From September 12, 2025, new data processing service contracts (IaaS/PaaS/SaaS) must include a switching package: max 60-day notice, then a 30-day transition to port data/assets (extendable once), followed by ≥30 days for final retrieval, and complete erasure after. Switching charges (incl. egress fees) phase down to cost-based only until January 11, 2027, and are banned from January 12, 2027 (with a narrow multi-cloud exception). Providers must help customers reach functional equivalence on another like-for-like service and publish registers of formats/standards and relevant interfaces.

The EU Data Act gives users of connected products and related services the right to access and share product/usage data—easily, securely, and free of charge. From Sep 12, 2026, products/services must be designed for access. Before sale, you must explain what data is generated, how often, how users access/erase it, and basic retention. On request, you must provide data in a common, machine-readable format and send it to a third party if the user asks. Guardrails protect trade secrets, ban DMA gatekeepers as recipients in this route, and carve out micro/small business exemptions.