On June 25, 2026, the European Commission told Amazon and Microsoft that its preliminary view is that AWS and Azure should be designated as Digital Markets Act gatekeepers for cloud computing services in the European Union. The finding is not yet a final order, but it is the clearest signal so far that Brussels wants its Big Tech rulebook to move below the app store and search layer into the infrastructure layer. For WindowsForum readers, the story is not merely that two American hyperscalers may face more paperwork. It is that the cloud stack behind Microsoft 365, Azure AI, Windows management, retail platforms, and countless enterprise applications is becoming a formal competition battleground.
The Commission’s move lands at a moment when cloud has stopped being a neutral utility in the political imagination. It is now where AI models are trained, customer data is warehoused, software vendors are locked in or locked out, and national governments discover how much of their digital sovereignty depends on someone else’s data center roadmap. The EU is not just asking whether AWS and Azure are large. It is asking whether they have become unavoidable.
The Digital Markets Act was written for a world in which digital power looked visible: app stores, search engines, browsers, social networks, operating systems, marketplaces, and advertising networks. Those were the obvious choke points. If a developer could not get into an app store, if a merchant had to play by marketplace rules, or if a browser default quietly shaped the web, regulators could point to a recognizable gate.
Cloud infrastructure is a less photogenic target, but it may be the more consequential one. A retailer choosing AWS, a manufacturer standardizing on Azure, or a startup building around managed databases and AI services is not simply renting compute. It is adopting an operating environment that can reshape procurement, software architecture, security tooling, identity systems, data flows, and exit costs for years.
That is why the Commission’s preliminary position matters. AWS and Azure reportedly do not meet the DMA’s normal quantitative thresholds for this specific designation, yet Brussels says they may still function as important gateways between businesses and customers in the EU. In plain terms, the Commission is saying that formal thresholds are not the only way to measure power when an infrastructure platform becomes deeply embedded in commercial life.
This is a familiar European regulatory instinct, but applied to a newer terrain. The EU has long preferred ex ante rules for digital markets, arguing that waiting for traditional antitrust cases to grind through the courts often lets dominant positions harden before remedies arrive. The DMA is supposed to prevent gatekeepers from using their platform control to entrench themselves, not simply punish them after the market has tipped.
The cloud inquiry stretches that theory. If app stores are doors, cloud platforms are the building’s foundation. Regulating them under the same framework raises harder questions, because the cloud is not a single consumer-facing product with a neat user interface. It is a mesh of compute, storage, networking, databases, AI tooling, identity, telemetry, security, billing, partner marketplaces, and professional services.
What Brussels is really probing is whether customers and software vendors can realistically avoid the two hyperscalers without paying a penalty in capability, scale, compliance coverage, AI tooling, support, or ecosystem access. This is the problem every IT leader recognizes but rarely states in procurement language. The best cloud may not be the cheapest cloud; it is often the one that comes with the fewest career-threatening surprises.
AWS earned that position by being early, broad, and relentless. Azure earned it by turning Microsoft’s enterprise gravity into cloud momentum, binding Windows Server, Active Directory, Microsoft 365, SQL Server, developer tools, and enterprise agreements into a platform migration path. For many organizations, Azure is not a new vendor. It is the next room in a Microsoft house they already live in.
That makes Azure’s scrutiny particularly important for this audience. Microsoft’s cloud business is not just a place to host virtual machines. It is tied to Entra ID, Intune, Defender, Sentinel, GitHub, Visual Studio, Power Platform, Dynamics, Teams, and now an expanding line of Copilot and Azure AI services. The more Microsoft turns its productivity, security, developer, and AI portfolio into a unified platform, the more regulators will ask whether customers are choosing each piece freely or being carried along by the bundle.
AWS has a different kind of gravitational field. Its lock-in is less about an installed base of Windows desktops and Office tenants and more about service depth, operational maturity, and developer habit. Once an application is built around AWS primitives, managed databases, serverless functions, IAM policies, data pipelines, and observability systems, moving it can become less a migration than a rewrite.
The Commission’s preliminary view treats both models as potentially gatekeeping. That is the notable part. Brussels is not saying Microsoft and Amazon are identical companies with identical leverage. It is saying each may control a route to customers that is now important enough to warrant DMA obligations.
That promise was only partly true. Basic virtual machines are portable in the same way that moving house is simple if all you own is a chair. Modern cloud applications use managed databases, identity services, queues, secrets stores, analytics engines, AI APIs, deployment pipelines, proprietary monitoring, and vendor-specific cost controls. The value of the cloud is precisely the thing that makes it sticky.
This is where regulators and engineers sometimes talk past each other. A legal framework may ask whether a customer can switch provider. An architect will answer: yes, with enough money, risk, downtime, testing, retraining, and executive patience. The practical question is not whether switching is possible. It is whether switching is economically rational after the platform has become part of the application.
For Windows administrators, that distinction is not abstract. A company that manages devices with Intune, authenticates users through Entra ID, protects workloads through Defender, deploys infrastructure through Azure Policy, and analyzes logs in Microsoft Sentinel may technically be multi-cloud. Operationally, however, it has a Microsoft control plane. The cloud is no longer just where workloads run; it is where the rules of the environment are enforced.
AWS customers face similar realities through a different toolchain. A workload that leans heavily on Lambda, DynamoDB, S3 eventing, CloudWatch, IAM, KMS, and Bedrock is using a coherent platform. It gains speed by adopting AWS-native services, but every native integration becomes another thread to untangle if the customer later wants to leave.
The Commission’s move is therefore not anti-cloud. It is a recognition that the cloud’s most valuable features create the very dependencies that competition law worries about. A bare-bones commodity cloud would be easier to switch away from, but less useful. A highly integrated cloud is more powerful, but harder to escape.
But Microsoft’s regulatory challenge is that Azure increasingly functions as the substrate for a much broader Microsoft ecosystem. The company’s AI strategy flows through Azure. Its security strategy increasingly assumes Microsoft telemetry and cloud-native response. Its device management strategy pushes enterprises toward cloud control. Its productivity suite is wrapped in identity, compliance, data governance, and Copilot services that make Azure a natural extension of the Microsoft 365 tenant.
This is a triumph of product strategy. It is also a red flag for regulators who have spent decades watching platform companies turn adjacency into advantage. When one vendor controls the operating system on endpoints, the dominant office suite, enterprise identity, collaboration, security tooling, developer platforms, and a top-two cloud, every integration can be defended as convenience and attacked as foreclosure.
The Windows world has lived this story before. Internet Explorer’s bundling with Windows was the canonical antitrust fight of the late 1990s and early 2000s. Today’s cloud integrations are subtler, more defensible, and often genuinely useful. No administrator wants identity, endpoint management, email security, and conditional access to be more fragmented for the sake of regulatory purity.
Yet the logic is familiar. The more Microsoft makes Azure the easiest default for existing Microsoft customers, the more rivals will argue they are not competing on a level field. The gatekeeper question becomes less about whether Azure has good products and more about whether Microsoft’s estate makes Azure the path of least resistance.
That is why this proceeding could matter even if the immediate remedies are procedural. A DMA designation would put pressure on Microsoft to show that interoperability, portability, fair access, and data-use boundaries are not afterthoughts. It would also give European regulators a stronger basis to examine cloud-adjacent conduct that might otherwise be treated as ordinary product integration.
Amazon’s political weakness is not that AWS is tied to a dominant desktop operating system or productivity suite. It is that AWS has become infrastructure for companies that also compete with Amazon in retail, logistics, media, advertising, and data-intensive services. The old marketplace concern — whether Amazon can use its position to advantage itself — takes on a new form when Amazon also hosts parts of the digital economy’s backend.
Retail Gazette’s framing is therefore apt, because retailers are not passive observers in this fight. Many of them rely on cloud infrastructure for commerce platforms, personalization, inventory systems, analytics, fraud detection, and customer-service automation. Some are also wary of Amazon as a competitor or marketplace power. The cloud relationship can be commercially rational and strategically uncomfortable at the same time.
AWS has long insisted that it serves customers independently and securely. Its credibility with enterprise buyers depends on that trust. But competition policy does not require a finding that a company has misused every possible advantage before regulators act. Under the DMA model, the question is whether the structure of the market gives a gatekeeper incentives and capacities that require rules in advance.
That makes AWS a clean test case for the cloud chapter of Big Tech regulation. It is dominant without being bundled into Windows. It is deeply embedded without being a default office-suite extension. If the Commission ultimately designates AWS, it will be saying that infrastructure power alone can justify gatekeeper obligations.
That asymmetry is central to the regulatory case. Competition is not healthy simply because vendors fight hard before a contract is signed. It remains healthy when customers can credibly threaten to move after the contract is signed. If exit is too painful, renewal becomes less a contest than a hostage negotiation with better dashboards.
Europe has already spent years circling issues such as data portability, egress fees, interoperability, software licensing restrictions, and cloud switching costs. The DMA could bring a sharper enforcement tool to some of those concerns, though the fit will not be perfect. Cloud markets are technical, contractual, and operational in ways that consumer platform rules were not originally designed to handle.
The most immediate practical effect may be behavioral. If AWS and Azure expect gatekeeper obligations, they may become more cautious about self-preferencing, restrictive contract terms, data-use practices, and technical barriers that make rivals’ services harder to use. They may also invest more heavily in compliance narratives around portability, sovereign operations, and open standards.
That does not mean cloud will suddenly become plug-and-play. No regulation can make a complex distributed application portable by decree. But rules can change the incentives around how vendors price data movement, document interfaces, support third-party tooling, and structure licensing. For customers, that is where the real stakes sit.
European policymakers have watched the region become heavily dependent on non-European hyperscalers while its own cloud providers struggle to match their scale, service catalogs, and capital expenditure. That dependence is not automatically a security failure. AWS, Microsoft, and Google operate some of the most sophisticated infrastructure in the world. Many European organizations choose them because the alternatives do not offer the same combination of capability and reach.
Still, capability does not erase strategic concern. If European cloud demand keeps growing while the control plane remains concentrated in a few American firms, Brussels will face a recurring dilemma. It can enjoy the productivity benefits of hyperscale infrastructure, or it can try to nurture local alternatives, or it can attempt to do both by forcing the biggest platforms to behave more like regulated gateways.
The DMA route is the third option. It does not nationalize the cloud or ban foreign providers. It tries to make dominant platforms contestable enough that European providers, open-source stacks, specialist clouds, and multi-cloud strategies have room to survive. Whether that works is another matter.
There is a danger that regulation becomes a substitute for industrial capacity. Europe can designate gatekeepers, but it cannot fine its way into cheaper GPUs, denser data center buildouts, better developer ecosystems, or faster product execution. If the goal is a more competitive cloud market, rules must be paired with credible investment, procurement reform, and technical standards that customers actually want to use.
Modern AI services are deeply tied to cloud infrastructure. Training and inference require specialized hardware, massive data pipelines, managed model services, security boundaries, developer tools, and enterprise integration. The companies with cloud scale can turn AI into a platform layer faster than smaller competitors can assemble the required infrastructure.
Microsoft’s relationship with OpenAI and its broader Copilot strategy make Azure central to the company’s AI ambitions. AWS has its own AI stack, including model services and infrastructure offerings designed to keep customers inside the AWS ecosystem. Google Cloud, though not the target of this preliminary finding, is also a major AI cloud competitor, which is why Microsoft is reportedly keen to argue that regulators should not understate Google’s position.
The Commission’s cloud investigation is therefore also an AI market investigation by implication. If cloud providers become the default route to enterprise AI, then gatekeeper power in cloud could influence which models, tools, marketplaces, and data services gain traction. The risk is not merely that customers pay too much for compute. It is that the next software platform shift inherits the same concentration as the last one.
This is where the DMA may prove both useful and strained. It can impose obligations on designated gatekeepers, but AI services evolve quickly and blur product boundaries. Is a model catalog part of cloud infrastructure, a marketplace, a developer platform, or an application service? Is a Copilot feature a productivity product, an AI service, or an Azure workload in disguise? Regulators will need answers fast enough to matter.
The smarter response is to treat the proceeding as a warning about concentration risk. If the EU believes AWS and Azure may be unavoidable gateways, CIOs should ask whether their own architecture has quietly reached the same conclusion. A regulator’s concern about lock-in is often just an enterprise risk register written in public-policy language.
That means procurement teams should pay closer attention to exit clauses, data mobility, egress economics, identity dependencies, software licensing terms, and operational portability. Multi-cloud should not be treated as a slogan or a badge of sophistication. A sloppy multi-cloud estate can be more expensive and less secure than a disciplined single-cloud strategy.
The question is where portability is worth paying for. Some workloads are so tied to a platform’s managed services that portability would destroy the business case. Others can be designed around containers, open databases, infrastructure as code, and vendor-neutral observability without sacrificing much. The art is knowing which is which before the renewal deadline arrives.
Windows-heavy shops face a particularly subtle version of the problem. Microsoft’s tooling can reduce operational friction dramatically, especially for identity, endpoint security, compliance, and device management. But every successful integration can also narrow the practical path away from Azure. That does not make the integration bad. It makes its long-term consequences worth documenting.
Some of that will be fair. The hyperscalers have already built EU regions, compliance programs, encryption controls, data residency commitments, and sovereign-cloud offerings because customers demanded them. Their scale allows them to absorb regulatory costs that might crush smaller providers. A more regulated AWS or Azure may still be more attractive to many buyers than a smaller provider with fewer services and less mature tooling.
But compliance branding can obscure the underlying market question. If the same companies that dominate the market are also best positioned to satisfy the new rules, regulation may harden rather than weaken their advantage. The DMA’s success will depend on whether obligations create genuine room for competition or simply add a paperwork moat around incumbents.
This is one of the paradoxes of Big Tech regulation. The companies most capable of complying are often the companies regulators are trying to constrain. A giant can hire lawyers, policy teams, engineers, auditors, and lobbyists. A challenger may struggle to interpret the same rulebook while also trying to build a product.
That does not mean the EU should do nothing. It means regulators must measure outcomes rather than press releases. If customers still cannot move data affordably, if independent software vendors still face platform pressure, if licensing still distorts cloud choice, and if AI services become more tightly bundled into dominant ecosystems, then formal compliance will not be enough.
The most consequential debate will be about what obligations mean in practice for cloud. Some DMA rules map more naturally to app stores and marketplaces than to infrastructure services. Applying them to cloud will require careful interpretation, especially where technical integration is both a source of customer value and a possible tool of lock-in.
If the Commission pushes too broadly, it risks turning cloud engineering into a compliance guessing game. If it pushes too narrowly, the designation becomes symbolic. The real test is whether Brussels can identify conduct that distorts competition without punishing the normal advantages of scale, reliability, and product integration.
That distinction matters because not every form of customer dependence is abusive. Enterprises depend on platforms because platforms reduce complexity. A bank may prefer Azure because its Microsoft estate already has identity and compliance patterns there. A retailer may prefer AWS because its engineers know the services and the performance is predictable. Competition law should not pretend that switching costs can be eliminated without also eliminating much of what makes cloud useful.
But dependence becomes a public concern when the provider can exploit it to foreclose rivals, impose unfair terms, or make adjacent markets less contestable. That is the line Brussels is trying to draw. The difficulty is that, in cloud, the line often runs through architecture diagrams rather than consumer-facing screens.
The Commission’s move lands at a moment when cloud has stopped being a neutral utility in the political imagination. It is now where AI models are trained, customer data is warehoused, software vendors are locked in or locked out, and national governments discover how much of their digital sovereignty depends on someone else’s data center roadmap. The EU is not just asking whether AWS and Azure are large. It is asking whether they have become unavoidable.
Brussels Moves the Gatekeeper Fight Down the Stack
The Digital Markets Act was written for a world in which digital power looked visible: app stores, search engines, browsers, social networks, operating systems, marketplaces, and advertising networks. Those were the obvious choke points. If a developer could not get into an app store, if a merchant had to play by marketplace rules, or if a browser default quietly shaped the web, regulators could point to a recognizable gate.Cloud infrastructure is a less photogenic target, but it may be the more consequential one. A retailer choosing AWS, a manufacturer standardizing on Azure, or a startup building around managed databases and AI services is not simply renting compute. It is adopting an operating environment that can reshape procurement, software architecture, security tooling, identity systems, data flows, and exit costs for years.
That is why the Commission’s preliminary position matters. AWS and Azure reportedly do not meet the DMA’s normal quantitative thresholds for this specific designation, yet Brussels says they may still function as important gateways between businesses and customers in the EU. In plain terms, the Commission is saying that formal thresholds are not the only way to measure power when an infrastructure platform becomes deeply embedded in commercial life.
This is a familiar European regulatory instinct, but applied to a newer terrain. The EU has long preferred ex ante rules for digital markets, arguing that waiting for traditional antitrust cases to grind through the courts often lets dominant positions harden before remedies arrive. The DMA is supposed to prevent gatekeepers from using their platform control to entrench themselves, not simply punish them after the market has tipped.
The cloud inquiry stretches that theory. If app stores are doors, cloud platforms are the building’s foundation. Regulating them under the same framework raises harder questions, because the cloud is not a single consumer-facing product with a neat user interface. It is a mesh of compute, storage, networking, databases, AI tooling, identity, telemetry, security, billing, partner marketplaces, and professional services.
AWS and Azure Are Being Judged by Dependence, Not Just Size
The important detail is that the Commission’s argument appears to lean on functional dependence rather than a simple market-share headline. AWS is the largest cloud provider in the EU, Azure the second largest, and together they account for a very large slice of the region’s public cloud market. But the regulatory case is less interesting if reduced to a leaderboard.What Brussels is really probing is whether customers and software vendors can realistically avoid the two hyperscalers without paying a penalty in capability, scale, compliance coverage, AI tooling, support, or ecosystem access. This is the problem every IT leader recognizes but rarely states in procurement language. The best cloud may not be the cheapest cloud; it is often the one that comes with the fewest career-threatening surprises.
AWS earned that position by being early, broad, and relentless. Azure earned it by turning Microsoft’s enterprise gravity into cloud momentum, binding Windows Server, Active Directory, Microsoft 365, SQL Server, developer tools, and enterprise agreements into a platform migration path. For many organizations, Azure is not a new vendor. It is the next room in a Microsoft house they already live in.
That makes Azure’s scrutiny particularly important for this audience. Microsoft’s cloud business is not just a place to host virtual machines. It is tied to Entra ID, Intune, Defender, Sentinel, GitHub, Visual Studio, Power Platform, Dynamics, Teams, and now an expanding line of Copilot and Azure AI services. The more Microsoft turns its productivity, security, developer, and AI portfolio into a unified platform, the more regulators will ask whether customers are choosing each piece freely or being carried along by the bundle.
AWS has a different kind of gravitational field. Its lock-in is less about an installed base of Windows desktops and Office tenants and more about service depth, operational maturity, and developer habit. Once an application is built around AWS primitives, managed databases, serverless functions, IAM policies, data pipelines, and observability systems, moving it can become less a migration than a rewrite.
The Commission’s preliminary view treats both models as potentially gatekeeping. That is the notable part. Brussels is not saying Microsoft and Amazon are identical companies with identical leverage. It is saying each may control a route to customers that is now important enough to warrant DMA obligations.
The Cloud Was Supposed to Be Portable Until It Became Productized
The old sales pitch for cloud computing was elasticity. Buy what you need, scale up, scale down, avoid capital expenditure, and stop treating servers like furniture. Portability was implied by abstraction: if workloads were just software running somewhere else, surely they could run somewhere else again.That promise was only partly true. Basic virtual machines are portable in the same way that moving house is simple if all you own is a chair. Modern cloud applications use managed databases, identity services, queues, secrets stores, analytics engines, AI APIs, deployment pipelines, proprietary monitoring, and vendor-specific cost controls. The value of the cloud is precisely the thing that makes it sticky.
This is where regulators and engineers sometimes talk past each other. A legal framework may ask whether a customer can switch provider. An architect will answer: yes, with enough money, risk, downtime, testing, retraining, and executive patience. The practical question is not whether switching is possible. It is whether switching is economically rational after the platform has become part of the application.
For Windows administrators, that distinction is not abstract. A company that manages devices with Intune, authenticates users through Entra ID, protects workloads through Defender, deploys infrastructure through Azure Policy, and analyzes logs in Microsoft Sentinel may technically be multi-cloud. Operationally, however, it has a Microsoft control plane. The cloud is no longer just where workloads run; it is where the rules of the environment are enforced.
AWS customers face similar realities through a different toolchain. A workload that leans heavily on Lambda, DynamoDB, S3 eventing, CloudWatch, IAM, KMS, and Bedrock is using a coherent platform. It gains speed by adopting AWS-native services, but every native integration becomes another thread to untangle if the customer later wants to leave.
The Commission’s move is therefore not anti-cloud. It is a recognition that the cloud’s most valuable features create the very dependencies that competition law worries about. A bare-bones commodity cloud would be easier to switch away from, but less useful. A highly integrated cloud is more powerful, but harder to escape.
Microsoft’s Problem Is That Azure Is No Longer Just Azure
Microsoft will likely argue that Azure competes fiercely with AWS, Google Cloud, Oracle, and a long tail of European and specialist providers. That is true as far as it goes. The cloud market is competitive in visible ways: vendors fight over discounts, regions, AI accelerators, database migrations, sovereign offerings, and enterprise commitments.But Microsoft’s regulatory challenge is that Azure increasingly functions as the substrate for a much broader Microsoft ecosystem. The company’s AI strategy flows through Azure. Its security strategy increasingly assumes Microsoft telemetry and cloud-native response. Its device management strategy pushes enterprises toward cloud control. Its productivity suite is wrapped in identity, compliance, data governance, and Copilot services that make Azure a natural extension of the Microsoft 365 tenant.
This is a triumph of product strategy. It is also a red flag for regulators who have spent decades watching platform companies turn adjacency into advantage. When one vendor controls the operating system on endpoints, the dominant office suite, enterprise identity, collaboration, security tooling, developer platforms, and a top-two cloud, every integration can be defended as convenience and attacked as foreclosure.
The Windows world has lived this story before. Internet Explorer’s bundling with Windows was the canonical antitrust fight of the late 1990s and early 2000s. Today’s cloud integrations are subtler, more defensible, and often genuinely useful. No administrator wants identity, endpoint management, email security, and conditional access to be more fragmented for the sake of regulatory purity.
Yet the logic is familiar. The more Microsoft makes Azure the easiest default for existing Microsoft customers, the more rivals will argue they are not competing on a level field. The gatekeeper question becomes less about whether Azure has good products and more about whether Microsoft’s estate makes Azure the path of least resistance.
That is why this proceeding could matter even if the immediate remedies are procedural. A DMA designation would put pressure on Microsoft to show that interoperability, portability, fair access, and data-use boundaries are not afterthoughts. It would also give European regulators a stronger basis to examine cloud-adjacent conduct that might otherwise be treated as ordinary product integration.
Amazon’s Cloud Dominance Has a Different Political Weakness
AWS does not carry Microsoft’s Windows legacy, but it has its own exposure. It is the original hyperscale cloud giant, and for many developers it remains the reference model for what public cloud is. Its sheer breadth can make competitors look partial even when they are technically capable.Amazon’s political weakness is not that AWS is tied to a dominant desktop operating system or productivity suite. It is that AWS has become infrastructure for companies that also compete with Amazon in retail, logistics, media, advertising, and data-intensive services. The old marketplace concern — whether Amazon can use its position to advantage itself — takes on a new form when Amazon also hosts parts of the digital economy’s backend.
Retail Gazette’s framing is therefore apt, because retailers are not passive observers in this fight. Many of them rely on cloud infrastructure for commerce platforms, personalization, inventory systems, analytics, fraud detection, and customer-service automation. Some are also wary of Amazon as a competitor or marketplace power. The cloud relationship can be commercially rational and strategically uncomfortable at the same time.
AWS has long insisted that it serves customers independently and securely. Its credibility with enterprise buyers depends on that trust. But competition policy does not require a finding that a company has misused every possible advantage before regulators act. Under the DMA model, the question is whether the structure of the market gives a gatekeeper incentives and capacities that require rules in advance.
That makes AWS a clean test case for the cloud chapter of Big Tech regulation. It is dominant without being bundled into Windows. It is deeply embedded without being a default office-suite extension. If the Commission ultimately designates AWS, it will be saying that infrastructure power alone can justify gatekeeper obligations.
The DMA May Force Cloud Providers to Compete on Exit as Well as Entry
The cloud industry is very good at onboarding. It has credits, migration factories, reference architectures, partner incentives, free tiers, proof-of-concept funding, and armies of solution architects. It is less enthusiastic about helping customers leave.That asymmetry is central to the regulatory case. Competition is not healthy simply because vendors fight hard before a contract is signed. It remains healthy when customers can credibly threaten to move after the contract is signed. If exit is too painful, renewal becomes less a contest than a hostage negotiation with better dashboards.
Europe has already spent years circling issues such as data portability, egress fees, interoperability, software licensing restrictions, and cloud switching costs. The DMA could bring a sharper enforcement tool to some of those concerns, though the fit will not be perfect. Cloud markets are technical, contractual, and operational in ways that consumer platform rules were not originally designed to handle.
The most immediate practical effect may be behavioral. If AWS and Azure expect gatekeeper obligations, they may become more cautious about self-preferencing, restrictive contract terms, data-use practices, and technical barriers that make rivals’ services harder to use. They may also invest more heavily in compliance narratives around portability, sovereign operations, and open standards.
That does not mean cloud will suddenly become plug-and-play. No regulation can make a complex distributed application portable by decree. But rules can change the incentives around how vendors price data movement, document interfaces, support third-party tooling, and structure licensing. For customers, that is where the real stakes sit.
Europe’s Sovereignty Argument Is Becoming an Economic Argument
The EU’s cloud push is often described as digital sovereignty, and that phrase can sound like a policy slogan in search of a product. But sovereignty in this context is not only about flags over data centers. It is about who has leverage when cloud infrastructure becomes essential to industry, government, healthcare, finance, retail, and AI development.European policymakers have watched the region become heavily dependent on non-European hyperscalers while its own cloud providers struggle to match their scale, service catalogs, and capital expenditure. That dependence is not automatically a security failure. AWS, Microsoft, and Google operate some of the most sophisticated infrastructure in the world. Many European organizations choose them because the alternatives do not offer the same combination of capability and reach.
Still, capability does not erase strategic concern. If European cloud demand keeps growing while the control plane remains concentrated in a few American firms, Brussels will face a recurring dilemma. It can enjoy the productivity benefits of hyperscale infrastructure, or it can try to nurture local alternatives, or it can attempt to do both by forcing the biggest platforms to behave more like regulated gateways.
The DMA route is the third option. It does not nationalize the cloud or ban foreign providers. It tries to make dominant platforms contestable enough that European providers, open-source stacks, specialist clouds, and multi-cloud strategies have room to survive. Whether that works is another matter.
There is a danger that regulation becomes a substitute for industrial capacity. Europe can designate gatekeepers, but it cannot fine its way into cheaper GPUs, denser data center buildouts, better developer ecosystems, or faster product execution. If the goal is a more competitive cloud market, rules must be paired with credible investment, procurement reform, and technical standards that customers actually want to use.
AI Turns Cloud Gatekeeping Into a Faster-Moving Problem
Five years ago, a cloud competition fight might have centered on storage prices, virtual machines, software licensing, and data egress. Those issues still matter. But AI has raised the stakes and accelerated the clock.Modern AI services are deeply tied to cloud infrastructure. Training and inference require specialized hardware, massive data pipelines, managed model services, security boundaries, developer tools, and enterprise integration. The companies with cloud scale can turn AI into a platform layer faster than smaller competitors can assemble the required infrastructure.
Microsoft’s relationship with OpenAI and its broader Copilot strategy make Azure central to the company’s AI ambitions. AWS has its own AI stack, including model services and infrastructure offerings designed to keep customers inside the AWS ecosystem. Google Cloud, though not the target of this preliminary finding, is also a major AI cloud competitor, which is why Microsoft is reportedly keen to argue that regulators should not understate Google’s position.
The Commission’s cloud investigation is therefore also an AI market investigation by implication. If cloud providers become the default route to enterprise AI, then gatekeeper power in cloud could influence which models, tools, marketplaces, and data services gain traction. The risk is not merely that customers pay too much for compute. It is that the next software platform shift inherits the same concentration as the last one.
This is where the DMA may prove both useful and strained. It can impose obligations on designated gatekeepers, but AI services evolve quickly and blur product boundaries. Is a model catalog part of cloud infrastructure, a marketplace, a developer platform, or an application service? Is a Copilot feature a productivity product, an AI service, or an Azure workload in disguise? Regulators will need answers fast enough to matter.
Enterprise IT Should Read This as a Procurement Warning
For enterprise buyers, the Commission’s move should not trigger panic migration plans. AWS and Azure are not going away, and a preliminary DMA position does not invalidate their technical merits. Most organizations will continue buying from them because they solve real problems at scale.The smarter response is to treat the proceeding as a warning about concentration risk. If the EU believes AWS and Azure may be unavoidable gateways, CIOs should ask whether their own architecture has quietly reached the same conclusion. A regulator’s concern about lock-in is often just an enterprise risk register written in public-policy language.
That means procurement teams should pay closer attention to exit clauses, data mobility, egress economics, identity dependencies, software licensing terms, and operational portability. Multi-cloud should not be treated as a slogan or a badge of sophistication. A sloppy multi-cloud estate can be more expensive and less secure than a disciplined single-cloud strategy.
The question is where portability is worth paying for. Some workloads are so tied to a platform’s managed services that portability would destroy the business case. Others can be designed around containers, open databases, infrastructure as code, and vendor-neutral observability without sacrificing much. The art is knowing which is which before the renewal deadline arrives.
Windows-heavy shops face a particularly subtle version of the problem. Microsoft’s tooling can reduce operational friction dramatically, especially for identity, endpoint security, compliance, and device management. But every successful integration can also narrow the practical path away from Azure. That does not make the integration bad. It makes its long-term consequences worth documenting.
The Hyperscalers Will Sell Compliance as Confidence
Amazon and Microsoft are unlikely to treat a final designation as a simple defeat. Large platform companies have learned to turn regulatory compliance into a feature. Expect language about trust, transparency, European values, customer choice, sovereign cloud options, and continued investment.Some of that will be fair. The hyperscalers have already built EU regions, compliance programs, encryption controls, data residency commitments, and sovereign-cloud offerings because customers demanded them. Their scale allows them to absorb regulatory costs that might crush smaller providers. A more regulated AWS or Azure may still be more attractive to many buyers than a smaller provider with fewer services and less mature tooling.
But compliance branding can obscure the underlying market question. If the same companies that dominate the market are also best positioned to satisfy the new rules, regulation may harden rather than weaken their advantage. The DMA’s success will depend on whether obligations create genuine room for competition or simply add a paperwork moat around incumbents.
This is one of the paradoxes of Big Tech regulation. The companies most capable of complying are often the companies regulators are trying to constrain. A giant can hire lawyers, policy teams, engineers, auditors, and lobbyists. A challenger may struggle to interpret the same rulebook while also trying to build a product.
That does not mean the EU should do nothing. It means regulators must measure outcomes rather than press releases. If customers still cannot move data affordably, if independent software vendors still face platform pressure, if licensing still distorts cloud choice, and if AI services become more tightly bundled into dominant ecosystems, then formal compliance will not be enough.
The Fight Will Be Over Remedies, Not Rhetoric
The preliminary finding is only one step. Amazon and Microsoft can respond, contest the analysis, and argue that designation is unnecessary, misapplied, or competitively harmful. A final decision would then determine whether AWS and Azure are formally added to the list of gatekeeper-controlled core platform services under the DMA.The most consequential debate will be about what obligations mean in practice for cloud. Some DMA rules map more naturally to app stores and marketplaces than to infrastructure services. Applying them to cloud will require careful interpretation, especially where technical integration is both a source of customer value and a possible tool of lock-in.
If the Commission pushes too broadly, it risks turning cloud engineering into a compliance guessing game. If it pushes too narrowly, the designation becomes symbolic. The real test is whether Brussels can identify conduct that distorts competition without punishing the normal advantages of scale, reliability, and product integration.
That distinction matters because not every form of customer dependence is abusive. Enterprises depend on platforms because platforms reduce complexity. A bank may prefer Azure because its Microsoft estate already has identity and compliance patterns there. A retailer may prefer AWS because its engineers know the services and the performance is predictable. Competition law should not pretend that switching costs can be eliminated without also eliminating much of what makes cloud useful.
But dependence becomes a public concern when the provider can exploit it to foreclose rivals, impose unfair terms, or make adjacent markets less contestable. That is the line Brussels is trying to draw. The difficulty is that, in cloud, the line often runs through architecture diagrams rather than consumer-facing screens.
The Cloud Crackdown Gives Windows Shops a New Checklist
This proceeding will move slowly compared with product roadmaps, but it should still change the questions IT leaders ask now. The practical lesson is not to abandon hyperscale cloud. It is to stop treating cloud dependency as somebody else’s policy problem.- Organizations should inventory which workloads depend on vendor-specific managed services and which could realistically move with modest refactoring.
- Procurement teams should model data egress, licensing, and migration costs before they become leverage points in renewal negotiations.
- Windows-centric environments should document where Microsoft 365, Entra ID, Intune, Defender, Sentinel, GitHub, and Azure create operational coupling.
- Developers should distinguish between productive platform-native choices and accidental lock-in created by convenience defaults.
- Security teams should ensure that multi-cloud or hybrid strategies do not multiply identity, logging, and incident-response gaps.
- Executives should treat regulatory scrutiny as a signal that cloud concentration is a strategic risk, not just a technical architecture choice.
References
- Primary source: Retail Gazette
Published: Fri, 26 Jun 2026 07:52:36 GMT
EU targets Amazon and Microsoft cloud dominance in 'Big Tech' crackdown - Retail Gazette
<div class="at-above-post addthis_tool" data-url="https://www.retailgazette.co.uk/blog/2026/06/eu-targets-amazon-and-microsoft-cloud-dominance-in-big-tech-crackdown/"></div>Amazon and Microsoft’s cloud computing businesses could be brought under tougher EU tech...www.retailgazette.co.uk - Independent coverage: Computing UK
Published: Fri, 26 Jun 2026 07:51:14 GMT
AWS and Azure edge closer to EU 'gatekeeper' status
The EU is moving towards placing Amazon and Microsoft’s cloud computing businesses under its landmark digital competition law.www.computing.co.uk - Related coverage: agenceurope.eu
European Commission designates Amazon and Microsoft as gatekeepers under DMA for their dominant cloud computing services | AGENCE EUROPE
The European Commission designates Amazon and Microsoft as gatekeepers under the Digital Markets Act.agenceurope.eu
- Related coverage: digital-markets-act.ec.europa.eu
Commission launches market investigations on cloud computing services under the Digital Markets Act
The Commission opened three market investigations on cloud computing services under the Digital Markets Act (DMA). Two market investigations will assess whether Amazon and Microsoft should be designated as gatekeepers for their cloud computing services, Amazon Web Services and Microsoft Azure...digital-markets-act.ec.europa.eu - Related coverage: competition-policy.ec.europa.eu
Commission reaches preliminary position that Amazon's and Microsoft's market leading cloud services should be designated under the DMA
Commission reaches preliminary position that Amazon's and Microsoft's market leading cloud services should be designated under the DMAcompetition-policy.ec.europa.eu - Related coverage: germany.representation.ec.europa.eu
DMA: Cloud-Dienste von Amazon und Microsoft könnten als „Gatekeeper“ eingestuft werden
Die EU-Kommission hat Amazon und Microsoft ihre vorläufige Auffassung mitgeteilt, dass ihre Cloud-Computing-Dienste – Amazon Web Services (AWS) bzw. Microsoft Azure (Azure) – im Rahmen des Digital Markets Act (DMA) als „Gatekeeper“ eingestuft werden sollten.germany.representation.ec.europa.eu
- Related coverage: eunews.it
- Related coverage: computerweekly.com
European Commission launches AWS and Microsoft-focused cloud competition probes | Computer Weekly
The European Commission has launched three investigations into how the continent's cloud market operates, with two focused specifically on Microsoft and Amazon Web Serviceswww.computerweekly.com - Related coverage: finanza.repubblica.it
- Related coverage: ceotodaymagazine.com
European Commission Targets AWS and Azure Under DMA
European Commission findings say AWS and Azure should face DMA gatekeeper rules because of their scale, user bases and cloud market power.www.ceotodaymagazine.com - Related coverage: datacenterdynamics.com
AWS and Microsoft designated 'gatekeepers' under Europe's Digital Markets Act - DCD
European Commission's preliminary decision comes despite duo "not meeting the DMA's quantitative thresholds"www.datacenterdynamics.com - Related coverage: elpais.com
Bruselas plantea que los servicios en la nube de Amazon y Microsoft se sometan a reglas comunitarias más estrictas | Economía | EL PAÍS
En una conclusión preliminar que se puede apelar, la Comisión considera que AmazonWeb Services y Microsoft Azure deben designarse como guardianes de acceso conforme a la Ley de Mercados Digitaleselpais.com - Related coverage: techradar.com
AWS brings ‘Sovereign’ cloud to Europe - you can pause your geopatriation plans, for now | TechRadar
As the Atlantic rift deepens, Europeans get better compliance and protections from AWSwww.techradar.com - Related coverage: windowscentral.com
UK CMA questions cloud market as Azure revenue grows | Windows Central
This fiscal year, Azure and other Microsoft cloud services earned $75 billion in revenue.www.windowscentral.com - Related coverage: lemonde.fr
Trump fires back at EU tech regulation
Donald Trump's administration is defending US tech giants against EU regulations. Brussels says it is 'determined to apply them.'www.lemonde.fr
