👋 Welcome the OnlyLawyer newsletter! Each week I tackle legal topics for the tech industry — cybersecurity, data privacy, AI legal issues, and other issues that in-house lawyers face.

The Surprise Exit Nobody Saw Coming

Imagine you’ve signed a five-year cloud services deal.

The sales team celebrates. Finance books the revenue projection. Marketing puts out a press release. Everyone feels good.

And then, six months in, your customer calls: “Hey, we’re leaving. We’ll wrap things up in 60 days.”

You think they’re bluffing. You check the contract. Sure enough, it says “minimum term: 5 years.” You point to the clause like a lawyer in a courtroom drama.

They point to the EU Data Act.

Under it, customers of cloud and data processing services can terminate contracts with as little as two months’ notice, even if the ink on your “multi-year” commitment is still drying.

This isn’t just a cloud vendor problem. It’s a legal, financial, and strategic problem.

Because if you thought “multi-year” meant guaranteed revenue, the Data Act just made that phrase about as solid as “forever” in a high school relationship.

What the Law Actually Says

The EU Data Act’s portability provisions are meant to make it easier for customers to switch providers without getting trapped in vendor lock-in.

The portability rule:

• Applies to cloud and data processing services (and yes, that’s broad).

• Lets customers terminate contracts without penalty beyond “proportionate charges” for early exit.

• “Proportionate” is undefined. There’s no formula, no guidance, just a legal shrug for now. It’s one of those legal words that sounds precise but is actually as clear as saying “dress code = smart casual.” Everyone nods, no one agrees, and someone will inevitably show up in flip-flops.

• Covers contracts with EU-based customers and non-EU providers serving the EU market.

• Effective September 12, 2025, which means the two-month escape hatch will be live next month.

The headline is simple: a five-year deal is now, effectively, a two-month rolling contract.

The subheadline, and the legal headache, is that no one knows exactly what “proportionate” means…which is lawyer-speak for “this is going to court, and it’s going to be expensive.”

Why This Is a Legal and Financial Headache

Here’s what keeps both GCs and company leaders up at night about this:

1. Revenue recognition

You can’t count five years of contract value as guaranteed income if your customer can walk in month seven. This messes with long-term forecasts, deal valuations, and M&A assumptions.

2. Enforceability

Multi-year “minimum term” clauses lose their bite. Your legal leverage in retention conversations just dropped to two months.

3. Disputes waiting to happen

“Proportionate” will be tested in real disputes (probably soon). Customers will argue it’s just unrecoverable direct costs. Providers will argue for more.

4. Business planning

Sales teams may need to rethink incentives. Big upfront discounts or infrastructure investments assume a long-term payoff. The Data Act just shrank that payoff window.

It also has the unique distinction of being a legal, finance, and sales problem…which means it’s basically the corporate version of hot potato. Only the potato is on fire and nobody remembers why they were holding it in the first place.

A quick example:

• You ink a €10M, 5-year deal with a customer.

• You invest €1.5M in dedicated infrastructure, licenses, and onboarding.

• After 10 months, they terminate with 2 months’ notice.

• You recover some costs, but you lose the revenue and the margin you built the deal around.

In other words, you might get reimbursed for the gas, but the trip’s over.

What Counts as “Proportionate” Penalty?

This is the gray zone. Without guidance, “proportionate” will likely be judged on:

• Directness: Is the cost directly tied to this specific customer?

• Recoverability: Can the provider reuse or recoup the cost?

• Reasonableness: Would a regulator see this as fair, or as a backdoor penalty?

Costs likely recoverable:

• Non-cancellable third-party licenses purchased solely for this customer.

• Dedicated infrastructure or capacity that can’t be reused. The Data Act doesn’t care that you just spent seven figures on shiny new servers to impress this customer. As far as it’s concerned, you can always find another “date” to wear them to.

• Professional services setup and onboarding costs tied directly to this customer. Try to recover these, sure…just be ready for it to sound like charging someone for a tattoo they decided not to get.

• Upfront pricing incentives amortized over the contract term (e.g., heavy year-one discount designed for five years). This is the business equivalent of buying someone a five-course dinner because they promised to come to your birthday next year — then ghosting you after dessert.

Costs likely not recoverable:

• The full value of the remaining term.

• General overhead or “we thought you’d be here five years” arguments.

Example calculation:

If you spent €500K on non-cancellable licenses, €300K on infrastructure, and €200K on setup for a 5-year deal, and they leave in year one, you could argue to recover a proportionate share of those costs, but not the lost revenue from years 2–5.

Key takeaway: if you can’t prove it’s unrecoverable, it’s not proportionate.

This Won’t Stop at Cloud

Right now, the portability hammer is falling on cloud and data processing contracts. But the logic behind the rule, “customers should be able to leave without unreasonable penalty,” is contagious.

Expect similar portability or early-exit rules to creep into:

• Managed IT services contracts.

• ERP and EHR systems agreements.

• AI-as-a-service arrangements.

• Outsourcing and BPO deals with heavy lock-in features.

Globally, regulators are already taking aim at lock-in across multiple sectors. The EU Data Act might be the test case, but it’s not the finish line.

If you’re a GC in any industry where customers depend heavily on your infrastructure or software, this is a signal: the regulatory winds are shifting.

The GC’s Playbook

If you’re advising your company or clients, here’s how to play this without getting blindsided.

Short-term (next 30 days):

• Inventory contracts that fall under the Data Act.

• Flag revenue exposure to finance (the C-suite hates surprises).

• Review and, if possible, amend termination clauses now.

Medium-term (next 6–12 months):

• Build a defensible “proportionate penalty” framework with finance and ops.

• Negotiate penalty structures upfront in new deals.

• Train sales/legal to document unrecoverable costs from day one.

Long-term (12+ months):

• Reduce customer-specific sunk costs where possible.

• Re-engineer products/services to make onboarding and offboarding cheaper.

• Treat “multi-year” as a pricing preference, not a revenue guarantee.

This isn’t about being pessimistic. It’s about building contracts, and cost structures, that can survive a two-month termination notice without tanking the P&L.

Closing Takeaway

The Data Act isn’t just a cloud rule. It’s a leverage shift disguised as a portability measure.

If “multi-year” no longer means what it used to, deal strategy has to change. Pricing has to change. The way you frame risk and reward in negotiations has to change.

Forward thinking lawyers won’t be the ones quoting the statute. They’ll be the ones who quietly rewrite contract templates, reframe deal economics, and make sure the business is ready for the day a “guaranteed” customer says, “We’re out in 60 days.”

Because in the new world, the riskiest clause in your contract might not be the one you draft. It might be the one you can’t change.

Until then, maybe start treating multi-year contracts like milk. Great while it lasts, but don’t be surprised when someone checks the expiration date early.

*Forward this to your legal friends!

Share