Scope of application
The Data Act applies, among others, to providers of data processing services that make their services available to customers in the EU, irrespective of the provider’s location.
However, the switching and portability obligations generally do not apply to:
- Services offered in a non-production version (g. for testing or evaluation purposes), or
- Services offered for a limited period of time.
Additionally, certain obligations on switching and portability, specifically those set out in Articles 23(d), 30(1), and 30(3), are excluded when:
- A service is specifically designed or tailored for an individual customer, or
- A service is not offered on a broad commercial scale through the provider’s service catalogue.
Finally, it is important to underline that the technical obligations on switching between data processing services apply only to the services, contracts, and commercial practices of the source provider.
Purpose of facilitating customer switching
Data processing services providers must enable customers to switch to another provider or migrate to on-premises infrastructure. To achieve this, data processing services must take appropriate measures to facilitate switching and portability, and by removing all related obstacles, whether they are technical, commercial, contractual, or organisational in nature.
More specifically, providers must ensure that customers can:
- Terminate their contract with notice once the switching process is complete;
- Conclude new contracts with a different provider covering the same type of service;
- Export their data and digital assets to a different provider, including after having benefited from a free-tier offering;
- Benefit from functional equivalence when using the new data processing service of a different provider offering the same type of service; and
- Unbundle, where technically feasible, the basic infrastructure services (such as servers, networking and storage) from the other services it offers (such as software or applications).
Mandatory contract clauses
To ensure transparency regarding switching and portability, the obligations of the provider and the rights of the customer must be set out in a written contract which must be available before sign-up.
The contract must contain the following mandatory clauses:
- Right to switch or erase
Customers must be entitled, upon termination of a maximum notice period of 2 months, to one or more of the following: (i) switch to a different provider, in which case the customer shall provide the necessary details of that provider; (ii) switch to an on-premises ICT infrastructure; and/or (iii) erase exportable data and digital assets. - Provider assistance with exit plan
The provider must assist the customer in implementing their exit plan. - Conditions for terminating the contract
The customer shall be notified of the contract termination either: (i) upon the successful completion of the switching process; or (ii) at the end of the maximum notice period of 2 months, where the customer opts for the erasure of their exportable data and digital assets. - Maximum notice period for initiating the switching process
This period cannot exceed 2 months. - Categories of transferrable data and digital assets
This clause must list all categories of data and digital assets transferrable during switching, including, at a minimum, all exportable data. - Exemptions for trade secrets
Data specific to the internal functioning of the provider’s data processing services, where there is a risk of breach of trade secrets of the provider, is not subject to switching and portability obligations under the Data Act, provided that such exemptions do not impede or delay the switching process. - Data retrieval period
The customer must have at least 30 calendar days starting after the termination of the transitional period that was agreed to retrieve (e., download or access) their data. - Full erasure of all exportable data and digital assets
After the retrieval period (or any alternative agreed period) has expired, and provided that the switching process has been successfully completed, the provider must fully erase all exportable data and digital assets of the customer. - Switching is free of charge
And must in principle be provided at no cost to the customer.
Transparency and information obligations
Providers of data processing services must ensure that their customers are properly informed when it comes to data portability and interoperability. . Specifically, they are required to provide details on:
- Procedures, methods, and formats available for switching and porting data,
- Any restrictions or technical limitations that may affect the process, and
- Access to an up-to-date online register covering relevant data structures, formats, standards, and interoperability specifications for exportable data.
On the contractual side, providers also face transparency obligations regarding international access and transfers. They must:
- Publish on their website (and keep regularly updated) information on the jurisdiction governing their ICT infrastructure, and
- Provide an overview of the measures in place to prevent international governmental access or transfer of non-personal data stored in the EU, particularly where such access or transfer would conflict with EU law or the national law of a Member State.
Switching charges and other fees
From 12 January 2027 onwards, providers of data processing services may no longer impose switching charges on customers.
Until then, during the transitional period from 11 January 2024 to 12 January 2027, providers may apply reduced switching charges. These charges:
- Must be limited to the direct costs of the switching process, and
- Cannot exceed what is strictly necessary to cover those costs.
Before signing a contract, providers are required to inform customers about:
- Their standard service fees,
- Any early termination penalties, and
- Where relevant, the reduced switching charges that may apply during the transition period.
If the switching process is expected to be complex, costly, or disruptive to the customer’s data, digital assets, or service architecture, this must be made clear to the customer in advance.
Finally, in all cases, such information must also be made publicly available, including on the provider’s website.
Key takeaways
The Data Act is a new cornerstone in the EU’s digital regulatory landscape. By notably mandating switching and portability rights, it empowers customers to regain control over their data while fostering a more competitive environment for data processing service providers. Providers must proactively adapt their contracts, technical infrastructure, and business practices to meet the Data Act’s transparency, fairness, and user autonomy requirements.