EU Data Act: What Swiss SaaS and IoT Companies Must Do Now
Articles
Compliance
Legal
Data / Technology / IP
Regulatory Compliance
The EU Data Act has significant implications for Swiss SaaS and IoT companies operating in the EU market.
Dr. Martin Eckert
Legal Partner
The EU Data Act (Regulation (EU) 2023/2854 on harmonised rules for fair access to and use of data) has created a new regulatory environment for our clients in the SaaS and IoT sectors since its entry into force in mid-September 2025. Importantly, the EU Data Act applies in parallel with the GDPR and also covers non-personal data (so-called “machine” or “product data”).
For Swiss SaaS and IoT companies active in the EU market, the EU Data Act has two key implications:
Prohibition of Long-Term Contracts: Typical contract terms of 12 to 24 months will be prohibited if the contracted service falls under the scope of the Act. Instead, all customers will have a right to terminate at any time with 60 days’ notice – even for B2B contracts.
Mandatory Migration Support: Companies subject to the Data Act must actively support a customer’s request to migrate to another provider – in other words, they must assist competitors free of charge in acquiring new customers. When migrating product data, additional requirements under the GDPR may apply if personal data is involved.
Companies that do not implement these requirements in their contracts risk legal action from competitors and face substantial fines, comparable to the well-known sanctions under EU data protection law.
Against this background, several of our SaaS clients are currently adapting their contracts and, in some cases, their business and sales models. However, it must first be assessed whether the EU Data Act applies to the products offered: Not all SaaS models are covered by the regulation, even though contradictory statements circulate on this topic.
Small and medium-sized enterprises are not generally exempt from the Act’s provisions, but certain obligations do not apply to SMEs. For example, IoT companies with annual turnover below EUR 10 million are not required to provide migration support.
In addition to new risks, the Data Act also offers opportunities, especially for SaaS providers. For instance, it is now much easier to migrate one’s own cloud infrastructure to another provider.
Our experts are happy to answer your questions or support you in implementing the Data Act – in coordination with your existing GDPR compliance measures. The MME Data Law Team also offers a half-day workshop on the new EU Data Act at a fixed price.
