Data Ownership: The End of Extraction Fees? EU Data Act Mandates Freedom for Your Archives (Part 2)

For years, financial institutions have felt the tightening grip of vendor lock-in, with data extraction fees reaching a staggering $50,000 per terabyte. But a regulatory earthquake is coming: The EU Data Act will make these practices illegal by January 12, 2027, heralding an era of unprecedented data freedom. Legacy archiving vendors must eliminate all data extraction and switching charges. The Act represents a seismic shift towards data empowerment and will inject economic fairness into the digital ecosystem.

Regulated Firms trapped by extraction fees levied by archiving providers will gain an unprecedented ability to switch vendors within 30 days, and without fees. For compliance officers, recognising the direct applicability of these sweeping changes to communication archiving services is the first step towards capitalising on the enhanced vendor choice now available.

The message is clear: the era of vendor lock-in is ending.

Whispered about in compliance circles but rarely exposed in print, this blog is part of our series about Data Ownership and the practices which restrict Data Freedom within the Communication Archiving industry. This article will dissect the key components of the EU Data Act, explore its far-reaching implications for communication archiving, and consider how financial firms can strategically prepare for this new chapter in data liberation.

Contents

• The Exorbitant Price of (Not Owning) Your Data: The Problem of Egregious Egress

• The EU Data Act: A Regulatory Dawn for Data Portability and Fair Access

• When Will the EU Data Act Take Effect?

• Your Data, Your Right: What’s the Scope of Data Covered?

• Help with Switching - The 30 Day Switching Window

• Transparency by Design

• Global Tremors: Why EU Data Act’s Transparency on Egress Fees Spells Trouble for Legacy Vendors Worldwide
• Data Freedom Champions vs. Reluctant Adapters
  
• What This Means for You
  

• Conclusion

• Sources
• Frequently Asked Questions (FAQs) 

Key Takeaways

• Extraction Fees Go to $0 / £0 / €0- From Sep 2025, vendors may bill only their provable direct cost; no overhead, no margin. From Jan 2027 every data-extraction or switching charge becomes illegal in the EU.

• 30-Day, Full-Data Portability Is Mandatory - Providers must deliver all exportable data; messages, metadata, audit trails, legal-hold tags, in a common format within 30 calendar days of your notice.

• "Brussels Effect" to Trigger Worldwide Vendor Accountability: This EU regulation has extraterritorial reach, impacting any vendor serving EU clients. It's poised to set a new global standard for fair data practices, compelling vendors worldwide to justify or abandon massive price markups and forcing a market shift towards truly transparent, client-first partners.

The Exorbitant Price of (Not Owning) Your Data: The Problem of Egregious Egress

Many customers in the communication archiving space have felt tethered to their existing providers, not necessarily due to an abundance of joy with the service, but because of prohibitive data extraction costs (often leading to "Hotel California" scenarios (you can check your data in, but you can never afford to leave)).

The Data Act aims to dismantle these shackles, granting customers newfound freedom to choose, switch, or even use multiple archiving solutions based on genuine merit, such as features, service quality, security posture, innovation and a customer-first approach, rather than being constrained by artificial exit barriers.

Our previous piece exposed these practices in detail:

• Data Ownership: Hidden Data Extraction Fees in Communication Archiving Solutions (Part 1)

Our article highlighted how some vendors impose hefty extraction fees, reaching $50,000 per TB, which can result in unexpected five or six-figure invoices when organisations need to retrieve their archived data. 

By contrasting these industry charges with a much lower internal cost example for data export ($0.09 per GB), the post describes the extraordinary 55,000% markups involved (which makes airport bottled water look like a bargain).

The EU Data Act: A Regulatory Dawn for Data Portability and Fair Access

The European Union has introduced Regulation (EU) 2023/2854, known as the EU Data Act. This comprehensive piece of legislation will establish harmonised rules on fair access to and use of data across the EU. The core objectives of the Data Act include:

• Ensuring that users, encompassing both businesses and consumers, can access and utilise the data generated through their interaction with products or related services.

• Facilitating smoother and more cost-effective switching between different providers of data processing services, which includes cloud-based solutions and, by extension, modern archiving platforms.

• Offering protection against unfair contractual terms that pertain to data access and usage.
  
  

Historically, service providers, especially in the SaaS and cloud domains, often maintained de facto control over the data generated on their platforms, even if contractual clauses nominally assigned ownership to the customer. The Data Act's strong emphasis on user access rights, mechanisms for data sharing, and provisions for easy and low-cost switching fundamentally challenges this established model; viewing data less as a provider-controlled asset and more as a user-empowered resource. It seeks to rebalance the power dynamic, empowering users to genuinely leverage their data for their own strategic purposes, which explicitly includes migrating to competitor services or integrating data into other systems to develop new, innovative services.

All of this is a welcome change for compliance officers and CIOs who have long wished for more agility in managing and migrating their archived communications data.

When Will the EU Data Act Take Effect?

"From 12 January 2027 onwards, providers are generally no longer allowed to charge for switching."

"Until 12 January 2027, providers of data processing services can charge for switching. Those charges must, however, be capped at costs incurred by them that are directly linked to the switching process concerned. This would not, for example, extend to including overheads."

The EU Data Act’s key provisions, particularly those impacting data access and switching, are set to become applicable from September 12, 2025.

Chapter VI of the Act mandates that providers of data processing services must remove commercial, technical, contractual, and organisational obstacles that hinder customers from switching to another provider. This is a clear directive that the era of profiting from customer departure is drawing to a close. The elimination of these charges is structured in phases, as outlined in Article 25 of the Data Act:

• Interim Period (applicable from September 12, 2025, until January 12, 2027):

  • During this transitional phase, providers can still levy charges for facilitating a switch. However, these charges are strictly capped.

  • They must not exceed the "costs incurred by them that are directly linked to the switching process concerned".

  • Crucially, the Act specifies that general overheads are explicitly excluded from these permissible direct costs, demanding a new level of transparency from vendors.

• Full Ban (From January 12, 2027, onwards):

  • Providers are prohibited from imposing any charges for the switching process.

  • This ban explicitly includes data egress fees, which are charges for transferring data out of the provider's environment.  

In short, the era of hefty data extraction fees is officially on the clock.

Your Data, Your Right: What’s the Scope of Data Covered?

"...users of a connected product and recipient of related services... [have] the right to access and be provided with 'readily available data' in a common machine-readable format."

"Exportable data covers input and output data, as well as meta data that is directly or indirectly generated, or co-generated, by the customer's use of the respective data processing service."

The scope defined by the Act is comprehensively in the user's favour. Data must be provided "without undue delay, free of charge...in a comprehensive, structured, commonly used and machine-readable format".  

It covers "all exportable data," which includes input data (data provided by the customer to the service) and output data (data generated by the service based on the customer's input or use). It also encompasses metadata that is directly or indirectly generated or co-generated by the customer's use of the service.

• Comprehensive Metadata: Timestamps, sender/recipient information, message IDs, folder locations, and potentially custom metadata tags applied by the organisation.

• Audit Trails: Records of user access, searches performed, exports conducted, policy changes, and administrative actions related to the archived data.

• Compliance-Specific Information: Data related to retention policy application, legal holds (including custodian information and hold scope), eDiscovery case management (e.g., data included in specific cases, review sets), and supervision/monitoring activities (e.g., review status, escalations, annotations).

• Structural Information: Data organisation, such as folder structures or mailbox mappings, that is required for users to navigate and understand the archive.

---

Help with Switching - The 30 Day Switching Window

The standard transitional period for a provider to prepare for switching "should last a maximum of 30 calendar days, to be completed without undue delay."

The Act mandates a maximum 30-calendar-day transition period for customers to switch from one data processing service provider to another. This period begins when the customer notifies the provider of their intent to switch. An extension beyond 30 days, up to a maximum of 7 months, is permissible only if the provider can demonstrate that a shorter timeframe is technically unfeasible and provides a clear explanation for the delay.  

During this transition, the original provider is obligated to offer "reasonable assistance" to the customer and take all necessary measures to ensure that business operations are maintained without interruption (business continuity). This includes the secure and timely transfer of all "exportable data". Furthermore, the customer's data must remain accessible for a minimum of 30 days after the transition period concludes, following which the provider must ensure the deletion of this data.  

The combination of reduced or eliminated egress fees and a mandated, rapid switching window fundamentally alters the power dynamic between customers and communication archiving providers. The Data Act empowers customers by drastically lowering these barriers. This newfound leverage will enable customers to negotiate more effectively on contract terms, service level agreements (SLAs), and pricing.

---

Transparency by Design

"The Data Act combines two fundamental objectives: (a) strengthening data sovereignty for commercial and private users of connected devices through transparency obligations for data holders and data access rights; and (b) opening up a data cycle through data sharing rights..."

A key theme throughout the Data Act is the promotion of transparency. Data processors are required to inform clients before a contract is concluded about several key aspects of data handling. This includes details on the type and volume of data their product or service is likely to generate, how the user can access this data (including the format and any associated costs, if applicable during the interim period), and whether the provider intends to use the data generated by the user for the provider's own purposes. This pre-contractual transparency is designed to empower users to make more informed decisions when selecting vendors and entering into service agreements.

EU Data Act vs. Legacy Practices

Aspect	Typical Legacy Archive Provider Practice	Mandate	Benefit
Switching/Egress Fees	High, $50/GB + professional service fees; opaque terms and conditions	Phased elimination: Capped at direct costs until Jan 2027, then FREE (with limited exceptions)	Massive cost savings, budget predictability, and removal of significant exit barriers
Data Access Rights	Often limited, requiring vendor intervention and fees; terms are frequently buried in complex contracts	Right to access "readily available data" (raw usage, metadata) generally free of charge, in a common machine-readable format	Empowered data ownership, ability to leverage data for other purposes, and enhanced control
Definition of Exportable Data	Vaguely defined in contracts, often subject to vendor interpretation and discretion	Clearly defined: "input and output data, metadata," excluding provider IP. Also includes "digital assets" necessary for data utility	Clarity on what data can be moved, reducing potential disputes and ambiguities
Switching Timelines	No standardised timelines; the process could be lengthy, unpredictable, and largely vendor-dependent	Max 2-month notice period; max 30-day standard transition period for switching (extendable with justification)	Faster, more predictable, and streamlined migrations
Transparency	Often low, critical fee structures and data handling processes are frequently obscured in fine print or complex agreements	Pre-contractual information mandated on data generated, user access rights, and the provider's intentions for data use	Informed decision-making before vendor selection, clearer understanding of terms
Vendor Lock-in	High, primarily due to prohibitive costs and technical complexity associated with switching providers	Significantly reduced or eliminated by new rights to switch, fee prohibitions, and mandated portability measures	Freedom to choose best-of-breed solutions

---

Global Tremors: Why EU Data Act’s Transparency on Egress Fees Spells Trouble for Legacy Vendors Worldwide

"The Data Act has extraterritorial effect, meaning that it applies to businesses providing products or services in the EU, irrespective of where they are established."

The influence of the EU Data Act is unlikely to be confined within the geographical boundaries of the European Union. Its provisions carry significant extraterritorial reach, meaning that non-EU based companies, including U.S. communication archiving and SaaS providers, will be impacted if they offer their products or services to users located within the EU. This is irrespective of where the provider itself is established. Consequently, U.S. archive vendors with European clientele will need to ensure their data portability and switching processes for these clients align with the Act's stringent requirements.

Legacy archiving and cloud vendors who continue to cling to inflated data extraction fees in markets like the U.S. will face reputational and commercial pressure. With EU-based clients enjoying near-free data portability, U.S. customers are bound to ask: “If European banks get their compliance archives out at minimal cost, why are we paying six figures in fees and a 55,000% markup?” This asymmetry, once widely discussed, is unlikely to be tolerated by U.S. enterprises and regulators. The “Brussels Effect” practically guarantees it. This phenomenon describes how EU regulations often become de facto global standards, as companies find it inefficient to maintain one set of rules in Europe and another elsewhere. Consider how Apple now offers the same privacy controls globally that it developed for GDPR. Or how Microsoft's data processing agreements worldwide mirror EU requirements. Communication archiving vendors face the same pressure - explaining to a Wall Street bank why their London office gets free data portability while New York pays $50,000 is a conversation no sales team wants to have.

Multinational SaaS and compliance providers may prefer to adopt the Data Act’s high bar for data portability and fair pricing uniformly, rather than explain to non-EU clients that they’re getting a worse deal. Moreover, savvy U.S. regulators watch these developments; they could pressure vendors domestically or even introduce similar portability mandates once the issue of excessive data extraction fees comes to light. You can almost imagine the folks taking their first sip of morning joe and remarking 'Hmm, data freedom... what a novel idea we might just borrow!'

The principles underpinning the EU Data Act; data ownership, transparency, portability, and fair access, resonate deeply with the foundational philosophy at SteelEye. Long before the Act's inception, SteelEye's approach to data management and client relationships has been built on the conviction that firms should have complete control and unfettered access to their own data.

---

Data Freedom Champions vs. Reluctant Adapters

The new regulations will clearly separate the field into two camps: those vendors who championed data freedom from the start, and those who are only now adapting because the law forces their hand.

It’s an important distinction that compliance officers and procurement leads should note.

• Providers Embracing Transparency: Some archiving providers have long believed that clients own their data and should have unfettered access to it. These companies designed their services with interoperability and fair pricing in mind. Vendors like these never relied on extortionate egress fees; their business models align naturally with the ethos of the EU Data Act. In practice, their customers have enjoyed the freedom to retrieve or move data at minimal or zero cost, well before any regulator stepped in.

• Providers Clinging to Lock-In: On the other side are the legacy archive vendors who leveraged opacity and lock-in as a revenue strategy. They profited from the very extraction fees now being outlawed, hiding these terms in fine print. Their commitment to data portability was minimal at best. The contrast is clear: compliance by design vs. compliance by obligation.

This comparison isn’t just about philosophy; it has practical implications for customers. If a vendor is only now renouncing unfair fees because the law compels it, one might question how else their business practices will shift (or what new charges might appear elsewhere to compensate).

---

What this means for you

During the Interim Period (Sept 2025 - Jan 2027): Your Window of Opportunity

• Request a detailed breakdown of any claimed 'direct costs' for data extraction. If your vendor includes overhead/margin or cannot provide transparent justifications, document this, it signals non-alignment with the Act's principles.

• If your contract expires in 2025-2026, use the interim period rules as negotiation leverage. "We need to see your Data Act compliance roadmap before we sign a multi-year renewal".

• Some vendors may try to shift extraction fees elsewhere (higher subscription costs, new "archive maintenance" fees). Document current total costs to spot these shell games.

 

From January 2027: Your New Era of Data Freedom

• Zero tolerance for extraction fees.

• Those extraction fee reserves? Redirect them to actual innovation; AI-powered compliance tools, advanced analytics, or enhanced surveillance capabilities.

---

Conclusion

As you evaluate archiving partners, look to the reality of their fee structures. The EU Data Act is pushing towards a new standard, yet the old practices linger. Is your potential (or current) vendor truly aligned with data freedom, providing data access at no cost? Or are they still part of the spectrum that believes your data access should come with a price tag – be it $3, $5, $15, or even that eye-watering $50 per gigabyte? The answer will reveal much about their commitment to your data ownership versus their own revenue generation from it. This means favouring providers who offer open APIs, maintain clear and efficient data export processes, and are transparent about their pricing structures with no hidden egress fees.

In the coming months, pay particular attention to which vendors highlight these upcoming data-liberative changes, and which ones don’t. It’s also worth contrasting this with their level of ‘GDPR Readiness’ campaigns from 2018.

In the end, the power is shifting back to you; the customer. With regulations removing the last excuses for unfair fees and practices, you have the freedom to choose a provider who truly aligns with your interests and values. 

Stay tuned for Part III where we’ll reveal the best tips and tricks for dealing with the legacy providers, including using the leverage the Data Act provides you.

---

Sources

• CEPA - Mapping the Brussels Effect

• CISPE Cloud Switching Framework

• Data Act Text

• EU Official Documentation:

  • European Commission - Data Act Explained

  • European Commission - Data Act Explained - Frequently Asked Questions

  • European Union - Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act)

• LinkedIn - Almin Ibrahimovic - The EU Data Act: Impacts on Cloud Service Providers and Tier 1 Banks in the Fintech Sector

• National Law Review - EU Data Act Preparedness – Last Minute Fire Drill Exercise!

• Osborne Clark - Data Act: Part 4 – The Data Act regulates cloud switching and influences the contractual relationship between customers and cloud service providers

• Pinsent Masons - Switching and porting rules under the EU Data Act

• SteelEye - Data Ownership: Hidden Data Extraction Fees in Communication Archiving Solutions (Part 1)

---

Q&A's

• Q1: When do the EU Data Act's rules on switching charges for archive providers become fully effective? A: The phased elimination of switching charges begins with charges being capped at the provider's direct costs directly linked to the switching process from September 12, 2025. The full ban on switching charges, which includes data egress fees (subject to limited exceptions), will apply from January 12, 2027.  

• Q2: What kind of data can I expect to get from my archive provider under the EU Data Act when I switch? A: Under the EU Data Act, you are entitled to "all exportable data." This broadly includes your input data (data you provide to the service) and output data (data generated by the service from your input or use, e.g., emails, chats, attachments, voice recordings), along with associated metadata. It also covers "digital assets" like configurations or applications necessary to use your data effectively in a new environment. However, it generally excludes the provider's proprietary algorithms, inferred data that constitutes their intellectual property, or trade secrets.  

• Q3: Will the EU Data Act affect my relationship with my US-based communication archiving provider? A: Yes, potentially. If your US-based provider offers services to your company's operations or users located within the European Union, they will be required to comply with the Data Act's provisions for those EU-based services. This includes rules on data access, portability, and switching. Over time, this could also influence their practices globally due to the "Brussels Effect" and the desire for operational consistency.  

• Q4: What are "direct costs" that a provider can charge for switching during the interim period (until Jan 2027)? A: "Direct costs" refer to those expenses that are specifically and immediately attributable to the actions taken by the provider to facilitate your switch to another service or to an on-premises solution. The EU Data Act specifies that these costs cannot include the provider's general overheads. The intention is to ensure transparency and prevent providers from inflating these interim charges.

• Q5: How quickly can I switch archive providers under the EU Data Act? A: The EU Data Act sets out specific timelines to facilitate a swifter switching process. After a contractual notice period the provider has a standard transitional period of a maximum of 30 calendar days to prepare for and complete the switch. This period can be extended if it is technically unfeasible for the provider (up to 7 months, with justification) or if the customer requests an extension.