For years, vendor lock-in has been accepted as an awkward reality of enterprise software. Switching systems can be difficult, disruptive and expensive – so organisations often tolerate it longer than they should.
As Kate McDonald, Head of Product at Asset Bank, explains, in her recent article in DAM NEWS, The EU Data Act, Vendor Lock-In And The Walled Garden Problem In DAM, that mindset is changing.
New regulation in Europe, including the EU Data Act and its 2025 addendum, is designed to remove barriers that prevent organisations from moving data between providers. The aim is simple: organisations should be able to access and transfer their data without facing unnecessary technical or financial obstacles.
For digital asset management (DAM), this is a significant development.
DAM platforms have become critical infrastructure for marketing teams. They store assets, manage permissions and control how content is used across channels. But many systems were not originally designed with portability in mind.
As regulators focus on data mobility, the traditional “walled garden” DAM model is being questioned.
Why the EU Data Act matters for digital asset management
The EU Data Act is designed to improve data accessibility and portability between services, particularly cloud platforms and data processing providers.
A key requirement is that vendors must allow customers to export their data in structured, commonly used and machine-readable formats, without additional charges.
For DAM systems, this means more than exporting files.
Digital assets are rarely used in isolation. Each asset carries important context that determines how it can be used, including:
- Metadata and descriptive tags
- Usage rights and licence restrictions
- Consent and release documentation
- Approval and version history
- Channel or geographic limitations
If this information cannot move alongside the asset itself, organisations risk losing the context that ensures compliant asset use.
For marketing teams responsible for protecting licences and permissions, that creates real risk.
- The EU Data Act aims to remove barriers that prevent organisations switching between data and cloud providers.
- Vendors must support structured, machine-readable data export without extra charges.
- In digital asset management, portability must include metadata, usage rights and consent data.
- Without portable rights information, organisations risk losing the context needed for compliant asset use.
DAM platforms have expanded far beyond as set storage
Digital asset management has evolved rapidly over the past decade.
What began as a structured library for storing images and files has grown into a platform that manages large parts of the marketing workflow.
Asset Bank, for example, is the number one digital asset management software for compliance, with a rich, configurable feature set that supports:
- Usage rights, watermarking, photographer credits, regional restrictions
- Permissions and access control, for both internal and external parties
- Governance and compliance monitoring
For marketing teams under pressure to simplify complex technology stacks, this consolidation has clear advantages. It centralises assets and gives teams a single place to manage content.
However, this expansion also means DAM systems now control how assets move through the organisation.
When a platform governs approvals, usage permissions and distribution rules, it becomes deeply embedded in daily operations. That makes portability more complicated.
How the DAM “walled garden” problem develops
The “walled garden” problem typically appears when organisations try to change something in their technology stack.
This might involve migrating to a new CMS, introducing a campaign management platform, onboarding external agencies, replacing or upgrading the DAM itself.
At this point, organisations may encounter challenges such as metadata being lost during bulk export, rights and consent information being tied to the DAM platform, integrations that only send data one way, and asset restrictions that cannot be interpreted outside the system.
Individually, these issues may appear manageable. But, together, they can create a system that is difficult to change without disrupting operations or increasing compliance risk.
For organisations responsible for protecting licences and permissions, losing asset context can mean losing control.
The critical difference between asset data and operational control
Not all information within a DAM system needs to move when switching platforms.
In practice, DAM data falls into two categories.
Asset data
This includes the information that travels with the asset itself:
- Files and formats
- Metadata and descriptive tags
- Usage rights and licence details
- Consent records and releases
Operational control
This includes the internal rules that govern how the platform operates:
- Permissions and user roles
- Workflows and approvals
- Platform-specific governance logic
The difference is important.
Operational structures often need to be rebuilt when organisations change systems. That is a normal part of migration.
However, asset data – particularly rights and consent information – must remain portable. Without it, organisations risk using assets in ways that breach licence agreements or consent conditions.
>> Read: The legal risks of mismanaging your digital assets <<
That is why modern DAM strategies place increasing emphasis on managing rights and permissions as structured, exportable data.
- DAM systems contain both asset data and operational control structures.
- Asset data includes files, metadata, rights and consent information.
- Operational control includes permissions, workflows and platform rules.
- Rights and consent data must remain portable to ensure compliant asset usage.
What the EU Data Act requires – and what it does not
There is sometimes confusion about how far the EU Data Act goes.
The regulation does not require vendors to make every system feature portable. Workflows, integrations and governance rules may still need to be rebuilt when switching platforms.
Instead, the regulation focuses on removing barriers that prevent organisations from accessing and moving their data.
In practical terms, DAM vendors should support:
- Structured export of assets and metadata
- Access to associated rights and consent information
- Clear processes for retrieving data without excessive costs
This ensures organisations remain in control of their data, even if operational structures must be reconfigured.
How DAM buyers are evaluating portability today
As regulations evolve and organisations gain more experience with DAM migrations, buyer expectations are becoming more practical.
Rather than demanding total portability, organisations increasingly focus on preserving the information that protects them from risk.
Typical evaluation questions now include:
- Can assets be exported with their rights and consent information intact?
- Is critical metadata preserved during bulk export?
- Can downstream systems understand usage restrictions automatically?
- Which governance structures must be rebuilt during migration?
This reflects a more mature understanding of DAM as both a content repository and a compliance system.
A practical approach to DAM portability
The most resilient DAM strategies do not attempt to make every aspect of a platform portable.
Instead, they prioritise portability where it matters most.
Organisations should ensure the following information remains exportable and structured:
- Assets and file formats
- Metadata and descriptive context
- Usage rights and licence terms
- Consent and release documentation
Meanwhile, platform-specific elements such as workflows, roles and automation can be redesigned when systems change.
This approach avoids unrealistic expectations while protecting the information that ensures assets remain compliant.
For marketing teams managing licensed content, it provides a safer and more sustainable strategy.
The takeaway: portability is about protecting asset context
Vendor lock-in in digital asset management is no longer simply a technical inconvenience. As regulation evolves, it is increasingly becoming a compliance concern.
The most important question is not whether every feature can move between systems.
It is whether organisations can move their assets without losing the information that makes them safe to use.
When usage rights, permissions and consent travel with the asset, organisations retain control. They can change platforms, integrate new tools and adapt their technology stack without risking compliance.
And that is exactly what modern DAM should enable: the ability to use assets confidently, control access and protect rights.
To find out more about Asset Bank's data portability, have a chat with the team:
Frequently asked questions
What is vendor lock-in in digital asset management?
Vendor lock-in occurs when organisations find it difficult to move their assets and associated data from one DAM system (vendor) to another. This often happens when metadata, rights information or integrations are tightly tied to the platform.
Why does the EU Data Act affect DAM platforms?
As of September 2025, the EU Data Act requires organisations in the EU to be able to export their data in structured, machine-readable formats, at no cost. For DAM platforms, this means assets and associated metadata – including usage rights and consent information – must be accessible and transferable.
What DAM data must remain portable?
The most important portable data includes assets, metadata, licence details and consent records. This information ensures assets can be used safely and compliantly outside the original system.
Do workflows and permissions need to be portable?
No. Workflows, permissions and internal governance structures are often specific to each DAM platform and may need to be rebuilt when organisations switch systems.
How does DAM help marketing teams stay compliant?
A digital asset management platform helps teams track usage rights, manage consent and control access to assets. This ensures content is only used in ways that comply with licences, permissions and governance policies, such as GDPR, .
