EU Cloud DMA Probes AWS and Azure Gatekeeper Status

The European Commission has published the formal decisions explaining why it has opened market investigations to determine whether Microsoft Azure and Amazon Web Services (AWS) should be regulated as gatekeeper cloud services under the EU’s Digital Markets Act (DMA), setting in motion a year‑long fact‑finding process that could impose sweeping interoperability, non‑discrimination and data‑portability obligations on the two largest hyperscalers.

Background / Overview​

The DMA is the European Union’s ex‑ante rulebook for addressing entrenched platform power. It prescribes a catalogue of obligations for companies designated as gatekeepers — firms whose platforms act as important intermediaries between businesses and end users. While the DMA normally relies on quantitative thresholds (turnover and user counts) to identify gatekeepers, it also empowers the Commission to use qualitative, service‑level market investigations when those numeric tests do not map cleanly onto a sector’s commercial reality. The Commission’s cloud inquiry applies exactly that qualitative pathway: the regulator will assess whether AWS and Azure functionally operate as “important gateways” in cloud markets despite the unique nature of infrastructure services. This move is the result of converging policy pressures. National authorities and independent market studies have repeatedly documented concentrated cloud spending across Europe, business users and cloud competitors have raised persistent portability and licensing concerns, and the explosive demand for AI compute — together with several high‑impact outages — has turned cloud concentration into a resilience and strategic‑sovereignty issue for EU policymakers. The Commission therefore launched three parallel strands of work: two company‑specific market investigations (one for AWS, one for Azure), and a horizontal sector study assessing whether the DMA’s toolkit needs adaptation to fit cloud‑specific problems.

---

What the published decisions say​

The Commission’s stated rationale​

The published decisions detail the Commission’s view that the cloud services provided by AWS and Azure “occupy very strong positions” in business‑to‑business and business‑to‑consumer chains and that integrated product suites and platform design choices can produce durable lock‑in effects. The decisions list concrete areas of concern: barriers to interoperability, limited or conditioned access to business data, potential self‑preferencing of first‑party managed services and marketplaces, and contractual or pricing features (including egress charges and licensing differentials) that can increase switching costs for customers. The documents also explain the legal basis for using the DMA’s qualitative market‑investigation route.

Key facts the Commission wants to establish​

• Whether AWS and Microsoft Azure act as indispensable gateways for enterprises and consumers in ways that justify gatekeeper treatment.
• Whether specific commercial and technical practices materially deter switching and multi‑cloud mobility (egress fees, proprietary APIs, licensing terms, bundle discounts, managed‑services placement).
• Whether the DMA’s existing obligations (interoperability, non‑discrimination, data‑portability and anti‑self‑preferencing duties) are technically and legally fit for infrastructure markets or require bespoke guidance, delegated acts, or sector‑specific adaptations.

Where earlier press accounts summarized the Commission’s reasoning, the formal decisions now attach the investigative framework and evidentiary lines that will structure the next phase of document requests, technical briefings and stakeholder testimonies.

---

Legal mechanics and timetable​

The qualitative route and Article 3(8)​

The DMA contains a presumption pathway based on objective thresholds (notably turnover and user counts), but it deliberately includes a qualitative designation mechanism that allows the Commission to find a service is a gatekeeper after a market investigation if the evidence shows it functions as a de facto gateway. The cloud decisions use that mechanism: the Commission is no longer bound to the consumer‑facing metrics alone and can apply the DMA’s remedies to services that create equivalent market bottlenecks in practice.

Procedural timeline and potential outcomes​

• The Commission has signalled a target of about 12 months to complete the company‑specific fact‑finding phases, recognising longer timeframes may apply for complex, sector‑wide technical work. If the Commission concludes a cloud service qualifies as a gatekeeper, the DMA provides for a subsequent compliance window (often six months) during which the designated service must implement the mandatory obligations.
• Designation would expose the service to a prescriptive obligations list: no self‑preferencing, meaningful interoperability obligations where feasible, data‑portability and transparency duties, plus strong enforcement powers (including fines up to 10% of global turnover for single infringements and higher penalties for repeated breaches or systematic failures under the DMA framework). Existing Commission decisions enforcing DMA duties against other firms illustrate the regime’s punitive potential.

---

Technical axes of the investigation​

The Commission’s decisions focus on a set of technical and commercial levers that can lock workloads to a provider. These are the fault lines the EU will probe in depth.

Data portability and egress costs​

One of the clearest, repeatable concerns raised by customers and competitors is the practical cost of moving data: egress fees, opaque transfer pricing, limited export formats for managed services and the engineering burden of moving petabytes of production data. The Commission will examine whether exit charges or technical constraints make migration prohibitively expensive in practice. Those frictions are at the heart of portability claims and directly affect enterprise procurement choices.

Proprietary APIs, control‑plane semantics and portability​

Cloud portability is not just about raw bytes. Many cloud services expose proprietary APIs, orchestration primitives, and control‑plane semantics that embed provider‑specific assumptions into an application’s architecture. Rehosting a large, production workload can therefore require significant code and design changes. The Commission will request technical architecture documentation and migration‑testing data to measure the practical effort required to switch providers.

Licensing and pricing design​

Microsoft’s licensing terms — especially for Windows Server, SQL Server and enterprise software — have been repeatedly flagged by rivals and regulators as creating economic incentives to run Microsoft workloads on Azure rather than on competitor clouds. National reviews and complaints have focused on whether licensing differentials are effectively exclusionary. The Commission will interrogate licensing contracts, rebate structures and volume discounts for signs of discriminatory pricing.

Bundling, managed services and self‑preferencing​

Hyperscalers increasingly sell vertically integrated stacks: compute, storage, managed databases, analytics, AI model hosting and marketplaces. The Commission will test whether first‑party managed services or marketplace placements are advantaged in ways that disadvantage independent software vendors (ISVs) or alternative infrastructure providers — the very behaviours the DMA was designed to prevent in other platform contexts.

Resilience, outages and specialised AI hardware​

Beyond competition, regulators are also focused on systemic resilience. Recent high‑impact outages at major cloud providers have shown the cascading effects a provider failure can have across sectors. With AI generating massive demand for GPU‑class accelerators and custom hardware, the Commission will examine whether hardware scarcity, prioritisation practices or conditional access to accelerators create market power that undermines contestability or national digital‑sovereignty objectives.

---

Cross‑checks and independent corroboration​

The Commission’s press release and the MLex reporting set out the formal decisions; independent outlets and national regulators provide corroboration and context.

• The European Commission’s official announcement summarises the three market investigations and the lines of inquiry the Commission will pursue.
• MLex’s coverage provides investigative detail describing the Commission’s reasoning, the evidentiary lines, and the attachments to the enforcement decisions.
• National regulator findings — notably the U.K.’s Competition and Markets Authority (CMA) — earlier concluded that Microsoft and Amazon hold very strong positions in cloud markets and recommended further scrutiny, which helped crystallise the EU’s approach. Press coverage of those CMA findings confirms the empirical basis for Brussels’ inquiries.
• Reuters and other news outlets have reported on related developments — for example, Google’s withdrawal of a complaint against Microsoft after the Commission opened its cloud market investigations — demonstrating the rapid re‑shaping of private‑action and regulatory strategies around the DMA process.

Where precise numeric market‑share figures are quoted, those numbers depend heavily on segmentation and measurement method. Reported shares (for example, Amazon ≈30% and Microsoft ≈20% in some European IaaS market definitions) are useful directional indicators but should be treated with caution until the Commission’s own market‑by‑market evidence is published. The Commission’s decisions themselves emphasise the need for technical, contract‑level evidence rather than headline market shares alone.

---

What this means for Microsoft and Amazon​

Operational and compliance impact​

If AWS or Azure are ultimately designated as DMA gatekeepers for cloud services, the companies would face direct, mandated operational changes:

• Open or document interoperability interfaces where feasible, and avoid discrimination in API behaviour or access.
• Limit self‑preferencing by ensuring first‑party managed services and marketplace placements do not receive preferential treatment that disadvantages third‑party ISVs.
• Enable data portability in a way that is technically usable for enterprise customers, not just a nominal export format.
• Increase contractual transparency and remove imbalanced terms that uniformly disadvantage business users.

These obligations are not mere reporting duties — DMA controls can require substantive system‑level changes to platform architecture and commercial operations, and the Commission has relatively fast enforcement levers and heavy fines for non‑compliance.

Commercial and investment implications​

Gatekeeper obligations could alter incentives for product bundling, rebates, and licensing design. For Microsoft and Amazon, the compliance and architectural re‑tooling costs could be significant and could change long‑term product road maps (for example, around specialised, vertically integrated AI services). At the same time, the DMA’s rules are forward‑looking: they could standardise contestability practices across Europe and potentially reduce legal frictions for customers in the medium term. Industry statements to date underscore the tension: both Microsoft and Amazon have pushed back on the probes, warning of potential harm to investment and innovation if obligations are mis‑applied. Those views have been reported in national and international outlets.

---

What it means for enterprise customers and CIOs​

For organisations that rely on AWS and Azure, the Commission’s decisions make regulatory risk a material dimension of cloud strategy. The likely immediate actions for procurement, architecture and legal teams are practical:

• Map which apps and data live on each provider and identify the business‑critical single‑points‑of‑dependency.
• Revisit contracts to strengthen exit rights, clarity on egress pricing, and guarantees about export formats and technical support for migration.
• Operationally test migrations and backups for production workloads at scale (proofs of concept for portability are and will be valuable evidence in the Commission’s docket).
• Consider multi‑cloud and hybrid designs where they make sense as resilience and bargaining tools; but evaluate the real engineering cost of maintaining multi‑cloud portability.
• Engage with vendor governance processes and request contractual commitments that align with potential DMA obligations (for example, clearer SLAs for managed services and commitments on API stability).

The article of practical counsel is simple: treat the Commission’s inquiries as a plausible and near‑term regulatory scenario and prepare accordingly — both at the technical and commercial levels.

---

Strategic and geopolitical dimensions​

The cloud DMA inquiry is not only a competition story; it is a geopolitical and industrial‑policy question. The EU’s concerns about digital sovereignty — the ability of EU states and European firms to control critical infrastructure and data flows — are central to the policy calculus. Cloud concentration interacts with national security, AI leadership and supply‑chain resilience. Brussels’ approach also carries transatlantic implications: U.S. firms dominate hyperscale cloud markets, meaning DMA outcomes could generate friction or lead to regulatory alignment pressures between the EU and the U.S. The Commission appears cognizant of these stakes and has framed the inquiry as balancing competition, resilience and investment.

---

Strengths and potential risks of the Commission’s approach​

Strengths​

• The Commission is using a targeted, evidence‑driven market‑investigation route rather than a blunt, one‑size‑fits‑all reclassification. The decisions call for detailed technical and contractual evidence, which is necessary given the complexity of cloud architecture.
• The DMA’s prescriptive toolbox — non‑discrimination duties, interoperability requirements, and enforceable transparency obligations — can directly address many of the lock‑in mechanics (egress fees, proprietary APIs, self‑preferencing) that procurement teams and smaller providers have long complained about.

Risks and drawbacks​

• Technical feasibility vs legal prescription: Translating DMA duties into workable technical standards for cloud platforms is non‑trivial. Overly prescriptive remedies risk fragmenting operational interfaces and creating compliance complexity that could reduce the global scalability of cloud services. The Commission’s horizontal study rightly flags this risk.
• Investment chill: If compliance imposes high fixed costs or regulatory uncertainty, providers may re‑allocate investment away from open R&D toward regulatory compliance, with potential knock‑on effects on performance and feature innovation. Industry voices have raised this concern, and the Commission will need to balance remedies carefully.
• Measurement and market definition challenges: Cloud markets are heterogeneous. Market shares and market power can vary widely by segment (IaaS, PaaS, managed AI services, edge, sectors). Remedies that do not account for segmentation risk over‑or‑under‑reaching. The Commission’s evidence‑heavy approach partially mitigates this, but measurement will be contested.

Where claims are provisional — for example, precise market shares or future supervisory modalities — those should be flagged and confirmed only against the Commission’s eventual public evidentiary record. Early press numbers vary by source and methodology.

---

Steps vendors and policymakers should consider now​

• Vendors (AWS, Microsoft and others) should prepare exhaustive, auditable evidence sets: pricing and rebate schedules, API definitions and change logs, migration test data, contract histories and mitigation plans for portability. The Commission will demand technical detail.
• Independent cloud providers and ISVs should document real‑world portability impediments, commercial harms from self‑preferencing, and customer testimony about switching costs. Robust, empirical submissions will influence the Commission’s factual record.
• Policymakers and standards bodies should accelerate work on interoperable control‑plane standards, export formats and portability test suites that can be used as neutral compliance benchmarks — technical infrastructure that will reduce litigation and enforcement overhead. Academic and industry initiatives on continuous certification and standardized cloud evidence could play a role.

---

Outlook — what to expect next​

The Commission’s decisions set up an intensive, evidence‑heavy 12‑month phase that will shape the long‑term regulatory architecture for cloud services in Europe. Possible near‑term scenarios include:

• The Commission concludes there is insufficient functional gatekeeper evidence for one or both services and publishes findings recommending targeted industry guidance instead.
• The Commission designates one or both services as cloud gatekeepers and issues a set of DMA obligations tailored to cloud realities, forcing operational and contractual change across the hyperscalers’ stacks.
• The Commission proposes sector‑specific DMA clarifications or delegated acts that adapt certain obligations to the technical constraints of cloud markets.

Any designation or major regulatory clarification will generate immediate compliance programmes, vendor contract renegotiations and a cascade of technical and legal planning across European public and private sectors. Media and market attention has already reshaped private strategies — for example, Google withdrew its standalone complaint against Microsoft after Brussels launched the DMA‑based market investigations — demonstrating how regulatory dynamics can reframe competitive litigation strategies.

---

Conclusion​

The Commission’s published decisions are a deliberate and consequential escalation: they put the cloud‑computing layer — the backbone of enterprise IT and AI development — squarely within the remit of Europe’s most ambitious digital competition law. The DMA’s qualitative market‑investigation route gives Brussels the flexibility to address infrastructure‑level lock‑in even when numerical gatekeeper thresholds are difficult to apply to enterprise services. That flexibility is both the Commission’s strength and its central challenge: to craft remedies that restore contestability without fragmenting global cloud ecosystems or stifling investment.
For IT leaders, procurement teams and cloud vendors, the instruction is immediate and practical: document dependencies, stress‑test portability, strengthen contractual exit and audit rights, and prepare for regulatory scenarios that could change cloud economics and architecture in tangible ways over the next 12 months. The Commission’s evidentiary record — now formally published — will be the decisive source; the next phase will be highly technical, contested and consequential.

---

Source: MLex Amazon, Microsoft decisions on cloud scrutiny published by EU | MLex | Specialist news and analysis on legal risk and regulation