The European Data Act Rewrites the Rules of Cloud Vendor Strategy in Customer Communications

Table of Contents

For over a decade, companies selected Customer Communication platforms based on a precise, consolidated, and seemingly immutable set of criteria: functionality, cost, scalability, depth of integration. Once chosen and deployed in production, the platform was treated as a stable part of the architecture, a long-term investment whose continuity was considered natural. The European Data Act has rendered this view obsolete.

By transforming data portability and vendor switching from mere commercial negotiation points into legally recognised rights, the Data Act has introduced a strategic variable that CIOs, CTOs and Chief Risk Officers (especially those operating within regulated-sector organisations) must now keep firmly in view: vendor independence.

Vendor independence is now a governance requirement with direct implications for risk-reporting processes, supplier due diligence and long-term board-level decision-making.

Switching: The Four Structural Reasons Why Companies Change Vendors

The need to change Customer Communication solution vendors and therefore to avoid vendor lock-in situations arises regularly for reasons entirely unrelated to regulatory pressure. In enterprise organisations, four scenarios recur with particular frequency.

Technological Obsolescence

Customer Communication platforms built on legacy architectures, from mainframe systems to early-generation on-premise and cloud solutions, progressively lose the ability to support interactive digital outputs, omnichannel orchestration, or integration with AI capabilities and modern data platforms. In these cases, the fundamental question concerns the speed at which migration can be executed without generating operational disruptions.

Vendor End-of-Life and Discontinuity

Vendors announce product end-of-life, acquire competing platforms to consolidate their portfolio, or exit market segments entirely. The case of Assentis, currently in a phase of discontinuity within the European CCM market, clearly illustrates how a vendor lifecycle decision can generate an external, non-negotiable migration timeline, with significant compliance implications if the transition is not managed with sufficient lead time.

Economic Optimisation and Commercial Rebalancing

As the cloud services market matures and alternative vendors offer comparable functionality at a significantly lower total cost of ownership (TCO), CFOs and IT procurement teams begin to question the economic sustainability of the incumbent vendor. Licensing structures that were competitive a decade ago become economically unjustifiable. In these cases, switching readiness, the organisational capacity to change vendors without operational disruption, determines whether the organisation can genuinely capture the commercial opportunity, or whether it is effectively locked in: not by a contractual constraint, but by the practical impossibility of migrating.

Functional Perimeter Expansion

Organisations outgrow the platform they initially selected when communication requirements evolve. A vendor chosen specifically to manage billing may prove inadequate if the organisation introduces eIDAS-compliant trust services, such as digital identity verification, certified electronic delivery and qualified electronic signatures, or new forms of customer engagement such as interactive video and AI-driven personalised communications. The ability to transition to a unified platform depends on a decision made upstream: whether the current infrastructure was built on open standards, a necessary condition for migration to be viable.

What all four of these scenarios share is a common prerequisite: the ability to switch without friction. With the Data Act, that capability becomes an explicit governance issue.

Why Switching in Customer Communications Is More Complex Than Elsewhere

Not all cloud-hosted systems are equally complex to migrate. Customer Communication platforms occupy a particularly critical position, for two structural reasons.

The first concerns the template library, a catalogue that contains document templates: blank schemas, rules and logic. In a mature enterprise CCM environment, this does not mean managing a few dozen documents but hundreds, often thousands of assets: invoices, contracts, regulatory communications, policies and their omnichannel variants. Each template embeds years of accumulated business logic: personalisation rules, compliance-approved regulatory language, brand guidelines, data transformation mappings to ERP and CRM systems. When these assets are built on proprietary formats, migration becomes a complex operation involving reverse engineering, rewriting and re-certification asset by asset. Each template must first be understood, then translated into the language of the new platform, and then re-certified.

The second reason concerns the document archive. CCM platforms in regulated sectors do not merely produce documents: they accumulate them. Every invoice, policy and contractual communication is retained for mandatory retention periods, typically seven to ten years and in some cases permanently. The scale is significant: a utility with two million customers accumulates over twenty million documents per year, each with associated metadata: customer identifier, document type, delivery status, digital signature reference, legal validity timestamp and archive integrity hash. Document Management Systems (DMS) and Enterprise Content Management (ECM) systems built on proprietary metadata schemas or closed export APIs generate a technical form of vendor lock-in that conflicts directly with the portability rights enshrined in the Data Act.

What the Regulation Actually Requires

The Data Act follows a well-defined implementation timeline. From 12 September 2025, switching obligations apply to all new cloud contracts. From 12 September 2026, they extend to legacy contracts concluded before that date: from next year, therefore, the entire perimeter of existing cloud relationships within Customer Communications will be subject to portability and vendor-switching requirements. From 12 January 2027, switching costs are prohibited in full, including data extraction fees (egress fees).

Cloud providers are legally required to remove the technical and contractual barriers that obstruct switching and cloud switching in particular, to guarantee service continuity during transitions, and to support migration to functionally equivalent services. Data portability therefore becomes a genuine, legally guaranteed right. Similarly, the regulation reinforces functional equivalence, meaning the right to reconstruct the same capabilities elsewhere, and EU data residency. For regulated communications, which the law requires to be retained for extended periods, these principles are particularly significant.

From Technology to Governance

Vendor dependency risk, the systemic exposure generated by critical communication processes depending on a single provider or proprietary architecture, is rapidly becoming a board-level issue, particularly in financial services, utilities, telecommunications and the insurance sector, where Customer Communications carry direct legal, contractual and compliance implications.

This evolution is taking place within a broader European regulatory context, in which DORA, NIS2 and the AI Act are converging to redraw the boundaries of accountability for technology providers. The Data Act is one component of a coherent framework in which third-party dependency becomes a measurable and reportable exposure.

The organisations that will navigate this new landscape most effectively are those that treat switching readiness as a strategic control mechanism to be embedded in architecture decisions, risk management frameworks, annual vendor reviews and the criteria that guide technology procurement. In practice, this means making indicators measurable: estimated migration time, the proportion of assets stored in open formats, the availability of qualified alternative providers. These indicators must then be reported in a structured way within technology governance cycles. With legacy contract obligations in force from September 2026 and the elimination of switching costs from January 2027, the window to act proactively is rapidly narrowing.

Discover how Doxee Platform® enables portability, resilience and compliance by design.

FAQ

When do the Data Act obligations on existing cloud contracts come into force?

From 12 September 2026, portability and switching obligations extend to legacy contracts. From 12 January 2027, switching costs are prohibited in full, including egress fees.

Why are Customer Communications particularly exposed to vendor lock-in risk?

For two structural reasons: a template library that embeds years of business logic and requires asset-by-asset re-certification, and a document archive containing tens of millions of records subject to mandatory retention periods of 7 to 10 years.

What does “switching readiness” mean in practice?

It is a measurable risk indicator that assesses migration time, the proportion of assets in open formats, the extractability of data without vendor assistance and the availability of qualified alternative providers.

Is switching purely a regulatory compliance issue?

No. It remains relevant beyond the Data Act perimeter: technological obsolescence, vendor end-of-life (as in the Assentis case), TCO optimisation and functional perimeter expansion all make switching an operationally critical capability.

“Doxee is redefining what modern CCM should look like—bridging data-driven personalization, AI-assisted content creation, and interactive experiences into a seamless platform.The innovations like Pvideo® and Endpoint Customer Journey Management, it empowers organizations not just to communicate, but to connect meaningfully across every channel. Its robust process automation and integration-first approach make it one of the most forward-thinking platforms in the CCM space today.”

Saurabh Raj | Senior Analyst at QKS Group