Dive Brief:
- Lobbying group Cloud Infrastructure Service Providers in Europe rolled out guidelines and technical specifications designed to ease multicloud adoption last week.
- The group’s Cloud Switching Framework is tailored to help vendors demonstrate compliance with key provisions of the European Union’s Data Act pertaining to cloud data portability ahead of a September 2025 enforcement deadline. Cloud providers can use the framework to generate automated verification credentials.
- While the Data Act only applies to vendors operating in the EU, it will hold global providers, including AWS, Microsoft and Google Cloud, to higher standards for transparency around moving workloads between clouds. “The implications of the machine-readable verifiable credentials supported by the CISPE Framework are far reaching,” Francisco Mingorance, CISPE secretary general, said in the announcement.
Dive Insight:
The Data Act aims to harmonize data access policies across cloud vendors and prevent vendor lock-in as part of a broader data governance initiative. The European Commission gave vendors 20 months to comply with the legislation’s data privacy, sharing and portability regulations when it was enacted in January.
CISPE worked with Gaia-X, an EU-based data and cloud advocacy group, to craft specifications around five pillars of cloud data portability and switching processes.
The framework includes provisions for:
- Providing customers with clear information on switching procedures, data formats, costs and technical limitations.
- Creating channels for customers to notify vendors of a switching request and to track its progress.
- Deploying interfaces and data export tools to ease secure data migration between clouds.
- Giving customers clear cloud contract termination procedures.
- Developing vendor contract language affirming a customer’s right to move workloads between clouds and use multiple providers.
The framework comes with initial buy-in from AWS. The largest global provider of cloud infrastructure has been a CISPE member since 2017. The group includes many smaller European cloud providers that compete with AWS and its hyperscaler rivals Microsoft and Google Cloud.
“For smaller customers and vendors seeking to create flexible hybrid and multicloud solutions it is essential that compliance with the Data Act is as seamless and straightforward as possible,” Claudio Abad, CEO at Italy-based provider and CISPE member Deda.cloud, said in the announcement.
EU regulatory scrutiny pushed Microsoft to unbundle Teams from its Office 365 productivity suite globally in April. During the first three months of the year, AWS, Microsoft and Google Cloud responded to passage of the Data Act by eliminating some egress fees to reduce the cost of cloud switching.
Just as the EU’s similarly modeled AI Act — which went into effect in August — has helped shape regulatory concerns beyond the borders of the EU, legal experts expect the Data Act to impact cloud more broadly.
“The Data Act will have far-reaching implications beyond the EU, including in the U.K. and the U.S., where no comparable legislation currently exists,” according to international law firm WilmerHale.
The U.S. Federal Trade Commission initiated an inquiry into cloud market competition in March 2023. While the investigation remains open, its future remains uncertain under a new presidential administration.