What has the EU ever done for us? …well, aside from free movement, no roaming charges, consumer protection, the single market, Erasmus, and more. But also: excessive bureaucracy, slow decisions, overregulation down to the much-mocked bottle cap – a favorite symbol for anyone blaming Europe for every innovation shortfall.
The EU Data Act addresses cloud lock-in: the regulation requires cloud providers to enable switching technically and to eliminate switching fees entirely by 2027.
Dependence on U.S. hyperscalers has grown structurally: AWS, Azure, and Google dominate Europe’s cloud market, often becoming deeply embedded through proprietary services and hidden egress costs.
The architectural decisions you make today determine your room to maneuver tomorrow: organizations that adopt open standards now will be better positioned to benefit from regulation later, while those that wait risk expensive rework.
Contracts and governance also need to be rethought: existing cloud contracts should be reviewed for lock-in clauses, and the regulation strengthens customers’ negotiating position.
The next issue likely to stir up emotions is the EU Data Act (Regulation (EU) 2023/2854). It will have strategic significance for European companies – and for anyone wanting to do business in the EU.
In 2025, most cloud infrastructure in the EU runs on U.S.-owned platforms. AWS, Azure, and Google Cloud dominate much of European enterprise IT – deeply embedded, sometimes by choice, sometimes seen as an emerging risk. Switching providers is a technically challenging, expensive, and often unrealistic undertaking.
This is exactly where the parts of the EU Data Act we’ll look at more closely come in: tackling cloud lock-in and Europe’s dependence on U.S. hyperscalers.
Let’s be clear: regulation is coming, and it will require effort–especially from the big players. But that’s not our focus here. We want to look at the potential benefits of the Data Act, leaving the inevitable LinkedIn bottle cap analogies to others.
The internet was originally envisioned as a network of many computers, run by many different actors – technically decentralized, open, and federated. For a time, companies ran their own infrastructure, operating data centers, servers, and networks–not out of choice, but because there was no real alternative. The rise of hyperscalers and their all-in-one offerings shifted the focus: less time on operations, more on business features.
The public cloud has become the standard – driven not only by operational simplicity, but by offerings attractive to both startups and large enterprises: inexpensive to begin with, scalable, and immediately accessible. While costs are often precisely itemized, they remain difficult to predict intuitively. Today, few organizations build everything in-house, in part due to a lack of the necessary expertise.
Today, three U.S. providers dominate the European cloud market: AWS, Azure, and Google Cloud. Many companies have used them for years because they’re powerful, quick to deploy, and well integrated. Vendor lock-in was often a conscious trade-off.
Even when companies initially relied on open standards or well-known open-source products, proprietary services tend to creep in over time. AWS Lambda, Google’s BigQuery, or Azure App Services are convenient – but hard to replace once woven into the architecture. Switching is possible in theory, but rarely realistic: it’s complex, and the effort is hard to gauge.
Even with services like Amazon S3 – often seen as portable thanks to numerous S3-compatible implementations – lock-in can come from a different source: the pricing model. Moving large amounts of data incurs high egress fees, often enough to make switching economically unrealistic.
This is exactly where the EU Data Act comes in. One of its aims is to reduce dependence on individual cloud providers by setting binding rules, backed by sanctions. It requires providers to ensure interoperability and to remove technical barriers to switching.
Lock-in through proprietary formats, incompatible APIs, or deliberately vague migration paths should no longer be legally possible. Under Article 23, existing barriers must be removed.
Once the technical requirements for migration are met, providers must keep switching costs low – and from January 12, 2027, waive them entirely.
For many decision-makers, this may be perfect timing. The new U.S. administration initially stirred unease, and near-total dependence on U.S. hyperscalers suddenly felt like a real risk.
Even in 2027, not all APIs will be portable and not all systems interchangeable. But anyone launching new services today should ask: How tightly is this tied to the platform’s proprietary features? Are there realistic migration paths? The Data Act will mandate interoperability, but how much of it you can use later will depend heavily on the architectural choices you make now.
In the medium to long term, the new requirements could prove a real advantage for regulated companies in particular. Financial regulators have long demanded that exit scenarios be prepared both technically and organizationally– something difficult to achieve until now, partly because key capabilities were missing on the provider side. The EU Data Act changes this: providers must make switching both technically feasible and economically viable. For CTOs, that means when switching becomes possible, exit readiness and standardized interfaces return to the agenda – not just as theory, but as concrete architectural choices.
Multi-cloud strategies could also become more achievable. Problems that today stem from interfaces, incompatibilities, or limited portability should be easier to solve in the future. For POs, that means provider switches or hybrid deployments could not only be technically feasible, but viable for the roadmap.
Anyone now tasked with implementing Data Act requirements should see it as more than just a compliance exercise. The same technical foundations can be used to create meaningful internal data products – real value, not just something that looks good on paper.
This also affects governance : if switching providers becomes not only allowed but enforceable, procurement processes, contract terms, and exit rules will need to be rethought – even at the CIO level.
Maybe the EU Data Act will not only reduce lock-in, but also help European cloud providers like IONOS, OVHcloud, or Open Telekom Cloud become more than just footnote alternatives, now that switching is easier.
Many technical details of the Data Act remain unsettled. What exactly counts as “raw data”? Who decides if a provider is truly switchable? Germany’s implementation law still exists only as a draft from the previous government. Some requirements won’t take effect until 2027; others are awaiting clarification. But anyone who waits now risks missing the chance to design systems for future flexibility – without last-minute, panicked rebuilds.
Over the years, many cloud services have become entrenched parts of the system landscape – often for economic and technical reasons, but rarely with any thought to switchability, since changing providers faced too many practical barriers. Now is a good time to expose major dependencies and cost drivers, and assess whether alternatives could make sense in the medium term. The EU Data Act creates, for the first time, a regulatory framework that makes such evaluations realistic.
Many existing contracts contain clauses that make switching providers later difficult – such as restricted data access, unclear exit terms, or exclusive use of proprietary formats. The EU Data Act strengthens customers’ position and is expected to give them more power to challenge such barriers when they effectively block switching.
Daniel is a Senior Consultant at INNOQ. His main areas of focus are DevOps, automation, and continuous delivery.
Daniel is a Senior Consultant at INNOQ. His main areas of focus are DevOps, automation, and continuous delivery.
We support you on your path to digital sovereignty, wherever you are today.
