EU Data Act Cloud Switching Contract Terms FAQ

Data Act Article 25 requires the customer switching rights and provider obligations to be clearly set out in a written contract that the customer can store and reproduce before signing. The contract must cover switching to another provider, porting to on-premises ICT infrastructure, or erasing exportable data and digital assets when the customer does not switch.

The clause set should not be a generic portability statement. It needs specific terms for reasonable assistance, business continuity, known continuity risks, security during transfer and retrieval, exit strategy support, termination, notice, exportable data and digital assets, exempt internal-functioning data, retrieval, erasure, and any switching charges allowed under Article 29.

The Data Act cloud switching chapter applies to providers of data processing services. The Commission FAQ explains that this concept covers IaaS, PaaS, and SaaS where the service has cloud-computing characteristics such as on-demand network access to configurable, scalable, elastic computing resources provided to a customer.

Do the scope check before redlining clauses. A consumer-facing app feature that merely relies on cloud infrastructure may not be the same as a customer contracting for a data processing service, while an enterprise SaaS, PaaS, or IaaS service can fall into Chapter VI when the customer relationship and service characteristics are present.

Data Act Article 25 requires the source provider to provide reasonable assistance to the customer and customer-authorised third parties during switching. The same clause should require due care to maintain business continuity, continued provision of contracted functions or services during the transition, clear information on known source-provider continuity risks, and a high level of security during transfer and retrieval.

For IaaS, Article 30 adds a technical assistance layer: providers must take reasonable measures to help the customer achieve functional equivalence in the destination service covering the same service type, including capabilities, information, documentation, technical support, and where appropriate tools. For PaaS and SaaS, the Commission FAQ says the duty does not require rebuilding the customer service inside the destination provider environment.

Data Act Article 25 caps the notice period for starting switching at two months. After that notice period, the mandatory maximum transitional period is 30 calendar days, during which the provider must perform the actions needed to enable switching while the contract remains applicable.

If a 30-day transition is technically unfeasible, the provider must notify the customer within 14 working days of the switching request, justify the technical unfeasibility, and identify an alternative transition period that does not exceed seven months. The customer also has a right to extend the transitional period once for a period the customer considers more appropriate.

Data Act Article 29 allows reduced switching charges from 11 January 2024 to 12 January 2027, but those charges must not exceed the costs directly linked to the switching process. From 12 January 2027, providers must not impose switching charges on customers for the switching process.

The Commission FAQ treats egress charges as included in switching charges for a switching operation. It also explains a separate in-parallel-use rule: where a customer uses services in parallel, such as multi-cloud deployment, providers may still pass on data egress costs incurred after 12 January 2027, provided they do not exceed those costs.

Data Act Article 25 requires an exhaustive specification of all categories of data and digital assets that can be ported during switching, including at least all exportable data. The Commission FAQ explains exportable data as input and output data plus metadata generated or co-generated by the customer's use of the data processing service, while excluding data protected as provider or third-party intellectual property or trade secrets.

Digital assets are broader than customer records. The Commission FAQ describes them as elements the customer needs to effectively use its data in the new provider environment, including configuration metadata, security and access-control material, applications, virtual machines, and containers where the customer has the right to use them.

Data Act Article 25 requires a minimum retrieval period of at least 30 calendar days after the agreed transitional period ends. The contract also needs a clause guaranteeing full erasure of exportable data and digital assets generated directly by, or directly relating to, the customer after the retrieval period expires or after a later agreed period, provided switching has completed successfully.

Retrieval and erasure should be operationally distinct. Retrieval terms should say how the customer accesses the data and digital assets after transition, while erasure terms should say what gets erased, when erasure starts, which evidence is generated, and which legally retained or non-exportable material is outside the erasure commitment.

Data Act Article 25 requires the contract to state when it is considered terminated and when the customer is notified. Termination occurs, where applicable, upon successful completion of the switching process, or at the end of the maximum notice period where the customer does not switch but instead wants exportable data and digital assets erased on service termination.

The termination clause should be linked to the switching workflow. A provider should not treat termination, retrieval, and erasure as a single event, because Article 25 gives them different functions and clocks.

Data Act Article 26 requires providers to give customers information on switching and porting procedures, methods, formats, restrictions, and technical limitations. It also requires a reference to an up-to-date online register with the data structures, data formats, relevant standards, and open interoperability specifications in which Article 25 exportable data is available.

For PaaS and SaaS, Article 30 requires open interfaces for customers and destination providers free of charge to facilitate switching, with enough service information to enable software communication for data portability and interoperability. Compatibility with published common specifications or harmonised standards applies after the Data Act repository trigger and the Article 30 compliance clock.

Data Act Article 31 creates a specific regime for services whose main features are custom-built for one customer or whose components were developed for one customer and are not offered at broad commercial scale through the provider's service catalogue. It also excludes non-production testing and evaluation services provided for a limited period from Chapter VI obligations.

The Commission FAQ cautions that custom-built services are not fully outside Chapter VI. Some obligations can still apply, including open interfaces and structured, commonly used, machine-readable export where relevant. Before relying on Article 31, providers must inform the prospective customer which Chapter VI obligations do not apply.

The Commission has published non-binding standard contractual clauses for cloud computing contracts to help parties implement the Data Act. The Commission material says the clauses are voluntary and can be adapted, so they are a drafting aid rather than a substitute for checking the provider's actual services, export inventory, charges, interfaces, and transition process.

The Commission describes cloud SCC coverage for switching and exit, termination, security and business continuity, non-dispersion, non-amendment, and liability. Those themes are useful checkpoints for a Data Act contract review, especially where a legacy cloud agreement spreads switching obligations across order forms, service descriptions, online policies, support terms, and pricing pages.

Data Act evidence for cloud switching should prove both contract coverage and operational performance. Keep the signed contract version, Article 25 clause matrix, export inventory, online-register snapshot, switching notice, transition calendar, assistance log, customer and destination-provider communications, charge calculation, retrieval confirmation, erasure record, and any technical-unfeasibility justification.

The record should also show why exceptions or limits were used. For example, keep the basis for exempting internal-functioning data, the reason a service was treated as custom-built or testing-only, the cost evidence for reduced charges before 12 January 2027, and the standards or interface status used for interoperability decisions.