One Regulation, Three Contract Changes – The Impact of the Data Act on SaaS Business

Introduction: Data Act and SaaS Business

Your customer sends an email: they want to switch service providers mid-contract and request all their data. They mention the EU Data Act. Could your organisation deliver it in a technically and legally sound format?

The question is not only about who owns the data. It is about whether you can deliver it in a way that withstands both technical and legal scrutiny. This situation is the reality for an increasing number of SaaS operators, as the EU Data Act (EU) 2023/2854) has introduced from 12 September 2025 new rules to the market that directly affect cloud service business models. The Data Act uses the term data processing services, which covers, among others, SaaS services. For clarity, this article uses the term cloud services.

This article addresses the impacts of the Data Act on SaaS business and, in particular, the changes the regulation requires in contract terms, data portability, and pricing structures. The key message is that the Data Act necessitates potential changes in at least three contractual areas, and that when properly implemented, these changes can also serve as a competitive advantage.

Content and Scope of the Data Act

At the core of the Data Act is not only access to and availability of data, but also specifically facilitating the switching of cloud service providers and removing contractual barriers. This is not merely an individual compliance requirement but also regulation that reshapes market structure.

Many SaaS companies are already accustomed to the notion that the customer “owns their data.” However, the Data Act takes the discussion further, because merely stating ownership in a contract is insufficient if the customer cannot actually use or transfer their data. The matter must therefore be considered at a deeper level.

The obligations under the Data Act primarily concern data produced by the customer and processed within the service. It does not mean the disclosure of algorithms, source code, trade secrets, or system architecture.

Drawing this boundary is important, but it does not eliminate the core question: does the customer have a genuine ability to switch to another service without technical or contractual barriers making the transition practically impossible?

It should also be noted that micro and small enterprises are, in certain situations, exempt from some of the Data Act’s obligations. In practice, this means that micro and small enterprises are not in the same position as larger operators in all respects. However, each operator must first identify its own position in relation to the regulation before assessing the scope of its obligations.

Contract Terms and Switching Costs

The Data Act compels SaaS companies to re-examine their contract structures. Terms that restrict the customer’s right to obtain their data or that are based on clear contractual barriers may be problematic.

This does not mean that fixed-term contracts will disappear. It means that switching service providers must not be prevented by unreasonable terms or practices. Long contract periods, unclear exit processes, and high switching fees are particularly high-risk.

This is a significant detail that often goes unnoticed in practice. The service provider has the right under the Data Act to charge costs arising from the transfer, but the compensation must be based on actual and justifiable costs. If the fee effectively acts as a barrier to switching providers, it may be contrary to the regulation.

Furthermore, after the transition period, from January 2027 onwards, charging fees related to the switching process will be entirely prohibited. Accordingly, documenting switching costs is also part of regulatory risk management going forward.

A Business Model Without Contractual Barriers

The deeper impact of the Data Act is visible in the business model. Many SaaS solutions have historically benefited from technical or contractual barriers to switching services. When switching is difficult for the customer, retention is high.

The Data Act challenges this thinking. Customer retention must be based on the value of the service, not on the difficulty of leaving. This causes an uncomfortable question. If the customer could leave without friction, would they still stay?

If the answer is not an unequivocal yes, the Data Act serves as a wake-up call.

At the same time, the change offers an opportunity. A company that can openly demonstrate that data is genuinely portable builds trust. Large enterprises and public sector entities, in particular, are paying increasing attention to this during the procurement phase.

Practical Examples: HR and Financial Management SaaS Solutions

HR SaaS Facing a New Situation

Consider a SaaS company offering HR software that has provided its customers with the ability to export data in CSV format, but in practice only from limited reports. Exporting all data has required a separate project and a significant additional fee.

In light of the Data Act, the company must assess whether this model meets portability requirements. Does the customer truly receive all the data they have produced? Is the format genuinely usable or merely nominal? Is any transfer fee justifiable based on actual costs, and does it withstand scrutiny?

Often the answer leads to technical investments: developing API interfaces, documenting the data model, and standardizing processes. This is more than a legal update – it is a structural change to the product.

Financial Management SaaS Solutions

A similar situation applies to financial management SaaS companies, where accounting data, vouchers, and transaction history are stored in a manner that is not currently easily exportable in a structured format to a new system.

In the financial management context, the challenge is particularly pronounced because accounting material retention obligations are long and data integrity is critical. If the customer cannot transfer their historical data in a functional format to a new system, switching providers may be effectively prevented, even if the contract ostensibly permits it.

The industry changes, but the problem remains the same.

Risks of Inaction and Opportunities of Change

Inaction is not a neutral choice. A contractual term may prove to be void, a customer may use the regulation as a negotiating lever, and public procurement opportunities may be lost.

In practice, this means that in contract negotiations the counterparty may demand that the terms compliant with the Data Act and refuse to accept legacy contract templates. In public procurement, Data Act readiness may become a threshold issue that excludes unprepared operators from tender competitions.

Furthermore, in a market where transparency and data governance are emphasized, a reputation based on contractual barriers is not a competitive advantage. It is a risk.

The Data Act is not merely a new obligation. It is a signal to the market that customer retention must be based on the value of the service, not on the difficulty of leaving.

SaaS operators have a choice: implement the minimum requirements or seek to gain a competitive advantage from the change. Those who treat the regulation as merely a minimum requirement will do only as much as is necessary. Those who see it as an opportunity to build transparent and trust-based businesses, and to also receive data themselves and thereby develop, can turn the obligation into a competitive advantage.

Where to Start? Three Concrete Steps

1. Contract audit – Identify which current terms may be problematic in light of the Data Act. Pay particular attention to exit clauses and switching fees.
2. Technical assessment – Determine whether data is genuinely exportable in a structured, machine-readable format without a separate project. Assess the current state of API interfaces and export functionalities.
3. Pricing review – Ensure that current switching costs are justifiable based on actual costs and withstand scrutiny also after 2027.
   If you would like to discuss the impact of the Data Act on your business or need assistance in assessing contract terms, technical portability, or pricing structures, please contact our expert team. We will help you map your situation and plan the necessary measures – whether it concerns a contract audit, technical assessment, or comprehensive Data Act readiness.