The European Commission’s decision to open three formal market investigations into Amazon Web Services (AWS) and Microsoft Azure under the Digital Markets Act (DMA) marks a decisive escalation in Brussels’ attempt to bring hyperscale cloud infrastructure within the EU’s ex‑ante regulatory framework — and it raises urgent questions for CIOs, procurement teams, cloud architects and policy wonks about competition, resilience and the future shape of cloud economics in Europe.
Background / Overview
Cloud computing is no longer a background procurement choice; it is strategic infrastructure. Over the last decade public-cloud platforms have evolved from commodity compute and storage providers into vertically integrated stacks that deliver developer platforms, managed databases, identity fabrics, and specialised AI acceleration — capabilities that are central to enterprise digital transformation and national critical services. The Commission’s probes ask a simple but powerful question: do certain cloud services act as “important gateways” between businesses and end users in ways that justify applying DMA gatekeeper obligations to them?
The DMA was written to impose ex‑ante obligations on so‑called gatekeepers — platforms whose scale and role allow them to shape contestability in digital markets. The Commission can designate gatekeepers on the basis of quantitative thresholds (financial size, monthly active end users, business users), or, crucially for cloud, through qualitative market investigations where numeric thresholds do not cleanly map to infrastructure markets. The DMA’s baseline thresholds — an EU group turnover threshold of €7.5 billion in each of the last three years or a market capitalisation of €75 billion, plus at least 45 million monthly end users and 10,000 annual business users — are codified in the regulation and guide the Commission’s presumption tests. Why the Commission moved now: three converging drivers
- Market concentration: multiple national and industry reviews show a small set of hyperscalers (Amazon, Microsoft, Google) account for the lion’s share of cloud spending in many European markets.
- Switching friction and lock‑in: contractual features (egress fees, licensing differentials), proprietary APIs and bundled managed services raise the financial and operational costs of migration.
- Resilience and AI: high‑impact outages and the centrality of specialised AI hardware have made dependency on a handful of providers a public‑policy and security concern.
Taken together, these forces have moved cloud from a procurement topic to a regulatory priority.
What Brussels has opened: the three investigations
1. Market investigation into Amazon Web Services (AWS)
The Commission will examine whether certain AWS offerings functionally operate as a DMA “gatekeeper” — that is, whether they are critical intermediaries that give AWS durable, structural control over downstream markets. Investigators will gather contractual evidence, commercial data and technical documentation to test for lock‑in, self‑preferencing, discriminatory treatment of business users, egress and portability friction, and technical barriers to interoperability.
2. Market investigation into Microsoft Azure
A parallel probe will apply the same qualitative test to Microsoft Azure. The Commission will probe Microsoft’s licensing and commercial practices (including allegations that certain licensing terms incentivise running Microsoft workloads on Azure), marketplace and managed service placement, and any technical design choices that impede multi‑cloud portability. Microsoft has signalled cooperation; both companies are expected to supply deep technical and contractual evidence.
3. Horizontal study: does the DMA fit the cloud era?
The third strand is a sectoral, horizontal assessment of whether the DMA’s toolbox — originally designed with consumer‑facing platforms in mind — can effectively and proportionately address the specific competition and systemic‑risk dimensions of cloud infrastructure. That review will test whether existing DMA obligations (interoperability, non‑discrimination, portability) require bespoke interpretation, technical annexes, or even delegated acts to be applicable to cloud services and AI infrastructure. The Commission may propose updates to DMA obligations for cloud by delegated act if the study finds gaps.
What the investigations will actually look at (technical and legal lines of inquiry)
The Commission’s investigators will focus on concrete mechanisms that create or reinforce incumbency. Expect the evidence docket to include:
- Data portability and egress: Are exit costs, transfer tools and export formats structured in ways that materially deter migration? Are exports complete, usable and timely for production workloads?
- Licensing and differential pricing: Do software licensing models (for example, for operating systems, database engines, middleware) create price incentives to remain on a particular cloud? Is there evidence of discriminatory licensing that raises rivals’ costs?
- Bundling and self‑preferencing: Are first‑party managed services, marketplaces or developer tooling treated preferentially (pricing, placement, performance) in ways that disadvantage independent ISVs?
- Control‑plane and API lock‑in: Do proprietary control‑plane primitives or unique service semantics (APIs, runtime extensions, hardware accelerators) make real multi‑cloud architecture infeasible for latency‑sensitive or specialized AI workloads?
- Systemic resilience and dependency: How do outages and concentrated supply affect critical services (transport, health, finance, government)? Should remedies include minimum resilience or redundancy measures?
These are not abstract inquiries. Regulators will want empirical evidence — contracts, invoices, performance traces, migration test results and testimony from enterprise customers, independent cloud providers and software vendors.
What history and parallel regulators tell us
The EU’s action follows sustained scrutiny elsewhere. The UK Competition and Markets Authority (CMA) ran a high‑profile cloud market investigation which provisionally found competition problems and recommended further action; the CMA’s inquiry estimated that AWS and Microsoft each account for roughly 30–40% of UK customer spend in some segments and flagged licensing, egress and lock‑in concerns. Those findings sharpened policymakers’ focus and provide parallel evidence that Brussels will weigh. The DMA already designates certain core platform services and gatekeeper firms; the Commission has precedent for using qualitative market investigations to extend the DMA’s reach where the numeric thresholds do not map cleanly to a service. That procedural route gives Brussels the legal tools to treat cloud as a potential gatekeeping domain even if cloud metrics differ from consumer‑facing MAU counts.
Possible outcomes and timing (practical implications)
- Findings of “gatekeeper” status for AWS and/or Azure:
- If the Commission concludes one or both cloud services meet the qualitative gatekeeper test, those services could be added to the list of designated core platform services already associated with Amazon and Microsoft.
- Designated services must comply with DMA obligations; historically, the Commission has given designated gatekeepers six months to implement compliance measures after designation.
- Remedies without designation:
- The Commission can recommend targeted behavioural remedies (interoperability APIs, egress reforms, business‑user data access) without a full gatekeeper label; these would be less sweeping but still legally binding where the Commission has enforcement authority.
- Sectoral update to DMA:
- The horizontal study could result in DMA clarifications or delegated acts that tailor obligations to the technical reality of infrastructure markets — e.g., interoperability definitions for compute, model portability standards, or minimum contractual exit provisions.
Timelines: Brussels aims to complete the AWS and Azure market investigations within roughly 12 months; the broader horizontal study may take up to 18 months and could recommend legislative clarifications. These are ambitious timetables given the technical complexity; expect procedural steps (information requests, document retention orders, expert hearings) to occupy much of that window.
Why this matters for IT leaders and procurement teams
The probes create immediate, actionable implications for enterprise buyers and public procurers:
- Strengthen exit clauses and audit rights now. If litigation or remedies follow, having documented exit rights, data export guarantees and contractual SLAs will be critical evidence in later disputes and will materially reduce migration risk in practice.
- Design for portability. Re‑architect workloads where feasible to decouple from provider‑specific primitives; containerization, open APIs, standardised model formats and storage‑agnostic data layers reduce technical switching costs.
- Negotiate transparency on egress and licensing. Seek explicit, granular commitments on egress pricing, bulk export acceleration and clear licensing terms for third‑party software to avoid surprise migration costs.
- Document critical dependencies. For public services and regulated sectors, map which critical systems rely on a single provider and assess resilience plans (active failover, multi‑region redundancy, contractual exit triggers).
- Prepare compliance and legal evidence. If your organisation has experienced elevated egress charges, licensing differentials, or blocked access to technical interfaces, preserve communications and billing records — regulators will want documentary proof.
Strengths of the Commission’s approach
- Proactive, ex‑ante posture: The DMA’s qualitative market‑investigation route lets the Commission address structural problems before they calcify into irreversible lock‑ins or systemic failures.
- Technical focus: The probes explicitly target concrete technical and contractual practices (APIs, egress, licensing), which should yield remedies that are implementable rather than vaguely prescriptive.
- Coordination with national authorities: The Commission’s cooperation with the Dutch ACM and reference to national findings (e.g., the CMA) improves evidence quality and reduces regulatory fragmentation risk.
Risks, uncertainties and unintended consequences
- Regulatory noise can slow investment: Hyperscalers argue that imposing DMA-style obligations on infrastructure could raise compliance costs and disincentivise large capital investments in European regions, with potential negative supply effects. This is a core counterargument the companies will make.
- Overbroad remedies could break things: Cloud services are performance‑sensitive; poorly calibrated interoperability or portability rules could degrade latency‑sensitive workloads or force sub‑optimal architectural choices.
- Measurement and mapping challenges: The DMA’s original metrics (MAUs, business user counts) were designed for consumer platforms. Translating those concepts into contract value, capacity, or critical workload footprints is non‑trivial and will invite legal dispute.
- Fragmentation risk: Diverging remedies between the EU and other jurisdictions (UK, U.S. could fragment global cloud product lines and complicate multi‑region operations.
- Litigation and delays: If the Commission designates services, expect aggressive legal challenges and lengthy appeals that prolong uncertainty for customers. The enforcement timeline looks compact on paper; reality often stretches longer.
Where the evidence is uncertain
- Market‑share estimates vary by methodology (IaaS revenue, hostnames, customer spend). Figures cited in public reports (for example, the CMA’s provisional 30–40% figures for AWS and Microsoft in the UK) are useful indicators but should be treated as provisional, methodology‑dependent estimates rather than precise truths. The Commission will rely on detailed, audited supplier reports during the inquiries.
How AWS and Microsoft (and rivals) are likely to respond
- Technical remedies and commercial concessions: Expect rapid announcements that promise improved migration tooling, clearer egress pricing and expanded local key‑management and portability options — aimed at both customers and regulators.
- Legal and economic arguments: Both firms will mobilise economics teams to contest “gatekeeper” characterisations, arguing dynamic competition, rapid innovation and multi‑vector competition (price, features, geography).
- Market signalling to customers: Messaging that heavy‑handed regulation risks increasing costs — used to shape public and political sentiment.
- Cooperation where pragmatic: Microsoft and other vendors have a track record of negotiating sector‑specific fixes (for example, prior licensing agreements with EU cloud providers), which could be the most pragmatic path to avoid sweeping remedial orders.
What regulators must get right
- Be evidence‑driven and technically granular: remedies must map to the precise mechanisms that create lock‑in or market foreclosure.
- Avoid one‑size‑fits‑all prescriptions: compute, storage, network and specialised AI accelerators each have distinct portability constraints.
- Preserve incentives for scale investment: address market power while protecting capital flows that fund data‑centre builds, fibre, and security upgrades.
- Coordinate internationally: harmonised principles reduce fragmentation and provide clearer guidance to cloud buyers and builders.
Bottom line
Brussels’ market investigations into AWS and Azure under the DMA represent a watershed moment for cloud governance in Europe. They bring the EU’s strongest ex‑ante competition tool to bear on a domain that powers the continent’s digital economy and AI ambitions. For enterprise and public‑sector buyers, the immediate imperative is pragmatic: assume change, tighten contractual exit and audit rights, design for portability where feasible, and document supplier behaviours that inhibit switching.
For providers and policymakers, the central challenge is equally real and delicate: craft remedies that restore contestability and protect users without undermining the economies of scale and investment logic that make hyperscale cloud secure, performant and affordable. The Commission’s technical scrutiny over the coming 12–18 months will determine whether the DMA can be adapted to the cloud era — or whether Europe will need a bespoke regulatory instrument tailored to infrastructure and AI‑era strategic dependencies.
The investigations will produce intense technical engagement, legal argument and political contention. Over the next year, procurement teams should treat the probes as a strategic inflection point: capture contractual evidence, harden exit routes, and prioritise portability — because the regulatory and commercial landscape for cloud in Europe is actively being re‑written.
(Where figures or precise estimates are used above — for example, market shares cited from national regulator reports — those are drawn from provisional public reports and media summaries; they should be treated as indicative and will be refined as formal Commission findings and final national reports are published.
Source: Mobile Europe
EU to investigate if Amazon, Microsoft are gatekeepers for their cloud services - Mobile Europe