DAM software: A buyer's guide for brand governance, compliance and content library management
For years, vendor lock-in has been accepted as an awkward reality of enterprise software. Switching systems can be difficult, disruptive and expensive – so organisations often tolerate it longer than they should.
As Kate McDonald, Head of Product at Asset Bank, explains, in her recent article in DAM NEWS, The EU Data Act, Vendor Lock-In And The Walled Garden Problem In DAM, that mindset is changing.
New regulation in Europe, including the EU Data Act and its 2025 addendum, is designed to remove barriers that prevent organisations from moving data between providers. The aim is simple: organisations should be able to access and transfer their data without facing unnecessary technical or financial obstacles.
For digital asset management (DAM), this is a significant development.
DAM platforms have become critical infrastructure for marketing teams. They store assets, manage permissions and control how content is used across channels. But many systems were not originally designed with portability in mind.
As regulators focus on data mobility, the traditional “walled garden” DAM model is being questioned.
Why the EU Data Act matters for digital asset management
The EU Data Act is designed to improve data accessibility and portability between services, particularly cloud platforms and data processing providers.
A key requirement is that vendors must allow customers to export their data in structured, commonly used and machine-readable formats, without additional charges.
For DAM systems, this means more than exporting files.
Digital assets are rarely used in isolation. Each asset carries important context that determines how it can be used, including:
- Metadata and descriptive tags
- Usage rights and licence restrictions
- Consent and release documentation
- Approval and version history
- Channel or geographic limitations
If this information cannot move alongside the asset itself, organisations risk losing the context that ensures compliant asset use.
For marketing teams responsible for protecting licences and permissions, that creates real risk.
- The EU Data Act aims to remove barriers that prevent organisations switching between data and cloud providers.
- Vendors must support structured, machine-readable data export without extra charges.
- In digital asset management, portability must include metadata, usage rights and consent data.
- Without portable rights information, organisations risk losing the context needed for compliant asset use.
DAM platforms have expanded far beyond as set storage
Digital asset management has evolved rapidly over the past decade.
What began as a structured library for storing images and files has grown into a platform that manages large parts of the marketing workflow.
Asset Bank, for example, is the number one digital asset management software for compliance, with a rich, configurable feature set that supports:
- Usage rights, watermarking, photographer credits, regional restrictions
- Permissions and access control, for both internal and external parties
- Governance and compliance monitoring
For marketing teams under pressure to simplify complex technology stacks, this consolidation has clear advantages. It centralises assets and gives teams a single place to manage content.
However, this expansion also means DAM systems now control how assets move through the organisation.
When a platform governs approvals, usage permissions and distribution rules, it becomes deeply embedded in daily operations. That makes portability more complicated.
How the DAM “walled garden” problem develops
The “walled garden” problem typically appears when organisations try to change something in their technology stack.
This might involve migrating to a new CMS, introducing a campaign management platform, onboarding external agencies, replacing or upgrading the DAM itself.
At this point, organisations may encounter challenges such as metadata being lost during bulk export, rights and consent information being tied to the DAM platform, integrations that only send data one way, and asset restrictions that cannot be interpreted outside the system.
Individually, these issues may appear manageable. But, together, they can create a system that is difficult to change without disrupting operations or increasing compliance risk.
For organisations responsible for protecting licences and permissions, losing asset context can mean losing control.
The critical difference between asset data and operational control
Not all information within a DAM system needs to move when switching platforms.
In practice, DAM data falls into two categories.
Asset data
This includes the information that travels with the asset itself:
- Files and formats
- Metadata and descriptive tags
- Usage rights and licence details
- Consent records and releases
Operational control
This includes the internal rules that govern how the platform operates:
- Permissions and user roles
- Workflows and approvals
- Platform-specific governance logic
The difference is important.
Operational structures often need to be rebuilt when organisations change systems. That is a normal part of migration.
However, asset data – particularly rights and consent information – must remain portable. Without it, organisations risk using assets in ways that breach licence agreements or consent conditions.
>> Read: The legal risks of mismanaging your digital assets <<
That is why modern DAM strategies place increasing emphasis on managing rights and permissions as structured, exportable data.
- DAM systems contain both asset data and operational control structures.
- Asset data includes files, metadata, rights and consent information.
- Operational control includes permissions, workflows and platform rules.
- Rights and consent data must remain portable to ensure compliant asset usage.
What the EU Data Act requires – and what it does not
There is sometimes confusion about how far the EU Data Act goes.
The regulation does not require vendors to make every system feature portable. Workflows, integrations and governance rules may still need to be rebuilt when switching platforms.
Instead, the regulation focuses on removing barriers that prevent organisations from accessing and moving their data.
In practical terms, DAM vendors should support:
- Structured export of assets and metadata
- Access to associated rights and consent information
- Clear processes for retrieving data without excessive costs
This ensures organisations remain in control of their data, even if operational structures must be reconfigured.
How DAM buyers are evaluating portability today
As regulations evolve and organisations gain more experience with DAM migrations, buyer expectations are becoming more practical.
Rather than demanding total portability, organisations increasingly focus on preserving the information that protects them from risk.
Typical evaluation questions now include:
- Can assets be exported with their rights and consent information intact?
- Is critical metadata preserved during bulk export?
- Can downstream systems understand usage restrictions automatically?
- Which governance structures must be rebuilt during migration?
This reflects a more mature understanding of DAM as both a content repository and a compliance system.
A practical approach to DAM portability
The most resilient DAM strategies do not attempt to make every aspect of a platform portable.
Instead, they prioritise portability where it matters most.
Organisations should ensure the following information remains exportable and structured:
- Assets and file formats
- Metadata and descriptive context
- Usage rights and licence terms
- Consent and release documentation
Meanwhile, platform-specific elements such as workflows, roles and automation can be redesigned when systems change.
This approach avoids unrealistic expectations while protecting the information that ensures assets remain compliant.
For marketing teams managing licensed content, it provides a safer and more sustainable strategy.
The takeaway: portability is about protecting asset context
Vendor lock-in in digital asset management is no longer simply a technical inconvenience. As regulation evolves, it is increasingly becoming a compliance concern.
The most important question is not whether every feature can move between systems.
It is whether organisations can move their assets without losing the information that makes them safe to use.
When usage rights, permissions and consent travel with the asset, organisations retain control. They can change platforms, integrate new tools and adapt their technology stack without risking compliance.
And that is exactly what modern DAM should enable: the ability to use assets confidently, control access and protect rights.
To find out more about Asset Bank's data portability, have a chat with the team:
Frequently asked questions
1. What is vendor lock-in in digital asset management?
Vendor lock-in in DAM occurs when it's difficult or costly to move assets and their associated data to another platform. This can happen if metadata, usage rights, consent information, or other governance data cannot be exported in a structured, usable format.
2. What is a 'walled garden' DAM?
A walled garden DAM is one that works well within its own ecosystem but makes it difficult to move assets and their associated metadata into other systems, increasing dependence on a single vendor.
2. What does the EU Data Act mean for DAM software?
As of September 2025, the EU Data Act requires organisations in the EU to be able to export their data in structured, machine-readable formats, at no cost, making it easier for organisations to move assets and their metadata between platforms. For DAM platforms, this means assets and associated metadata – including usage rights and consent information – must be accessible and transferable.
3. Does the EU Data Act require DAM vendors to make everything portable?
No. The legislation focuses on making data portable, rather than requiring every aspect of a platform to be transferable. Operational elements such as permission structures and workflows will often need to be rebuilt in a new DAM.
4. What DAM data must remain portable?
The most important portable data includes assets, metadata, licence details and consent records. This information ensures assets can be used safely and compliantly outside the original system.
5. Do workflows and permissions need to be portable?
No. Workflows, permissions and internal governance structures are often specific to each DAM platform and may need to be rebuilt when organisations switch systems.
6. Why is metadata more important than the asset itself during migration?
An asset without its metadata loses much of its value. Metadata provides the context needed to search, understand, and use content correctly, including rights, consent, and usage restrictions.
7. How can rights and consent information be preserved when moving to a new DAM?
A well-designed DAM should allow rights and consent information to be exported as structured metadata. This can include unique identifiers that link assets to their associated governance information, ensuring important context isn't lost during migration.
8. What questions should buyers ask when evaluating a DAM?
Buyers should ask:
- Can assets and metadata be exported in a structured format?
- Will rights and consent information remain linked to exported assets?
- Are APIs well documented and suitable for integration?
- How straightforward is it to migrate data if requirements change?
9. Is vendor lock-in always a bad thing?
Not necessarily. Every enterprise platform involves some level of dependency. The key consideration is whether organisations can access and move their assets and governance data without unnecessary technical, contractual, or financial barriers.
10. Why is data portability becoming more important?
Marketing technology stacks evolve constantly. Organisations replace CMSs, introduce new tools, work with new agencies, and respond to changing regulations. Data portability helps ensure assets remain usable and compliant as these systems change.
How does DAM software help organisations stay compliant with the EU data act and its 2025 addendum?
Digital asset management (DAM) software can help organisations align with the objectives of the EU Data Act by making it easier to access, export, and migrate digital assets and their associated metadata. The Act aims to reduce barriers to switching cloud and data processing providers by requiring customer data to be exportable in a structured, commonly used format and without unnecessary costs during switching.
In a DAM, the most important data to preserve is often the metadata associated with each asset. This can include usage rights, licence information, consent status, keywords, descriptions, and other governance attributes that help organisations use content safely and compliantly.
While operational elements such as user permissions, workflows, and access rules are typically specific to each DAM platform and are usually rebuilt during implementation, a well-designed DAM should enable organisations to export their assets alongside the metadata needed to understand and govern them in a new system.
When evaluating DAM software, organisations should look for structured metadata export, well-documented APIs, and clear migration processes. These capabilities support the data portability principles of the EU Data Act while helping maintain governance and compliance as technology stacks evolve.
Tags:
Read more of Kate's industry expertise on the DAM News website:
The EU Data Act, vendor lock-in and the walled garden problem in DAM
