The Data Act's cloud switching regime is potentially one of the most significant contractual challenges facing data processing service providers since the GDPR. Customers of cloud services now have the right to trigger an exit process with just two months' notice and providers must facilitate it, but exactly how remains frustratingly unclear.
The European Commission was tasked under the Data Act with developing non-binding standard contractual clauses for cloud computing contracts (SCCs). An Expert Group on B2B data sharing and cloud computing contracts has published its version of the SCCs in its Final Report, offering the market's first comprehensive guidance on compliance. While these were supposed to have been formally adopted by 12 September 2025, they remain in draft.
The question for providers is whether or not the SCCs should be used as the blueprint for Data Act compliance. We look at how the SCCs align with (and exceed) the Data Act's requirements, identify the critical gaps they leave unaddressed, and provide some practical guidance on how parties should approach cloud switching clauses as market practice develops.
Understanding the SCCs: role, status and structure
Crucially, these SCCs are non-binding and fully adaptable. Unlike the standard contractual clauses used to facilitate international transfers under the GDPR, parties can negotiate, modify or ignore them entirely. There is no requirement to adopt them wholesale, and no 'approved' status that comes from using them unchanged. This leaves the parties free to conclude that these clauses are unworkable and draw up something else.
However, this flexibility comes with a caveat. The Expert Group emphasises that the SCCs were drafted to align with the rights and obligations provided by the Data Act. The implication is that significant deviations are more likely to attract regulatory scrutiny or be challenged as non-compliant with the underlying statutory obligations.
The SCCs comprise seven modules (General, Switching & Exit, Termination, Security & Business Continuity, Non-Dispersion, Liability, and Non-Amendment) designed for integration into existing master service agreements rather than as a standalone addendum. As the clauses are optional, parties can pick and choose which modules to use, if any. The Switching & Exit module also offers two distinct approaches: Option A (provider-assisted switching with a detailed exit plan) and Option B (self-service switching using automated tools).
Option A anticipates significant provider involvement with a detailed exit plan covering porting methods, sequencing, timing and testing. Option B assumes customer self-service using automated tools, with provider documentation, support and dedicated resources. The choice between options depends on service complexity, customer technical capability, and the nature of data and digital assets involved.
The scope creep of the SCCs
The SCCs provide some areas of guidance on implementing Data Act requirements, but in doing so, they often interpret broadly worded statutory obligations in ways that create specific, prescriptive commitments. This interpretive scope creep means providers should carefully assess whether the SCCs' approach aligns with their service models and risk appetite.
Pre-contractual information
The SCCs contractualise the Data Act's Article 29 requirement to provide information about fees and complex switching services before contract formation. This pre-contractual conduct is not required to be in the contract under the Data Act so this clause is not strictly required and it blurs the line between non-contractual and contractual information.
Defining "Assistance"
The Data Act requires providers to "assist" the customer during the transition period and remove obstacles to switching. The SCCs interpret these general obligations with specificity.
For provider-assisted switching (Option A), the SCCs anticipate that parties will detail a switching and exit plan with a description of the sequence of operations, and that customers may request provider support in testing to verify the plan works in practice. For self-service switching (Option B), providers must specify the IT resources (servers, CPU, memory, I/O, bandwidth) allocated for the switching process and establish a procedure for customers to obtain additional resources if required.
Both interpretations transform vague statutory language into concrete commitments involving dedicated engineering resources, test environments, and guaranteed capacity in multi-tenant infrastructure. The parties may appreciate the certainty (and this could be useful guidance on what assistance will be interpreted to mean going forward); however, while the scope of this Data Act requirement is unclear, providers are likely to err on a vaguer or narrower commitment.
Non-Amendment
The Non-Amendment module of the SCCs prohibits unilateral amendments by default, permitting only narrow "Permitted Unilateral Changes" where clearly beneficial, security-necessary, or mandated by new law, with advance notice and no detrimental effect to the customer. This represents significant scope creep from the Data Act which is silent on amendment rights. Most cloud agreements reserve broad modification rights for evolving services. This module could add substantial administrative effort for providers to update standard terms and conditions.
Non-Dispersion
The Non-Dispersion module of the SCCs requires providers to maintain a dedicated, accessible repository of current and historical contractual documentation, subcontractor lists, contacts, performance reporting and notifications.
While transparency undoubtedly supports effective switching, the Data Act does not mandate this specific documentation infrastructure. For providers with complex supply chains or multiple service variants, implementing and maintaining such a repository represents a substantial administrative burden. The module's requirements go beyond facilitating switching to imposing ongoing information management obligations that have no clear statutory basis.
What don't the SCCs address?
While the SCCs provide extensive detail on operational aspects of switching, they are conspicuously silent on the commercial questions that might matter most to both providers and customers.
Switching charges
The parties to a cloud service will find no guidance on calculating switching charges. SCC 8 of Option A simply states: "The charges to be paid by the Customer for switching are as follows..." and leaves the rest blank.
The Data Act defines switching charges as "charges, other than standard service fees or early termination penalties, imposed by a provider of data processing services on a customer for… switching…". These switching charges are limited to direct switching costs until 12 January 2027, after which no switching charges (including for automated tools) are permitted.
What constitutes "direct switching costs" before 2027 remains unclear: staff time assisting with extraction? Infrastructure costs for parallel environments? Third-party transfer fees? The SCCs provide no methodology for calculating or evidencing these costs.
Early termination
The Data Act's definition explicitly excludes early termination penalties from switching charges, treating them as a separate category. However, when a customer exercises switching rights partway through a fixed-term contract, can the provider recover payments for the unused period or unrealised committed spend?
The Data Act requires that any early termination fees be "reasonable and proportionate", but the SCCs are silent on how to calculate them or ensure they meet this standard, despite this being one of the most contentious points emanating from the Data Act switching requirements.
International and cross-border complications
The cloud switching provisions apply to providers offering services to customers in the EU, but the SCCs provide no guidance on a fundamental question: who is the "customer" for switching purposes when services are provided to multinational groups?
In many cloud arrangements, the contracting party is a single entity acting on behalf of a global group. Services may primarily benefit users in the US or other non-EU jurisdictions, with an unnamed EU affiliate receiving incidental access to the services. Does the switching right apply at all in such scenarios? Does it apply only to the extent services are consumed by the EU affiliate? Must providers identify and ring-fence EU usage to determine switching obligations?
The SCCs offer no answers and simply echo the definition of a 'customer' used in the Data Act. This is a reasonable approach in a generic template but, in many cases, the parties will need to engage with this question more deeply before working out how to define the customer. If switching rights apply to an entire global contract because one affiliate is in the EU, providers may face disproportionate obligations. Conversely, carving out EU services into separate agreements risks fragmenting commercial relationships and creating operational complexity.
The SCCs' silence on contracting entity and scope leaves providers without guidance on a basic question: when do these obligations actually apply?
Early signs of market practice
Several practical factors suggest the SCCs may not achieve widespread adoption at present, and this is reflected in the Data Act terms which are publicly accessible at the time of writing.
Firstly, with significant uncertainty remaining about Data Act implementation and enforcement priorities, many providers are prioritising agility over completeness. Every clause presently being inserted into a contract will require review and potential revision as regulatory guidance develops so minimising paperwork is paramount to a valuable Data Act Addendum at present. The SCCs aim to pre-empt problems which may arise if the details of the switching process are not ironed out from the beginning. This is potentially valuable but their interpretations may not align with Data Act guidance which will be published in future.
Additionally, and in light of some of the switching problems the SCCs seek to pre-empt, the SCCs are customer-favoured. The Data Act already grants customers switching rights with minimal notice that could substantially affect providers' cashflow and impose administrative burdens on providers to facilitate the switching process. The SCCs interpret switching rights by adding specific obligations (testing support, guaranteed resources, restrictive amendment rights) that go beyond statutory requirements. The SCCs may become market practice by default once we have further guidance or case law to interpret the obligations in more detail but, for now, providers will seek to minimise their exposure as far as possible.
Finally, unlike GDPR standard contractual clauses, the Data Act SCCs cannot be incorporated by reference with minimal negotiation because they are not standalone/complete clauses. Their modular structure and the fact that they remain silent on the commercial questions drive negotiation on switching charges, early termination fees, and scope in multinational contexts. Each provider will integrate and customise the SCCs differently for their standard terms and conditions - eliminating their capacity as a known, accepted framework.
How should the SCCs be used for now?
The Expert Group SCCs offer valuable insight into the Data Act's switching requirements, but they are neither comprehensive nor necessarily suitable for wholesale adoption. In particular:
- The SCCs are a reference tool: they demonstrate one approach to implementing core statutory requirements but providers and customers should assess whether the SCCs' specific interpretations suit their particular service models and commercial relationships.
- Not every SCC provision reflects a strict legal mandate: many of the specific obligations represent interpretive choices about broadly worded statutory language. Parties should recognise where the SCCs go beyond clear legal requirements and consider whether these additions are appropriate for their circumstances while being aware that regulatory guidance may, over time, force market practice to align with the SCCs.
- Critical commercial questions remain unanswered: the SCCs provide no guidance on important issues including calculating switching charges before the 2027 prohibition, determining what constitutes "reasonable and proportionate" early termination fees, or defining scope in multinational contracting arrangements.
- Market practice is still developing: the final Commission SCCs may differ from this draft, and regulatory guidance on key issues will emerge over time. Parties should approach Data Act switching clauses with an awareness of this ongoing uncertainty.
