The EU Just Killed ARR

Annual Recurring Revenue (ARR) has been the backbone of SaaS for two decades.

It gave investors predictable growth curves. It gave founders leverage in fundraising. It let boards sleep at night.

But ARR was never a really well defined metric. And now, it may be practically dead in Europe.

With the EU Data Act (effective September 2025), every SaaS contract with an EU customer becomes a “cancel anytime” subscription. Customers can walk away with two months’ notice. No excuses, no lock-in.

What's good for consumers is now good for companies too.

But if ARR is no longer “annual”, but rather optional - is it actually good for companies?

What the law says

The EU Data Act is broad, covering connected products, IoT devices, and critically for SaaS: data processing services. Buried in the law is a simple obligation:

• Providers must allow customers to terminate contracts at any time.
• Notice periods can’t exceed two months.
• Contractual or technical “barriers to switching” are prohibited.

The usual trick that SaaS companies rely on, offering “discounted” three-year deals in exchange for lock-in, is all but gone. Long-tail penalties for early exit? Off the table.

Investors may still talk about ARR multiples, but in Europe, that revenue is a rolling suggestion, not a contractual guarantee.

Involuntary churn is now a much bigger problem

Most founders are reacting to this by arguing about pricing models. Do we move to usage-based? Do we invent new discount mechanics? Do we pivot to prepaid credits?

But there’s a quieter, nastier risk nobody is preparing for: involuntary churn. That’s when services terminate without the customer consciously deciding to leave.

This would happen when credit cards expire and not updated, but now imagine this:

• The finance team is buried in year-end close.
• The admin who manages your tool is on vacation.
• Your reminder email gets lost in an overloaded inbox.

If your vendor has not designed the entitlements/contract correctly - this could result in a subscription terminated. Access revoked. Business workflows broken. It’s the equivalent of your electricity being cut off because you didn’t click “confirm payment” on a reminder email.

Here’s what this looks like in real life assuming there are no grace periods correctly implemented:

1. Customer forgets to renew (because they’re busy running their business).
2. Your system auto-terminates access (because compliance demands it).
3. Their team shows up Monday morning and can’t log in.
4. They call you screaming.
5. You scramble to restore access.

That’s not just lost revenue. That’s a trust breach. It turns one forgetful renewal into a multi-department escalation. And it’s happening at the exact moment SaaS teams are already battling rising churn rates.

You now need to start considering grace periods and a whole lot more.

Practically, what you need to start considering

To survive, you’ll need to make sure your product has renewals around business reality, not contract lock-in.

That means:

1. Smarter notifications - Sequenced, multi-channel reminders. Not one lonely email. You may need to pick up the phone!
2. Realistic grace periods - Think weeks, not 72 hours. Enterprises don’t move on startup timelines.
3. Tiered service degradation - Restrict new actions, but don’t shut down existing workflows overnight.
4. Emergency restoration protocols - That VP will call your CEO if their team is blocked, and you may not be able to escape it.
5. Audit trails for compliance - You’ll need to prove you gave fair notice before shutting anything off.

It’s table stakes if you want to retain enterprise accounts under the new rules, because ARR is no longer enforced by contract. It’s enforced by customer satisfaction.

Going forward, your growth curve depends less on how clever your contracts are, and more on how resilient your operations are when customers forget, delay, or mismanage renewals.

Compliance as competitive advantage?

Most founders will see this as a compliance nightmare. The smart ones will turn it into differentiation.

• Build continuity safeguards that competitors skip.
• Market “never-lose-access” as a feature.
• Treat renewal operations as a core product discipline.

Retention, under the EU Data Act, is no longer a passive outcome.

Welcome to the new normal: ARR as a reflection of customer reality, not contractual fantasy.

Additional reading:

1. Commission publishes Frequently Asked Questions about the Data Act
2. The EU Data Act Just Killed Long SaaS Contracts