EU Data Act – Switching & Interoperability Center

As of: 18.09.2025

• Contact: security@ayedo.de
• Data Act Overview & Introduction
• Switching Register

This page consolidates ayedo-wide information on switching, interoperability and transparency according to Regulation (EU) 2023/2854 (EU Data Act). It specifies our contracts/terms but is not itself part of the contract. The applicable contract including annexes (definitive lists) remains authoritative. Versions of this page are relevant for the time of contract conclusion.

Applicability & Key Dates

• 12.09.2025: Applicability of switching obligations (Chapter VI; esp. Art. 23–27, 30).
• 12.01.2027: Prohibition of switching charges; until then only cost-based, reduced fees are permitted (directly attributable costs).
• Chapter IV (unfair contract terms in B2B towards SMEs) applies to newly concluded contracts from 12.09.2025; transition periods apply to certain existing contracts.
• Note: Standard service fees continue regularly during Notice/Transit. Egress/parallel operation: at cost.

Further information can be found in our Terms and Conditions (Chapter 7).

Data Categories – Portable Data & Digital Assets

Portable data and digital assets (export paths, formats and procedures are specified per project):

• Cluster configurations: Kubernetes manifests (YAML/JSON), Helm charts, Kustomize overlays, network/RBAC policies, CRDs (where customer-provided)
• Container artifacts: OCI images/artifacts from customer-owned repositories/namespaces (OCI Distribution Spec)
• Persistent data: Persistent Volumes, snapshots, backups (via standardized CSI workflows where possible)
• Logs/events: Logs (e.g. JSON Lines), audit logs (where customer-initiated), events
• Metrics/traces: OpenMetrics/Prometheus, OpenTelemetry exports (where available)
• Secrets/keys: customer-provided secrets/keys (rotation/transfer per security section)
• Identities/permissions: Accounts, roles, group/RBAC mappings (IdP-bound, e.g. OIDC/SAML)

Excluded internal categories (no portability required):

• ayedo-internal operational/security data: infrastructure telemetry, internal system/debug logs
• Proprietary automation assets: playbooks, runbooks, pipelines, templates, where disclosure would compromise trade secrets
• Aggregated, anonymized benchmarks without personal/customer attribution
• IP-protected integration modules of ayedo, unless required for actual data portability

Limit: Exceptions will not unreasonably impede the switch. Where internal data is technically required, ayedo provides a functional export path.

Switching Process (Notice → Transit → Completion)

1. Initiation (Notice): 2 months notice period (end of month). ayedo confirms within 5 business days and names contacts & interfaces.

2. Transitional Period: typically 30 calendar days of continued operation & good faith cooperation.

   Customer right: The customer may extend the Transitional Period once pursuant to Art. 25(5) EU Data Act.

3. Extension: technical impossibility/dependencies → notification within 14 business days; total transit max. 7 months.

4. Service during Transit: Service remains applicable; standard fees continue.

5. Retrieval & Completion: after switch at least 30 days retrieval window; subsequent deletion with confirmation (see “Security, GDPR & Deletion”).

6. Termination logic: successful switch → contract end. Pure deletion without switch → end upon expiry of Notice/agreed phase.

Notes on egress, porting and support services can be found in project documentation and the Terms.

Fees, Switching Charges & Egress/ETP

• Until 12.01.2027: only cost-based, reduced fees for switching services (directly attributable costs) permitted.
• From 12.01.2027: no switching charges.
• Standard service fees continue during Notice/Transit; egress/data export and parallel operation are billed “at cost”.

Open Interfaces & Interoperability (Non-IaaS)

Obligations under Art. 30(2)–(4) EU Data Act:

• We provide open, documented interfaces and export paths free of charge to the same extent as required for use of the Services (e.g. S3/OCI/CSI, Prometheus/OpenTelemetry).
• Compatibility with published open specifications or harmonized standards is maintained where available and applicable.
• Breaking changes to interfaces are announced with at least 6 months notice; migration guidance is provided.

International Access (Art. 28)

Ayedo protects data from unlawful international access requests:

• Processing in the EU; subcontractors with equivalent guarantees.
• Review of each government disclosure request for compatibility with EU law; unlawful or extraterritorial requests are challenged.
• Customer notification (where legally permitted) before disclosure; transparency reporting afterwards.
• Data minimization, encryption (customer key control possible), logging and legal documentation.

Processing locations and jurisdiction (examples; binding providers/regions are named in contract/annexes, associated websites listed there – Art. 28(2)):

Technical, organizational and contractual measures (short list):

• End-to-end encryption for transports; encryption at rest, customer key control optional (BYOK/BYOKMS).
• Access on need-to-know basis, role-based, logged; regular reviews.
• Contract framework incl. DPA, SCCs with subprocessors; audit/information rights.
• Legal review and challenge of unlawful requests; notification process.

Further details can be found in the contract and respective annexes.

Switching Register (Excerpt)

Process overview: Notice → Transit → Completion; defined SLAs and escalation paths per contract/terms. Complete register and contact points: Switching Register

Mapping of exportable categories (excerpt):

Standards & Deprecation Policy:

• Relevant standards/open specs: OCI, Kubernetes, CSI, CNI, OpenTelemetry, OpenMetrics, S3-compatible APIs.
• Deprecations are announced with at least 6 months notice; migration paths are documented.

Security, GDPR & Deletion

• Technical and organizational measures according to ISO-oriented best practices; processing of personal data according to GDPR.
• After completion of the switch: deletion of all exportable customer-specific data per agreement; statutory retention obligations remain unaffected. Deletion protocol is provided upon request.

Further information: Privacy Policy.

Parallel Operation & Multi-Cloud

Parallel operation during transit is possible; configuration and costs (e.g. additional infrastructure, bandwidth) are determined on a project-by-project basis.

Custom Solutions (Art. 31)

Special interoperability or porting needs can be contractually agreed as custom solutions (e.g. additional connectors, migration automation, data model transformation logic).

Payment Default During Transit (Safe Harbour)

To secure operations during the Transitional Period: In case of payment default, services may be restricted; essential export/deletion paths are maintained where legally required and agreed.

Legal References (Excerpt)

• https://www.bmv.de/SharedDocs/DE/Anlage/DG/Digitales/eu-data-act-deutsche-fassung-22-12-23.pdf/, especially Chapter VI, Art. 23–31
• National implementation and supplementary guidelines where applicable.

Pre-contractual Information (Art. 29(4)–(6))

• Standard service fees continue regularly during Notice/Transit.
• Switching charges until 12.01.2027 exclusively “at cost” (directly attributable expenses/third-party and egress costs); from 12.01.2027: €0.
• ETP (Exit/Transition Pricing) = directly attributable expenses (team hours × contractual hourly rate) + infrastructure/egress/third-party services “at cost”. A contractual cap and any flat rates are stated in offer/price sheet before contract conclusion.
• This information is actively provided before contract conclusion (reference in offer) and is available at Switching Register.

Downloads & Templates

• Switching Register and contact points: Switching Register

Contact

• Email: security@ayedo.de

Change History

• 2025-09-16: first publication of this page.