The Data Act will apply from 12 September 2025.
One key change is the customer's right to switch from one cloud service provider to another with no more than two months' notice, regardless of the terms of the contract. In practice, from 12 September 2025, the customer can terminate a fixed-term contract for convenience (at any time, for any reason). This statutory change will put significant pressure on SaaS businesses to increase predictability of revenue, one tool being roll-out of sufficiently stringent contractual compensation clauses in cases of termination by customers at convenience. In addition, buyers of SaaS businesses in M&A transactions can be expected to put increased focus on customer retention and satisfaction.
The Data Act will conflict with the traditional SaaS business model of long fixed-term subscriptions aiming to secure annual recurring revenue (ARR). Long-term contracts can lose much of their value since customers can leave mid-term for any reason, undermining the predictability of revenue streams, unless the value of commercial contracts can be protected e.g. through commercial terms creating incentive hurdles for customers against terminating contracts and via display of high customer retention and satisfaction rates. Therefore, SaaS companies must update their contract terms and adapt fixed-term contracts to include switching provisions and early termination penalties reflecting actual losses.
This change will affect basically any cloud company (SaaS, PaaS, and IaaS) in the EU and non-EU companies serving EU customers. There are only limited exceptions to this requirement, including testing for a limited period and fully (or mainly) customer-tailored services.
Impact on M&A
The Data Act already has an impact on M&A in the tech sector, especially on the due diligence process. Already today, buyers want to know whether a target is ready and compliant with the Data Act. In the due diligence process, one focus question is "How has the target company prepared for early termination under the Data Act?". In addition, the way in which the target company has prepared for the Data Act and fulfilled the mandatory requirements (e.g. obligations to inform customers at different stages of the service, mandatory contract terms, and requirements relating to switching service providers and porting data), is valuable information for the buyer. Due diligence enables the buyer to detect possible inadequacies in the target's compliance and assess the related risk for administrative sanctions under the Data Act.
Data rules are no longer just "nice to have", they reshape the entire industry. Equally, this statutory change can have a significant impact on a target's valuation and purchase price, if the target is not able to demonstrate sufficient protection of its future ARR.
At the same time, a well-prepared seller has already, prior to a sales process, assessed the impact of the Data Act on current and future business models. A buyer, in the absence of a view on this, may take a risk-averse approach, which may result in valuation gaps between sellers and buyers.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
