CISPE Launches Cloud Switching Framework for EU Data Act Compliance

As companies continue to navigate the ever-evolving landscape of cloud computing, a new framework has been introduced by Cloud Infrastructure Service Providers in Europe (CISPE) to promote multicloud adoption and ensure compliance with the European Union’s stringent Data Act. This timely initiative is designed to address growing concerns about data portability and the potential for vendor lock-in, providing guidelines and technical specifications to assist vendors in meeting the EU’s upcoming regulatory requirements. The EU Data Act, enacted in January 2023, sets forth a comprehensive framework for data privacy, sharing, and portability, giving vendors 20 months to comply, with enforcement slated to begin in September 2025.

The Cloud Switching Framework

At the heart of this initiative is the Cloud Switching Framework, which is a pivotal tool designed to facilitate the seamless movement of data between different cloud providers. This framework assists vendors in demonstrating their compliance with the critical aspects of the EU’s Data Act, particularly those related to cloud data portability. By enabling cloud providers to generate automated verification credentials, the framework ensures adherence to the new standards, making it easier for companies to switch between cloud services without being tethered to a single provider.

The introduction of the Cloud Switching Framework is significant not just for its technical specifications but also for its broad implications. With machine-readable verifiable credentials, cloud providers can offer higher transparency regarding the movement of workloads. This aligns with the objectives of the Data Act, which aims to harmonize data access policies across vendors and prevent vendor lock-in. These steps are crucial as they enable companies to be more agile, adopting hybrid and multicloud strategies that are increasingly necessary in today’s dynamic business environment.

Collaboration and Impact

CISPE’s efforts in developing the Cloud Switching Framework were bolstered by collaboration with Gaia-X, another prominent EU-based advocacy group focusing on data and cloud standards. Together, these organizations laid down specifications anchored on five key pillars. These include providing clear information on switching procedures, data formats, costs, and technical limitations; creating channels for notifying vendors of switching requests and tracking them; offering secure data migration tools; establishing clear contract termination procedures; and affirming in vendor contracts the customers’ rights to move workloads between different clouds.

Several industry heavyweights, including AWS, have shown their support for the framework as key members of CISPE since its inception in 2017. Their endorsement is a testament to the framework’s utility in simplifying compliance processes and promoting a more interconnected cloud ecosystem. Additionally, smaller cloud service providers like Italy-based Deda.cloud emphasize the framework’s role in fostering innovative multicloud solutions that could lead to more flexible and efficient compliance with the Data Act.

Wider Implications and Future Prospects

As companies continue to navigate the ever-evolving landscape of cloud computing, the Cloud Infrastructure Service Providers in Europe (CISPE) have introduced a new framework promoting multicloud adoption and ensuring compliance with the European Union’s stringent Data Act. This timely initiative addresses growing concerns about data portability and the potential for vendor lock-in. It provides guidelines and technical specifications to assist vendors in meeting the EU’s upcoming regulatory requirements.

Enacted in January 2023, the EU Data Act sets forth a comprehensive framework focusing on data privacy, sharing, and portability. The Act mandates that vendors comply within 20 months, with enforcement beginning in September 2025. By establishing clear guidelines, CISPE aims to facilitate smooth transitions for companies, ensuring they can operate in a multicloud environment without compromising data security and compliance. The initiative is crucial, as it helps businesses adapt to regulatory changes while promoting innovation and flexibility in cloud service usage.

Explore more