On 18 November 2025, the European Commission opened three Digital Markets Act investigations into cloud computing, including two probes into whether Amazon Web Services and Microsoft Azure should be treated as gatekeepers in the European Union. The move is not merely another Brussels skirmish with Big Tech. It is the first serious attempt to decide whether the cloud, long treated as infrastructure rather than platform power, belongs inside the EU’s ex ante regulatory machine. The answer will shape not only cloud pricing and procurement, but also the economics of AI, enterprise software, and digital sovereignty.
For years, the cloud market has occupied a strange place in competition policy. Everyone in IT knows the hyperscalers have gravity: customers build around their APIs, identity systems, database services, licensing models, data-egress fees, and managed platforms until “moving workload” becomes a phrase that sounds simpler in a PowerPoint than it is in a budget meeting. Yet the regulatory imagination has been slower to catch up, because cloud does not look like a social network, an app store, or a search engine. It is not where consumers click; it is where companies become dependent.
That is why the EU’s new cloud probe matters. The Commission is effectively asking whether the cloud is now a platform market in the deepest sense: a layer of digital life that other businesses must pass through, even when the end user never sees it.
The Digital Markets Act was built around a familiar cast of digital chokepoints. Search, mobile operating systems, app stores, marketplaces, browsers, ads, messaging, and social networks all fit the public mental model of gatekeeping. They mediate access to customers, audiences, developers, advertisers, or devices.
Cloud computing has always been more awkward. It is listed as a core platform service under the DMA, but it lacks the consumer-facing obviousness of an app store fee or a default search placement. A small retailer running on AWS, a bank using Azure, or a startup building on managed Kubernetes does not necessarily experience gatekeeping as a pop-up or a terms-of-service change. It experiences it as architecture.
That difference has allowed cloud to remain the forgotten core platform service. Not forgotten by CIOs, certainly, and not forgotten by the smaller cloud providers who have complained for years. But forgotten in the sense that the EU’s first DMA enforcement wave concentrated on the visible platforms of the smartphone and web economy while the infrastructure layer kept expanding beneath them.
The Commission’s November 2025 investigations change that. Two probes ask whether AWS and Azure should be designated as gatekeepers despite not meeting the DMA’s standard quantitative thresholds. A third asks a more uncomfortable question: whether the DMA’s existing obligations are even fit for cloud computing.
That third investigation may prove to be the most important one. If the Commission simply designates AWS and Azure and then applies a rulebook written for consumer platforms, it risks declaring victory over the wrong problem. The core of cloud lock-in is not a “buy button” or a ranking algorithm. It is a web of technical, contractual, financial, and licensing dependencies that make choice expensive after the first architectural decision has been made.
Still, raw share understates the issue. Hyperscaler power is cumulative. The more customers a cloud provider has, the more regions it can justify, the more services it can launch, the more partner integrations it can attract, the more certifications it can maintain, and the more enterprises come to treat it as the safe choice.
This is what makes cloud different from older outsourcing markets. A traditional hosting provider might rent servers and connectivity. A modern cloud provider supplies compute, storage, networking, identity, observability, databases, security tooling, AI accelerators, developer platforms, marketplace procurement, compliance frameworks, and increasingly the software stack that runs above all of it.
That makes switching difficult in a way that is not captured by simplistic analogies. Moving virtual machines is one thing. Rebuilding around another provider’s managed database, event bus, identity model, monitoring stack, machine-learning service, and cost-management workflow is something else entirely. The more a customer uses the cloud as intended, the less portable the environment becomes.
The hyperscalers know this, although they describe it more politely. They speak of customer choice, integrated services, innovation, and economies of scale. Those things are real. Cloud has lowered barriers for countless businesses and allowed IT teams to provision infrastructure with a speed that would have seemed absurd two decades ago. But integration and lock-in are often the same phenomenon viewed from opposite sides of the contract.
That makes Microsoft’s cloud competition problem distinct. The complaint from rivals has not only been that Azure is large or technically sticky. It is that Microsoft can use its software licensing terms to make running Microsoft workloads cheaper or simpler on Azure than on competing clouds.
This is where the EU probe intersects most directly with the WindowsForum audience. Windows Server licensing is not an abstract Brussels concern for sysadmins and infrastructure architects. It determines whether a workload can be moved economically, whether a hybrid-cloud plan survives procurement review, and whether a business can use a non-Microsoft cloud without paying what rivals describe as a penalty.
Microsoft has repeatedly defended its licensing practices and has made concessions in Europe over the years, including changes aimed at smaller European cloud providers. But those concessions have not ended the controversy. CISPE, the European cloud industry group, filed a complaint and later withdrew it after a settlement. Google also complained to the Commission about Microsoft’s cloud licensing practices before withdrawing its complaint after the DMA cloud investigations began. The political message was hard to miss: the fight had moved from classic antitrust complaint handling into the DMA arena.
The question is whether that move helps or hurts. Traditional competition law can target specific abusive conduct. The DMA is different. It imposes pre-set obligations on designated gatekeepers and is designed to prevent certain kinds of unfair conduct before years of litigation grind to a remedy. That speed is the point. But speed is only useful if the obligations match the market.
A cloud customer does not need the same kind of remedy as an app developer complaining about app-store rules. It may need the right to move data without punitive egress fees, to run licensed software on a rival platform without discriminatory terms, to interoperate identity and management systems, to avoid being forced into bundled services, or to obtain enough technical information to make multi-cloud realistic.
The problem is that the DMA’s existing Articles 5 and 6 were not primarily drafted around those scenarios. They emerged from years of fights over mobile ecosystems, marketplaces, advertising, messaging, and search. Cloud was included, but not fully theorized.
That is why the third investigation matters. If the Commission concludes that the DMA can effectively tackle cloud competition problems as written, AWS and Microsoft may face obligations relatively soon after any designation. If it concludes that the DMA needs cloud-specific amendments, the regulatory clock slows. Brussels may win the argument and still take years to deliver the remedy.
This is the central tension in the EU’s strategy. The DMA was sold as a faster alternative to endless antitrust cases. But in cloud, the law may first have to become what it already claims to be.
But designation alone will not fix the market. Gatekeeper status is a doorway to obligations, not a remedy in itself. The practical impact depends on which obligations apply, how the Commission interprets them, how quickly compliance is demanded, and how aggressively enforcement follows.
The Commission has said it aims to conclude the AWS and Azure investigations by November 2026. If designated, Amazon and Microsoft would have six months to comply with the applicable DMA obligations. That suggests 2027 as the earliest period when affected enterprise customers might see real compliance changes from gatekeeper designation.
Cloud-specific DMA remedies, however, may arrive later. The broader investigation into whether the DMA can tackle cloud-sector practices is expected to run on a separate timetable, with possible recommendations in 2027 and any legislative changes likely taking longer. In practical terms, the most meaningful cloud-specific rules may not bite before 2028.
That delay is not a footnote. It is the difference between regulation as market intervention and regulation as market commentary. The cloud market is not standing still while Brussels investigates. AI workloads are exploding, GPU capacity is reshaping procurement, and enterprises are deciding now which platforms will host the next decade of applications.
AWS’s power is the power of cloud-native breadth and incumbency. It has a mature global infrastructure footprint, a deep service catalog, a massive partner ecosystem, and years of accumulated customer architecture built around its primitives. Its lock-in tends to be technical and economic: proprietary managed services, data movement costs, operational familiarity, and the sheer risk of migration.
Microsoft’s power is more vertically entangled. Azure benefits from Microsoft’s decades-long presence in enterprise software, identity, productivity, database, developer tooling, and licensing. In a Windows-heavy estate, Azure can feel less like one cloud option among many than the default extension of an existing Microsoft relationship.
That distinction matters for remedies. If the Commission focuses on switching and interoperability, AWS will be directly implicated. If it focuses on licensing restrictions and software portability, Microsoft becomes the central test case. If it focuses on tying and bundling, both companies have exposure, but Microsoft’s software stack makes the issue especially acute.
The likely regulatory fight will therefore split into two arguments. Amazon will argue that customers choose AWS because of quality, scale, and innovation. Microsoft will argue that its integrated stack benefits customers and that licensing is being mischaracterized by rivals with their own commercial motives. Both arguments contain truth. Neither resolves the competition problem if customers cannot realistically leave.
But competition policy increasingly cares about effective choice. A customer has effective choice only if the alternative is usable at reasonable cost and risk. In cloud, the cost of choice rises after deployment. The buyer is freest before the first architecture diagram becomes production infrastructure.
This is why procurement departments can appear more powerful than they are. A large enterprise can negotiate discounts, commit spend, demand support, and run competitive tenders. Yet once a strategic workload is built around a hyperscaler’s services, the customer’s leverage changes. The next renewal is no longer a clean contest; it is a negotiation conducted inside the architecture.
Multi-cloud is often presented as the answer. In practice, it is more of a discipline than a destination. Running workloads across multiple clouds can reduce dependency, but it also raises operational complexity, security burden, staffing requirements, and cost. Many enterprises adopt multi-cloud accidentally through departmental purchasing rather than as a coherent portability strategy.
Regulators should be careful not to romanticize multi-cloud as a universal cure. A rule that says customers must be able to multi-home is useful only if the technical and contractual environment makes that choice credible. Otherwise, multi-cloud becomes the cloud equivalent of “just switch banks,” technically possible and practically painful.
The Commission’s own language makes the connection explicit: cloud is the backbone of digital services and crucial for AI development. In 2026, that sentence carries more weight than it would have five years ago. Cloud is no longer just elastic compute and storage. It is the supply chain for model training, inference, data pipelines, and the enterprise AI services Microsoft, Amazon, and Google are racing to embed into everything.
This creates a political opening for tougher intervention. If cloud dependency were merely a pricing dispute among vendors, Brussels might move slowly. But if cloud dependency becomes an AI dependency, a public-sector resilience issue, and a sovereignty concern, the regulatory stakes rise.
That does not mean Europe can regulate itself into a hyperscaler overnight. Building competitive cloud infrastructure at scale requires capital, engineering talent, energy, chips, network reach, and customer trust. Regulation can reduce barriers, but it cannot manufacture scale by decree.
Still, competition rules can shape the terrain. If customers can move data more easily, bring licenses more freely, interoperate management systems, and avoid coercive bundling, smaller and regional providers get a more plausible shot at specific workloads. They do not need to become AWS tomorrow to matter. They need a market where specialization is not smothered by default dependency.
Cloud magnifies that problem. Every year of regulatory delay means more applications built around proprietary services, more data stored in provider-specific formats or systems, more staff trained in one platform, and more procurement commitments renewed. The lock-in does not pause while lawyers define the market.
The irony is that the DMA investigation may now reproduce some of the same timing problem it was designed to solve. If the current obligations are inadequate and amendments are needed, the Commission will enter the slower world of legislative adaptation. That may be necessary. But it weakens the DMA’s claim to speed.
There is also a risk of regulatory underreach. Brussels may designate AWS and Azure, impose general obligations, and declare progress while the most controversial practices remain mostly intact. Microsoft’s software licensing terms, data-egress economics, and managed-service portability could all require more precise tools than the current DMA provides.
The stronger path is harder: admit that cloud requires a different regulatory grammar. The DMA should not be stretched awkwardly until it resembles a cloud law. It should be amended or interpreted with enough specificity that providers and customers know what compliance actually means.
That distinction is important because cloud competition is not solved by banning integration. Integrated services are often why customers use the cloud in the first place. A rulebook that treats every bundle or managed service as suspicious would punish innovation and push customers back toward more primitive infrastructure.
The target should be coercive dependency. Providers should be free to build excellent services, but customers should not be trapped by artificial costs, discriminatory licensing, opaque technical barriers, or contractual penalties that make alternatives theoretical. The goal is not to make every cloud identical. It is to make leaving possible.
That means the Commission will need to think like an enterprise architect as much as a competition lawyer. Remedies should be tested against real migration plans, real licensing scenarios, real data-transfer costs, and real operational constraints. If a compliance commitment looks good in a legal filing but fails in a sysadmin’s change window, it is not a remedy.
But Europe is moving with a different tool. The United States has tended to approach cloud concerns through antitrust investigation and agency scrutiny. The UK has pursued market studies and competition assessments. The EU, with the DMA, has a ready-made ex ante framework that can impose obligations on designated gatekeepers before a classic abuse case concludes.
That gives Brussels first-mover advantage, but also exposes it to first-mover mistakes. If it overreaches, it will be accused of hobbling cloud innovation and targeting successful American companies. If it underreaches, it will validate the criticism that the DMA is better at disciplining app-store optics than infrastructure power.
For Microsoft, the geopolitical optics are delicate. The company has spent years positioning itself as the enterprise partner that understands regulation, security, compliance, and government needs. Azure is deeply embedded in public-sector and regulated-industry IT. A finding that Azure functions as a gatekeeper in need of DMA constraints would complicate that carefully cultivated trust narrative.
For Amazon, the risk is different. AWS has long argued that cloud remains competitive and that customers have many choices, including on-premises infrastructure, hybrid setups, and rival providers. The Commission’s probe challenges that framing by asking whether AWS’s role as a gateway is significant even without the DMA’s usual user-number thresholds.
That means IT buyers should not expect overnight relief. Existing contracts, licensing terms, architecture decisions, and migration economics will continue to matter. But they should also recognize that regulatory risk has entered the cloud procurement equation in a new way.
Vendors will adapt before final rules arrive. Microsoft and Amazon are likely to sharpen their public arguments around customer choice, competition, innovation, and European investment. Smaller providers will push for remedies that address portability, licensing, and switching. Large customers will watch for leverage in renewal negotiations.
The most concrete lessons are already visible:
Source: EUobserver Amazon and Microsoft finally face EU anti-competitive cloud probe
For years, the cloud market has occupied a strange place in competition policy. Everyone in IT knows the hyperscalers have gravity: customers build around their APIs, identity systems, database services, licensing models, data-egress fees, and managed platforms until “moving workload” becomes a phrase that sounds simpler in a PowerPoint than it is in a budget meeting. Yet the regulatory imagination has been slower to catch up, because cloud does not look like a social network, an app store, or a search engine. It is not where consumers click; it is where companies become dependent.
That is why the EU’s new cloud probe matters. The Commission is effectively asking whether the cloud is now a platform market in the deepest sense: a layer of digital life that other businesses must pass through, even when the end user never sees it.
Brussels Finally Notices the Platform Under the Platform
The Digital Markets Act was built around a familiar cast of digital chokepoints. Search, mobile operating systems, app stores, marketplaces, browsers, ads, messaging, and social networks all fit the public mental model of gatekeeping. They mediate access to customers, audiences, developers, advertisers, or devices.Cloud computing has always been more awkward. It is listed as a core platform service under the DMA, but it lacks the consumer-facing obviousness of an app store fee or a default search placement. A small retailer running on AWS, a bank using Azure, or a startup building on managed Kubernetes does not necessarily experience gatekeeping as a pop-up or a terms-of-service change. It experiences it as architecture.
That difference has allowed cloud to remain the forgotten core platform service. Not forgotten by CIOs, certainly, and not forgotten by the smaller cloud providers who have complained for years. But forgotten in the sense that the EU’s first DMA enforcement wave concentrated on the visible platforms of the smartphone and web economy while the infrastructure layer kept expanding beneath them.
The Commission’s November 2025 investigations change that. Two probes ask whether AWS and Azure should be designated as gatekeepers despite not meeting the DMA’s standard quantitative thresholds. A third asks a more uncomfortable question: whether the DMA’s existing obligations are even fit for cloud computing.
That third investigation may prove to be the most important one. If the Commission simply designates AWS and Azure and then applies a rulebook written for consumer platforms, it risks declaring victory over the wrong problem. The core of cloud lock-in is not a “buy button” or a ranking algorithm. It is a web of technical, contractual, financial, and licensing dependencies that make choice expensive after the first architectural decision has been made.
The Cloud Market’s Power Is Built in Layers
Cloud competition is often described in terms of market share, and for good reason. AWS and Microsoft Azure are the two giants of global cloud infrastructure. Google Cloud remains important, especially in data, analytics, AI, and Kubernetes-heavy environments, but it is the third force, not a co-equal counterweight in most enterprise procurement conversations.Still, raw share understates the issue. Hyperscaler power is cumulative. The more customers a cloud provider has, the more regions it can justify, the more services it can launch, the more partner integrations it can attract, the more certifications it can maintain, and the more enterprises come to treat it as the safe choice.
This is what makes cloud different from older outsourcing markets. A traditional hosting provider might rent servers and connectivity. A modern cloud provider supplies compute, storage, networking, identity, observability, databases, security tooling, AI accelerators, developer platforms, marketplace procurement, compliance frameworks, and increasingly the software stack that runs above all of it.
That makes switching difficult in a way that is not captured by simplistic analogies. Moving virtual machines is one thing. Rebuilding around another provider’s managed database, event bus, identity model, monitoring stack, machine-learning service, and cost-management workflow is something else entirely. The more a customer uses the cloud as intended, the less portable the environment becomes.
The hyperscalers know this, although they describe it more politely. They speak of customer choice, integrated services, innovation, and economies of scale. Those things are real. Cloud has lowered barriers for countless businesses and allowed IT teams to provision infrastructure with a speed that would have seemed absurd two decades ago. But integration and lock-in are often the same phenomenon viewed from opposite sides of the contract.
Microsoft’s Licensing Problem Is the Sharp Edge of the Probe
AWS is the cloud market leader, but Microsoft brings a different kind of leverage to the table. Azure is not merely a cloud platform. It is attached to Windows Server, SQL Server, Active Directory, Microsoft 365, Dynamics, Visual Studio, GitHub, Entra ID, and a procurement relationship that reaches deep into enterprise IT.That makes Microsoft’s cloud competition problem distinct. The complaint from rivals has not only been that Azure is large or technically sticky. It is that Microsoft can use its software licensing terms to make running Microsoft workloads cheaper or simpler on Azure than on competing clouds.
This is where the EU probe intersects most directly with the WindowsForum audience. Windows Server licensing is not an abstract Brussels concern for sysadmins and infrastructure architects. It determines whether a workload can be moved economically, whether a hybrid-cloud plan survives procurement review, and whether a business can use a non-Microsoft cloud without paying what rivals describe as a penalty.
Microsoft has repeatedly defended its licensing practices and has made concessions in Europe over the years, including changes aimed at smaller European cloud providers. But those concessions have not ended the controversy. CISPE, the European cloud industry group, filed a complaint and later withdrew it after a settlement. Google also complained to the Commission about Microsoft’s cloud licensing practices before withdrawing its complaint after the DMA cloud investigations began. The political message was hard to miss: the fight had moved from classic antitrust complaint handling into the DMA arena.
The question is whether that move helps or hurts. Traditional competition law can target specific abusive conduct. The DMA is different. It imposes pre-set obligations on designated gatekeepers and is designed to prevent certain kinds of unfair conduct before years of litigation grind to a remedy. That speed is the point. But speed is only useful if the obligations match the market.
The DMA Was Written for App Stores, Not Data Centers
The Commission appears to understand the mismatch. The DMA’s best-known remedies are aimed at behaviors that make intuitive sense in consumer-facing ecosystems: self-preferencing, restrictions on business users, access to data, interoperability, app uninstalling, steering, and unfair tying. Some of these concepts can be translated into cloud. Many cannot be transplanted without surgery.A cloud customer does not need the same kind of remedy as an app developer complaining about app-store rules. It may need the right to move data without punitive egress fees, to run licensed software on a rival platform without discriminatory terms, to interoperate identity and management systems, to avoid being forced into bundled services, or to obtain enough technical information to make multi-cloud realistic.
The problem is that the DMA’s existing Articles 5 and 6 were not primarily drafted around those scenarios. They emerged from years of fights over mobile ecosystems, marketplaces, advertising, messaging, and search. Cloud was included, but not fully theorized.
That is why the third investigation matters. If the Commission concludes that the DMA can effectively tackle cloud competition problems as written, AWS and Microsoft may face obligations relatively soon after any designation. If it concludes that the DMA needs cloud-specific amendments, the regulatory clock slows. Brussels may win the argument and still take years to deliver the remedy.
This is the central tension in the EU’s strategy. The DMA was sold as a faster alternative to endless antitrust cases. But in cloud, the law may first have to become what it already claims to be.
Gatekeeper Status Would Be Symbolic Before It Becomes Operational
If AWS and Azure are designated as gatekeepers, that would be a major political and legal event. It would put the two most important enterprise cloud platforms into the same regulatory category as the consumer platforms the DMA was designed to discipline. It would also mark the first serious use of the DMA against the infrastructure layer of the internet economy.But designation alone will not fix the market. Gatekeeper status is a doorway to obligations, not a remedy in itself. The practical impact depends on which obligations apply, how the Commission interprets them, how quickly compliance is demanded, and how aggressively enforcement follows.
The Commission has said it aims to conclude the AWS and Azure investigations by November 2026. If designated, Amazon and Microsoft would have six months to comply with the applicable DMA obligations. That suggests 2027 as the earliest period when affected enterprise customers might see real compliance changes from gatekeeper designation.
Cloud-specific DMA remedies, however, may arrive later. The broader investigation into whether the DMA can tackle cloud-sector practices is expected to run on a separate timetable, with possible recommendations in 2027 and any legislative changes likely taking longer. In practical terms, the most meaningful cloud-specific rules may not bite before 2028.
That delay is not a footnote. It is the difference between regulation as market intervention and regulation as market commentary. The cloud market is not standing still while Brussels investigates. AI workloads are exploding, GPU capacity is reshaping procurement, and enterprises are deciding now which platforms will host the next decade of applications.
AWS and Microsoft Face the Same Probe but Not the Same Risk
It is tempting to treat AWS and Microsoft as interchangeable hyperscaler defendants. They are not. The Commission is examining both as possible gatekeepers, but the strategic vulnerabilities are different.AWS’s power is the power of cloud-native breadth and incumbency. It has a mature global infrastructure footprint, a deep service catalog, a massive partner ecosystem, and years of accumulated customer architecture built around its primitives. Its lock-in tends to be technical and economic: proprietary managed services, data movement costs, operational familiarity, and the sheer risk of migration.
Microsoft’s power is more vertically entangled. Azure benefits from Microsoft’s decades-long presence in enterprise software, identity, productivity, database, developer tooling, and licensing. In a Windows-heavy estate, Azure can feel less like one cloud option among many than the default extension of an existing Microsoft relationship.
That distinction matters for remedies. If the Commission focuses on switching and interoperability, AWS will be directly implicated. If it focuses on licensing restrictions and software portability, Microsoft becomes the central test case. If it focuses on tying and bundling, both companies have exposure, but Microsoft’s software stack makes the issue especially acute.
The likely regulatory fight will therefore split into two arguments. Amazon will argue that customers choose AWS because of quality, scale, and innovation. Microsoft will argue that its integrated stack benefits customers and that licensing is being mischaracterized by rivals with their own commercial motives. Both arguments contain truth. Neither resolves the competition problem if customers cannot realistically leave.
The Enterprise Buyer Is Not as Free as Procurement Pretends
Cloud providers love the language of choice. Enterprise buyers can choose regions, instances, storage classes, databases, operating systems, managed services, and pricing models. In a formal sense, the market is full of options.But competition policy increasingly cares about effective choice. A customer has effective choice only if the alternative is usable at reasonable cost and risk. In cloud, the cost of choice rises after deployment. The buyer is freest before the first architecture diagram becomes production infrastructure.
This is why procurement departments can appear more powerful than they are. A large enterprise can negotiate discounts, commit spend, demand support, and run competitive tenders. Yet once a strategic workload is built around a hyperscaler’s services, the customer’s leverage changes. The next renewal is no longer a clean contest; it is a negotiation conducted inside the architecture.
Multi-cloud is often presented as the answer. In practice, it is more of a discipline than a destination. Running workloads across multiple clouds can reduce dependency, but it also raises operational complexity, security burden, staffing requirements, and cost. Many enterprises adopt multi-cloud accidentally through departmental purchasing rather than as a coherent portability strategy.
Regulators should be careful not to romanticize multi-cloud as a universal cure. A rule that says customers must be able to multi-home is useful only if the technical and contractual environment makes that choice credible. Otherwise, multi-cloud becomes the cloud equivalent of “just switch banks,” technically possible and practically painful.
Europe’s Sovereignty Argument Has Found Its Enforcement Vehicle
The cloud probe is also inseparable from Europe’s digital sovereignty agenda. Brussels has spent years worrying that European industry, public administration, and AI development depend too heavily on non-European infrastructure providers. That concern is not only about competition. It is about strategic autonomy.The Commission’s own language makes the connection explicit: cloud is the backbone of digital services and crucial for AI development. In 2026, that sentence carries more weight than it would have five years ago. Cloud is no longer just elastic compute and storage. It is the supply chain for model training, inference, data pipelines, and the enterprise AI services Microsoft, Amazon, and Google are racing to embed into everything.
This creates a political opening for tougher intervention. If cloud dependency were merely a pricing dispute among vendors, Brussels might move slowly. But if cloud dependency becomes an AI dependency, a public-sector resilience issue, and a sovereignty concern, the regulatory stakes rise.
That does not mean Europe can regulate itself into a hyperscaler overnight. Building competitive cloud infrastructure at scale requires capital, engineering talent, energy, chips, network reach, and customer trust. Regulation can reduce barriers, but it cannot manufacture scale by decree.
Still, competition rules can shape the terrain. If customers can move data more easily, bring licenses more freely, interoperate management systems, and avoid coercive bundling, smaller and regional providers get a more plausible shot at specific workloads. They do not need to become AWS tomorrow to matter. They need a market where specialization is not smothered by default dependency.
The Long Antitrust Route Was Too Slow for Cloud
One reason the DMA exists is that traditional antitrust enforcement can take too long. By the time a case proves abuse, survives appeal, and produces a remedy, the market may have moved on. In digital markets, delay favors incumbents because ecosystems compound.Cloud magnifies that problem. Every year of regulatory delay means more applications built around proprietary services, more data stored in provider-specific formats or systems, more staff trained in one platform, and more procurement commitments renewed. The lock-in does not pause while lawyers define the market.
The irony is that the DMA investigation may now reproduce some of the same timing problem it was designed to solve. If the current obligations are inadequate and amendments are needed, the Commission will enter the slower world of legislative adaptation. That may be necessary. But it weakens the DMA’s claim to speed.
There is also a risk of regulatory underreach. Brussels may designate AWS and Azure, impose general obligations, and declare progress while the most controversial practices remain mostly intact. Microsoft’s software licensing terms, data-egress economics, and managed-service portability could all require more precise tools than the current DMA provides.
The stronger path is harder: admit that cloud requires a different regulatory grammar. The DMA should not be stretched awkwardly until it resembles a cloud law. It should be amended or interpreted with enough specificity that providers and customers know what compliance actually means.
The Remedies Must Target Friction, Not Merely Bad Conduct
The most useful cloud remedies would not simply punish misconduct after the fact. They would reduce the friction that gives misconduct power. A restrictive licensing term matters most when customers cannot afford to move. A high egress fee matters most when data gravity is already overwhelming. A proprietary managed service becomes a competitive issue when it is used to make exit unrealistic rather than merely to provide a better product.That distinction is important because cloud competition is not solved by banning integration. Integrated services are often why customers use the cloud in the first place. A rulebook that treats every bundle or managed service as suspicious would punish innovation and push customers back toward more primitive infrastructure.
The target should be coercive dependency. Providers should be free to build excellent services, but customers should not be trapped by artificial costs, discriminatory licensing, opaque technical barriers, or contractual penalties that make alternatives theoretical. The goal is not to make every cloud identical. It is to make leaving possible.
That means the Commission will need to think like an enterprise architect as much as a competition lawyer. Remedies should be tested against real migration plans, real licensing scenarios, real data-transfer costs, and real operational constraints. If a compliance commitment looks good in a legal filing but fails in a sysadmin’s change window, it is not a remedy.
Washington Is Watching a Fight It Has Been Reluctant to Start
The EU is not alone in worrying about cloud competition. Authorities in Japan, France, the Netherlands, the United Kingdom, the OECD, and the United States have all examined or raised concerns about concentration, switching barriers, interoperability, egress fees, and licensing practices in cloud markets. The global pattern is clear: regulators increasingly see cloud as a competition problem, not just an infrastructure success story.But Europe is moving with a different tool. The United States has tended to approach cloud concerns through antitrust investigation and agency scrutiny. The UK has pursued market studies and competition assessments. The EU, with the DMA, has a ready-made ex ante framework that can impose obligations on designated gatekeepers before a classic abuse case concludes.
That gives Brussels first-mover advantage, but also exposes it to first-mover mistakes. If it overreaches, it will be accused of hobbling cloud innovation and targeting successful American companies. If it underreaches, it will validate the criticism that the DMA is better at disciplining app-store optics than infrastructure power.
For Microsoft, the geopolitical optics are delicate. The company has spent years positioning itself as the enterprise partner that understands regulation, security, compliance, and government needs. Azure is deeply embedded in public-sector and regulated-industry IT. A finding that Azure functions as a gatekeeper in need of DMA constraints would complicate that carefully cultivated trust narrative.
For Amazon, the risk is different. AWS has long argued that cloud remains competitive and that customers have many choices, including on-premises infrastructure, hybrid setups, and rival providers. The Commission’s probe challenges that framing by asking whether AWS’s role as a gateway is significant even without the DMA’s usual user-number thresholds.
The Next Two Years Will Decide Whether Cloud Regulation Has Teeth
The immediate calendar is straightforward, but the market consequences are not. The Commission wants to finish the AWS and Azure gatekeeper investigations by November 2026. If either company is designated, compliance obligations would follow after a six-month period. The broader question of cloud-specific DMA remedies may stretch into 2027 and beyond.That means IT buyers should not expect overnight relief. Existing contracts, licensing terms, architecture decisions, and migration economics will continue to matter. But they should also recognize that regulatory risk has entered the cloud procurement equation in a new way.
Vendors will adapt before final rules arrive. Microsoft and Amazon are likely to sharpen their public arguments around customer choice, competition, innovation, and European investment. Smaller providers will push for remedies that address portability, licensing, and switching. Large customers will watch for leverage in renewal negotiations.
The most concrete lessons are already visible:
- The Commission is treating cloud computing as a gatekeeper market, not merely as back-end infrastructure.
- AWS and Microsoft Azure may face DMA obligations even though cloud services do not fit the law’s original consumer-platform template.
- Microsoft’s software licensing practices remain the most politically charged part of the cloud competition debate.
- Gatekeeper designation would matter, but cloud-specific remedies may be needed before customers see substantial practical change.
- The likely regulatory battleground is not whether cloud providers can integrate services, but whether customers can realistically leave or multi-home.
- Enterprise IT teams should treat portability, licensing flexibility, and exit costs as strategic risks rather than procurement afterthoughts.
Source: EUobserver Amazon and Microsoft finally face EU anti-competitive cloud probe