Compliance Briefing — September 12, 2025

Executive briefing: Article 25 of Regulation (EU) 2023/2854 requires providers of data processing services—including IaaS, PaaS, SaaS, and edge platforms—to remove commercial, technical, and contractual barriers that prevent customers from switching to other services. From September 12, 2025, providers must deliver functional equivalence documentation, publish switching procedures, and phase out termination fees, while customers gain the right to port data and digital assets in a commonly used, machine-readable format.

Key compliance checkpoints

• Switching policy publication. Document processes, notice periods, and supported export formats, making them accessible via customer portals and contracts.
• Fee governance. Review pricing catalogues to remove charges for switching support beyond cost-based fees allowed during a limited transition window.
• Interoperability testing. Validate that APIs, schemas, and metadata exports meet the interoperability specifications referenced in the forthcoming implementing acts.

Operational priorities

• Customer communication. Notify EU clients of updated contractual rights, offering migration toolkits and support SLAs.
• Third-party assurance. Engage auditors to attest that switching controls and data portability tooling work as described, reducing regulatory scrutiny.
• Incident readiness. Prepare escalation paths for complaints raised with national authorities when switching requests fail or exceed the mandated timelines.

Enablement moves

• Coordinate with industry initiatives such as Gaia-X and CISPE to align on reference architectures and portability standards.
• Integrate switching telemetry into product analytics to monitor completion rates, failure causes, and support workload.

Sources

• Regulation (EU) 2023/2854 — Data Act
• European Commission: Data Act overview
• Hogan Lovells: EU Data Act — what cloud providers need to know

Zeph Tech equips cloud and SaaS providers with playbooks that operationalise Data Act switching rights while preserving resilience and customer trust.

Related briefings

Curated signals from the same pillar or overlapping topics.

Compliance · Credibility 87/100 · June 27, 2023

Compliance Briefing — June 27, 2023

EU lawmakers reached a political agreement on the Data Act, obliging data-rich organisations to enable access, portability, and fairness controls across connected products and industrial data services.

Compliance · Credibility 89/100 · January 11, 2024

Compliance Briefing — January 11, 2024

The EU Data Act entered into force on 11 January 2024, triggering 2025 deadlines for connected product data sharing, cloud switching, smart contract controls, and safeguards against unlawful foreign access across EU and…

Compliance · Credibility 40/100 · September 6, 2023

Compliance Briefing — European Commission issues first DMA gatekeeper designations

On 6 September 2023 the European Commission named six companies as Digital Markets Act gatekeepers across 22 core platform services, triggering six-month timelines to comply with interoperability, self-preferencing, and…

Compliance · Credibility 50/100 · September 12, 2025

Compliance Briefing — September 12, 2025

Deployers of high-risk AI in the EU now need documented fundamental rights impact assessments before rollout, as Article 29a of the AI Act takes hold ahead of 2026 supervisory checks.

Compliance · Credibility 50/100 · September 20, 2025

Compliance Briefing — September 20, 2025

EU Battery Regulation due diligence rules came into force in August, meaning September supply-chain reviews must evidence risk assessments, grievance mechanisms, and remediation plans across cobalt, lithium, nickel, and…

Continue in the Compliance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Third-Party Risk Oversight Playbook — Zeph Tech

  Operationalize OCC, Federal Reserve, EBA, and MAS outsourcing expectations with lifecycle controls, continuous monitoring, and board reporting.

• Compliance Operations Control Room — Zeph Tech

  Implement cross-border compliance operations that satisfy Sarbanes-Oxley, DOJ guidance, EU DORA, and MAS TRM requirements with verifiable evidence flows.

• SOX Modernization Control Playbook — Zeph Tech

  Modernize Sarbanes-Oxley (SOX) compliance by aligning PCAOB AS 2201, SEC management guidance, and COSO 2013 controls with data-driven testing, automation, and board reporting.