The EU Data Act (Regulation 2023/2854), in force from 12 September 2025, changes how SaaS vendors must write their customer contracts. In particular, the Act grants business customers new rights to access, port and migrate their data and to switch providers with short notice. For B2B SaaS vendors, this means significant new obligations around data portability and fair contract terms.
Key Obligations for SaaS Providers
In broad terms, the Data Act is designed to remove lock‑in and promote data portability. For SaaS vendors, the principal obligations concern switching rights, data portability, transparency and fair contract terms.
- Switching and portability. You must enable customers to move their data (and where feasible, applications or configurations) from your service to another provider or to an on-premises system. Contracts must allow customers to cancel the service on two months’ notice at most, after which the customer and any approved third parties have up to 30 calendar days to migrate and port all exportable data and digital assets.
- Contractual terms. Any written agreement for data processing services must clearly spell out the customer’s switching rights and the provider’s duties when a customer exits. You must make the required information (see below) and the contract available to customers before they sign.
- Transparency and information. You must provide customers with clear information about switching procedures in advance. For example, publish instructions on how to export data, the formats available, and any known technical constraints. This helps customers (and receiving providers) prepare for migration.
- International data access. The Data Act requires you to disclose publicly, for example on your website, the countries where data is processed and the security measures you have taken to prevent unlawful foreign government access to non-personal data. These disclosures should also be made in your service contracts.
- Unfair contractual terms. The Data Act invalidates many one-sided B2B contract clauses. You cannot unilaterally impose terms that conflict with the Act’s mandatory rights. Blacklisted examples include terms that forbid users from obtaining their own data or that allow you to cancel services on short notice without exit rights for the customers. If a contractual provision is found unfair, the rest of the contract remains effective but that clause is unenforceable.
Fees and Pricing Adjustments
The Data Act restricts how vendors can charge for migration:
- Switching fees. Any exit or switching fees must be phased out. From 12 January 2027 onwards, providers cannot charge any fee for the switching process. Until then you may charge only the direct costs of switching. Before signing any new contract, you must explain to the prospect customer what (if any) early-termination or switching costs will apply during the phase-out period. After January 2027, switching is free.
- Early-termination fees. The Data Act does not outlaw compensation for leaving early, but any such fee must be proportionate. Consider capping early termination fees at a reasonable percentage or a flat admin fee and disclose it clearly. You may want to reserve the right to charge for services rendered up to termination.
- Fair pricing. More broadly, audit your pricing and billing. The fees for data access must be fair, reasonable and non‑ For example, if you previously offered a data export add‑on at a high price, rethink it. Make sure any charges (or waivers) for data migration or transition support are spelled out in the contract.
Applicability and Exemptions
The Data Act has a broad, extraterritorial scope: it covers any provider of data processing services (including SaaS, PaaS and IaaS) offered to customers in the EU, even if the vendor is based outside the EU. Nonetheless, there are certain exemptions from the rules on switching and unfair contractual terms.
- Bespoke services. One such circumstance is where a service is fully bespoke, developed entirely for a single customer and not offered commercially to other clients. In these cases, the obligations to provide exit rights, data portability, or open interfaces do not apply.
- Non-production or testing environments. Services provided solely for testing, evaluation, or pre-production purposes are not subject to the switching or unfair terms rules, provided they are not used operationally. Once the customer relies on the service in a live context, these exemptions no longer apply.
Next Steps
The EU Data Act introduces new obligations for B2B SaaS vendors. To remain compliant, providers should review their contracts to ensure there are no unfair terms, publish the required information about data locations and safeguards, and put in place processes to support data porting and customer switching.
Book a free call with our lawyers who can help you clarify whether your services are impacted, review your contracts and customer notices, and guide you on the practical steps needed to meet your obligations.
