European Data Act, Final Text



Preamble 91 to 100.


(91) Where providers of data processing services are in turn customers of data processing services provided by a third-party provider, they will benefit from more effective switching themselves while simultaneously remaining bound by this Regulation’s obligations regarding their own service offerings.


(92) Providers of data processing services should be required to offer all the assistance and support within their capacity, proportionate to their respective obligations, that is required to make the switching process to a service of a different provider of data processing services successful, effective and secure.

This Regulation does not require providers of data processing services to develop new categories of data processing services, including within, or on the basis of, the ICT infrastructure of different providers of data processing services in order to guarantee functional equivalence in an environment other than their own systems. A source provider of data processing services does not have access to or insights into the environment of the destination provider of data processing services.

Functional equivalence should not be understood to oblige the source provider of data processing services to rebuild the service in question within the infrastructure of the destination provider of data processing services. Instead, the source provider of data processing services should take all reasonable measures within its power to facilitate the process of achieving functional equivalence through the provision of capabilities, adequate information, documentation, technical support and, where appropriate, the necessary tools.


(93) Providers of data processing services should also be required to remove existing obstacles and not impose new ones, including for customers wishing to switch to an on-premises ICT infrastructure. Obstacles can, inter alia, be of a pre-commercial, commercial, technical, contractual or organisational nature.

Providers of data processing services should also be required to remove obstacles to unbundling a specific individual service from other data processing services provided under a contract and make the relevant service available for switching, in the absence of major and demonstrated technical obstacles that prevent such unbundling.


(94) Throughout the switching process, a high level of security should be maintained. This means that the source provider of data processing services should extend the level of security to which it committed for the service to all technical arrangements for which such provider is responsible during the switching process, such as network connections or physical devices.

Existing rights relating to the termination of contracts, including those introduced by Regulation (EU) 2016/679 and Directive (EU) 2019/770 of the European Parliament and of the Council (31) should not be affected. This Regulation should not be understood to prevent a provider of data processing services from providing to customers new and improved services, features and functionalities or from competing with other providers of data processing services on that basis.


(95) The information to be provided by providers of data processing services to the customer could support the customer’s exit strategy. That information should include procedures for initiating switching from the data processing service; the machine-readable data formats to which the user’s data can be exported; the tools intended to export data, including open interfaces as well as information on compatibility with harmonised standards or common specifications based on open interoperability specifications; information on known technical restrictions and limitations that could have an impact on the switching process; and the estimated time necessary to complete the switching process.


(96) To facilitate interoperability and switching between data processing services, users and providers of data processing services should consider the use of implementation and compliance tools, in particular those published by the Commission in the form of an EU Cloud Rulebook and a Guidance on public procurement of data processing services.

In particular, standard contractual clauses are beneficial because they increase confidence in data processing services, create a more balanced relationship between users and providers of data processing services and improve legal certainty with regard to the conditions that apply for switching to other data processing services.

In that context, users and providers of data processing services should consider the use of standard contractual clauses or other self-regulatory compliance tools provided that they fully comply with this Regulation, developed by relevant bodies or expert groups established under Union law.


(97) In order to facilitate switching between data processing services, all parties involved, including both source and destination providers of data processing services, should cooperate in good faith to make the switching process effective, enable the secure and timely transfer of necessary data in a commonly used, machine-readable format, and by means of open interfaces, while avoiding service disruptions and maintaining continuity of the service.


(98) Data processing services which concern services of which the majority of main features has been custom-built to respond to the specific demands of an individual customer or where all components have been developed for the purposes of an individual customer should be exempted from some of the obligations applicable to data processing service switching. This should not include services which the provider of data processing services offers at a broad commercial scale via its service catalogue.

It is among the obligations of the provider of data processing services to duly inform prospective customers of such services, prior to the conclusion of a contract, of the obligations laid down in this Regulation that do not apply to the relevant services. Nothing prevents the provider of data processing services from eventually deploying such services at scale, in which case that provider would have to comply with all obligations for switching laid down in this Regulation.


(99) In line with the minimum requirement allowing switching between providers of data processing services, this Regulation also aims to improve interoperability for in-parallel use of multiple data processing services with complementary functionalities. This relates to situations in which customers do not terminate a contract to switch to a different provider of data processing services, but where multiple services of different providers are used in parallel, in an interoperable manner, to benefit from the complementary functionalities of the different services in the set-up of the customer’s system.

However, it is recognised that the egress of data from one provider of data processing services to another in order to facilitate the in-parallel use of services can be an ongoing activity, in contrast with the one-off egress required as part of the switching process. Providers of data processing services should therefore continue to be able to impose data egress charges, not exceeding the costs incurred, for the purposes of in-parallel use after three years from the date of entry into force of this Regulation.

This is important, inter alia, for the successful deployment of multi-cloud strategies, which allow customers to implement future-proof ICT strategies and which decrease dependence on individual providers of data processing services. Facilitating a multi-cloud approach for customers of data processing services can also contribute to increasing their digital operational resilience, as recognised for financial service institutions in Regulation (EU) 2022/2554 of the European Parliament and of the Council.


(100) Open interoperability specifications and standards developed in accordance with Annex II to Regulation (EU) No 1025/2012 of the European Parliament and of the Council in the field of interoperability and portability are expected to enable a multi-vendor cloud environment, which is a key requirement for open innovation in the European data economy.

As the market adoption of identified standards under the cloud standardisation coordination (CSC) initiative concluded in 2016 has been limited, it is also necessary that the Commission relies on parties in the market to develop relevant open interoperability specifications to keep up with the fast pace of technological development in this industry. Such open interoperability specifications can then be adopted by the Commission in the form of common specifications.

In addition, where market-driven processes have not demonstrated a capacity to establish common specifications or standards that facilitate effective cloud interoperability at the PaaS and SaaS levels, the Commission should be able, on the basis of this Regulation and in accordance with Regulation (EU) No 1025/2012, to request European standardisation bodies to develop such standards for specific service types where such standards do not yet exist. In addition to this, the Commission will encourage parties in the market to develop relevant open interoperability specifications.

After consulting stakeholders, the Commission, by means of implementing acts, should be able to mandate the use of harmonised standards for interoperability or common specifications for specific service types through a reference in a central Union standards repository for the interoperability of data processing services.

Providers of data processing services should ensure compatibility with those harmonised standards and common specifications based on open interoperability specifications, which should not have an adverse impact on the security or integrity of data.

Harmonised standards for the interoperability of data processing services and common specifications based on open interoperability specifications will be referenced only if they comply with the criteria specified in this Regulation, which have the same meaning as the requirements in Annex II to Regulation (EU) No 1025/2012 and the interoperability facets defined under the international standard ISO/IEC 19941:2017. In addition, standardisation should take into account the needs of SMEs.