EU Data Act Council General Approach

The Council of the European Union agreed its general approach on the Data Act on 28 November 2022. The position refines cloud and edge switching obligations, clarifies business-to-government (B2G) data request safeguards, and strengthens protections for SMEs. It sets the Council's baseline for trilogue negotiations, giving organizations early signals to prepare contracts, architectures, and compliance plans. This milestone in the legislative process provided crucial visibility into requirements that would eventually become binding law, enabling organizations to begin preparation activities well before final adoption.

Legislative Context and Process

The Data Act forms a cornerstone of the European Strategy for Data, addressing data access and use rights that complement other legislative initiatives including the Data Governance Act, AI Act, and sector-specific data sharing regulations. The European Commission proposed the Data Act in February 2022, initiating the ordinary legislative procedure requiring agreement between the European Parliament and Council.

The Council's general approach represents its negotiating position for trilogue discussions with Parliament, signaling where the text might land while acknowledging that some provisions could change during final negotiations. Organizations following the legislative process gained approximately 18 months of advance notice before the final text entered into force, providing valuable preparation time.

Cloud and Edge Switching Requirements

Switching requirements for cloud and edge services were staged with transitional periods and limits on switching charges, addressing concerns about vendor lock-in that limit customer flexibility and competition. The Council position recognized that immediate elimination of switching barriers could disrupt existing contracts and operational arrangements, leading to phased setup allowing market adjustment.

Switching charge limitations prevent providers from imposing punitive fees that economically prevent customers from changing providers even when technically feasible. Data portability requirements ensure that customers can extract their data in usable formats enabling migration to alternative providers. Technical interoperability provisions address the engineering challenges of moving workloads between different provider environments.

Business-to-Government Data Access

B2G data request conditions were tightened, emphasizing necessity, proportionality, compensation, and confidentiality to balance public interest needs with private sector concerns. Public authorities may request access to private sector data for specific public interest purposes including emergency response, official statistics, and research supporting public policy. Necessity requirements ensure that data requests are limited to what is genuinely needed for the stated purpose.

Proportionality requirements balance public benefits against burdens on data holders. Compensation provisions acknowledge that responding to data requests imposes costs that public authorities should defray. Confidentiality protections address concerns that B2G data sharing could expose trade secrets or commercially sensitive information.

SME Protections and Exemptions

SME protections were reinforced, including exemptions from certain obligations and limits on unfair contractual terms that could disadvantage smaller organizations. The Council recognized that full compliance obligations could burden SMEs disproportionately relative to their resources and market power.

Exemptions reduce compliance costs for smaller organizations while maintaining protections for their interests as data users and customers. Unfair contractual term provisions address power imbalances in negotiations between SMEs and larger trading partners that could impose one-sided data access restrictions. If you are affected, evaluate whether their SME customers benefit from these protections and ensure their contractual practices comply with fairness requirements.

Implications for Cloud Customers

Cloud customers should begin aligning contract language and technical plans with the Council's switching expectations to reduce lock-in and enable portability even before final text adoption. Contract reviews should identify current switching restrictions including notice periods, switching fees, and data export limitations. Technical planning should address data portability, application migration, and operational continuity during provider transitions. If you are affected, develop switching playbooks documenting procedures for changing providers, reducing the practical barriers that complement contractual lock-in.

Data Holder Preparation

Data holders must anticipate B2G access requests, building processes for lawful disclosure, auditing, and transparency to customers regarding government data sharing. Process design should address request intake, legitimacy verification, scope negotiation, technical fulfillment, compensation recovery, and record keeping. Customer transparency helps maintain trust by informing customers when their data has been shared with public authorities and for what purposes. Legal review should evaluate disclosure obligations, exemptions, and appeal rights that data holders can exercise when requests appear improper.

Implementation Planning

Review current cloud contracts for switching fees, timelines, and data export formats; draft playbooks to meet Council timelines once finalized. Design data governance workflows for handling emergency or public-interest B2G requests with documentation and challenge mechanisms. Identify SME customers and ensure product terms and data access conditions reflect the Council's fairness and exemption criteria. If you are affected, track trilogue negotiations and final text adoption to refine their setup plans as requirements crystallize.