CISPE framework aids EU Data Act compliance, cloud switching

European cloud consortium CISPE has unveiled a framework to help members and their customers automate compliance with the EU Data Act's obligations around data portability and switching.

CISPE, or Cloud Infrastructure Services Providers in Europe, is a trade association for cloud operators, as its name suggests. The organization says its Cloud Switching Framework simplifies compliance with the EU Data Act, ahead of the regulation becoming applicable in September 2025.

The Act itself aims to promote the exchange and use of data within Europe, setting out rules for who can use and access which data and for what purposes across all economic sectors in the trading bloc.

As far as cloud services go, CISPE says the Data Act aims to "empower European customers" to experiment with and switch cloud services, whether that involves adopting a single or multi-cloud strategy, in order to find the arrangement that best fits their evolving commercial needs.

The Framework focuses on technical and operational processes needed to customers port and switch between clouds, as is to demanded by the Data Act.

It is described by CISPE as "a practical service declaration framework that covers the entire switching process contemplated in the EU Data Act." As such, it includes guidelines and technical requirements to help vendors and cloud customers implement compliance in their systems with the upcoming obligations around data portability and switching.

In other words, it functions like a checklist for CISPE members to demonstrate their compliance.

Cloud providers will be able to present their declaration of adherence to the Framework in a machine-readable format, also called "verifiable credentials," which CISPE says will enable the automation of compliance checks.

As an example, cloud providers are required to give customers clear, detailed information on the switching process, including procedures, data formats, costs, and any technical limitations.

Contracts must allow the customer to switch or use multiple providers, and also must specify the provider's switching assistance obligations, data export requirements, and termination procedures.

A CISPE spokesperson told us the Framework is a tool developed with major auditors and based on the ISO/IEC 17021-1 standard for conformity assessment.

"This means it's designed not just for checking boxes but for facilitating operational compliance and certification through third party auditors in a meaningful and practical way," the spokesperson said.

The reason for moving workloads from their current location is primarily cost, but also the fear of vendor lock-in

IDC Europe associate VP for Cloud Research Carla Arend said a recent survey of organizations across Europe found they are now more open to moving workloads around.

"The reason for moving workloads from their current location is primarily cost, but also the fear of vendor lock-in. So the CISPE announcement... helps European organizations to avoid lock-in and design the cloud strategy that they want," she told us.

CISPE is described by some as "a bunch of small European cloud operators and AWS."

One of those is Finland-based UpCloud, whose CEO Antti Vilpponen said: "The focus on practical compliance processes and the potential to automate much of the work necessary makes the CISPE Framework stand out from other approaches, and we will certainly be using it."

• NHS would be hit by 'significant' costs if UK loses EU data status, warn Lords
• What exactly did Microsoft promise CISPE in its settlement?
• Microsoft wasn't CISPE's only suitor – it seems Google was willing to pay for its views on cloudy licensing to prevail
• Euro-cloud consortium CISPE calls for investigation of Broadcom

AWS director of public policy for EMEA Arnaud David said in a statement: "We have been a huge supporter of the CISPE Cloud Switching Framework from the outset. It is important that it is available now to allow providers and customers ample time to assess their cloud choices as the deadline for Data Act compliance draws closer."

CISPE recently made headlines with a complaint they lodged with the European Commission regarding alleged anti-competitive behaviour by Microsoft, which the org dropped as part of an agreement that included a two-year moratorium on software audits for CISPE members and a payment estimated at between €10 and €30 million.

The UK's Competition and Markets Authority is probing the health of the cloud market, and is deeply inspecting egress fees, Microsoft licensing, interoperability and discounts for customers that commit to a vendor for a certain number of years. ®