The cloud exit plan is moving into the contract

The most revealing cloud question is no longer only what a service can do on day one. It is what happens on the day a customer wants to leave, split a workload, or move critical data somewhere else.

That question used to sit at the back of procurement files, wrapped in phrases such as portability, vendor lock-in and exit assistance. Europe’s Data Act is making it more concrete. The regulation has applied since 12 September 2025 and covers a broad set of data access rules, including switching between data processing services. In plain terms, the cloud exit plan is becoming part of the contract.

The practical reason is simple. Cloud services are not just storage buckets with a download button. They can include databases, identity settings, logs, automation scripts, data models, monitoring tools, support histories and application dependencies. Moving away from one provider can mean moving data, but also reconstructing the surrounding machinery that makes the data useful. A right to switch is thin if the contract does not say what is exportable, how long the handover takes, who helps, what security level is maintained and what fees appear on the way out.

The Data Act tackles that problem through a set of switching obligations for providers of data processing services. The legal text says providers must remove pre-commercial, commercial, technical, contractual and organisational obstacles that inhibit customers from switching to another service of the same type, moving to on-premises ICT infrastructure, or using several providers at the same time. That is a broad sentence with a very practical target: the small hidden frictions that make a cloud change possible in theory and miserable in practice.

The contract detail matters most. Article 25 says the customer’s rights and the provider’s obligations around switching must be clearly set out in a written contract and made available before signing. It also says the contract must include clauses allowing a customer, upon request, to switch or port all exportable data and digital assets without undue delay and, in any event, not after a mandatory maximum transitional period of 30 calendar days, once the notice period has passed. During that period, the source provider is expected to provide reasonable assistance, act with due care to maintain business continuity, give clear information on known continuity risks and keep a high level of security throughout the switch.

That does not turn a complex cloud migration into a one-click ritual. It does change the timing of the conversation. The useful questions now arrive before renewal, not during a crisis. Which data and digital assets are exportable? Which formats are used? Which parts of the service depend on proprietary features? How are backups, logs, keys and user permissions handled? What support is included during a move? What happens to continuity if a transfer takes longer than planned?

Fees are part of the same story. The Data Act says that from 12 January 2027, providers of data processing services must not impose switching charges on the customer for the switching process. Until then, reduced switching charges may apply, but they must not exceed the provider’s costs directly linked to the switch. The regulation also requires clear pre-contract information on standard service fees, early termination penalties and reduced switching charges, and, where relevant, information about services where switching is highly complex, costly or impossible without significant interference.

That is why the new paperwork is not only paperwork. A cloud bill can look cheap until the exit route is vague. A service can look flexible until the data is exportable only in a format that still leaves a customer rebuilding half the operating model. A multi-cloud strategy can sound resilient until identity, monitoring and support sit in separate silos. The point is not to frighten people away from cloud services. It is to treat exit as part of responsible use.

The European Commission’s draft model contractual terms and standard contractual clauses add another signal. They are voluntary and mainly aimed at business-to-business contracts, with a particular nod to SMEs that may not have large legal teams. Their existence suggests the Data Act is moving from legislative principle to practical contract language: switching, termination, security, business continuity and data access clauses that can be read before a problem begins.

There are limits. The Data Act is an EU rulebook, not a global default for every contract. It does not remove all engineering cost, solve every interoperability gap, or guarantee that one provider’s managed service will behave exactly like another’s. Some obligations differ by service type, and the harder parts of cloud migration still involve architecture, dependency mapping and human judgement.

Still, the direction is clear. The old cloud pitch was often about speed: start fast, scale fast, add features fast. The next phase is also about reversibility. A mature cloud contract is not only a promise that a service works while the customer stays. It is a map for what happens if the customer changes course.