EU Data Act cloud switching obligations demand proof of readiness

Chapter VI of the EU Data Act (Articles 23–31) becomes applicable on 12 September 2025, obliging data processing service providers (cloud, edge, and platform services) to support switching without unjustified restrictions or charges. Providers must remove egress fees, deliver 30-day switching assistance, and publish interoperability details ahead of national authority supervision. this analysis links to the pillar hub, the Data Act readiness guide, and related briefs on general application and connected-product readiness.

Timeline and scope checkpoints

Article references follow Regulation (EU) 2023/2854; member states will designate competent authorities to monitor compliance.

Obligations to operationalize

• Exit-friendly contracts (Articles 23–24). Remove technical, commercial, or organizational barriers to switching; ensure any transitional compensation is cost-based and temporary; publish switching timelines and SLAs.
• Interoperability and portability (Article 25). Provide interface documentation, export formats, and open API specifications that enable workload portability. Where EU standardization deliverables become available, adopt or map to them.
• Assistance and functional equivalence (Article 26). Offer migration support proportionate to service complexity, maintain service quality during transition, and verify data completeness at handover.
• Business continuity (Article 27). Plan for switching triggered by outages, insolvency, or breaches of contract; maintain cross-region replicas to honor 30-day default migration deadlines.
• Data location and safeguards (Articles 28–30). Provide transparency on data location changes during switching, apply equivalent security and privacy controls, and document onward-transfer safeguards.
• Sub-processor transparency (Article 31). Publish the list of sub-processing services relevant to switching, including APIs and dependent cloud regions, and maintain change notifications.

Diagram — switching assurance loop

        [Inventory] → [Contract uplift] → [Migration test] → [Evidence vault]
         ↑ ↓
         [Gap remediation] ← [Service health checks]
         

Control mapping and owners

Runbook for a 30-day switch

1. Day 0–3: Intake. Validate requester identity, scope workloads, confirm data volumes, and agree on target platform formats.
2. Day 4–10: Export and test. Generate encrypted exports, share interface docs, and conduct joint validation on sample datasets.
3. Day 11–20: Migration window. Execute staged migrations with checksum verification; maintain parallel operations to preserve uptime.
4. Day 21–25: Functional equivalence checks. Compare performance, logging, and security baselines against pre-migration benchmarks; resolve defects.
5. Day 26–30: Handover and erasure. Provide attestations of data deletion or transfer completion; update sub-processor lists and customer records.

Complex workloads may justify an extended timeline, but Article 23(2) expects switching without undue delay. Document any exceptions and customer approvals.

Metrics and evidence to prove compliance

• Switching time. Median and 95th-percentile days from request to completion; target ≤30 days.
• Charge elimination. Percentage of services with zero egress or switching fees; quarterly glidepath to 100% by September 2028.
• Interoperability coverage. Portion of services with published API/format docs and conformance tests; aim for 100% of in-scope services by August 2025.
• Incident-triggered switches. Number of successful continuity switches during outages or insolvency drills; evidence via drill reports.
• Customer communication. Timeliness and completeness of switching notices, sub-processor updates, and SLA changes.

Readiness checklist for May 2025

• Contracts updated with zero-cost switching clauses, dispute escalation, and data location transparency.
• Exit playbooks aligned to Articles 23–27 with named owners and escalation paths.
• Export tooling tested on representative workloads; checksums and encryption validated.
• Sub-processor registry published and mapped to switching scenarios.
• Evidence vault prepared for competent authority inquiries, including migration logs and customer approvals.

Cited sources

• Regulation (EU) 2023/2854 (Data Act)
• European Commission Data Act Q&A

Migration dependencies to lock down

Assurance cadence and drills

• Quarterly migration drills. Execute at least one end-to-end switching simulation per quarter per flagship service, with defect tracking and remediation.
• Board and risk updates. Provide quarterly risk reports covering fee elimination progress, migration success rates, and member-state guidance.
• Regulator-ready packets. Maintain an always-on packet containing the switching policy, latest drill report, customer communication templates, and API/format documentation.
• Incident integration. Ensure incident response runbooks contain a branch to trigger switching playbooks when outages exceed customer RTOs.

Audit binder structure

1. Policy and contracts. Finalized Chapter VI switching policy, contract addenda, and tariff sheets showing the glidepath to zero fees.
2. Technical evidence. API specifications, schema definitions, SDK release notes, and screenshots of export tooling.
3. Drill and migration logs. Tickets, change records, checksums, latency comparisons, and customer approvals for completed switches.
4. Risk assessments. DPIAs, threat models for cross-cloud transfers, and mitigation plans for portability blockers.
5. Communications. Customer notices, sub-processor change logs, and regulator correspondence.

Keep the binder indexed by Article reference so competent authorities can quickly trace evidence to specific obligations.

Enforcement expectations and defensible posture

• National competent authorities. Expect supervisory requests for switching policies, contract samples, and recent migration logs; maintain responses in local languages where relevant.
• Customer complaints. Article 4 rights help users to challenge barriers; track and remediate any raised through customer support or ombudsman channels.
• Competition sensitivity. Switching obligations intersect with unfair contract term rules; keep legal review notes showing how compensation models avoid lock-in.