EU Data Act Cloud Switching Compliance Checklist

Start by naming the source service, service type, customer segment, contract template, regions, and whether the service is offered through a broad commercial catalogue. The Data Act switching rules apply to providers of data processing services, but Article 31 narrows some duties for custom-built services and excludes limited-period non-production testing and evaluation services.

Record the conclusion before running the rest of the checklist. A provider should not apply the same pass/fail result to infrastructure-only services, software or application services, custom-built services, and temporary test environments without explaining which Article 30 or Article 31 route applies.

Article 25 requires the customer rights and provider obligations for switching to be clearly set out in a written contract made available before signature in a storable and reproducible form. The checklist should therefore review the contract text, not only a policy page or support article.

The contract should let the customer request switching to another provider or porting to on-premises ICT infrastructure without undue delay and within the mandatory maximum transitional period, while preserving business continuity, security, and support during the switch.

The customer must be able to notify the provider what it wants to do at the end of the maximum notice period: switch to another provider, switch to on-premises ICT infrastructure, or erase exportable data and digital assets. The operational process should collect enough destination details to act on that notice without making the customer re-negotiate the right.

If the 30 calendar day transitional period is technically unfeasible, the provider must notify the customer within 14 working days of the switching request, justify the technical unfeasibility, and indicate an alternative transitional period that does not exceed seven months. Service continuity still needs to be maintained through that alternative period.

Article 26 requires providers to give customers information on available procedures for switching and porting, including methods, formats, restrictions, and known technical limitations. It also requires a reference to an up-to-date provider-hosted online register for data structures, data formats, relevant standards, and open interoperability specifications for exportable data.

Article 28 adds public website transparency for the jurisdiction of ICT infrastructure used for individual services and for measures that prevent international governmental access to or transfer of non-personal data held in the Union where such access or transfer would conflict with Union or Member State law. Contracts for data processing services must list those websites.

The contract must exhaustively specify all categories of data and digital assets that can be ported during the switching process, including at least all exportable data. It must also specify categories of provider-internal data excluded from exportable data where a trade-secret risk exists, but those exemptions must not impede or delay the switching process.

Where same-service-type interoperability standards or common specifications have not yet been published in the central Union standards repository, Article 30(5) requires export of all exportable data, at the customer's request, in a structured, commonly used, and machine-readable format.

Article 29 phases out switching charges. From 11 January 2024 to 12 January 2027, providers may impose reduced switching charges that do not exceed costs directly linked to the switching process. From 12 January 2027, providers must not impose switching charges on the customer for the switching process.

Before entering into a contract, providers must give prospective customers clear information on standard service fees, early termination penalties, and reduced switching charges that might be imposed during the phase-out period. Where relevant, providers must also inform customers about services with highly complex or costly switching or switching that is impossible without significant interference in data, digital assets, or service architecture.

For infrastructure-only data processing services, the source provider must take reasonable measures to help the customer achieve functional equivalence after switching to a destination service of the same service type. That support includes capabilities, adequate information, documentation, technical support, and, where appropriate, tools.

For other data processing services, providers must make open interfaces available free of charge and equally to all customers and concerned destination providers. Those interfaces must include enough information about the service to allow software development for data portability and interoperability. Compatibility with common specifications or harmonised standards becomes required at least 12 months after the relevant references are published in the central Union standards repository following the implementing-act process.

Article 27 requires all parties involved, including destination providers, to cooperate in good faith so the switching process is effective, data is transferred on time, and service continuity is maintained. A provider checklist should therefore keep evidence of the handoffs, not only the final export file.

The review output should be a service-level evidence pack that a legal, product, security, support, or engineering reviewer can retest. Each checklist item should show the source article, owner, result, evidence artifact, remediation status, and next review trigger.