[{"data":1,"prerenderedAt":664},["ShallowReactive",2],{"navigation":3,"\u002Fen\u002Fblog\u002Feu-data-act-business-devops":294,"\u002Fen\u002Fblog\u002Feu-data-act-business-devops-surround":659},[4,8,12,16,20,24,28,32,36,40,44,48,52,56,60,64,68,72,76,80,84,88,92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184,188,207,219,250,287],{"title":5,"path":6,"stem":7},"Build and Deploy a Modern Website in 5 Minutes","\u002Fen\u002Fblog\u002Fbuild-with-loveable","en\u002F3.blog\u002F1.build-with-loveable",{"title":9,"path":10,"stem":11},"The Vercel Alternative for the German Mittelstand: Sovereign Hosting on Hetzner with lowcloud","\u002Fen\u002Fblog\u002Fdigital-sovereignty-lowcloud-vs-vercel-b2b","en\u002F3.blog\u002F10.digital-sovereignty-lowcloud-vs-vercel-b2b",{"title":13,"path":14,"stem":15},"Cloud Sovereignty Framework: How the EU Is Finally Making Cloud Sovereignty Measurable","\u002Fen\u002Fblog\u002Fcloud-sovereignty-framework","en\u002F3.blog\u002F12.cloud-sovereignty-framework",{"title":17,"path":18,"stem":19},"Avoiding Cloud Vendor Lock-in: What Real Sovereignty Means Technically","\u002Fen\u002Fblog\u002Fcloud-vendor-lock-in","en\u002F3.blog\u002F13.cloud-vendor-lock-in",{"title":21,"path":22,"stem":23},"Digital Sovereignty with Kubernetes: When Is Open Source Truly Sovereign?","\u002Fen\u002Fblog\u002Fkubernetes-digital-sovereignty","en\u002F3.blog\u002F14.kubernetes-digital-sovereignty",{"title":25,"path":26,"stem":27},"What Is DevOps as a Service and When Does It Actually Make Sense?","\u002Fen\u002Fblog\u002Fdevops-as-a-service","en\u002F3.blog\u002F15.devops-as-a-service",{"title":29,"path":30,"stem":31},"Cloud Sovereignty Governance: Why This Topic Belongs in the Boardroom, Not the Server Room","\u002Fen\u002Fblog\u002Fcloud-sovereignty-governance","en\u002F3.blog\u002F16.cloud-sovereignty-governance",{"title":33,"path":34,"stem":35},"PaaS vs. DaaS: What","\u002Fen\u002Fblog\u002Fpaas-vs-daas","en\u002F3.blog\u002F17.paas-vs-daas",{"title":37,"path":38,"stem":39},"Sovereign Cloud: Can SaaS Really Maintain Control Over Your Data?","\u002Fen\u002Fblog\u002Fsovereign-cloud-saas-data-control","en\u002F3.blog\u002F18.sovereign-cloud-saas-data-control",{"title":41,"path":42,"stem":43},"DevOps vs. DevOps as a Service – Which One Fits Your Team?","\u002Fen\u002Fblog\u002Fdevops-vs-devops-as-a-service","en\u002F3.blog\u002F19.devops-vs-devops-as-a-service",{"title":45,"path":46,"stem":47},"Docker Fundamentals -  Understanding Container Virtualization","\u002Fen\u002Fblog\u002Fhow-docker-works","en\u002F3.blog\u002F2.how-docker-works",{"title":49,"path":50,"stem":51},"The 7 Biggest DevOps Problems in SMBs – And How to Fix Them","\u002Fen\u002Fblog\u002Fdevops-problems-smb","en\u002F3.blog\u002F20.devops-problems-smb",{"title":53,"path":54,"stem":55},"PostgreSQL Helm Chart: How to Deploy Postgres on Kubernetes","\u002Fen\u002Fblog\u002Fpostgresql-helm-chart-kubernetes","en\u002F3.blog\u002F21.postgresql-helm-chart-kubernetes",{"title":57,"path":58,"stem":59},"Platform Engineering vs. DevOps – What","\u002Fen\u002Fblog\u002Fplatform-engineering-vs-devops","en\u002F3.blog\u002F22.platform-engineering-vs-devops",{"title":61,"path":62,"stem":63},"Cloud Act vs. GDPR: The Risk for EU Businesses","\u002Fen\u002Fblog\u002Fcloud-act-vs-gdpr","en\u002F3.blog\u002F23.cloud-act-vs-gdpr",{"title":65,"path":66,"stem":67},"Cut IT Costs with Automation: The Biggest Lever","\u002Fen\u002Fblog\u002Freduce-it-costs-automation","en\u002F3.blog\u002F24.reduce-it-costs-automation",{"title":69,"path":70,"stem":71},"NIS2 Compliance for DevOps Teams: What You Need to Do","\u002Fen\u002Fblog\u002Fnis2-compliance-devops","en\u002F3.blog\u002F25.nis2-compliance-devops",{"title":73,"path":74,"stem":75},"Self-Hosted EU Alternatives: Host LibreOffice & More","\u002Fen\u002Fblog\u002Fself-hosted-eu-alternatives","en\u002F3.blog\u002F26.self-hosted-eu-alternatives",{"title":77,"path":78,"stem":79},"DORA Compliance for DevOps: What the EU Resilience Act Means","\u002Fen\u002Fblog\u002Fdora-compliance-devops","en\u002F3.blog\u002F27.dora-compliance-devops",{"title":81,"path":82,"stem":83},"Cloud TCO: Hidden Costs AWS, Azure & GCP Don't Show You","\u002Fen\u002Fblog\u002Fcloud-tco-hidden-costs","en\u002F3.blog\u002F28.cloud-tco-hidden-costs",{"title":85,"path":86,"stem":87},"Data Residency vs. Data Sovereignty: What Really Matters","\u002Fen\u002Fblog\u002Fdata-residency-vs-data-sovereignty","en\u002F3.blog\u002F29.data-residency-vs-data-sovereignty",{"title":89,"path":90,"stem":91},"Self-Host n8n on Hetzner: Complete Docker Setup Guide","\u002Fen\u002Fblog\u002Fself-hosted-n8n-on-hetzner","en\u002F3.blog\u002F3.self-hosted-n8n-on-hetzner",{"title":93,"path":94,"stem":95},"Manual Deployments: An Underestimated Risk for SMBs","\u002Fen\u002Fblog\u002Fmanual-deployment-risks","en\u002F3.blog\u002F30.manual-deployment-risks",{"title":97,"path":98,"stem":99},"DevOps Tool Sprawl: How It Happens and How to Stop It","\u002Fen\u002Fblog\u002Fdevops-tool-sprawl","en\u002F3.blog\u002F31.devops-tool-sprawl",{"title":101,"path":102,"stem":103},"Kubernetes Monitoring: Using Logs and Metrics Effectively","\u002Fen\u002Fblog\u002Fkubernetes-monitoring-logs-metrics","en\u002F3.blog\u002F32.kubernetes-monitoring-logs-metrics",{"title":105,"path":106,"stem":107},"OB7 Case Study: Website Deployment Without Infrastructure Overhead","\u002Fen\u002Fblog\u002Fob7-case-study-lowcloud-deployment","en\u002F3.blog\u002F33.ob7-case-study-lowcloud-deployment",{"title":109,"path":110,"stem":111},"DevOps in SMBs: Why Missing Roles Become a Real Risk","\u002Fen\u002Fblog\u002Fmissing-devops-roles-smb","en\u002F3.blog\u002F34.missing-devops-roles-smb",{"title":113,"path":114,"stem":115},"Simplify Kubernetes Configuration: The Path to Human-Readable Cloud","\u002Fen\u002Fblog\u002Fsimplify-kubernetes-configuration","en\u002F3.blog\u002F35.simplify-kubernetes-configuration",{"title":117,"path":118,"stem":119},"Collaborative DevOps: How Modern Teams Build Cloud Apps Together","\u002Fen\u002Fblog\u002Fcollaborative-devops-teams","en\u002F3.blog\u002F36.collaborative-devops-teams",{"title":121,"path":122,"stem":123},"Knowledge Documentation in DevOps Teams: How to Actually Reduce Your Bus Factor","\u002Fen\u002Fblog\u002Fdevops-knowledge-documentation-bus-factor","en\u002F3.blog\u002F37.devops-knowledge-documentation-bus-factor",{"title":125,"path":126,"stem":127},"What Is PaaS? Platform as a Service Explained","\u002Fen\u002Fblog\u002Fwhat-is-paas","en\u002F3.blog\u002F38.what-is-paas",{"title":129,"path":130,"stem":131},"EU AI Act Hosting: What Changes for AI Workload Operators","\u002Fen\u002Fblog\u002Feu-ai-act-hosting","en\u002F3.blog\u002F39.eu-ai-act-hosting",{"title":133,"path":134,"stem":135},"Docker Compose Tutorial: Managing Multi-Container Apps Made Easy","\u002Fen\u002Fblog\u002Fdocker-compose-for-beginners","en\u002F3.blog\u002F4.docker-compose-for-beginners",{"title":137,"path":138,"stem":139},"Full-Stack Developer Reality: What the Title Actually Means","\u002Fen\u002Fblog\u002Ffull-stack-developer-reality","en\u002F3.blog\u002F40.full-stack-developer-reality",{"title":141,"path":142,"stem":143},"Cloud Egress Fees Compared: AWS vs. Azure vs. GCP Pricing","\u002Fen\u002Fblog\u002Fcloud-egress-fees","en\u002F3.blog\u002F41.cloud-egress-fees",{"title":145,"path":146,"stem":147},"Bring Your Own Cloud: What the Model Means and Why It","\u002Fen\u002Fblog\u002Fbring-your-own-cloud","en\u002F3.blog\u002F42.bring-your-own-cloud",{"title":149,"path":150,"stem":151},"Zero-Config Kubernetes: Why Simplicity Wins","\u002Fen\u002Fblog\u002Fzero-config-kubernetes","en\u002F3.blog\u002F43.zero-config-kubernetes",{"title":153,"path":154,"stem":155},"Minimalist Cloud Architecture: Why Less Complexity Means More Stability","\u002Fen\u002Fblog\u002Fminimalist-cloud-architecture","en\u002F3.blog\u002F44.minimalist-cloud-architecture",{"title":157,"path":158,"stem":159},"Software Deployment for SMBs: How Small Teams Ship Faster","\u002Fen\u002Fblog\u002Fsmb-software-deployment","en\u002F3.blog\u002F45.smb-software-deployment",{"title":161,"path":162,"stem":163},"EU Data Act: What Businesses and DevOps Teams Need to Know","\u002Fen\u002Fblog\u002Feu-data-act-business-devops","en\u002F3.blog\u002F46.eu-data-act-business-devops",{"title":165,"path":166,"stem":167},"Data Governance Act: What SMBs and DevOps Teams Need to Know","\u002Fen\u002Fblog\u002Fdata-governance-act-devops-guide","en\u002F3.blog\u002F47.data-governance-act-devops-guide",{"title":169,"path":170,"stem":171},"Self-Host Docmost with Docker Compose and Traefik: Complete Guide","\u002Fen\u002Fblog\u002Fself-host-docmost-with-docker-and-traefik","en\u002F3.blog\u002F5.self-host-docmost-with-docker-and-traefik",{"title":173,"path":174,"stem":175},"What Is Kubernetes? A Practical Guide to Container Orchestration","\u002Fen\u002Fblog\u002Fwhat-is-kubernetes","en\u002F3.blog\u002F6.what-is-kubernetes",{"title":177,"path":178,"stem":179},"The Cloud Illusion: Why a Server Location in Germany Doesn’t Guarantee Digital Sovereignty","\u002Fen\u002Fblog\u002Fcloud-illusion-digital-sovereignty","en\u002F3.blog\u002F7.cloud-illusion-digital-sovereignty",{"title":181,"path":182,"stem":183},"S3-Compatible Object Storage: The Best Solutions at a Glance","\u002Fen\u002Fblog\u002Fs3-compatible-object-storage","en\u002F3.blog\u002F8.s3-compatible-object-storage",{"title":185,"path":186,"stem":187},"Deployment as a Bottleneck: When AI Codes Faster Than You Can Deploy","\u002Fen\u002Fblog\u002Fdeployment-bottleneck","en\u002F3.blog\u002F9.deployment-bottleneck",{"title":189,"path":190,"stem":191,"children":192,"icon":206},"Getting Started","\u002Fen\u002Fdocs\u002Fgetting-started","en\u002F1.docs\u002F1.getting-started\u002F1.index",[193,196,201],{"title":194,"path":190,"stem":191,"icon":195},"Introduction","i-lucide-house",{"title":197,"path":198,"stem":199,"icon":200},"Get Started","\u002Fen\u002Fdocs\u002Fgetting-started\u002Fget-started","en\u002F1.docs\u002F1.getting-started\u002F2.get-started","i-lucide-rocket",{"title":202,"path":203,"stem":204,"icon":205},"How It Works","\u002Fen\u002Fdocs\u002Fgetting-started\u002Fhow-it-works","en\u002F1.docs\u002F1.getting-started\u002F3.how-it-works","i-lucide-lightbulb",false,{"title":208,"path":209,"stem":210,"children":211,"icon":206},"Guides","\u002Fen\u002Fdocs\u002Fguides","en\u002F1.docs\u002F2.guides\u002F1.index",[212,214],{"title":208,"path":209,"stem":210,"icon":213},"i-lucide-book-open",{"title":215,"path":216,"stem":217,"icon":218},"Connect a Container Registry","\u002Fen\u002Fdocs\u002Fguides\u002Fcontainer-registries","en\u002F1.docs\u002F2.guides\u002F2.container-registries","i-lucide-container",{"title":220,"path":221,"stem":222,"children":223,"icon":206},"App Services","\u002Fen\u002Fdocs\u002Fapp-services","en\u002F1.docs\u002F3.app-services\u002F1.index",[224,225,230,235,240,245],{"title":220,"path":221,"stem":222,"icon":200},{"title":226,"path":227,"stem":228,"icon":229},"Build Settings","\u002Fen\u002Fdocs\u002Fapp-services\u002Fbuild-settings","en\u002F1.docs\u002F3.app-services\u002F2.build-settings","i-lucide-settings",{"title":231,"path":232,"stem":233,"icon":234},"Env Variables","\u002Fen\u002Fdocs\u002Fapp-services\u002Fenvironment-variables","en\u002F1.docs\u002F3.app-services\u002F3.environment-variables","i-lucide-key",{"title":236,"path":237,"stem":238,"icon":239},"Custom Domains","\u002Fen\u002Fdocs\u002Fapp-services\u002Fcustom-domains","en\u002F1.docs\u002F3.app-services\u002F4.custom-domains","i-lucide-globe",{"title":241,"path":242,"stem":243,"icon":244},"Health Checks","\u002Fen\u002Fdocs\u002Fapp-services\u002Fhealth-checks","en\u002F1.docs\u002F3.app-services\u002F5.health-checks","i-lucide-heart-pulse",{"title":246,"path":247,"stem":248,"icon":249},"Autoscaling","\u002Fen\u002Fdocs\u002Fapp-services\u002Fautoscaling","en\u002F1.docs\u002F3.app-services\u002F6.autoscaling","i-lucide-scaling",{"title":251,"path":252,"stem":253,"children":254,"icon":206},"Helm Releases","\u002Fen\u002Fdocs\u002Fhelm-releases","en\u002F1.docs\u002F4.helm-releases\u002F1.index",[255,257,262,267,272,277,282],{"title":251,"path":252,"stem":253,"icon":256},"i-lucide-package",{"title":258,"path":259,"stem":260,"icon":261},"Deploy PostgreSQL","\u002Fen\u002Fdocs\u002Fhelm-releases\u002Fdeploy-postgresql","en\u002F1.docs\u002F4.helm-releases\u002F2.deploy-postgresql","i-lucide-database",{"title":263,"path":264,"stem":265,"icon":266},"Deploy Redis","\u002Fen\u002Fdocs\u002Fhelm-releases\u002Fdeploy-redis","en\u002F1.docs\u002F4.helm-releases\u002F3.deploy-redis","i-lucide-zap",{"title":268,"path":269,"stem":270,"icon":271},"Deploy n8n","\u002Fen\u002Fdocs\u002Fhelm-releases\u002Fdeploy-n8n","en\u002F1.docs\u002F4.helm-releases\u002F4.deploy-n8n","i-lucide-workflow",{"title":273,"path":274,"stem":275,"icon":276},"Deploy RustFS","\u002Fen\u002Fdocs\u002Fhelm-releases\u002Fdeploy-rustfs","en\u002F1.docs\u002F4.helm-releases\u002F5.deploy-rustfs","i-lucide-hard-drive",{"title":278,"path":279,"stem":280,"icon":281},"Deploy OpenSearch","\u002Fen\u002Fdocs\u002Fhelm-releases\u002Fdeploy-opensearch","en\u002F1.docs\u002F4.helm-releases\u002F6.deploy-opensearch","i-lucide-search",{"title":283,"path":284,"stem":285,"icon":286},"Deploy Keycloak","\u002Fen\u002Fdocs\u002Fhelm-releases\u002Fdeploy-keycloak","en\u002F1.docs\u002F4.helm-releases\u002F7.deploy-keycloak","i-lucide-shield-check",{"title":288,"path":289,"stem":290,"children":291,"icon":206},"Glossary","\u002Fen\u002Fdocs\u002Fglossary","en\u002F1.docs\u002F5.glossary\u002F1.index",[292],{"title":288,"path":289,"stem":290,"icon":293},"i-lucide-book-a",{"id":295,"title":161,"authors":296,"badge":302,"body":303,"date":649,"description":650,"extension":651,"image":652,"lastUpdated":654,"meta":655,"navigation":656,"path":162,"published":656,"seo":657,"stem":163,"tags":302,"__hash__":658},"posts\u002Fen\u002F3.blog\u002F46.eu-data-act-business-devops.md",[297],{"name":298,"to":299,"avatar":300},"Thomas Ens","\u002Fabout\u002Fthomasens",{"src":301},"\u002Fimages\u002Fblog\u002Fauthors\u002Fthomas.jpeg",null,{"type":304,"value":305,"toc":631},"minimark",[306,310,318,323,340,343,346,350,353,356,376,379,399,414,419,422,443,446,450,453,459,465,471,475,478,492,495,499,506,515,518,522,525,531,537,543,549,553,556,559,562,566,569,576,579,582,585,589,592,598,604,610,616,622,625,628],[307,308,309],"p",{},"The EU Data Act has been legally binding since September 2025, and most companies are still in the early stages of coming to terms with it. That's not a criticism — it's a reality check. The law is complex, its impact varies widely depending on company size and cloud setup, and many of the concrete technical consequences are buried in the fine print.",[307,311,312,313,317],{},"This article explains what the ",[314,315,316],"strong",{},"EU Data Act"," actually demands of businesses — without legalese, but without downplaying the rigor of the requirements either. If you operate, use, or develop cloud services, you should understand what's changing.",[319,320,322],"h2",{"id":321},"what-the-eu-data-act-is-and-why-it-matters-now","What the EU Data Act Is and Why It Matters Now",[307,324,325,326,333,334,339],{},"The ",[327,328,332],"a",{"href":329,"rel":330},"https:\u002F\u002Fbmds.bund.de\u002Fthemen\u002Fdigitale-wirtschaft\u002Fdata-act",[331],"nofollow","Data Act"," is an EU regulation that entered into force in June 2023 and has been fully applicable since September 2025. It complements the ",[327,335,338],{"href":336,"rel":337},"https:\u002F\u002Feur-lex.europa.eu\u002Flegal-content\u002FDE\u002FTXT\u002FHTML\u002F?uri=CELEX:32022R0868",[331],"Data Governance Act"," and pursues a clear goal: data should be more accessible, shareable, and portable — between companies, between providers, and between users.",[307,341,342],{},"The core idea: whoever generates or holds data shouldn't automatically have exclusive access to it. Whoever uses data should be able to switch providers or take their data with them.",[307,344,345],{},"That sounds like data policy. But the specific requirements are deeply technical — and that's exactly why they end up on DevOps teams' desks sooner or later.",[319,347,349],{"id":348},"what-the-data-governance-act-is","What the Data Governance Act Is",[307,351,352],{},"The Data Governance Act (DGA) is the \"predecessor\u002Fframework law\" in the European data package. It has been in force since 2022 and primarily establishes rules and structures for how data may be shared — trust, roles, and mechanisms.",[307,354,355],{},"In simple terms:",[357,358,359,366],"ul",{},[360,361,325,362,365],"li",{},[314,363,364],{},"DGA"," creates the framework so that data sharing can work properly (who can mediate, how is trust organized, how are data spaces enabled?).",[360,367,325,368,370,371,375],{},[314,369,332],{}," then specifically ",[372,373,374],"em",{},"requires"," data to be accessible and portable, and reduces lock-in, particularly with cloud services.",[307,377,378],{},"Key building blocks of the DGA:",[357,380,381,387,393],{},[360,382,383,386],{},[314,384,385],{},"Data intermediary services:"," Neutral \"data trustees\" that enable data sharing without exploiting the data themselves.",[360,388,389,392],{},[314,390,391],{},"Data altruism:"," Rules for how data can be voluntarily made available for public interest purposes (e.g., research).",[360,394,395,398],{},[314,396,397],{},"European data spaces:"," A legal\u002Forganizational framework for sector-specific data spaces (health, mobility, industry, etc.).",[307,400,401,402,405,406,409,410,413],{},"For businesses, the DGA is often less of a \"DevOps backlog item\" than the Data Act, but it's the strategic umbrella: it shows that the EU is ",[372,403,404],{},"institutionalizing"," data sharing, which means more requirements (and opportunities) around interoperability, governance, and portability in the long run. ",[327,407,408],{"href":166},"In our dedicated guide to the Data Governance Act",", we cover what the DGA means for DevOps teams. ",[327,411,412],{"href":30},"Our article on cloud sovereignty governance"," covers the broader governance implications.",[415,416,418],"h3",{"id":417},"scope-who-does-the-data-act-affect","Scope: Who Does the Data Act Affect?",[307,420,421],{},"The Data Act affects three groups:",[423,424,425,431,437],"ol",{},[360,426,427,430],{},[314,428,429],{},"Manufacturers of connected products"," — IoT devices, machines, vehicles, any device that generates data",[360,432,433,436],{},[314,434,435],{},"Cloud and data service providers"," — SaaS, PaaS, IaaS",[360,438,439,442],{},[314,440,441],{},"Data holders in B2B contexts"," — companies that hold data from connected products or services and must make it available to others",[307,444,445],{},"If none of these apply to you, the core regulation affects you less directly. But: almost every company that uses cloud services is indirectly affected as a customer, because the provider must meet the switching requirements.",[319,447,449],{"id":448},"the-three-core-obligations-businesses-need-to-know","The Three Core Obligations Businesses Need to Know",[307,451,452],{},"The Data Act can be broken down into three central requirements:",[307,454,455,458],{},[314,456,457],{},"1. Data access:"," Users of connected products and services must have access to the data they generate — in real time, without disproportionate barriers.",[307,460,461,464],{},[314,462,463],{},"2. Data portability:"," Data must be exportable in a structured, machine-readable format. This applies not only to personal data under GDPR, but also to usage, operational, and machine data.",[307,466,467,470],{},[314,468,469],{},"3. Provider switching:"," Cloud providers must actively enable customers to switch to another provider — both technically and contractually.",[415,472,474],{"id":473},"provider-switching-must-be-technically-possible","Provider Switching Must Be Technically Possible",[307,476,477],{},"The Data Act requires cloud providers to facilitate switching to another provider. That sounds abstract, but the implications are very concrete:",[357,479,480,483,486,489],{},[360,481,482],{},"Export interfaces must exist and be documented",[360,484,485],{},"Data formats must be portable — no exclusive proprietary formats without a migration path",[360,487,488],{},"Contractual lock-in clauses that hinder switching must be limited",[360,490,491],{},"The switching process itself must be technically supported",[307,493,494],{},"For DevOps teams, this means: if you offer or operate cloud services, you need to ensure that customer data is exportable. Not as a workaround, but as a documented, testable process.",[415,496,498],{"id":497},"the-end-of-egress-fees","The End of Egress Fees",[307,500,501,502,505],{},"One point that's particularly relevant in practice: the Data Act provides for data export fees (so-called egress fees) to be phased out gradually. By September 2027, they should be eliminated entirely. ",[327,503,504],{"href":142},"In our article on cloud egress fees",", we took a deeper look at this topic.",[307,507,508,509,514],{},"This is a direct response to a common practice: hyperscalers have historically made data exports expensive — not because it's technically necessary, but because it discourages customers from switching. ",[327,510,513],{"href":511,"rel":512},"https:\u002F\u002Faws.amazon.com\u002Fde\u002Ffree\u002F?trk=e0c8e0e1-c8e1-4be3-af52-da7fd94810cd&sc_channel=ps&ef_id=CjwKCAjwyYPOBhBxEiwAgpT8P8hPYx5soED5QlLONlWXEsOPRuXRzlfJJmdCRzOwoDbmnNuuJaLElxoCqggQAvD_BwE:G:s&s_kwcid=AL!4422!3!798550574377!e!!g!!aws%20services!23606219756!193209716386&gad_campaignid=23606219756&gbraid=0AAAAADjHtp8_pJIm28H21JTth_V_wy6Gm&gclid=CjwKCAjwyYPOBhBxEiwAgpT8P8hPYx5soED5QlLONlWXEsOPRuXRzlfJJmdCRzOwoDbmnNuuJaLElxoCqggQAvD_BwE",[331],"AWS",", for example, charges per GB of outgoing traffic. If you hold large amounts of data in the cloud, you pay when switching — or with every data use outside the provider.",[307,516,517],{},"From 2027 onwards, this is no longer tenable under EU regulation.",[319,519,521],{"id":520},"eu-data-act-and-devops-what-changes-in-practice","EU Data Act and DevOps: What Changes in Practice",[307,523,524],{},"Compliance requirements are often stated abstractly. That's why it makes sense to translate them into concrete technical decisions.",[307,526,527,530],{},[314,528,529],{},"API design:"," If you develop services that hold or process data, check whether your export APIs are documented, stable, and machine-readable. Not as an afterthought, but as part of the service design.",[307,532,533,536],{},[314,534,535],{},"Infrastructure as Code:"," When infrastructure is described through IaC tools like Terraform or Helm, switching is fundamentally easier — provided you don't rely on provider-specific resource types without alternatives. Kubernetes-native workloads have an advantage here.",[307,538,539,542],{},[314,540,541],{},"Data pipelines:"," Where is data stored, in what format, and how can it be extracted? These are questions that will be asked in a Data Act audit — and ones you should have answered during the design phase.",[307,544,545,548],{},[314,546,547],{},"Documentation:"," Compliance doesn't just mean being technically compliant — it means being able to prove it. Which data is stored where, who has access, and how does the export process work? This must be documented and verifiable.",[415,550,552],{"id":551},"interoperability-as-a-technical-requirement","Interoperability as a Technical Requirement",[307,554,555],{},"The Data Act explicitly requires data services to be interoperable. In concrete terms: interfaces should be based on open standards — no proprietary protocols without a documented alternative.",[307,557,558],{},"For the cloud world, this is an interesting signal. If you use Kubernetes, S3-compatible storage APIs, and avoid proprietary managed services, you're in a better regulatory position — not because you had regulation in mind, but because open standards simply make more technical sense.",[307,560,561],{},"Gaia-X-compliant platforms and Kubernetes-based solutions have structural advantages here over solutions that rely heavily on proprietary APIs.",[319,563,565],{"id":564},"hyperscalers-vs-open-platforms-who-has-the-upper-hand","Hyperscalers vs. Open Platforms: Who Has the Upper Hand?",[307,567,568],{},"This is one of the more interesting questions around the Data Act — and the answer isn't straightforward.",[307,570,571,572,575],{},"Hyperscalers like AWS, Azure, and GCP have the resources to implement compliance requirements. They will. But their starting position is complicated: their architecture is historically designed for customer retention. Proprietary services, deep integrations, egress fees — that's not an accident, it's ",[327,573,574],{"href":18},"strategically designed vendor lock-in",".",[307,577,578],{},"The Data Act forces them to dismantle some of these barriers. Whether this actually leads to more portability or whether lock-in mechanisms simply shift elsewhere remains to be seen.",[307,580,581],{},"Open platforms — those built on Kubernetes, open storage standards, and documented APIs — have a different starting point. They aren't designed for lock-in by default. That makes compliance easier because the technical foundation is a better fit.",[307,583,584],{},"For companies choosing or switching providers, this is a real decision factor: with which provider is Data Act-compliant infrastructure easier to implement?",[319,586,588],{"id":587},"what-companies-should-do-now","What Companies Should Do Now",[307,590,591],{},"No company needs to restructure everything immediately. But some things should be addressed now:",[307,593,594,597],{},[314,595,596],{},"Audit your data holdings:"," What data is stored where, in what format, and who has access? This is the foundation for everything else.",[307,599,600,603],{},[314,601,602],{},"Check export capability:"," Can customer data be exported from your systems in a format that can be reused? If not: that's a concrete risk.",[307,605,606,609],{},[314,607,608],{},"Contract review:"," Cloud contracts should be checked for lock-in clauses. Existing contracts may need to be adjusted before deadlines expire.",[307,611,612,615],{},[314,613,614],{},"API documentation:"," If you offer services, make sure export and interoperability APIs are documented and testable.",[307,617,618,621],{},[314,619,620],{},"Clarify internal responsibilities:"," Data Act compliance isn't purely a legal task. It has a strong technical component. DevOps teams should be involved in the assessment.",[307,623,624],{},"The Data Act isn't GDPR 2.0. It's more technical, more focused on cloud and connected systems, and it hits companies at a different point in their infrastructure. Those who understand this early can approach compliance as a design challenge rather than a box-ticking exercise.",[626,627],"hr",{},[307,629,630],{},"lowcloud is a Kubernetes DevOps-as-a-Service platform built on open standards — no proprietary dependencies, with S3-compatible storage and documented APIs. For companies looking to run Data Act-compliant infrastructure, it's a solid starting point.",{"title":632,"searchDepth":633,"depth":633,"links":634},"",2,[635,636,640,644,647,648],{"id":321,"depth":633,"text":322},{"id":348,"depth":633,"text":349,"children":637},[638],{"id":417,"depth":639,"text":418},3,{"id":448,"depth":633,"text":449,"children":641},[642,643],{"id":473,"depth":639,"text":474},{"id":497,"depth":639,"text":498},{"id":520,"depth":633,"text":521,"children":645},[646],{"id":551,"depth":639,"text":552},{"id":564,"depth":633,"text":565},{"id":587,"depth":633,"text":588},"2026-03-31","The EU Data Act has been in effect since 2025. What it means for cloud services, data portability, and DevOps — and what companies should do now.","md",{"src":653},"\u002Fimages\u002Fblog\u002Feu-data-act-business-devops.jpg","2026-04-01",{},true,{"title":161,"description":650},"b2SNITqcYMD_zOXxyULkmJjTATQXpRMZsrRj6_iWTPk",[660,662],{"title":157,"path":158,"stem":159,"description":661,"children":-1},"How small teams move from manual deployments to automated workflows using CI\u002FCD, PaaS, and GitOps — without building a platform team.",{"title":165,"path":166,"stem":167,"description":663,"children":-1},"The EU Data Governance Act affects technical teams too. Learn what the DGA means for your Kubernetes deployments, data flows, and infrastructure choices.",1775388341183]