EU – EU Data Act: Impact on SaaS Providers

Background

The Data Act Regulation (EU) 2023/2854 was adopted on January 11, 2024, and became applicable partially from September 12, 2025. The EU Data Act is the latest piece of legislation from the EU’s digital regulatory framework, which came into force only recently. 

The primary goal of the Data Act 2025 is to further strengthen the regulatory landscape, specifically by establishing best practices for the access and use of personal data. The Data Act is a new brick in the already strong and well-established EU wall bearing the name of the digital economy regulatory landscape. 

The Regulation should seamlessly cooperate with the Digital Services Act (DSA), the GDPR, the Digital Markets Act (DMA), the Digital Fairness Act, and the AI Act. When we look at the level of EU regulatory development and discuss the digital economy and its related challenges, we can conclude that the EU is a pioneer in many relevant areas and a clear leader. 

Data Act Key Provisions cover a broad range of interconnected subjects, where the legislators’ primary goal was to establish straightforward rules for fair access and use of data generated by “connected smart devices”, such as smart TVs, laundry machines, smart kitchen appliances, cars, industrial machinery, and many more. 

The scope of the Regulation doesn’t stop here; it also introduces new rules and requirements for simpler contract cancellation policies for B2C or B2B contracts with data processing service providers. The Data Act, in general, presents an entirely new scope of rules for data processing service providers and their customers. 

Our primary focus in today’s article is a clear, precise, and straightforward review of the EU Data Act and its related impact on data processing service providers and their customers. We aren’t going to discuss today other equally essential provisions. 

Still, we will limit our research to the impact of the Data Act on data processing service providers. What is expected from them, what they need to establish the business model, and practices that align with the new rules. 

We will also discuss how this Act affects customers of this group of service providers. 

Data Act Implementation Date 

1. The Regulation was adopted on January 12, 2024. 
2. On September 12, 2025, the Data Act came into effect; however, some provisions will take effect on the specified date. The rules on unfair contractual terms take effect from that date. 
3. From September 12, 2026, the requirements under “data accessibility by design” will extend to connected “smart products” and related digital services placed on the market from that date. 
4. On January 12, 2027, the provision that prohibits the calculation of additional charges for changing data processing service providers comes into effect. 
5. From September 12, 2027, the framework defining what constitutes unfair contractual terms for users of data processing services comes into effect. This new framework should be used as a guideline when formulating contracts concluded on September 12, 2025. 
6. On September 12, 2028, the EU Commission, as the advocate for this Regulation, should conduct an impact assessment of the EU Data Act and provide an in-depth review for all involved parties. 

Data Act Compliance 

Scope – Data Processing Service Providers 

One of the key subjects the Data Act addresses is introducing new provisions that set less stringent requirements for customers to switch data processing service providers. This possibility for customers to switch between service providers without the “need” to wait until the end of the subscription period will inevitably impact the revenue models of data processing service providers, which are mainly based on Annual Recurring Revenue (ARR) or Monthly Recurring Revenue (MRR) calculations. 

A significant part of the key provisions from the Data Act when it comes to SaaS providers should be addressed by interested parties by September 12, 2025. The definition of what subtypes of services can be included within the broad group of data processing services is quite challenging to define universally; however, from a substantive point of view, three main subgroups could be differentiated: 

• Infrastructure-as-a-Service (IaaS) is a cloud computing model that permits users to leverage third-party virtual infrastructure, such as storage, servers, or networks. IaaS allows customers to rent these resources rather than develop them themselves. 
• Platform-as-a-Service (PaaS), a cloud computing model that primarily operates on a pay-as-you-go basis, enables app developers to leverage a third-party-owned environment to build, deploy, or manage their applications. This cooperation allows developers to focus primarily on developing their applications. 
• Software-as-a-Service (SaaS) is a cloud-based model in which the software provider licenses its software to users on a subscription basis. In most cases, the subscription is either monthly or annual. 

Territorial Scope 

When it comes to the territorial scope of the Data Act, its enforceability aligns with that of other pieces of legislation that regulate the digital economy, technology, and data privacy. Both international and EU-based data 

Data Act SaaS Impact 

As indicated in the first part of our article, the Data Act entered into force on January 12, 2024, but the provisions affecting SaaS providers became applicable in most parts only on September 12, 2025. Chapter VI introduces a new set of rules and requirements that SaaS providers must comply with when drafting agreements or contracts with their customers. 

One of the most relevant drivers behind the European Commission’s strong advocacy of adopting the EU Data Act in contracts with data processing service providers is the possibility for customers to switch providers much more easily than before, without incurring significant “monetary setbacks”. 

New Framework for SaaS Contracts 

The provisions that guide service providers in drafting their agreements in accordance with the new requirements clearly state that the customer should have “more” freedom and flexibility when choosing to switch to another service provider. 

Key aspects of the provisions

In most cases, customers (both businesses and private individuals) can terminate service contracts with 2 months’ notice, regardless of the contract’s initially agreed duration. However, in specific circumstances, the provider may extend the notice period by an additional 45 days, for example, during data migration or security-related work. 

• The new framework applies to contracts signed after the provisions became binding, as well as to the agreements signed before. 
• Data processing service providers should develop tools and standardized procedures that will make the data migration process simple, transparent, and efficient. The SOP should also extend to the development of standards for simpler data extraction. 
• The providers shall have the possibility to include an early termination penalty, which must be balanced with the actual impacts for both parties. 
• From January 12, 2027, switching fees should become absolute. 

Impact on the Saas Business Models 

As a well-known fact, SaaS revenue models are mainly based on predictable metrics. This revenue calculation method is derived from a subscription-based system primarily structured around multi-year, yearly, or monthly contracts. 

B2B SaaS agreements were, in most cases, established on multi-year deals, while B2C agreements were on a yearly or monthly basis. These revenue models were predictable and drove the ARR or MRR projections for SaaS businesses, but the adoption of the EU Data Act will change this on a large scale. 

Since September, customers have had greater flexibility in switching to another service provider. There is no need to “respect” the entire duration of the contract. The early termination of the contract impacts the predictability of the revenue flow metric used so far. 

The adoption of the Data Act undoubtedly empowers customers to obtain more “beneficial treatment” from SaaS providers than they had before the Regulation. The SaaS providers will need to pay more attention to their pricing strategies, offerings, advertising, and services in general. From now on, SaaS providers offering similar services will face more competition than ever before. 

Possibility to terminate multi-year contracts with a two-month notice, which guarantees more freedom when choosing service providers or switching to new ones. Leverage when renegotiating contract renewal. 

The EU Data Act will influence how agreements are technically structured regarding switching rights, termination policies, discounts for multi-year contracts, and the renegotiation of renewals.

Takeaway