58b. Is the source provider responsible for assisting the customer in rebuilding their service in the ecosystem of the destination provider?

Article 24 of the Data Act puts a clear limit on the scope of the source provider’s obligations to facilitate switching by stating that, “[t]he responsibilities of providers of data processing services laid down in Articles 23, 25, 29, 30 and 34 shall apply only to the services, contracts or commercial practices provided by the source provider of data processing services.” This provision limits the scope of a source provider’s technical obligations in facilitating switching (Art. 30) to the source provider’s own service environment. Recital 92 provides further clarification in explaining that “[t]his Regulation does not require providers of data processing services to develop new categories of data processing services, including within, or on the basis of, the ICT infrastructure of different providers of data processing services in order to guarantee functional equivalence in an environment other than their own systems. A source provider of data processing services does not have access to or insights into the environment of the destination provider of data processing services. Functional equivalence should not be understood to oblige the source provider of data processing services to rebuild the service in question within the infrastructure of the destination provider of data processing services. Instead, the source provider of data processing services should take all reasonable measures within its power to facilitate the process of achieving functional equivalence through the provision of capabilities, adequate information, documentation, technical support and, where appropriate, the necessary tools”. Pursuant to Art. 30(1), the obligation to facilitate functional equivalence only applies to source providers of IaaS. Recital 92 explains that this obligation is limited to the source provider’s service environment. Article 30 obliges source providers of PaaS and SaaS to make open interfaces available, to export data in a structured, commonly used and machine-readable format, as well as to make their services compatible with harmonised standards or open interoperability specification published in the common Union repository.

The obligations placed on source providers of PaaS and SaaS fall short of the obligation to facilitate functional equivalence. The limits which recital 92 illustrates to the obligations of source providers of IaaS thus also apply to source providers of PaaS and SaaS. The Data Act thus does not place a responsibility on any source provider to assist the customer in rebuilding their data processing service in the environment of the destination provider. Unlawful access to and transfer of non-personal data held in the EU by third country authorities 59. Does the Data Act create data localisation requirements? The Data Act does not limit companies’ ability to transfer non-personal data internationally. It does not change the prohibition of national data localisation requirements as presented in the Free Flow of Nonpersonal Data Regulation. Users of cloud services will continue to be free to choose a cloud provider of their liking and to decide where to store their data.