, i.e. from January 2024 onwards, service providers can only charge customers switching charges in the amount corresponding to the service provider's own costs directly related to the switching process in question. After a three-year transition period, i.e. from January 2027 onwards, no switching charges may be charged for the switching process at all.

The removal of switching charges encourages service providers to develop their services and related data transfer features to make the switch as automated as possible without the service provider's contribution in individual cases. However, the Data Act does not impose any specific obligation to develop or introduce new tools to facilitate the switching, it is left to the discretion of each service provider.

One of the contractual barriers to be removed is the limitation of the notification period for data transfers. As a starting point, the data of the service must be ready for transfer after a maximum notification period of two months from the start of the switching process and the transfer must be carried out within a maximum transition period of one month. In practice, therefore, it must be possible to detach from the service within three months of the user's notification. For more complex services, this time can be extended, as well as at the request of the customer. However, these time limits do not mean that fixed-term contracts for services cannot be made. Fixed-term contracts may also include penalty fees for their early termination, but they must be "proportionate". The Data Act does not offer much guidance in interpreting proportionality. However, it can be assumed that if, for example, a three-year fixed-term contract is terminated in the middle of its first year, it is not proportionate to charge the entire value of the three-year contract period as a penalty fee. Penalty fees must also be specifically defined in the contract concerning the service in order for the service provider to be able to charge them from customers.

Data processing service providers within the scope of application must take into account the obligations of the Data Act with regard to the limitation of switching charges already now. The switching charges to be invoiced must be based on actual, incurred costs. It is also advisable to prepare for the final removal of switching charges in 2027 already at this stage by building the services so that the customer data can be transferred and deleted as simply as possible, thus minimizing the amount of completely unproductive work in the future.

Before September 2025, contracts for services within the scope of application must also be supplemented with new sections required by the Data Act. Similarly, the online register required by the Act must be established, interfaces created to the service, and product documentation supplemented.

You can learn more about the obligations set by the Data Act for data processing service providers and the rest of the content of the Act here.

Help with the application of the Data Act is available from Fondia's AI and Data Economy expert group and at fondia@fondia.com.

This article is part of a series of articles focusing on the Data Act, which delves into individual issues of the Data Act from different perspectives and as practically as possible. Previous parts of the series:

Data Act – Key points to consider