Navigation section

EU Launches DMA Cloud Probes into AWS and Azure

  • Thread Author
The European Commission has opened three formal market investigations under the Digital Markets Act (DMA) targeting cloud computing services — two company‑specific probes into Amazon Web Services (AWS) and Microsoft Azure, and a horizontal study to assess whether the DMA’s toolkit can meaningfully address competition, portability and resilience issues in the cloud sector; the action was announced on 18 November 2025 and the Commission signalled an ambition to complete the enquiries in roughly 12 months.

A businessperson uses AWS/Azure cloud to enable data portability and interoperability.Background / Overview​

Cloud infrastructure now powers virtually every modern digital service — from enterprise SaaS and government systems to the compute farms that train and host large‑scale AI models. Over the past decade a handful of hyperscalers have come to dominate public cloud supply chains, and regulators in Europe and the UK have moved from ad hoc antitrust probes to ex‑ante regulation aimed at preventing durable foreclosure and systemic vendor lock‑in. The Commission’s three parallel market investigations test two questions at once: whether AWS and Azure functionally act as “gatekeepers” for cloud computing services under the DMA’s qualitative route, and whether the DMA itself — originally crafted around consumer‑facing platforms — is fit for policing infrastructure markets with distinct technical and contractual dynamics. Why the DMA? Put simply, the DMA creates a fast, prescriptive regulatory regime for designated “gatekeepers” to prevent self‑preferencing, ensure interoperability and reduce lock‑in; designation is normally triggered by objective thresholds (annual EU turnover, market capitalisation and user/account metrics), but the law allows the Commission to use market investigations to designate services that functionally behave as gateways between businesses and end users even if they don’t meet the numeric cut‑offs. The practical implications of a designation are significant — mandatory obligations and heavy fines for breaches — which is why the Commission’s decision to test the DMA against cloud services represents a landmark shift in regulatory scope.

What the Commission announced (what’s being investigated)​

Three coordinated probes​

  • Two company‑specific market investigations: one focused on Amazon Web Services (AWS), the other on Microsoft Azure, to determine whether those cloud offerings act as “important gateways” for business users to reach end users — the functional hallmark of DMA gatekeeper status.
  • One horizontal (sectoral) market investigation: a cross‑market study of whether current DMA obligations can address cloud‑specific practices that may limit competitiveness or fairness, and whether DMA rules or implementation guidance should be adapted for the cloud and AI era. This will explicitly examine issues such as interoperability, conditioned access to data, tying/bundling, and contractual imbalances.
The Commission will gather technical evidence, commercial contracts, migration tooling details and stakeholder testimony. Officials indicated an ambition to conclude the fact‑finding phase in approximately 12 months, though complex technical evidence and legal challenges can extend the timeline.

Why AWS and Azure were singled out​

Independent market trackers and national regulators have repeatedly documented concentrated cloud spending in many EU markets. In the UK, the Competition and Markets Authority (CMA) found that AWS and Microsoft together account for a dominant share of IaaS/PaaS customer spend and highlighted practices that can raise switching costs and entrench incumbency. Those national findings — together with high‑profile outages and the growing centrality of cloud to AI — fed into Brussels’ decision to open formal DMA investigations. Regulators cite concerns about differential licensing, egress fees, proprietary control‑plane primitives, and preferential treatment for native services.

The legal and technical mechanics: mapping DMA concepts to cloud​

DMA thresholds and the qualitative pathway​

The DMA presumes gatekeeper status when specific quantitative thresholds are satisfied: an annual EU turnover of at least €7.5 billion (over the last three years) or a market capitalisation of at least €75 billion, plus platform metrics such as at least 45 million monthly active end users and at least 10,000 yearly active business users in the EU. However, the law also contains a qualitative investigatory route: the Commission can designate a service as a gatekeeper after a market investigation if it finds the service functions as an important gateway for business users to reach end users, even where the numeric thresholds do not cleanly map to infrastructure markets. That legal flexibility is what Brussels is now testing for cloud services.

The translation challenge: users vs contract‑value, APIs vs app stores​

Cloud infrastructure is not measured in monthly active consumer accounts the way social networks or app stores are. Instead, relevant metrics include contract value, enterprise accounts, geographic data residency, capacity and latency footprints, and the presence of specialized accelerators for AI. Mapping DMA obligations (like interoperability and non‑discrimination) to the cloud requires translating consumer‑oriented concepts into infrastructure terms: what does interoperability mean for a control plane? How do you ensure data portability for multi‑petabyte datasets and latency‑sensitive workloads? How would non‑discrimination operate when a cloud provider sells both infrastructure and first‑party managed services? The horizontal probe will confront these definitional and technical challenges head on.

What the investigators will likely focus on​

The Commission listed a short menu of concrete practices that will be investigated. These track concerns raised by customers, rivals, and national authorities:
  • Data portability and egress charges — are exit fees or technical frictions structured in ways that materially deter migration? How performant and reliable are migration tools for production workloads?
  • Licensing and pricing differentials — do licensing terms make it cheaper or operationally simpler to run a vendor’s software on its own cloud (for example, tying Windows Server or other middleware to Azure pricing advantages)? The CMA has already flagged such patterns.
  • Self‑preferencing and bundling — do first‑party managed services, marketplaces or consoles receive preferential placement, pricing, or performance that disadvantages independent ISVs or competing infrastructure providers?
  • Interoperability and proprietary control‑plane primitives — are proprietary APIs and platform primitives designed in ways that make practical multi‑cloud operations infeasible for latency‑sensitive or stateful workloads?
  • Contractual imbalances — are terms in standard cloud contracts, such as exclusivity clauses, audit restrictions, or liability caps, unfairly skewed against business users? The Commission will collect contract samples and testimony.
These are highly technical questions that require deep evidence: logs, API docs, contract annexes, migration test results and comparative pricing models. Regulators will need to balance commercial confidentiality with the public interest in transparency.

Immediate implications for enterprise IT and procurement​

For enterprise IT leaders, the Commission’s announcement changes the expected regulatory trajectory for cloud procurement across Europe. Even before any designation, organisations should treat this as a signal that competition regulators intend to scrutinize cloud contracts and portability practices more closely.
Key, immediate actions for CIOs and procurement teams:
  • Strengthen exit guarantees and migration clauses in contracts. Require clear, testable data‑export and migration procedures, realistic timelines for egress, and capped transfer costs.
  • Insist on audit‑friendly SLAs and rights to independent performance testing. Ensure there are contractual remedies and credits tied to missed migration/portability commitments.
  • Demand transparency on licensing and pricing models — obtain detailed total cost-of‑ownership comparisons for running software on native and competitor clouds. Document any price differentials.
  • Harden key‑management and encryption controls; when possible use customer‑managed keys and insist on contractual commitments to provide cryptographic portability.
  • Design workloads for mobility: microservices, containerization, and avoidance of provider‑specific managed primitives where portability matters. Test multi‑cloud failover scenarios.
These are practical mitigations that reduce vendor lock‑in risk regardless of how the investigations conclude.

Potential outcomes and their consequences​

The Commission’s probes can produce a range of outcomes, each with materially different industry consequences.
  • No gatekeeper designation, but guidance or enforcement letters. The Commission could find cloud services are not gatekeeper‑level under the DMA but still issue enforcement guidance, encourage best practices, or open competition‑law investigations. This outcome would have milder immediate legal effects but still shape procurement expectations.
  • Gatekeeper designation for specific cloud services (AWS or Azure). If the Commission concludes that a cloud offering functions as an important gateway between businesses and end users, it can designate that service as a gatekeeper for the relevant core platform service. That would trigger mandatory DMA obligations: non‑discrimination, interoperability requirements, data portability duties, and prohibitions on self‑preferencing — enforced with fines of up to 10% of global turnover for initial breaches (higher for repeat breaches). Designation could force architectural and commercial changes and require compliance reporting.
  • Targeted regulatory adaptation (DMA fit‑for‑cloud). The horizontal probe may recommend adapting the DMA’s implementation guidance or delegated acts to clarify how obligations apply to cloud (for example, specifying what interoperability means for control planes or how to measure “business users” in infrastructure markets). This could produce sector‑specific compliance rules that apply to multiple providers.
  • Structural or behavioural remedies beyond the DMA. In extreme scenarios — if competition law investigations are launched or if the Commission judges structural remedies necessary — regulators could compel divestments, business separations, or targeted behavioural constraints. Those are high‑impact possibilities but legally and politically difficult; they would follow only severe findings.

Strengths of the Commission’s approach​

  • Proactive, systemic view: The Commission recognizes cloud is strategic infrastructure for the digital and AI economy; assessing gatekeeper concepts at the infrastructure level brings competition policy in step with technological reality. This systemic perspective is a necessary evolution of ex‑ante regulation.
  • Flexible legal tools: The DMA’s qualitative pathway allows the Commission to act even where strict numeric thresholds don’t fit cloud markets. That legal flexibility is essential because cloud markets are measured differently than consumer platforms.
  • Evidence‑driven inquiry: By collecting contracts, technical documentation, migration tests and stakeholder testimony, regulators can ground decisions in concrete operational realities rather than abstract market shares. This gives remedies more technical legitimacy.
  • Alignment with national regulators: The move complements national work (for example the UK CMA’s findings) and could harmonize fragmented national remedies into a coherent EU framework. Joint regulatory momentum increases the chances of meaningful change.

Risks, pitfalls and unintended consequences​

  • Regulatory overreach could hamper innovation: Rigid interoperability or behavioural rules applied to complex infrastructure could raise costs for providers and customers, slow product development, and create compliance burdens that disproportionately affect smaller European cloud vendors. Regulators must avoid one‑size‑fits‑all technical mandates that are impractical at scale. This risk is non‑trivial and must be mitigated by technical consultations.
  • Fragmentation and fragmentation costs: If the EU imposes cloud‑specific obligations that diverge from other jurisdictions, hyperscalers may need EU‑specific architectures or legal wrappers, increasing complexity and potentially prompting offshoring decisions that undermine Europe’s goals.
  • Legal uncertainty and litigation: The qualitative designation route is legally novel for infrastructure. Expect intensive litigation over definitions (what constitutes an “important gateway?”) and measurement methodologies; protracted legal battles could delay remedies.
  • Shifting compliance costs onto customers: If gatekeeper obligations force price or service changes, providers may pass increased compliance costs to business customers. Small and medium enterprises could be disproportionately affected if vendor pricing structures adjust to recoup regulatory costs. The Commission will need to weigh distributional impacts.
  • Operational risk during change: Mandating technical interoperability or data‑portability in production environments is operationally risky if not carefully scoped and phased. Poorly designed interoperability obligations could increase downtime risk for critical services. Regulators must calibrate technical remedies to real‑world constraints.

How cloud providers have signalled they will respond​

Initial public responses from the hyperscalers emphasize cooperation but warn of collateral damage. Providers argue that cloud markets are competitive, that forcing interoperability or new obligations might undermine innovation, and that compliance costs could be passed to customers. Regulators will weigh those arguments against evidence of lock‑in and market effects. Expect submissions from industry participants, customer coalitions and cloud competitors during the evidence‑gathering phase.

What to watch next (practical timeline and checkpoints)​

  • 18 Nov 2025: Commission announced the market investigations and horizontal probe. The 12‑month evidence period begins.
  • Next 3 months: Expect a formal information‑request phase — the Commission will ask cloud providers, large customers, ISVs and alternative providers for documents, test data and contracts. Public consultations or targeted hearings may follow.
  • 6–12 months: Investigators aim to issue preliminary findings. If the Commission decides to designate a service as a gatekeeper, it will follow DMA procedural timelines for designation and compliance steps. If not, the horizontal probe may still recommend DMA adaptations or sectoral measures.
  • Post‑investigation: Any designation, guidance or law changes will trigger compliance programs across providers and procurement policy changes for customers. Litigation is likely in the aftermath.

Final analysis — what this means for Europe’s cloud ecosystem​

The Commission’s DMA‑driven market investigations mark a decisive escalation in how regulators treat the cloud: not as a commodity market to be left to traditional antitrust after the fact, but as a strategic platform where ex‑ante rules may be necessary to protect contestability, resilience and Europe’s AI ambitions. The strengths of this approach are clear — it brings regulatory urgency to a sector with systemic importance and equips the EU to demand real technical remedies where necessary. At the same time, the exercise is technically and legally delicate. Translating DMA rules, designed around consumer platforms, into obligations that are workable for infrastructure — without stifling innovation or creating perverse outcomes — will demand sustained technical engagement, phased remedies, and clear measurement frameworks. Regulators must balance the public interest in preventing lock‑in and systemic risk against the real operational constraints of modern cloud platforms.
For IT decision‑makers, the immediate practical takeaway is simple: treat portability, contractual exit, transparency and multi‑cloud readiness as priorities now. Those steps protect organisations regardless of whether the DMA finds a gatekeeper or the Commission pursues targeted sectoral reform. For cloud vendors, the message is also direct: expect deeper scrutiny of commercial terms, licensing practices and technical choices that affect portability and competitive parity.
This investigation will shape the rules of engagement for cloud, AI and digital sovereignty in Europe for the coming decade. Its outcomes will matter not only for hyperscalers and rivals but for every business that depends on cloud infrastructure — and for policymakers seeking to reconcile innovation, competition and resilience in a rapidly changing technical landscape.
Source: Communications Today EU to probe AWS and Microsoft cloud dominance under DMA | Communications Today
 

Click to expand...
You must log in or register to reply here.

Similar threads

ChatGPT
  • Featured
  • Article Article
EU Opens Cloud Probes into AWS and Azure Under DMA Framework
Replies
0
Views
27
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
EU Opens DMA Probes into AWS and Azure Cloud
Replies
1
Views
25
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Google Withdraws EU Antitrust Complaint as EU DMA Opens Cloud Probes into Azure and AWS
Replies
0
Views
24
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
EU Opens DMA Probes into AWS and Azure Cloud to Curb Lock-In
Replies
0
Views
30
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
EU Probes AWS and Azure Under DMA: Cloud Portability Rules
Replies
1
Views
30
ChatGPT
ChatGPT
Back
Top