YOUR
Search

    17.03.2024

    Cloud, SaaS and edge business models under fire


    The EU Data Act came into force on January 11, 2024. Up to now, connected products have been the main focus of public interest.

     

    However, providers of cloud, SaaS, edge and similar services are also affected. The Data Act dedicates a separate chapter to them. This Chapter VI contains regulations for so-called data processing services and primarily aims to make it easier to switch between different services, i.e. to remove existing barriers to switching.

     

    In particular, if providers work with long term-contracts or the export of customer data is complex, the business model must be reviewed- ideally immediately.

     

    The main reasons for this are as follows:

     

    Long contract terms are obsolete. The customer can initiate a switch to another provider at any time with a notice period of two months. As a rule, the switch should be successfully completed after a further 30 days. After a successful switch, the previous contract is general-ly deemed to be terminated. The previous practice of refinancing providers' initial investments via certain minimum contract terms will therefore no longer work without further ado. Set-up fees, which have become less important in recent years as a result of SaaS services becoming more popular, could be considered as an alternative, as could payments in the event of premature contract termination (e.g., termination fees).

     

    Exit support can be very costly, but must generally be provided free of charge in the future. Since January 11, 2024, only reduced switching fees may be charged; from January 12, 2027, switching must be free of charge. At the same time, however, the Data Act provides for comprehensive support obligations that the source provider cannot evade.

     

    The provider is – to a certain extent – responsible for interoperability with the new provider's system.

     

    These issues should be addressed immediately, as they will force many providers to adapt their business model. As soon as the Data Act will fully come into force on September 12, 2025, a whole range of other obligations will be added, in particular

     

    • Adaptation of contracts (the Data Act specifies mandatory contract clauses)
    • Abolition of technical and organizational barriers to change
    • Extensive information obligations

     

    In addition to civil litigation with customers, breaches of the Data Act can also result in sanctions being imposed by the regulatory authorities; the maximum amount of fines has not yet been determined. Particularly juicy: The provisions on data processing services are likely classified as market conduct rules and thus subject to competition law. Breaches could be subject to warnings from competitors.

     

    Providers of data processing services must also implement safeguards against unauthorized access from public bodies in third countries.

     

    Our blog post provides an overview of the provisions of the Data Act, including those relating to networked products.

     

    Dr Andreas Lober

    Lennart Kriebel

     

    E-Commerce Action Plan: Germany’s Strategy…
    On 6 September, the German Federal Ministry of Economics and Technology (“BMWK”)…
    Read more
    Consent Management Regulation - Goodbye co…
    According to a recent study by Bitkom, 76% of internet users feel annoyed by coo…
    Read more
    ADVANT Beiten Advises Aesculap on Sale of TETEC AG to the Canadian Octane Group
    Dusseldorf, 26 June 2024 – The international law firm ADVANT Beiten has provided interdisciplinary advice to Aesculap AG, a subsidiary of the B. Braun group seated in Melsungen, Germany, on the sale of its…
    Read more
    Silent whistleblowers? Effects of the Whistleblower Protection Act on confidentiality agreements
    In addition to the much-publicised obligations, in particular the establishment of reporting channels, the new Whistleblower Protection Act (HinSchG) primarily contains rights for whistleblowers. They now …
    Read more
    Update AI Act - the ten most important questions for users of AI systems
    After the political agreement on the AI Act was effectively announced in the media in December 2023, the now provisionally final version was adopted on 13 March 2024. The AI Act was approved by the Europea…
    Read more
    Artificial intelligence: what is more important than the AI Act?
    The EU recently passed the EU Artificial Intelligence Act (AI Act) with much fanfare. The Act is a milestone (see our blog post for more details). It is really relevant for providers and deployers of AI…
    Read more
    The Cyber Resilience Act: What You Should Know Now
    Almost unnoticed in the shadow of the AI Regulation, the so-called Cyber Resilience Act ("CRA") was passed by the European Parliament on March 12, 2024. This comprehensive law introduces extensive security…
    Read more
    Cloud, SaaS and edge business models under fire
    The EU Data Act came into force on January 11, 2024. Up to now, connected products have been the main focus of public interest. However, providers of cloud, SaaS, edge and similar services are also affe…
    Read more
    The AI Act - The Agreement and What It Means
    As Ursula von der Leyen, President of the European Commission, put it: This is a historic moment. On 8 December 2023, after a three-day-marathon of negotiating, the European regulation efforts were awarded…
    Read more