Aristotelis Zervos
Aristotelis Zervos, Editorial Director at 2B Advice, combines legal and journalistic expertise in Data protectionIT compliance and AI regulation.
The EU Data Act brings a decisive innovation for the European data market: providers of cloud and data processing services are obliged to actively support their customers in changing providers and thus ensure data portability. This is intended to reduce lock-in effects and enable companies to flexibly take their data and digital assets with them.
Data portability as a basic principle
The Data portability is at the heart of the EU Data Act and ensures that users can transfer their data from one provider to another, not just in theory, but in practice. It is intended to prevent companies from remaining trapped in closed systems and instead allows them to freely choose their service provider.
At the heart of this is the requirement that data is provided in an interoperable, structured and common format. This means that not only raw data, but also more complex digital assets (such as models, metadata, licenses or configurations) can be transferred between providers. This requirement goes beyond traditional data portability and creates a framework for genuine technological interoperability.
In addition, the Data Act makes it clear that portability can also be seen as an economic and competitive lever: it reduces dependencies on individual cloud providers and forces the market to be more innovative, price transparent and service quality.
Legal obligation to support data migration
The legal requirements of the EU Data Act go beyond the mere provision of export functions. Providers must actively implement organizational and technical measures to ensure the secure, complete and timely transfer of data and digital assets. In addition to the obligation to ensure interoperability, this also includes clear contractual assurances, documentation obligations and Duty to inform towards customers. The Data Act thus creates a comprehensive, binding obligation to provide support, which is legally enforceable and monitored by national supervisory authorities.
According to Articles 23 et seq. of the Data Act, providers are obliged to actively support the relocation of data and applications. In concrete terms, this means
- Data must be exportable in machine-readable and structured formats.
- Providers must provide open standards and interfaces that enable a smooth transfer.
- The switching process must be transparent - with clear information on duration, costs and possible restrictions.
Particularly important: Article 25 of the Data Act stipulates that reasonable fees may initially still be charged for the change. However, this provision only applies for a transitional period of three years from the date of entry into force. After that, providers must enable switching free of charge. This is intended to ensure that economic hurdles are completely eliminated in the long term.
Advantages for companies
For companies, the Data Act brings considerable advantages that go far beyond the mere possibility of switching providers. On the one hand, it strengthens digital sovereignty: companies can move their data and applications freely and are no longer tied to proprietary systems or isolated infrastructures. This creates a significantly greater degree of strategic independence when selecting cloud providers.
On the other hand, planning security is increased: providers must provide clear information about processes, deadlines and costs, which enables companies to make better calculations. This Transparency facilitates long-term IT strategies and investment decisions in particular.
Also with regard to the IT security and Compliance companies benefit: As providers are obliged to provide open standards, the risk of technical dependencies, outdated interfaces or incompatible data formats is reduced. This makes it easier for companies to switch between services without violating regulatory requirements, for example in the area of data protection or information security.
Other advantages include the promotion of competition in the cloud market and the possibility of better cost control. Companies can compare service providers in a targeted manner, negotiate prices and react more quickly to changing market conditions. This gives small and medium-sized companies in particular scope to act flexibly and efficiently and avoid expensive dependencies on individual providers.
Reading tip: EU Data Act - who is affected?
Enforcement and sanctions
Compliance with the requirements of the EU Data Act to support provider switching is ensured on several levels. Firstly, the member states are obliged to appoint suitable competent authorities that are responsible for monitoring and enforcing the regulation (Art. 36 ff. Data Act). These authorities are given far-reaching powers to check compliance, identify infringements and impose sanctions.
Responsibility and supervision
Each Member State may designate one or more national authorities to act as a supervisory and enforcement authority. These authorities are to ensure that providers of data processing services fulfill their obligations to assist in switching providers. In doing so, they work together with the competent authorities of other EU member states to ensure consistent enforcement. The EU Commission can also Guidelines for harmonization.
Sanctions for violations
The Data Act obliges the Member States to provide for effective, proportionate and dissuasive sanctions. In particular, this includes high fines, the specific amount of which is determined by the national legislators. This creates a framework that reacts flexibly to the size of the market and the severity of the infringement. Providers who actively make it difficult or hinder customers from switching must therefore expect considerable financial risks.
Civil law enforcement
In addition to regulatory control, customers themselves also have the opportunity to enforce their rights. Although the Data Act does not give rise to an independent claim for damages, companies can rely on contractual claims (e.g. for non-performance or breach of duty) as well as on tort law bases to claim damages or performance. In practice, this may mean that a provider who delays or incompletely supports the data migration can be held liable for any resulting economic loss.
Significance for providers and customers
For providers of data processing services, this results in considerable compliance pressure: they must design processes and technical systems in such a way that a change of provider is legally compliant and runs smoothly. For customers, this in turn strengthens legal certainty, as violations can not only be sanctioned by authorities, but also prosecuted in court.
Conclusion: Data portability should be easy to achieve
The EU Data Act significantly strengthens the rights of companies. The obligation to provide active support when switching providers ensures that data portability is not just a theoretical right, but is enforced in practice. Companies gain sovereignty, competitive advantages and legal certainty, while providers have to adapt their compliance strategy and service processes. In particular, the planned exemption from fees after the transition phase makes switching providers not only legally but also economically possible without restrictions in the long term.
Aristotelis Zervos is Editorial Director at 2B Advice, a lawyer and journalist with profound expertise in data protection, GDPRIT compliance and AI governance. He regularly publishes in-depth articles on AI regulation, GDPR compliance and risk management. You can find out more about him on his Author profile page.
German 
English 
Italian 
French