The maximum notice period of the Data Act – what does it mean for data processing services?

Chapter VI of the Data Act imposes new mandatory obligations on data processing service providers, one of the most significant of which is the maximum notice period of two months for the relevant service contracts. 

The key change is that henceforth, a customer has the right to terminate the contract at any time with a notice period of two months. The only requirement is that the service being terminated qualifies as a data processing service as defined in the Data Act. The regulation deviates rather radically from traditional Finnish and European contract law, where fixed-term contracts have been considered inherently non-terminable and binding on the parties. Termination of a fixed-term contract has required special grounds or unreasonableness of the contractual relationship, but following the Data Act, no special grounds are required for early termination. 

The Data Act's regulation on the maximum notice period does not mean that all data processing service contracts should henceforth be concluded as contracts of indefinite duration. Concluding fixed-term contracts remains permissible. The customer must merely be given the right to terminate the contract within the maximum period. The strictness of the regulation for providers of fixed-term data processing services is somewhat alleviated by the possibility to charge proportionate compensation for the early termination of a fixed-term contract. However, no case law or other market practices have yet emerged on what constitutes proportionate compensation. As a result, assessing the permissible maximum amount of compensation in each contract and situation inevitably involves a degree of uncertainty. 

From the perspective of a data processing service provider, the regulation on the maximum notice period requires changes to contracts concerning services. A company may also need to reconsider its valuation in cases where the company calculates its future turnover based on the continuous cash flow (Annual Recurring Revenue, ARR) provided by long fixed-term contracts. Furthermore, from 12 January 2027 onwards, the company may no longer charge any switching fees from customers who change service providers, and even during the transitional period such fees may be charged only at a reduced level and only to the extent that they do not exceed the actual switching costs incurred by the service provider. 

In addition, the company is obliged to ensure that no financial, technical or contractual obstacles are imposed on the transfer of data. Data transfer to a new service provider must be seamless.  

In practice, the regulation broadly applies to various cloud services: SaaS, PaaS and IaaS services as well as other data processing services – regardless of company size or bargaining power. 

In the Data Act, data processing service means a digital service provided to a customer that enables a shared set of configurable, scalable and flexible IT resources, which are available anywhere and can be used on demand, centralised, distributed or highly distributed IT resources that can be quickly deployed and decommissioned with minimal administrative effort or interaction with the service provider.  

For the regulation to apply, the service must meet all elements of this definition. There remain many uncertainties around the scope of the definition of a data processing service even after the entry into force of the Data Act, and challenges relating to the scope have been discussed in an earlier article here. Nevertheless, the intention of the Data Act has been that the provisions in Chapter VI should apply to a broad range of data processing services. 

The European Union's intervention in contract law and prevailing market practice by legislating a maximum notice period represents a new type of interference in the functioning of markets, particularly in relations between undertakings, so the regulation understandably raises questions amongst industry actors. 

The objectives of the Data Act are strongly economic, as it is intended to achieve free movement of data in the internal market, improve interoperability of digital services and strengthen companies' ability to adapt to changing needs. In summary, the regulation is underpinned by a practical aspiration to solve the so-called vendor lock-in problem, which refers to locking customers into one service provider through high switching costs, technical barriers and long contract periods. This is liable to weaken competition, which the EU has sought to address through mandatory regulation. 

For customers, the change brings significant flexibility when switching services is easy and affordable. For service providers, it creates uncertainty when long-term customer relationships become more uncertain. On the other hand, increased competition may create new business opportunities that service providers must be prepared to seize.  

In any case, Chapter VI of the Data Act, including the maximum notice period, is now binding on all data processing services within its scope of application. Companies must therefore now, at the latest, begin informing customers of their rights and be prepared to implement effective switching processes. 

Our data economy expert team is ready to assist you with all your needs related to the Data Act and other digital regulation. This article is part of an article series focused on the Data Act which delves into individual issues of the regulation from different perspectives and in as practical a manner as possible. Previous parts of the series: