Escaping vendor lock-ins in Europe: will the EU Data Act help Europeans regain technological freedom and choice?
In Europe, nobody thinks twice about being able to choose between, for example, different mobile operators, if needed. The process might get complicated with various contractual obligations, but executing this idea isn’t impossible. This is not always the case in cloud services.
Currently, Europeans’ freedom to either switch between service providers or diversify their options—whether for private users or the public sector—is limited.
The situation European consumers - individuals, businesses and public sector find themselves in has a special name - vendor lock-ins. It is a situation where a consumer becomes dependent on a specific vendor and is unable to switch to another vendor without having to pay for switching costs.
Vendor lock-ins in cloud services happen for a number of reasons.
First, standards. Until now, no common standards were present - each vendor creates their own standards and protocols which are usually not interoperable.
Second, integrated services. Most vendors keep their products bundled together, on one hand making it convenient to use all integrated products together, on the other - making it impossible to ‘mix and match’ or switch and creating major barriers to switch between vendors smoothly.
Third, contracts. The devil is in the details and these details usually hide in small print in contracts. Until now, long-term contracts with cloud service providers incentivized loyalty by penalizing leaving early (sic!). The penalties become extremely painful in bigger organizations - be they private or public ones. For public administrations, the situation becomes even gloomier, given their financial restrictions and a lack of negotiation manpower.
Needless to say, the lack of technological choice negatively impacts private and public consumers, potentially exposing them to cost—and cybersecurity—oriented vulnerabilities.
Will the EU Data Act help?
The EU addressed the cloud vendor lock-in issue in the EU Data Act, which came into force in January 2024. Among many other objectives aimed at boosting the EU's data economy, the Act lays down the rules on who can use which data and under what conditions and targets the issue of vendor lock-ins - for both public sector, businesses and individual consumers.
With this Act, the EU requires both manufacturers of connected devices and cloud services providers to ensure seamless switching between products and services - so that consumers can access and share their data across different services. The Brussels bubble has also worked a lot to cease unfair contractual practices that can lead to costly vendor lock-ins.
Adopted in late 2023, the Data Act will be fully effective in September 2025, with the obligation to make product and related service data accessible to users in September 2026. Unfair contractual practices shall be concluded only in September 2027. Service providers will have to stop charging users for all costs related to switching services only in January 2027.
We will soon see how effective and powerful the EU Data Act’s framework is in turning the situation around and enabling the consumers. While the mechanisms in the EU Data Act may still leave a lot of space for legal and time-related workarounds, criticizing the policymakers is unproductive at this point.
It would be productive for European managers - in both private and public organizations - to look more closely at their contractual obligations and practices. Evaluation of practices from a competition point of view wouldn’t hurt either - some countries (such as France and Germany) have already been doing that individually. A level playing field - a term Europeans seem to love has to start with being informed - who, under what conditions, and why subjects their organizations to sometimes unreasonable future costs.
