The EU Data Act became applicable on 12 September 2025, and its cloud switching provisions are already enforceable. For businesses running on SaaS platforms, that changes the risk profile of many older agreements immediately.
A contract signed three years ago can now contain terms that are commercially outdated, operationally risky, or increasingly difficult to defend once a supplier relationship needs to change.
Termination notice periods longer than two months
Article 23 limits how long providers can force customers to wait before exiting a cloud service. Yet many agreements still contain notice periods of 90 days or even six months, which can quietly lock a buyer into another expensive cycle.
Even where enforceability is weakening, teams often continue to behave as if the original clause still governs the relationship. That operational assumption can be just as costly as the clause itself.
Switching fees that survive beyond January 2027
The Data Act phases out switching charges entirely by 9 January 2027. Contracts that still rely on transfer fees, extraction costs, or exit support charges should already be on a renegotiation list.
Waiting until the deadline approaches creates unnecessary leverage for the supplier. Visibility now gives procurement teams more room to move.
Data export timelines that create operational risk
The regulation expects providers to return data in a structured, machine-readable format within 30 calendar days after termination. Contracts that say nothing about export timing — or that allow long delays — create uncertainty exactly when teams need clean execution.
If the exit plan depends on fast data recovery, vague wording becomes an operational dependency, not a legal footnote.
Broad AI and machine-learning rights over customer data
An increasing number of SaaS agreements include broad language permitting the provider to use customer data for service improvement, analytics, or machine learning. That language deserves scrutiny in any commercially sensitive environment.
Where portability, confidentiality, and data-access expectations are changing, these clauses can create hidden tension between the buyer's operational interests and the supplier's model-development incentives.
Unilateral modification rights with very short notice
Article 13 is aimed in part at unfair contractual structures, including terms that let one party rewrite the commercial balance without adequate notice. Clauses that allow changes within 7 or 14 days should be treated with caution.
For smaller buyers in particular, short-notice modification rights turn a contract into a moving target that is difficult to monitor and even harder to budget around.
These are not abstract legal concerns. They are the clause patterns most likely to create avoidable switching friction, renewal cost, or compliance exposure across a live SaaS portfolio.
That is why Custonic focuses on visibility first: surfacing these patterns automatically, quantifying their likely impact, and giving teams a practical sequence for what to review next.