§ Data Act · Article 25

Data Act Article 25: Obligations, Deadlines & Penalties

Regulation (EU) 2023/2854, Article 25 · All obligations · Data Act
At a glance
Article 25 of the Data Act imposes 17 obligations on provider of data processing services. At least one obligation carries an explicit compliance deadline.
§ Obligations

All obligations under Article 25

Obligation 1
The provider of data processing services shall make the written contract setting out switching rights and obligations available to the customer prior to signing in a way that allows the customer to store and reproduce it. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
make available
Deadline
prior to signing the contract
Penalty
Obligation 2
The contract shall include clauses allowing the customer to switch to a different provider or port data to on-premises infrastructure without undue delay and within a maximum transitional period of 30 calendar days. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
include clauses
Deadline
Penalty
Obligation 3
During the transitional period, the provider of data processing services shall provide reasonable assistance to the customer and authorized third parties in the switching process. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
provide assistance
Deadline
during the transitional period
Penalty
Obligation 4
During the transitional period, the provider of data processing services shall act with due care to maintain business continuity and continue the provision of functions or services under the contract. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
maintain continuity
Deadline
during the transitional period
Penalty
Obligation 5
During the transitional period, the provider of data processing services shall provide clear information concerning known risks to continuity in the provision of functions or services. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
provide information
Deadline
during the transitional period
Penalty
Obligation 6
During the transitional period, the provider of data processing services shall ensure that a high level of security is maintained throughout the switching process, particularly regarding data transfer and retrieval. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
ensure security
Deadline
during the transitional period
Penalty
Obligation 7
The contract shall include an obligation for the provider of data processing services to support the customer’s exit strategy, including by providing all relevant information. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
support exit strategy
Deadline
Penalty
Obligation 8
The contract shall specify that it is considered terminated and the customer shall be notified of the termination upon successful completion of switching or at the end of the notice period if the customer chooses to erase data. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
notify termination
Deadline
upon successful completion or end of notice period
Penalty
Obligation 9
The contract shall specify a maximum notice period for initiation of the switching process that shall not exceed two months. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
specify notice period
Deadline
Penalty
Obligation 10
The contract shall include an exhaustive specification of all categories of data and digital assets that can be ported during the switching process, including all exportable data. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
specify data categories
Deadline
Penalty
Obligation 11
The contract shall specify categories of data specific to the internal functioning of the provider’s service that are exempted from exportable data where a risk of breach of trade secrets exists, provided this does not impede switching. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
specify exemptions
Deadline
Penalty
Obligation 12
The contract shall include a minimum period for data retrieval of at least 30 calendar days starting after the termination of the transitional period. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
allow retrieval period
Deadline
Penalty
Obligation 13
The contract shall guarantee full erasure of all exportable data and digital assets generated by or relating to the customer after the expiry of the retrieval period or an alternative agreed period. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
erase data
Deadline
after expiry of retrieval period
Penalty
Obligation 14
The contract shall specify switching charges that may be imposed by providers of data processing services in accordance with Article 29. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
specify charges
Deadline
Penalty
Obligation 15
The contract shall include clauses providing the customer with the right to notify the provider of its decision to switch to a different provider, switch to on-premises infrastructure, or erase data upon termination of the notice period. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
include clauses
Deadline
Penalty
Obligation 16
Where the mandatory maximum transitional period is technically unfeasible, the provider shall notify the customer within 14 working days of the switching request, justify the unfeasibility, and indicate an alternative transitional period not exceeding seven months. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
notify and justify
Deadline
within 14 working days of switching request
Penalty
Obligation 17
Where an alternative transitional period is applied due to technical unfeasibility, the provider shall ensure service continuity throughout that alternative period. Regulation (EU) 2023/2854, Article 25, Article 25
Obligated entity
provider of data processing services
Action required
ensure continuity
Deadline
throughout the alternative transitional period
Penalty
§ Frequently asked

Questions about Article 25

Who must comply with Article 25 of the Data Act? +
provider of data processing services.
What does Article 25 of the Data Act require? +
make available include clauses provide assistance
What is the compliance deadline for Data Act Article 25? +
after expiry of retrieval period; during the transitional period; prior to signing the contract; throughout the alternative transitional period; upon successful completion or end of notice period; within 14 working days of switching request
Need a cross-border briefing on Data Act Article 25?
Search Fontvera ↵
All EU obligation pages  ·  All Data Act articles