Cloud, SaaS and edge business models under fire

The EU Data Act came into force on January 11, 2024. Up to now, connected products have been the main focus of public interest.

However, providers of cloud, SaaS, edge and similar services are also affected. The Data Act dedicates a separate chapter to them. This Chapter VI contains regulations for so-called data processing services and primarily aims to make it easier to switch between different services, i.e. to remove existing barriers to switching.

In particular, if providers work with long term-contracts or the export of customer data is complex, the business model must be reviewed- ideally immediately.

The main reasons for this are as follows:

Long contract terms are obsolete. The customer can initiate a switch to another provider at any time with a notice period of two months. As a rule, the switch should be successfully completed after a further 30 days. After a successful switch, the previous contract is general-ly deemed to be terminated. The previous practice of refinancing providers' initial investments via certain minimum contract terms will therefore no longer work without further ado. Set-up fees, which have become less important in recent years as a result of SaaS services becoming more popular, could be considered as an alternative, as could payments in the event of premature contract termination (e.g., termination fees).

Exit support can be very costly, but must generally be provided free of charge in the future. Since January 11, 2024, only reduced switching fees may be charged; from January 12, 2027, switching must be free of charge. At the same time, however, the Data Act provides for comprehensive support obligations that the source provider cannot evade.

The provider is – to a certain extent – responsible for interoperability with the new provider's system.

These issues should be addressed immediately, as they will force many providers to adapt their business model. As soon as the Data Act will fully come into force on September 12, 2025, a whole range of other obligations will be added, in particular

  • Adaptation of contracts (the Data Act specifies mandatory contract clauses)
  • Abolition of technical and organizational barriers to change
  • Extensive information obligations

In addition to civil litigation with customers, breaches of the Data Act can also result in sanctions being imposed by the regulatory authorities; the maximum amount of fines has not yet been determined. Particularly juicy: The provisions on data processing services are likely classified as market conduct rules and thus subject to competition law. Breaches could be subject to warnings from competitors.

Providers of data processing services must also implement safeguards against unauthorized access from public bodies in third countries.

Our blog post provides an overview of the provisions of the Data Act, including those relating to networked products.

Dr Andreas Lober
Lennart Kriebel


Data Act data processing services Long contract terms EU Data Act

Contact us

Dr Andreas Lober T   +49 69 756095-582 E
Lennart Kriebel T   +49 69 756095-477 E