57 Amendments of Stéphanie YON-COURTIN related to 2022/0047(COD)
Amendment 116 #
Proposal for a regulation
Recital 21
Recital 21
(21) Products may be designed to make certain data directly available from an on- device data storage or from a remote server to which the data are communicated. Access to the on-device data storage may be enabled via cable-based or wireless local area networks connected to a publicly available electronic communications service or a mobile network. The server may be the manufacturer’s own local server capacity or that of a third party or a cloud service provider who functions as data holder. Data processors as defined in Regulation (EU) 2016/679 are by default not considered to act as data holders, unless specifically tasked by the data controller. They may be designed to permit the user or a third party to process the data on the product or on a computing instance of the manufacturer.
Amendment 170 #
Proposal for a regulation
Recital 57
Recital 57
(57) In case of public emergencies, such as public health emergencies, emergencies resulting from environmental degradation and major natural disasters including those aggravated by climate change, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data will outweigh the interests of the data holders to dispose freely of the data they hold. In such a case, data holders should be placed under an obligation to make the data available to public sector bodies or to Union institutions, agencies or bodies upon their request. The existence of a public emergency is determined according to the respective procedures in the Member States or of relevant international organisations. In the case of major cybersecurity incidents, this should not result in the duplication of requirements for firms such as those under Regulation XXXX/XXXX on Digital Operational Resilience for the financial sector and the Directive XXXX/XXXX on measures for a high common level of cybersecurity across the union, repealing Directive (EU) 2016/1148.
Amendment 174 #
Proposal for a regulation
Recital 69
Recital 69
(69) The ability for customers of data processing services, including cloud and edge services, to switch from one data processing servicecloud service provider to another, while maintaining a minimum functionality of service, is a key condition for a more competitive market with lower entry barriers for new service providers. Facilitating a multi-cloud approach for customers of cloud services also contributes to increase their digital operational resilience, as recognised for financial service institutions in the Digital Operational Resilience Act (DORA).
Amendment 178 #
Proposal for a regulation
Recital 69 a (new)
Recital 69 a (new)
(69a) Unnecessarily high data egress fees, or data transfer costs have the potential to restrict competition and cause lock-in effects for the customers of data processing services, by reducing incentives to choose a different or additional service provider. Therefore, the gradual withdrawal of the charges associated with switching data processing services shall specifically include withdrawing any “egress fees” charged by the data processing service to a customer.
Amendment 181 #
Proposal for a regulation
Recital 71
Recital 71
(71) Data processCloud computing services should cover services that allow on-demand and broad remote access to a scalable and elastic pool of shareable and distributed computing resources. Those computing resources include resources such as networks, servers or other virtual or physical infrastructure, operating systems, software, including software development tools, storage, applications and services. The deployment models of cloud computing should include private, community, public and hybrid cloud. The aforementioned service and deployment models have the same meaning as the terms of service and deployment models defined under ISO/IEC 17788:2014 standard. The capability of the customer of the data processing service to unilaterally self- provision computing capabilities, such as server time or network storage, without any human interaction by the service provider of cloud computing services could be described as on-demand administration. The term ‘broad remote access’ is used to describe that the computing capabilities are provided over the network and accessed through mechanisms promoting the use of heterogeneous thin or thick client platforms (from web browsers to mobile devices and workstations). The term ‘scalable’ refers to computing resources that are flexibly allocated by the data processprovider of cloud computing service providers, irrespective of the geographical location of the resources, in order to handle fluctuations in demand. The term ‘elastic pool’ is used to describe those computing resources that are provisioned and released according to demand in order to rapidly increase or decrease resources available depending on workload. The term ‘shareable’ is used to describe those computing resources that are provided to multiple users who share a common access to the service, but where the processing is carried out separately for each user, although the service is provided from the same electronic equipment. The term ‘distributed’ is used to describe those computing resources that are located on different networked computers or devices and which communicate and coordinate among themselves by message passing. The term ‘highly distributed’ is used to describe data processing services that involve data processing closer to where data are being generated or collected, for instance in a connected data processing device. Edge computing, which is a form of such highly distributed data processing, is expected to generate new business models and cloud service delivery models, which should be open and interoperable from the outset.
Amendment 184 #
Proposal for a regulation
Recital 72
Recital 72
(72) This Regulation aims to facilitate switching between data processing services, which encompasses all conditions and actions that are necessary for a customer to terminate a contractual agreement of a data processing service, to conclude one or multiple new contracts with different providers of data processing services, to port all its digital assets, including data, to the concerned other providers and to continue to use them in the new environment while benefitting from functional equivalence. It should be noted that the data processing services in scope are those where data processing, as defined under the Regulation, forms part of the core-business of a provider. Digital assets refer to elements in digital format for which the customer has the right of use, including data, applications, virtual machines and other manifestations of virtualisation technologies, such as containers. Functional equivalence means the maintenance of a minimum level of functionality of a service after switching, and should be deemed technically feasible whenever both the originating and the desSwitching is an operation consisting in three main successive steps: i) data extraction, i.e downloading data from a originating provider’s ecosystem; ii) transformation, when the data is structured in a way that matches the schema of the target location iii) load of the data in a new destination location. Obstacles of different natures may occur during the different steps of the switching process. Cloud service providers and clients have different levels of responsibilities, depending on the steps of the process referred to. Obstacles to switching are of different nature, depending on the step of the switching process it is referred to. Functional equivalence means a definition as agreed upon by a customer and provider of data processing services, or the maintenance of a minimum level of pre-defined functionality during the switching process, to such an extent that the service will deliver comparable minimum level functionality, such as the same output at the same performance and with the same level of security, operational resilience and quality of service as agreed at the time of termination of the contract, where both the original and destination service providers independently offer the same core functionation data processing services cover (in part or in whole) the same service type. Meta-data, generated by the customer’s use of a service, should also be portable pursuant to this Regulation’s provisions on switching. lity; Services can only be expected to facilitate functional equivalence for the functionalities that both the originating and destination service offer. The Regulation does not instance an obligation of facilitating functional equivalence for data processing services of the PaaS and/or SaaS delivery model. Meta-data, generated by the customer’s use of a service, should also be portable pursuant to this Regulation’s provisions on switching. Data processing services are used across sectors and vary in complexity and service type; this is an important consideration with regards to the porting process and the timeframes.
Amendment 194 #
Proposal for a regulation
Recital 75 b (new)
Recital 75 b (new)
(75b) Certain cloud computing services, such as cloud computing services, which have been custom built to facilitate a specific customer’s need, or cloud computing services that operate on a trial basis or only supply a testing and evaluation service for business product offerings, should be exempted from the obligations applicable to cloud computing service switching.
Amendment 198 #
Proposal for a regulation
Recital 79
Recital 79
(79) Standardisation and semantic interoperability should play a key role to provide technical solutions to ensure interoperability. In order to facilitate the conformity with the requirements for interoperability, it is necessary to provide for a presumption of conformity for interoperability solutions that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012 of the European Parliament and of the Council. The Commission should adopt common specifications in areas where no harmonised standards exist or where they are insufficient in order to further enhance interoperability for the common European data spaces, application programming interfaces, cloud switching as well as smart contracts. Additionally, common specifications in the different sectors could remain to be adopted, in accordance with Union or national sectoral law, based on the specific needs of those sectors. Reusable data structures and models (in form of core vocabularies), ontologies, metadata application profile, reference data in the form of core vocabulary, taxonomies, code lists, authority tables, thesauri should also be part of the technical specifications for semantic interoperability. Furthermore, following consultation with stakeholders and taking into account relevant international and European standards and self-regulating initiatives the Commission should be enabled to mandate the development of harmonised standards for the interoperability of data processcloud computing services.
Amendment 211 #
Proposal for a regulation
Article 1 – paragraph 4 a (new)
Article 1 – paragraph 4 a (new)
4 a. The obligations on 'data holders' laid down in Chapters II, V and VI in this Regulation shall not apply to public sector bodies.
Amendment 215 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1
Article 2 – paragraph 1 – point 1
(1) ‘data’ means any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording, however only raw 'data' that has not undergone any processing beyond mere collection or is generated as a by-product of the user's actions, including diagnostics and other technical data;
Amendment 251 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
Article 2 – paragraph 1 – point 10
(10) ‘public emergency’ means an exceptional situation negatively affecting the population of the Union, a Member State or part of it, with a risk of seriousany life- threatening, serious hazard and lasting repercussions on living conditions or economic stability, or the substantial degradation of economic assets in the Union or the relevant Member State(s) as a consequence of: a) a major or regional natural disaster having the Union or the relevant Memberaken place on the territory of the same eligible State or of a neighbouring eligible State; or b) a major public health emergency having taken place on the territory of the same eligible State(s);
Amendment 254 #
Proposal for a regulation
Article 2 – paragraph 1 – point 12
Article 2 – paragraph 1 – point 12
(12) ‘data process'cloud computing service’ means a digital service other than an online content service as defined in Article 2(5) of Regulation (EU) 2017/1128, provided to a customer, which enables on-demand administration and broad remoservice enabling ubiquitous, scalable, elastic and on-demand network access to a shared pool of configurable computing resources of a centralised, distributed or highly distributed nature provided to a customer that can be rapidly provisioned and released with minimal management effort or service provider inte raccess to a scalable and elastic pool of shareable computing resources of a centralised, distributed or highly distributed nature;tion; (This amendment applies throughout the text [cloud computing service] shall replace [data processing service]. Adopting it will necessitate corresponding changes throughout.)
Amendment 261 #
Proposal for a regulation
Article 2 – paragraph 1 – point 13 a (new)
Article 2 – paragraph 1 – point 13 a (new)
(13a) ‘cloud computing service data portability’ means the ability of the cloud service to move and suitably adapt its data between the customer’s cloud services, including in different deployment models;
Amendment 263 #
Proposal for a regulation
Article 2 – paragraph 1 – point 13 b (new)
Article 2 – paragraph 1 – point 13 b (new)
(13b) 'cloud computing service switching’ means the process where a cloud service customer suitably changes from using one cloud computing service to using a second equivalent or other service offered by a different provider of cloud computing services, involving the provider of source cloud computing services, the customer and the provider of destination cloud computing services.
Amendment 266 #
Proposal for a regulation
Article 2 – paragraph 1 – point 14
Article 2 – paragraph 1 – point 14
(14) ‘functional equivalence’ means a definition as agreed upon by a customer and provider of data processing services, or the maintenance of a minimum level of pre-defined functionality in the environment of a new data processing service after the switching process, to such an extent that, in response to an input action by the user on core elements of the service, the desduring the switching process, to such an extent that the service will deliver comparable minimum level functionation service will deliverlity, such as the same output at the same performance and with the same level of security, operational resilience and quality of service as the originating service at the time of termination of the contractagreed at the time of termination of the contract, where both the original and destination service providers independently offer the same core functionality;
Amendment 272 #
Proposal for a regulation
Article 2 – paragraph 1 – point 20 a (new)
Article 2 – paragraph 1 – point 20 a (new)
(20a) ‘Switching’ shall be understood as the process enabling, for any client of a cloud service provider, to extract, transform and load their data to another provider(s). By extension, switching also applies to configurations where data transfers occur when clients of cloud service providers are using several providers simultaneously.
Amendment 296 #
Proposal for a regulation
Article 3 – paragraph 2 – point a a (new)
Article 3 – paragraph 2 – point a a (new)
(aa) How long time the data holder shall store such data and thus make it available for the data user.
Amendment 364 #
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
3. A data holder shall not discriminate between comparable categories of data recipients, including partner enterprises or linked enterprises, as defined in Article 3 of the Annex to Recommendation 2003/361/EC, of the data holder, when making data available. Where a data recipient considershas a reasonable doubt that the conditions under which data has been made available to it to be discriminatory, it shall be for the data holder and the data recipient to demonstrate thatwhether there has been no discrimination.
Amendment 396 #
Proposal for a regulation
Article 13 – paragraph 1 a (new)
Article 13 – paragraph 1 a (new)
1a. A contractual term, concerning the access to and use of data or the liability and remedies for the breach or the termination of data related obligations which has been unilaterally imposed by an enterprise designated as a gatekeeper,pursuant to Article 3 of (EU)2022/1925 on an entreprise shall not be binding on the latter enterprise if it is established as unfair under Article 13, paragraph 3 of this Regulation.
Amendment 467 #
Proposal for a regulation
Article 23 – paragraph 1 – introductory part
Article 23 – paragraph 1 – introductory part
1. Providers of a data processing service shall take the measures provided for in Articles 24, 25 and 26 to ensure that customers of their service can switch to another data processing service, covering the same service type, which is provided by a different service provider, or use multiple providers at the same time. In particular, providers of data processing service shall remove pre-commercial, commercial, technical, contractual and organisational obstacles, which inhibit customers from:
Amendment 473 #
Proposal for a regulation
Article 23 – paragraph 1 – point a
Article 23 – paragraph 1 – point a
(a) terminating, after a maximum notice period of 30 calendar days or after a notice period agreed in the contractual agreement between the customer and the provider of cloud computing services, the contractual agreement of the service;
Amendment 479 #
Proposal for a regulation
Article 23 – paragraph 1 – point b
Article 23 – paragraph 1 – point b
(b) concluding new contractual agreements with a different provider of data processcloud computing services covering the sameequivalent service type;
Amendment 480 #
Proposal for a regulation
Article 23 – paragraph 1 – point c
Article 23 – paragraph 1 – point c
(c) porting ithe customer's data, applications and other digital assets to another provider of data processing services; and receiving its data, applications, depending on the service type, and other digital assets from the cloud computing provider;
Amendment 483 #
Proposal for a regulation
Article 23 – paragraph 1 – point c
Article 23 – paragraph 1 – point c
(c) porting its data, applications and other digital assets to another provider of data processing servicescloud computing services, including after having benefited from a free-tier offering;
Amendment 486 #
Proposal for a regulation
Article 23 – paragraph 1 – point d
Article 23 – paragraph 1 – point d
(d) maintaining functional equivalence of the service in the IT-environment of the different provider or providers of data processing servicecloud computing providers covering the same service type, in accordance with Article 26. , without requiring those cloud computing providers to develop or copy new categories of services within or on the basis of the IT-infrastructure of different cloud computing providers to guarantee functional equivalence in an environment other than their own systems.
Amendment 488 #
Proposal for a regulation
Article 23 – paragraph 2
Article 23 – paragraph 2
Amendment 490 #
Proposal for a regulation
Article 23 – paragraph 2
Article 23 – paragraph 2
2. Paragraph 1 shall only apply to obstacles that are related to the services, contractual agreements or commercial practices provided by the original providerprovider of source cloud computing services.
Amendment 491 #
Proposal for a regulation
Article 23 – paragraph 2
Article 23 – paragraph 2
2. Paragraph 1 shall only apply to obstacles that are related to the services, contractual agreements, pre-commercial or commercial practices provided by the original provider.
Amendment 496 #
Proposal for a regulation
Article 24 – paragraph 1 – introductory part
Article 24 – paragraph 1 – introductory part
1. The rights of the customer and the obligations of the provider of a data processcloud computing service in relation to switching between providers of such services shall be clearly set out in a written contract. Without prejudice to Directive (EU) 2019/770, that contrace provider of cloud computing services shall ensure that contractual agreement shall include at least the following:
Amendment 501 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – introductory part
Article 24 – paragraph 1 – point a – introductory part
(a) clauses allowing the customer, upon request, to switch to a data processing service offered by another provider of data processing service or to port all data, applications and digital assets generated directly or indirectly by the customer to an on-premise system, in particular the establishment of a mandatory maximum transition period of 30 calendar days, to be initiated after the maximum notice period referred to in Article 23, during which the data processing service provider shall:
Amendment 512 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 1
Article 24 – paragraph 1 – point a – point 1
(1) assist and, where technically feasible, complethrough and facilitate the switching process;
Amendment 514 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2
Article 24 – paragraph 1 – point a – point 2
(2) ensure fullact with due care to maintain business continuity and security of the service and, taking into account the advancement in the switching process, ensure, to the greatest extent possible, continuity in the provision of the respectivelevant functions or services within the provider of source cloud computing services’ infrastructure capacity and according to the contractual obligations.
Amendment 518 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2 a (new)
Article 24 – paragraph 1 – point a – point 2 a (new)
(2 a) provide clear information concerning known risks to continuity in the provision of the respective functions or services from the side of provider of source cloud computing services during the switching process.
Amendment 522 #
Proposal for a regulation
Article 24 – paragraph 1 – point a – point 2 b (new)
Article 24 – paragraph 1 – point a – point 2 b (new)
(2 b) obligation to complete the switching process within the period which may not exceed 6 months. The customer shall retain the right to extend this period, if needed, prior to or during the switching process;
Amendment 527 #
Proposal for a regulation
Article 24 – paragraph 1 – point b
Article 24 – paragraph 1 – point b
(b) an exhaustive specification of all data and application categories exportable during the switching process, including, at minimum, all data imported by the customer at the inception of the service agreement and all data and metadata related to the customer's services and created by the customer and by the use of the service during the period the service was provided, including, but not limited to, configuration parameters, security settings, access rights and access logs to the service; being understood that cloud service providers shall not be required to disclose trade secrets or other proprietary information.
Amendment 536 #
Proposal for a regulation
Article 24 – paragraph 1 – point c
Article 24 – paragraph 1 – point c
(c) a minimum period for data retrieval of at least 30 calendar days, starting after the termination of the transition period that was agreed between the customer and the service provider of cloud computing services, in accordance with paragraph 1, point (a) and paragraph 2.
Amendment 547 #
Proposal for a regulation
Article 24 – paragraph 2 a (new)
Article 24 – paragraph 2 a (new)
2 a. Following a successful switch to another provider or back on-premises by the customer, the provider of the cloud computing service should be required to permanently delete the user data, unless otherwise expressly agreed.
Amendment 548 #
Proposal for a regulation
Article 24 a (new)
Article 24 a (new)
Amendment 558 #
Proposal for a regulation
Article 25 – paragraph 1 a (new)
Article 25 – paragraph 1 a (new)
1 a. From [date X, the date of entry into force of this Regulation] onwards, providers of cloud computing services shall not impose any egress fees, or data transfer costs for the switching process or when a customer is using several providers simultaneously.
Amendment 570 #
Proposal for a regulation
Article 25 – paragraph 3
Article 25 – paragraph 3
3. The charges referred to in paragraph 2 shall not exceed the costs incurred by the provider of data processcloud computing services that are directly linked to the switching process and shall be associated with mandatory operations that the provider of cloud computing processing services must perform as part of the switching process concerned.
Amendment 573 #
Proposal for a regulation
Article 25 – paragraph 4
Article 25 – paragraph 4
4. The Commission is empowered to adopt delegated acts in accordance with Article 38 to supplement this Regulation in order to introduce a monitoring mechanism for the Commission to monitor switching charges imposed by data processproviders of cloud computing service providers on the market to ensure that the withdrawal of switching charges as described in paragraph 1 of this Article will be attained in accordance with the deadline provided in the same paragraph.
Amendment 575 #
Proposal for a regulation
Article 26 – title
Article 26 – title
Technical aspects of switching and interoperability
Amendment 579 #
Proposal for a regulation
Article 26 – paragraph 1
Article 26 – paragraph 1
1. Providers of data processcloud computing services that concern scalable and elastic computing resources limited to infrastructural elements such as servers, networks and the virtual resources necessary for operating the infrastructure, but that do not provide access to the operating services, software and applications that are stored, otherwise processed, or deployed on those infrastructural elements, shall ensureto the extend possible support that the customer, after switching to a service covering the same service type offered by a different provider of data processcloud computing services, enjoysis well equipped to achieve functional equivalence in the use of the new service.
Amendment 583 #
Proposal for a regulation
Article 26 – paragraph 2
Article 26 – paragraph 2
2. For data processing services other than those covered by paragraph 1, providers of data processProviders of cloud computing services, including providers of destination cloud computing services shall make open interfaces publicly available and free of charge for the purpose of portability and interoperability.
Amendment 587 #
Proposal for a regulation
Article 26 – paragraph 3
Article 26 – paragraph 3
3. For data processing services other than those covered by paragraph 1, providers of data processing services shallAll providers of cloud computing services shall, where technically feasible, ensure compatibility with open interoperability specifications or European standards for interoperability that are identified in accordance with Article 29(5) of this Regulation.
Amendment 589 #
Proposal for a regulation
Article 26 – paragraph 4
Article 26 – paragraph 4
4. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the equivalent service type concerned, the provider of data processcloud computing services shall, at the request of the customer, export where technically feasible, all data generated or co-generated, including the relevant data formats and data structures, and metadata in a structured, commonly used and machine- readable format as indicated to the customer in accordance with Article 24 (1 ab), unless other format is accepted by the customer.
Amendment 594 #
Proposal for a regulation
Article 26 – paragraph 4 a (new)
Article 26 – paragraph 4 a (new)
4 a. Where the open interoperability specifications or European standards referred to in paragraph 3 do not exist for the service type concerned, the provider of data processing services shall make APIs available for the purpose of interoperability. These APIs shall ensure, where technically feasible, that third-party services can enjoy the same functional equivalence as first-party services.
Amendment 597 #
Proposal for a regulation
Article 26 – paragraph 4 b (new)
Article 26 – paragraph 4 b (new)
4 b. The requirements set out in this chapter shall not require a provider of cloud computing services to: a) develop new technologies or services; b) disclose or transfer proprietary or confidential data or technology that is protected as a trade secret or by other property rights, to the customer or to another provider of cloud computing services;or c) engage in, facilitate or enable anti- competitive behaviour.
Amendment 598 #
Proposal for a regulation
Article 26 a (new)
Article 26 a (new)
Article 26 a Withdrawal of interoperability charges 1. From [date X] onwards, providers of data processing services shall not impose charges for the interoperability process in excess of the costs incurred by the provider of data processing services that are directly linked to the interoperability process concerned. 2. The Commission is empowered to adopt delegated acts in accordance with Article 38 to supplement this Regulation in order to introduce a monitoring mechanism for the Commission to monitor interoperability charges imposed by data processing service providers on the market to ensure that the limitation of interoperability charges as described in paragraph 1 of this Article will be attained in accordance with the deadline provided in the same paragraph.
Amendment 613 #
Proposal for a regulation
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Article 28 – paragraph 1 – subparagraph 1 – introductory part
Amendment 625 #
Proposal for a regulation
Article 28 – paragraph 3
Article 28 – paragraph 3
Amendment 629 #
Proposal for a regulation
Article 29 – title
Article 29 – title
Interoperability and portability for data processing services
Amendment 630 #
Proposal for a regulation
Article 29 – paragraph 1 – introductory part
Article 29 – paragraph 1 – introductory part
1. Open interoperability and portability specifications and European standards for the interoperability of data processing services shall:
Amendment 634 #
Proposal for a regulation
Article 29 – paragraph 1 – point a
Article 29 – paragraph 1 – point a
(a) be performance oriented towards achieving interoperability and portability between different data processing services that cover the same service type;
Amendment 636 #
Proposal for a regulation
Article 29 – paragraph 1 – point b
Article 29 – paragraph 1 – point b
(b) enhance interoperability and portability of digital assets between different data processing services that cover the same service type;
Amendment 643 #
Proposal for a regulation
Article 29 – paragraph 2 – introductory part
Article 29 – paragraph 2 – introductory part
2. Open interoperability specifications and European standards for the interoperability and portability of data processing services shall address:
Amendment 647 #
Proposal for a regulation
Article 29 – paragraph 5
Article 29 – paragraph 5
5. For the purposes of Article 26(3) of this Regulation, the Commission shall be empowered to adopt delegated acts, in accordance with Article 38, to publish the reference of open interoperability specifications and European standards for the interoperability and portability of data processing services in central Union standards repository for the interoperability and portability of data processing services, where these satisfy the criteria specified in paragraph 1 and 2 of this Article.