EU Data Act operational impacts: Compliance and technical considerations of cloud switching

Since the early days of the cloud revolution, organizations have embraced the flexibility and scalability that cloud services offer. Yet, migrating data and applications between different providers has often been seen as a complex and resource-intensive process, raising concerns about interoperability and vendor lock-in.

Companies often face challenges such as ensuring data portability without loss or corruption, adapting applications to different architectures, maintaining security and compliance throughout the process, and minimizing downtime to protect business continuity. These efforts also require careful management of costs and resources while overcoming vendor-specific dependencies that limit interoperability and make transitions more difficult.

The EU Data Act accelerates the transition into a new era of data portability and cloud interoperability, aiming to bring some balance to the digital market by giving users, regardless of size or type, greater control over our data. One of its most consequential aspects, especially for cloud service providers, is the requirement to enable effective switching between cloud services.

At its core, the Data Act’s provisions on cloud switching are about removing vendor lock-in, reducing economic dependency on dominant providers and fostering a competitive, innovative cloud ecosystem. See Recitals 77-80. But with this comes a series of compliance obligations and technical challenges that stakeholders must carefully navigate.

This article explores the relevant legal requirements under the Data Act and the challenges in having an effective implementation; it also examines if any similar obligations can be found under the Digital Operational Resilience Act and the Network and Information Security Directive 2. 

The legal obligations for cloud switching under the Data Act