With the Data Act (Regulation (EU) 2023/2854) (“DA”), the European Union is pursuing the goal of making the data economy fairer, more transparent, and more interoperable. The new regulations have been in force since September 12, 2025, introducing significant changes for cloud providers. Chapter IV regulates so-called cloud switching, i.e., the ability for customers to switch between providers or transfer data to their own IT infrastructure.
This is intended to reduce customer dependencies (“vendor lock-ins”) and promote competition between cloud providers. However, the Data Act poses considerable legal and technical challenges for providers. These are increased by numerous ambiguities, in particular with regard to new information obligations and mandatory contract clauses.
This article follows on from the article published on November 4, 2025, which examines the applicability of the cloud switching regulations and the obligation to remove obstacles to switching.
I. Information Obligations
Cloud providers should pay particular attention to compliance with information obligations, as violations of these can be easily detected.
It is not clearly regulated for all information obligations when these must be fulfilled. However, providers must assume pre-contractual obligations, as only pre-contractual information can support customers’ decision-making.
It also remains unclear whether the obligation to provide information on the availability of data in accordance with interoperability standards and open interoperability specifications applies to providers of all cloud services. As a precaution, however, all cloud providers should provide this information, regardless of the type of service offered (IaaS, PaaS, SaaS, or XaaS).
II. Mandatory Contract Clauses
Art. 25 DA prescribes mandatory minimum content for contracts for cloud services in a comprehensive catalogue.
In particular, providers must also specify in the contract the switching charges that may be imosed in accordance with Art. 29 DA. This presents providers with the problem of how to fulfill this obligation. Since the specific amount of the switching charges depends on various factors and cannot be determined in advance, an abstract description of the possible switching charges seems to be the only solution. As long as there is no clarity on this issue, it is advisable to strictly adhere to the provisions of Art. 29 (1) – (3) DA when specifying the possible switching charges in the contract. This provision regulates the permissibility of switching charges.
It is also important to note that the minimum content requirements set out in Art. 25 DA must be observed not only for new contracts but also for contracts with existing customers. Providers must therefore adapt all contracts concluded before September 12, 2025 to the new minimum content requirements.
III. Conclusion and Outlook
The Data Act creates far-reaching EU cloud regulation. Providers should urgently ensure compliance with the extensive information obligations. In addition, customer contracts must be adapted to the Data Act. At the same time, much remains unclear—in particular, how courts will interpret key terms and obligations.
Until the existing ambiguities are clarified by case law, a risk-based compliance strategy and ongoing monitoring of regulatory guidelines and statements are recommended.
An in-depth analysis of the information obligations for cloud providers and the minimum content for cloud contracts can be found in the article by Dr. Felix Rützel, published in MMR 2025, 864. Dr. Felix Rützel is a lawyer in Grünecker’s Munich office and advises on all legal issues relating to information technology and digitization.