Vanta Logo
Vanta Logo
Platform
Products
Platform
Compliance
Get compliant quickly and painlessly with automation.
Continuous GRC
Join the modern way to GRC.
Personnel and Access
Easily control user access and permissions.
Risk Management
Proactively manage risk to drive smarter decisions.
Third Party Risk Management
Manage vendor onboarding and security reviews in one place.
Questionnaire Automation
Automate security questionnaire responses.
Trust Center
Showcase your compliance status and documentation.
Streamlined audits
Automate audit prep and evidence collection.
Customer Commitments
Centralize, track and act on every customer commitment.
Vanta AI
Automate compliance and uncover insights with AI.
Agentic Trust Platform
Build and prove trust from a single, unified platform.
Integrations
Automatically pull data from 400+ tools.
Vanta API
Build custom integrations and workflows.
NEW RELEASE
See what's new from
Vanta Delivers
Learn more
PRODUCTS
Compliance
Get compliant quickly and painlessly with automation.
Personnel and Access
Easily control user access and permissions.
Risk Management
Proactively manage risk to drive smarter decisions.
Third Party Risk Management
Manage vendor onboarding and security reviews in one place.
Questionnaire Automation
Automate security questionnaire responses.
Trust Center
Showcase your compliance status and documentation.
Streamlined audits
Automate audit prep and evidence collection.
Customer Commitments
Centralize, track and act on every customer commitment.
Vanta AI
Automate compliance and uncover insights with AI.
PLATFORM
See an interactive demo
Agentic Trust Platform
Build and prove trust from a single, unified platform.
Integrations
Automatically pull data from [integrations_count] tools.
Vanta API
Build custom integrations and workflows.
Solutions
Size
Industry
Frameworks
Find a partner
Startups
Automate compliance so you can keep building.
Mid-market
Expand your security and compliance program as you scale.
Enterprise
Gain a unified view of your compliance, security, and trust workflows.
Vanta is the one-stop shop that helps us scale as a business. The future of Vanta is an exciting one for us.
Paul Yoo
Head of Platform Security
Ramp logo
Healthcare
Protect sensitive info more easily by automating HIPAA and HITRUST.
Government
Proactively monitor emerging threats and automate security workflows.
Fintech
Stay ahead of evolving regulations and keep financial data secure with ease.
Vanta has saved us hundreds of hours and well over six figures in potential lost deals or added headcount.
Everett Berry
GTM Engineering
Clay logo
SOC 2
ISO 27001
GDPR
HIPAA
HITRUST
USDP
NIST AI Risk Management Framework
ISO 42001
Custom frameworks
All frameworks
Service provider directory
Discover world-class service providers.
Auditor directory
Connect with top compliance auditors.
AWS
Automate compliance across your AWS environment.
Size
Startups
Automate compliance so you can keep building.
Mid-market
Expand your security and compliance program as you scale.
Enterprise
Gain a unified view of your compliance, security, and trust workflows.
“
Vanta just worked out of the box. It pulled in the right data and gave us a solid foundation for a secure, audit-ready program.”
Cursor logo
Industry
Healthcare
Protect sensitive info more easily by automating HIPAA and HITRUST.
Government
Proactively monitor emerging threats and automate security workflows.
Fintech
Stay ahead of evolving regulations and keep financial data secure with ease.
How Ramp keeps its global financial operations platform compliant with Vanta
Ramp logo
Frameworks
SOC 2
ISO 27001
GDPR
HIPAA
HITRUST
USDP
NIST AI Risk Management Framework
ISO 42001
Custom frameworks
All frameworks
Find a partner
Service provider directory
Discover world-class service providers.
Auditor directory
Connect with top compliance auditors.
AWS
Automate compliance across your AWS environment.
Partners
Partner program overview
Set yourself apart with Vanta.
Service providers
Build, scale, and grow your business.
Auditors
Elevate your clients' experiences.
Partner program overview
Set yourself apart with Vanta.
Service providers
Build, scale, and grow your business.
Auditors
Elevate your clients' experiences.
We don’t partner with anyone else. We’ve gone all in on Vanta.
Steve Spence
CEO
Cognisys Logo
Resources
Customers
Company
Compliance resources
All resources
Customer stories
Hear from leaders who trust Vanta
Help center
Find the help you need to get started with Vanta.
Vanta Academy
Deepen your security knowledge and learn new skills.
Vanta Community
Connect with fellow Vanta users and security experts.
Instructor-led training
Live, interactive training to help you master the product and progress quickly.
Product updates
Learn what's new on the Vanta Platform.
About
Learn more about Vanta.
Security
Understand Vanta's security and compliance strategy.
Press
See the latest in Vanta news and press releases.
Careers
Join our team!
SOC 2
Learn everything you need to know about SOC 2.
Trust
Get the guide to all things trust.
HIPAA
Get the guide for HIPAA compliance.
TPRM
Implement and optimize your TPRM program.
GRC
Implement a GRC program with ease.
ISO 27001
Get the guide to ISO 27001 certification.
ISO 42001
Get your resource for ISO 42001 certification.
GDPR
Get the guide to GDPR compliance.
CMMC
Hear from leaders who trust Vanta
Cyber essentials
Get the guide to Cyber Essentials certification.
HITRUST
Get the guide to HITRUST certification.
FedRAMP
Get the guide to FedRAMP compliance.
All resources
Find all your security and compliance content here.
Blog
Explore security trends and thought leadership.
Guides and reports
Find ebooks, checklists, whitepapers, and more.
Events
Watch on-demand webinars on trending security topics.
Videos
Watch videos on security trends and expert insights
We surveyed 3,500 business and IT leaders across the globe, read the report ->
Customers
Customer stories
Hear from leaders who trust Vanta
Help center
Find the help you need to get started with Vanta.
Vanta Academy
Deepen your security knowledge and learn new skills.
Community
Connect with fellow Vanta users and security experts.
Instructor-led training
Live, interactive training to help you master the product and progress quickly.
Product updates
Learn what's new on the Vanta Platform.
Company
About
Learn more about Vanta.
Security
Understand Vanta's security and compliance strategy.
Press
See the latest in Vanta news and press releases.
Careers
Join our team!
Compliance resources
SOC 2
Learn everything you need to know about SOC 2.
Trust
Get the guide to all things trust.
HIPAA
Get the guide for HIPAA compliance.
TPRM
Implement and optimize your TPRM program.
CMMC
Learn everything to need to know about CMMC.
GRC
Implement a GRC program with ease.
ISO 27001
Get the guide to ISO 27001 certification.
ISO 42001
Get your resource for ISO 42001 certification.
GDPR
Get the guide to GDPR compliance.
Cyber essentials
Get the guide to Cyber Essentials certification.
HITRUST
Get the guide to HITRUST certification.
FedRAMP
Get the guide to FedRAMP compliance.
All resources
All resources
Find all your security and compliance content here.
Blog
Explore security trends and thought leadership.
Guides and reports
Find ebooks, checklists, whitepapers, and more.
Events
Watch webinars and videos on trending security topics.
Plans
Log inLog in
Get a demo
Get a demo

EU Data Act Addendum

This EU Data Act Addendum (“EDA Addendum”) supplements and is incorporated by reference into the agreement by and between Vanta and Customer governing Customer’s use of the Services, which may comprise (a) Vanta’s Master Subscription Agreement available at https://www.vanta.com/legal/terms or otherwise executed by the Parties (“MSA”), (b) Vanta’s Data Processing Addendum, either incorporated into the MSA or otherwise executed by the Parties and/or (c) a separate written agreement signed by Vanta and Customer (collectively, and as applicable, “Agreement”). Unless otherwise stated herein, capitalized terms shall have the meaning given in the Agreement.

‍

1. Scope. This EDA Addendum applies solely (a) to the extent the Services fall within the scope of the EU Data Act, (b) to Customers who are registered in a member state of the European Union(EU)/European Economic Area (EEA) (“Eligible Customers”) and (c) to Agreements and/or Order Forms entered into on or after September 12, 2025.

‍

2. Definitions

(a) “EU Data Act” means Regulation (EU) 2023/2854 of the European Parliament and of the Council of13 December 2023 concerning harmonized rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828.

(b) “Exportable Data” means Customer Information obtained and collected by Vanta in connection with Customer’s use of the Services, which Vanta can lawfully retrieve without disproportionate effort beyond a simple operation. Exportable Data excludes (i) any intellectual property or trade secrets of Vanta or any third parties and (ii) data whose export would compromise product security or data inferred or derived from proprietary algorithms.

(c) “on-premises ICT infrastructure” means ICT infrastructure and computing resources owned, rented or leased by the Customer, located in the data center of the Customer itself and operated by the Customer or by a third party.

(d) “Switching” or “Switch” means the process involving a source provider of data processing services, a customer of a data processing service and, where relevant, a destination provider of data processing services, whereby the customer of a data processing service changes from using one data processing service to using another data processing service of the same service type, or other service, offered by a different provider of data processing services, or to an on-premises ICT infrastructure, including through extracting, transforming and uploading the data.

(e) “Switching Process” means the Switching process commencing on Vanta’s receipt of a Switching Request pursuant to Section 3(i) and concluding upon the Switch Completion Date pursuant toSection 3(vi).

‍

3. Switching & Deletion Request Processes. An Eligible Customer may, with at least two months’ prior written notice to support@vanta.com (“Notice Period”), make a request to initiate either (a) a switch of a Service(s) and migrate its Exportable Data to a different third-party service provider or to anon-premises ICT infrastructure (“Switching Request”) or (b) deletion of its Customer Data from aService(s) (“Deletion Request”).

(a) Switching Requests.

(i) Vanta will support the Customer’s Switching Request in accordance with the EU Data Act by providing Customer with relevant instructions (which may be in the form of Vanta’s documentation at help.vanta.com) for Customer to retrieve or export Exportable Data within30 calendar days after the end of the Notice Period (“Transition Period”).

(ii) Vanta will inform Customer within fourteen (14) business days of receiving a Switching Request if the Transition Period is technically unfeasible, providing a reasonable explanation for such technical limitations and an alternative Transition Period for the Customer to export Exportable Data, which shall not exceed seven (7) months from the end of the Notice Period. Customer shall confirm receipt of this notification within five (5) working days.

(iii) Separately, Customer shall have the right to make one request for an alternative Transition Period that is reasonably appropriate under the circumstances, at the time of the Switching Request, which shall not exceed seven (7) months from the date of the end of the NoticePeriod.

(iv) Throughout the Switching process and in accordance with the Agreement, Vanta will (1) provide reasonable assistance, (2) act with due care to maintain business continuity and, subject to Customer’s compliance with the terms of this EDA Addendum and the Agreement, continue performance of the Services in accordance with the Agreement, (3) ensure that a high level of security is maintained throughout the Switching Process, in particular the security of the Exportable Data during its transfer and the continued security of the Exportable Data during the Transition Period.

(v) Vanta may inform Customer about any known risks to the continuity in the provision of theServices and/or technical limitations as a result of the Switching once the Switching Request is submitted or as otherwise indicated by Vanta.

(vi) Customer shall promptly notify Vanta via support@vanta.com upon completion of its Switch(“Switch Completion Notice”), confirming that Customer has completed the Switch and ceased using the Service(s). The Switching Process concludes on the earlier of (1) the date Vanta receives a Switch Completion Notice or (2) the end of the Transition Period (each such date, the “Switch Completion Date”).

(b) Deletion Requests. Vanta will support Customer’s Deletion Request to the extent permitted by applicable law, by deleting the Exportable Data in accordance with the procedures and time frames specified in Vanta’s Information Security Addendum, as updated from time to time , and accessible at https://www.vanta.com/legal/information-security-addendum.

‍

4. Customer Responsibilities.

(a) Customer is solely responsible for performing the identification, extraction, export, import and implementation of its Exportable Data to an on-premises ICT infrastructure or a third-party provider’s environment, as applicable. If Customer authorizes a third party to manage or perform any part of the Switch on Customer’s behalf, Customer must, subject to the terms of the Agreement, (i) grant such third party the necessary permissions and access rights through Customer’s Vanta account, and (ii) if requested by Vanta, provide any information that Vanta may reasonably request evidencing the appointment of such third party and their acceptance to be bound by Customer’s obligations in this EDA Addendum (and, where relevant, the Agreement) to the same extent as if those obligations were their own. Not withstanding the involvement of any third party in the Switch, Customer will remain liable for all obligations and responsibilities under this EDA Addendum and the Agreement.

(b) Customer or third parties authorized by Customer, including any new service provider, undertakes to respect the Intellectual Property Rights and confidentiality of any materials provided in theSwitching process by Vanta. Any disclosure of Vanta’s Confidential Information to a third party(including any new service provider) is subject to Vanta’s prior written approval.

‍

5. Termination. The relevant Order Form(s) will automatically terminate upon either (a) the Switch Completion Date, as described in Section 3(vi) above, with respect to Switching Requests or (b) two months after Vanta has received the Deletion Request, with respect to Deletion Requests (such date, as applicable, the “Termination Date”). For the avoidance of doubt, (a) termination will not relieve Customer of its obligation to pay any Fees due to Vanta for the period prior to the Termination Date and (b) Customer shall not be entitled to a refund of or a discount for any prepaid, unused Fees for any terminated Service. Additionally, Customer must pay any outstanding Fees attributable to the remaining portion of the Service Period after the Termination Date as an early termination fee. Such early termination fee shall be payable to Vanta within thirty (30) days of Customer’s receipt of an invoice for the same. Vanta will not charge any other fees or penalties to Customer in connection with its Switching Requests or Deletion Requests.

‍

6. Exclusions. In accordance with the EU Data Act, Switching Requests and Deletion Requests will not be accepted for Beta Services or Trial Services as defined in the Agreement and/or specified in anOrder Form.

‍

7. Miscellaneous. Any claims brought in connection with this EDA Addendum will be subject to the terms and conditions of the Agreement, including, but not limited to, the exclusions and limitations set forth therein. In the event of any conflict or inconsistency between (a) the MSA, DPA or Order Form and(b) this EDA Addendum, the terms of this EDA Addendum will take precedence.

‍

‍

Get compliant and build trust—fast

Request a demo
G2 badge - Summer 2026 LeaderG2 badge - Summer 2026 Leader EnterpriseG2 Badge Milestone 'Users Love Us'
Product
Automated ComplianceContinuous GRCThird Party Risk ManagementStreamlined Audits
Questionnaire AutomationRisk ManagementTrust CenterPersonnel and AccessCustomer Commitments
Frameworks
SOC 2ISO 27001GDPRHIPAAHITRUSTUSDPNIST AI RMFISO 42001CMMC
CJISNIS2DORACPS 234EU AI ActEssential EightCyber EssentialsFedRAMPCRICustom frameworksAdditional frameworks
Platform
Vanta integrationsVanta AI ✨Vanta API
Solutions
StartupMid-marketEnterprise
Customers
Customer storiesRelease notes
Become a partner
Partner program overviewService providersAuditors
Find a partner
Service provider directoryAuditor directoryIntegrationsAWS
Resources
All resourcesSOC 2 collectionISO 27001 collectionISO 42001 collectionGRC collectionTPRM collectionTrust collectionHITRUST collectionCyber Essentials collectionCMMC collectionHIPAA collectionGDPR collectionFedRAMP collection
Help centerVanta AcademyVanta CommunityVanta for developers
Articles
SOC 2 complianceSOC 2 checklistISO 27001 certification
ISO 27001 documentationHIPAA checklistGDPR checklist
Company
About
Careers
HIRING
PressSecuritySystem statusSupport statusTrust center
Linkedin iconFacebook iconTwitter (X) iconYoutube icon
TermsPrivacy
Do Not Sell or Share My Personal Information
Modern Slavery Act Statement
© 2026 Vanta. All rights reserved
SOC 2 Type 2 Compliance Badge for VantaISO 27001 Compliance Badge for VantaISO 42001 badgeGDPR Compliance Badge for Vanta