EU DMA Probes AWS and Azure: Redefining Europe Cloud Competition

The European Commission has launched an unprecedented set of market investigations under the Digital Markets Act (DMA) that put Amazon Web Services (AWS) and Microsoft Azure squarely in Brussels’ regulatory crosshairs — a move that could redraw the rules for cloud competition, interoperability and the economics of AI infrastructure across Europe.

Background: why the EU moved on cloud providers now​

Cloud computing has graduated from a procurement line item to strategic infrastructure: governments, banks, critical national services, digital platforms and increasingly large-scale AI workloads run on public cloud platforms. That centrality makes cloud concentration a national-security and industrial-policy issue as much as a competition concern.
Brussels has opened three related probes: two company-specific market investigations — one into AWS and one into Microsoft Azure — and a third, horizontal study to evaluate whether the DMA’s existing toolkit is fit for policing cloud infrastructure and related practices. The Commission aims to complete the inquiries within roughly 12 months. Why now? Three converging drivers pushed cloud to the top of the EU agenda:

• Market concentration: independent industry trackers and national reviews show the top three hyperscalers (AWS, Microsoft Azure and Google Cloud) capture the lion’s share of public-cloud spending in Europe, raising concerns about contestability.
• Systemic risk and outages: high‑impact, widely felt outages in 2025 drew attention to resilience and the practical consequences of concentration. The Commission explicitly cited these resilience concerns when announcing the inquiries.
• AI and specialized capacity: the explosive demand for accelerator-backed AI compute amplifies lock‑in and raises barriers to entry for rivals that cannot match hyperscalers’ hardware and global footprint.

These contextual facts make the cloud probe both a competition review and an industrial‑policy exercise aimed at preserving Europe’s digital sovereignty and capacity to innovate.

---

Overview: what the Commission is actually investigating​

The three investigations are tightly focused but legally consequential:

• Two market investigations (one for AWS, one for Azure): assess whether those cloud offerings functionally behave as gatekeeper-provided core platform services under the DMA, even where numeric thresholds (user counts or capitalization formulas) are awkward to apply to cloud infrastructure.
• A horizontal DMA fitness study: assess whether the DMA — originally written around consumer-facing platform metrics — can be meaningfully applied to enterprise-grade infrastructure markets, or whether tailored, cloud-specific remedies are required.

The probes will collect technical evidence, contractual documents, market data and stakeholder testimony. Core lines of inquiry will include: portability and egress fees; licensing and pricing that might favour an incumbent; bundling or self‑preferencing of first‑party managed services; proprietary APIs and control‑plane barriers to multi‑cloud operation; and contract terms that may disadvantage business users.

---

What the DMA requires and the legal mechanics at play​

The DMA is an ex‑ante regulatory instrument designed to impose mandatory obligations on a limited set of dominant platforms designated as gatekeepers. The statute sets a presumption of gatekeeper status where a provider meets cumulative quantitative thresholds, yet it also contains a qualitative pathway allowing the Commission to designate a service after a market investigation if the functional test is met. Key verified facts about the DMA:

• Quantitative thresholds commonly cited: annual EU turnover of at least €7.5 billion (or market capitalisation of at least €75 billion) and platform metrics such as at least 45 million monthly active end users in the EU and at least 10,000 annual business users. These thresholds — and the presumption they create — are defined in the DMA’s text and official guidance.
• The DMA imposes binding obligations on designated gatekeepers: non‑discrimination, enhanced interoperability, data portability and prohibitions on self‑preferencing. Breaches can attract fines up to 10% of global annual turnover (with higher penalties for repeat infringements).
• If the Commission concludes a service should be designated following a market investigation, it has mechanisms to require compliance within compressed timelines (designated gatekeepers typically receive a narrow window to align with DMA obligations). The Commission signalled the current inquiries would target conclusions within approximately 12 months.

Importantly, the DMA’s qualitative route lets Brussels act where a service’s functional role as a gateway — for example, cloud infrastructure that intermediates between business and end customers — justifies ex‑ante constraints even if the literal user-count thresholds do not map cleanly to enterprise infrastructure metrics. That legal discretion is precisely what the Commission is testing in these cloud probes.

---

What investigators will examine — concrete technical and commercial issues​

The probes are evidence‑heavy and technical. Expect the Commission’s fact‑finding teams to focus on a finite set of mechanisms where incumbency could create foreclosure or lock‑in:

• Data portability and egress fees: Are there exit charges, throttled export tools, or practical performance gaps that make migrating large datasets and stateful workloads materially costly or slow? Investigators will assess migration tooling, contractual export guarantees, and real‑world data transfer performance.
• Licensing differentials and pricing: Do licensing terms for critical middleware, databases, or OS components make it materially cheaper to run workloads on the incumbent’s cloud versus rivals? This includes discounts, license bundling, or pricing models that favour native cloud consumption.
• Self‑preferencing and marketplace dynamics: Are first‑party managed services, marketplaces or AI stacks being privileged in placement, performance tiers or integration in ways that disadvantage independent ISVs? The Commission will review marketplace algorithms, performance telemetry and differential treatment in consoles or managed‑service catalogs.
• Interoperability and control‑plane barriers: Does the control plane expose proprietary primitives, API semantics, or orchestration semantics that make practical multi‑cloud operation infeasible for latency‑sensitive, stateful, or AI workloads? This technical angle is central because the DMA’s remedies would likely require technical interoperability, not only contractual promises.
• Contractual terms and bargaining power: Are there unbalanced terms that limit customers’ ability to switch, audit, or access their data, or clauses that tie services together (e.g., “unless you take X managed database, pricing on Y will be penalized”)? Investigators will want to see exemplar contracts and evidence from customers.

Each of these lines of inquiry implicates distinct legal and technical remedies: some can be addressed through transparency and portability obligations; others may require deep technical standardization or even behavioural remedies to prevent discriminatory practices.

---

How designation would change the cloud market — practical consequences​

If the Commission concludes that AWS or Azure (or both) qualify as gatekeepers for specific cloud services, the practical effects could be significant and wide‑ranging:

• Interoperability mandates: Gatekeepers could be required to implement APIs or protocols that enable practical workload portability, or to expose specific control‑plane interfaces to third parties. That would be a legal lever to reduce lock‑in, but it raises engineering trade‑offs around complexity and performance.
• Non‑discrimination rules: Firms would be explicitly barred from favouring first‑party managed services in ways that disadvantage rivals, affecting how marketplaces and platform consoles surface services to customers.
• Data‑access and portability obligations: Companies may have to provide stronger export guarantees, bulk‑data extraction tools, and timelines that are operationally meaningful for large enterprise workloads.
• Contract rebalancing: The DMA could lead to limits on certain contractual clauses that tie services or place onerous exit penalties on customers.
• Enforcement exposure: Non‑compliance with DMA obligations can carry fines measured as a share of global turnover, which creates material financial risk and an incentive to change product practices quickly.

At the same time, remedies must be narrowly tailored: mandating deep technical change risks degrading performance or increasing costs if not carefully scoped. Designing interoperability obligations that preserve latency, reliability and security for complex workloads is a major engineering challenge.

---

Risks and trade-offs: innovation, investment and operational complexity​

Applying gatekeeper obligations to cloud infrastructure presents a set of trade‑offs regulators and industry must weigh carefully.

• Potential benefits:
• Reduced vendor lock‑in and lower switching friction could spur competition and innovation among cloud‑native software vendors and EU-based cloud providers.
• Greater transparency and data portability may empower enterprise customers and public procurers to adopt multi‑cloud resilience strategies.
• Policy coherence: applying DMA tools to cloud could strengthen Europe’s digital sovereignty and supply‑chain resilience for critical services.
• Significant risks:
• Engineering complexity and performance costs: Forcing interoperability at an API and control‑plane level risks introducing compatibility layers that increase latency or create brittle, hard‑to‑operate systems for demanding workloads (e.g., training large models or low‑latency financial systems).
• Investment disincentives: Hyperscalers argue that heavy-handed obligations could blunt incentives to invest in global infrastructure and specialized hardware, potentially raising costs for European businesses. The sector warns that regulation must avoid chilling R&D investment.
• Fragmentation risk: Divergent requirements across jurisdictions (EU, UK, other markets) could create compliance complexity and higher costs for global providers and their customers.

Regulators must therefore calibrate remedies that reduce anti‑competitive risks without creating perverse effects on performance and global investment.

---

What businesses and IT leaders should do now (practical checklist)​

The Commission’s probes create regulatory uncertainty; prudent IT leaders should prepare now to reduce exposure and maintain operational flexibility.

• Map cloud dependencies comprehensively:
• Inventory workloads, data gravity, managed services used, and where specialized accelerators are hosted.
• Assess portability and exit readiness:
• Test data export procedures, measure egress costs, and run dry‑run migrations for critical systems where feasible.
• Re‑negotiate contractual protections:
• Seek clearer SLAs for data export, portability guarantees, and audit rights; aim for shorter notice periods and break clauses tied to resilience metrics.
• Strengthen multi‑cloud and hybrid architectures:
• Where mission‑critical, isolate components that can be moved quickly; implement abstraction layers for stateless services and design for cross‑cloud failover if latency and cost permit.
• Engage in industry and public consultations:
• Submit evidence to the Commission’s fact‑finding teams and participate in standardization or industry‑led interoperability initiatives.

These steps won’t eliminate regulatory risk, but they help institutions remain operationally resilient and reduce leverage that incumbents derive from lock‑in.

---

Scenarios for outcomes and their implications​

The Commission’s possible findings fall into several plausible scenarios, each with distinct market consequences.

• Qualitative designation of gatekeeper status for specific cloud services:
• Would bring DMA obligations directly to parts of AWS and/or Azure.
• Could trigger fast compliance timelines and introduce mandated technical or contractual changes.
• European customers might gain stronger portability rights and reduced discrimination risk; providers could challenge or adapt product roadmaps.
• No designation but targeted remedies or guidance:
• The Commission could conclude the DMA is not perfectly adapted to cloud and instead produce sector‑specific guidance or non‑binding commitments.
• This approach reduces legal shock but delays enforceable remedies, potentially leaving systemic risks unaddressed.
• Policy update to the DMA or new sectoral rules:
• The horizontal probe could lead to legislative amendments or a bespoke cloud governance toolbox that blends DMA principles with infrastructure‑specific rules.
• This option would be longer but could yield a more technically coherent regime.
• Co‑ordinated remedies across jurisdictions:
• Parallel findings by the UK CMA and EU Commission could harmonize rules, but divergence could create compliance complexity and fragmentation.

Each scenario will affect procurement, cloud roadmaps, and the competitive landscape for local and regional cloud providers.

---

What Microsoft and Amazon have said (public reactions)​

Both vendors publicly defended the dynamism of the cloud market while indicating willingness to engage in the inquiry.

• Microsoft: said it “stands ready to contribute” and expressed readiness to cooperate with the Commission’s market enquiry.
• AWS: warned that designating cloud providers as gatekeepers “isn’t worth the risks of stifling invention or raising costs for European companies,” emphasizing market dynamism and choice.

Those statements signal the companies will present technical and economic evidence to the Commission. Expect intensive submissions from both the hyperscalers and their enterprise customers during the evidence‑gathering phase.

---

How regulators will balance technical practicality with legal ambition​

The Commission’s task is technically complex. The DMA’s remedies were crafted for consumer‑facing platforms; mapping them onto cloud primitives requires granular technical rule‑making:

• Interoperability must be defined at the right abstraction: coarse obligations (e.g., “must be interoperable”) are insufficient; the Commission will need specific, testable interfaces or standards to make portability operational without compromising performance.
• Remedies will likely be incremental: the Commission can use interim measures, commitments and phased obligations to avoid sudden disruption while driving change where harms are proven.
• Stakeholder input will shape feasibility: cloud providers, customers, open‑source projects and standards bodies will influence whether obligations become operational requirements or softer transparency and governance measures.

Designing workable rules will require close collaboration between competition lawyers, cloud engineers, standards organizations and public procurers.

---

Caveats and unverifiable points — a note of caution​

A few widely circulated claims around the inquiry merit conservative treatment:

• Reported macroeconomic cost estimates tied to outages vary widely and are often speculative; while outages cause real harm, sweeping economic‑damage figures in the hundreds of billions should be treated as expert projections rather than audited totals. The Commission’s public statements focus on resilience and structural risk rather than precise macroeconomic tabulations.
• Media summaries sometimes include political framing (for example references to U.S. political actors or lobbying dynamics) that are contextually relevant but not determinative of the Commission’s legal analysis. Such links should be understood as background color rather than legal grounds for the inquiry. If political influence is reported, verify with official Commission documents and contemporaneous statements.

Where official Commission notices, company submissions, or court filings are available, those should be treated as the definitive record. Until the Commission’s formal interim or final findings are published, aspects of the probes remain provisional.

---

Practical implications for the EU cloud ecosystem and international players​

The investigation will shape Europe’s cloud economy in multiple ways:

• Procurement and public‑sector architecture: governments may push for vendor neutrality and portability clauses in contracts and encourage local alternatives where strategic autonomy is at stake.
• Market opportunities for challengers: clearer portability and interoperability could lower barriers for smaller cloud providers and specialised AI‑compute entrants — but only if remedies are technical and enforceable.
• Global regulatory coordination: outcomes in the EU will be watched closely by other jurisdictions; coordinated action could reduce fragmentation, while divergent approaches could create compliance overhead for global providers.

The EU’s approach will be a template for how to regulate infrastructure that straddles competition, resilience and industrial strategy.

---

Conclusion​

The European Commission’s decision to open market investigations into AWS and Microsoft Azure under the DMA is a watershed moment for cloud governance. The probes place core questions — portability, interoperability, self‑preferencing, and contract fairness — at the intersection of legal policy and engineering reality. Over the next 12 months, the Commission will gather technical evidence and stakeholder testimony that could either drive targeted remedies or trigger fundamental changes in how hyperscalers operate in Europe.
For IT leaders, the imperative is immediate: map dependencies, shore up exit and export capabilities, and engage with regulators and industry groups. For policymakers and engineers, the challenge is more delicate: craft rules that reduce anti‑competitive conduct and strengthen resilience without undermining the performance and investment models that enable modern cloud services.
This inquiry will set precedents that reverberate beyond Europe — across global cloud economics, the architecture of AI services, and the practical levers available to competition authorities confronting infrastructural concentration. The coming year will determine whether the DMA can be adapted into an effective, technically feasible instrument for a cloud‑enabled world.

---

Source: Windows Report EU Probes Microsoft Azure and Amazon Web Services for Potential Gatekeeping