Wake up: the EU data act will change! Tips for customers of SAAS poviders
Many timelines are filled with posts about the AI act, but hardly anyone talks about a law that may impact SaaS even more directly. On September 12, 2025, the EU data act (Regulation (EU) 2023/2854) becomes applicable, and it will transform how SaaS, PaaS, and IaaS providers operate.
If you use cloud services, or if you provide them, here’s why you need to wake up now.
What is the EU data act?
The data act is a European regulation designed to improve fairness, portability, and interoperability in cloud services. It applies directly in all EU member states and will likely be extended to the EEA.
Outside Europe, including Curaçao and Aruba, it does not apply automatically. But if you use an EU-based SaaS provider, you will still benefit from its protections.
The new rules for SaaS, PaaS, and IaaS
Make sure to understand the new rules.
- Termination limited to two months: Contracts must allow customers to leave within a maximum of two months. Long lock-in terms will not hold up.
- Migration support within 30 days: Providers must complete migrations within 30 days of notice. If technically impossible, they can extend this to seven months, but only with justification and continued service.
- Exit fees will disappear: Until January 12, 2027: providers may only charge cost-based fees. After that date: no fees at all: switching must be free.
- No more artificial obstacles: Providers cannot use contractual, technical, or organizational barriers to block switching.
- Retrieval and erasure of data: Customers must get at least 30 days to retrieve their data. After that, providers are obliged to erase it completely.
- Transparency and open interfaces: Providers must publish clear documentation about migration, data formats, and interoperability. They also need to provide open interfaces and maintain a public register of supported formats.
Unfair contract terms under scrutiny
The data act bans unfair B2B contract terms. A blacklist and grey list of clauses makes it easier for customers to challenge unreasonable conditions. From September 12, 2025, this applies to new contracts. From September 12, 2027, it will also affect existing long-running contracts.
Where the data act applies
-
EU member states → directly applicable.
-
EEA countries → expected to adopt.
-
Caribbean Netherlands (Bonaire, St. Eustatius, Saba) → fully applicable.
-
Curaçao, Aruba, St. Maarten → not directly applicable, unless you work with EU-based providers.
Tips for customers working with SaaS providers
-
Review your contracts: Check for long termination periods, exit fees, or lock-in clauses.
-
Ask about migration tools: Make sure your provider supports export and open formats.
-
Plan for switching: Even if you do not plan to switch, know the process.
-
Demand transparency: Ask for documentation on formats, retrieval, and interoperability.
-
Use your new rights: After January 2027, switching is free. Negotiate with this in mind.
Tips for SaaS providers
-
Update your contracts: Include the two-month termination period and retrieval clauses.
-
Adapt your technology: Provide APIs, export functions, and open standards.
-
Communicate proactively: Show customers you are ready for compliance.
-
Prepare for the end of exit fees: Rethink your retention and pricing model.
Final thoughts
The EU data act changes the rules of the cloud game. For customers, it brings freedom and flexibility. For providers, it demands a serious rethink of contracts and technology. From Amsterdam to Aruba, if you use EU-based SaaS, this will affect you. The only question left: are you ready for September 12, 2025?
Disclaimer
This article is intended for informational purposes only. It does not constitute legal advice. Organizations should seek independent legal counsel to assess their specific situation and compliance requirements under the EU data act.
The topic is highly relevant for many companies, since SaaS providers have often imposed high exit fees and restrictive long-term contracts. The data act directly addresses these practices, making it an important development for every organization that relies on SaaS or other cloud services.