How the 2025 EU Data Act rewrites the rules for SaaS providers
At a glance
- Switching becomes easier as the Data Act weakens contractual lock-in, increasing churn risk, and reducing revenue predictability for SaaS providers.
- As openness becomes mandatory, interoperability and data portability obligations require investment in standardised APIs and migration-ready architectures.
- Valuation models will evolve as enterprise value will depend less on contract length and more on revenue resilience, platform openness, and business model adaptability.
Software business models have radically changed over the past two decades. In the early 2000s, most software publishers relied on perpetual licenses, integration and annual maintenance services, generating one-off revenues but offering limited visibility on future cash flows. This structure made company valuations highly dependent on sales cycles and exposed vendors to annual churn risk.
The financial profile of software companies has changed with the advent of Software as a Service (SaaS) models. SaaS companies established dependable, long-term income streams known as Annual Recurring Revenue (ARR) by substituting recurring subscriptions based on low churn for upfront licensing. Instead of using conventional EBITDA or EBIT measures, investors are increasingly valuing SaaS companies at high EV/ARR multiples (typically 3x to 7x). However, the introduction of the EU Data Act (2025) has introduced new challenges to this model.
The EU Data Act is built on clear principles and regulatory objectives:
The EU Data Act forms part of the European Commission’s broader digital strategy. Its primary purpose is to create a uniform framework within the European Union for data access, sharing, and the reuse of (non-personal and personal) data across the EU. It runs alongside other regulations in the EU digital rule-book, such as the Digital Markets Act (DMA), adopted in September 2022, and the Digital Services Act (DSA), adopted in October 2022. The EU Data Act 2025 includes software companies operating under a SaaS business model, which was not the case for firms previously covered under the DMA and DSA frameworks.
Several specifications have direct implications for SaaS providers:
- Data portability and interoperability: Customers must be able to transfer their data easily between providers without encountering technical barriers or propietary limitations.
- Termination rights: Users must be allowed to terminate SaaS contracts with no more than two months’ notice
- Ban on exit fees: Providers may not charge for data transfer or impose restrictive migration procedures.
- Standardisation and API openness: Software and cloud systems must support interoperability through standardised interfaces and commonly used data formats.
While these measures enhance user freedom and competition, they may alter the predictability of recurring revenues and thus affect the valuation multiples traditionally applied to SaaS providers.
The operational impact:
Reduced contractual stickiness: By removing exit fees and simplifying termination clauses, the Data Act makes it easier for customers to switch providers. This creates upward pressure on churn and reduces the average Customer Lifetime Value (CLTV).
Pressure on pricing and packaging: Clients may increasingly request transparent, modular (“unbundled”) offerings that allow them to activate or deactivate individual service components. Long-term commitments become less attractive, prompting SaaS vendors to offer shorter contracts and more flexible billing structures.
Increased compliance and technical costs: Meeting data portability and interoperability requirements will necessitate investment in standardised APIs, exportable data architectures and documentation to support seamless migration.
Shift in retention strategies: As switching becomes easier, SaaS providers will need to reinforce customer success functions, invest in integrations, and strengthen post-sale services to maintain customer loyalty in a more fluid, competitive market.
The financial and valuation consequences:
As the Data Act takes effect, SaaS vendors will face material shifts in customer behaviour, compliance obligations and revenue predictability, each carrying implications for their future growth and competitiveness.
Lessons from the French insurance market
A relevant comparison comes from the French insurance sector, which experienced similar disruption following the introduction of Loi Chatel. The regulation strengthened consumers’ rights by enforcing renewal notices and simplified contract termination. According to the 2018 Observatoire des résiliations by Résilier.com, cancellation rates under the Loi Chatel framework reached 11 % in the combined auto and home insurance segment.
Lessons from the European telecom sector
The European telecom market provides another illustration. Following recommendations issued by BEREC’s (Body of European Regulators for Electronic Communications), which were adopted by most EU countries, switching frictions were reduced. These included faster number portability (≤ 5 days), streamlined termination procedures, the “gaining provider-led” migration process, and more transparent contract information.
BEREC’s findings show churn rates tend to rise in markets where these controls are implemented, particularly where portability deadlines are shortened. Switching to fast portability is usually associated with a short-term churn increase of about 13.6%. These examples above highlight how regulatory interventions designed to enhance consumer freedom can directly affect revenue visibility and customer lifetime value in subscription-based models.
How SaaS financial stability is affected by churn and regulatory asymmetry
Should SaaS players be exposed to such an increase in churn, Annual Recurring Revenue (ARR) would be significantly affected by lower client retention and increased volatility. This would lead to weakened unit economics for specific customer cohorts and undermine past higher valuations that relied on strong retention. The Data Act may also introduce structural asymmetry: EU-based SaaS providers are subject to its termination and portability requirements, while some non-EU competitors may operate on less stringent constraints. Some providers would benefit from such a shift.
Divergent attrition patterns, reduced ARR visibility for EU-based vendors, and eventually different value multiples across markets could result from this regulatory imbalance. Investors would revise their valuation models to take into account new regulations.
While the regulation introduces challenges, it also opens new strategic opportunities for adaptable SaaS providers.
Interoperability as a competitive advantage
By proactively enabling seamless data portability and cross-platform integration, SaaS providers can transform compliance into a genuine competitive edge. When selecting providers, customers and investors will increasingly value transparency and compatibility across systems. As contractual barriers lose significance, long-term retention will depend less on legal or technical lock-ins and more on product quality, customer service and overall user experience. From an investment standpoint, due diligence will shift focus from contract length and ARR growth toward data openness, net revenue retention stability, and compliance maturity. In this way, openness and interoperability will become a key proxy for long-term resilience.
The EU Data Act introduces both a structural rebalancing and a regulatory shock to the SaaS industry. It disrupts client-lock-in-based business models and redefines how value is generated and maintained by encouraging transparency and interoperability. For investors and management teams, this marks the emergence of a new valuation paradigm in which enterprise value will increasingly depend on three pillars:
- Resilience and recurrence of revenues
- Openness and interoperability platforms
- Adaptability and agility of business models
The long-term winners of the post-Data Act period are those who adopt this new strategy early on and view interoperability as a strategic advantage rather than a limitation.
By Bertrand Hermez, head of Clairfield’s tech, software & digital practice and managing partner at Clairfield in France.
