EU Opens DMA Gatekeeper Inquiry Into AWS and Azure Cloud

The European Commission has opened a formal market inquiry into whether the cloud divisions of Amazon and Microsoft — Amazon Web Services (AWS) and Microsoft Azure — should be treated as “gatekeepers” under the European Union’s Digital Markets Act (DMA), a step that could place sweeping new obligations on the two hyperscalers if Brussels concludes the services act as important gateways between businesses and end users.

Background / Overview​

Cloud infrastructure underpins vast swathes of the modern digital economy: from hosting consumer-facing apps and streaming platforms to powering the compute-intensive workloads that train and run artificial intelligence models. AWS and Azure are the two dominant global players in public cloud infrastructure, occupying the top positions in market share and customer reach. The European Commission has signalled that while cloud platforms typically do not meet the DMA’s quantitative user-count thresholds for automatic gatekeeper designation, their functional role in routing business services to European consumers may nonetheless make them subject to DMA obligations — hence the market inquiry. This inquiry is not a short procedural note. Under the DMA’s investigatory framework, qualitative market investigations of services that do not meet the law’s numeric thresholds are to be concluded within 12 months, and any designation decision would give the target six months to come into compliance with the DMA’s mandatory restrictions and duties. Those procedural timeframes are embedded in the DMA’s rules and in subsequent guidance from legal practitioners and commentators who track EU digital regulation.

---

Why regulators are focusing on cloud now​

Cloud is the substrate of digital services and AI​

Cloud computing is the supply chain for the modern internet. Outages at major cloud providers have shown how a single infrastructure provider can cause cascading disruptions across consumer services, government systems, and critical business processes. Regulators are also acutely aware that the rise of generative AI and large-scale model training creates unprecedented dependency on compute, storage, and specialised chips — much of which is provisioned through hyperscalers’ platforms. That concentration of capability translates into concentrated economic and technical leverage.

Lock-in, egress fees and switching costs​

Competition authorities have repeatedly pointed to mechanisms that can make cloud customers “sticky.” High data egress fees, proprietary APIs and integration layers, licensing terms that favour the provider’s own cloud offerings, and the technical complexity of re-architecting services all increase switching costs for businesses. The UK’s Competition and Markets Authority (CMA) has already highlighted these concerns, recommending deeper scrutiny of AWS and Azure under the UK’s Platform Power / Digital Markets framework. That recommendation helped sharpen EU interest in whether analogous DMA powers should apply.

---

The legal mechanics: how the DMA can reach cloud services​

Gatekeeper designation: quantitative vs qualitative routes​

The DMA defines “gatekeepers” using a three-fold test: significant impact on the internal market, operation of an important gateway to customers, and an entrenched and durable position. In practice, the Commission often relies on quantitative thresholds — notably a high EEA turnover or market capitalisation plus user counts (the law’s benchmark includes an indicator such as more than 45 million monthly active end users in the EU and over 10,000 yearly active business users). Cloud providers typically do not fit those user-count thresholds because cloud services are sold business-to-business rather than counted as millions of individual end users in the same way as consumer social networks or app stores. That said, the DMA explicitly permits the Commission to launch a qualitative market investigation and designate a provider as a gatekeeper even where quantitative thresholds are not met if the service in question functions as an important gateway. The Commission endeavours to conclude such qualitative investigations within 12 months.

What designation would mean in practice​

If AWS or Azure were designated as gatekeepers for cloud services, they would be required to comply with the DMA’s suite of blacklist-style obligations (Articles 5 and 6 and related implementing rules). Those obligations include, among other items:

• Prohibitions on self-preferencing: ranking or favouring the gatekeeper’s own services where it would harm contestability.
• Data use constraints: refraining from combining personal data across services without a specific, GDPR-compliant consent mechanism.
• Fair access and interoperability: offering effective portability and not imposing undue barriers that hinder business users’ ability to switch providers.
• Transparency and reporting: providing independent measurement and transparency tools for advertisers and business users, where applicable.

These obligations are detailed and technically demanding; the Commission can specify additional measures if it finds the proposed compliance steps insufficient. Non‑compliance can lead to fines up to 10% of worldwide turnover and escalating remedies for repeated or systemic breaches.

---

What the EU investigation will likely examine​

The Commission’s market inquiry should examine several discrete areas where cloud providers could exercise gatekeeping power:

• Market structure and shares across EU member states: the Commission will map customer concentration, IaaS/PaaS market shares, and evidence of durable dominance.
• Switching frictions and contractual terms: analysis of egress fees, proprietary APIs, licensing discounts that favour in‑cloud use, and contract clauses that impede portability.
• Self‑preferencing and tie‑ins: whether platform owners treat downstream services or integrated features more favourably than third‑party alternatives.
• Data practices and cross‑service profiling: how telemetry, logs and identity systems may allow cross‑product profiling that tilts competition.
• Systemic risk and consumer harm: the Commission will consider how outages or other operational incidents demonstrate dependency and potential gatekeeper effects.

These topic areas mirror the issues raised by the UK’s CMA and by European cloud competitors and trade groups in recent years. The EU inquiry will combine economic evidence, technical documentation, and stakeholder testimony over a process that the DMA anticipates lasting up to a year.

---

Potential consequences for AWS, Azure, customers and rivals​

Obligations that could matter most to hyperscalers​

If designated, AWS and Azure would need to implement operational, contractual, and technical changes to satisfy DMA obligations. Practical examples include:

• Creating standardized, low-friction data portability tools to lower switching costs for business customers.
• Eliminating discriminatory pricing or licensing practices that make rival stacks less cost-effective.
• Opening telemetry and measurement interfaces for audit and independent verification where advertising and platform measurement is relevant.
• Implementing stronger safeguards around cross-service data combination and requiring explicit, auditable consent flows where data sharing arises.

Implementing these changes at hyperscaler scale is non-trivial: it implies reworking interfaces, documentation, SLAs, commercial templates, and large-scale engineering investments. Those costs will be borne at least in part by the providers and potentially by downstream customers.

For customers: benefits and possible friction​

There are clear benefits for customers and the market if DMA obligations reduce lock‑in and increase portability: more supplier choice, better negotiating leverage, and potentially lower prices over the long run. Improved transparency may also strengthen audits and security posture.
But there are also short‑term risks. The process of enforcing interoperability and portability may introduce transitional complexity, change commercial pricing models, and require customers to redesign architectures to realize multi‑cloud portability. For EU public sector and regulated industries, the outcomes may be positive for sovereignty and choice but costly during migration and re‑certification.

For rivals and Europe’s cloud ecosystem​

European cloud challengers — from telco clouds to specialist providers and projects such as GAIA‑X — would hope to gain a more level playing field if the DMA reduces unfair competitive advantages enjoyed by hyperscalers. Effective portability could lower barriers to entry and allow smaller players to sell differentiated services without being locked out of the market.
However, the technical reality is that hyperscalers control deep ecosystems of developer tooling, managed services and co‑optimized hardware. Even with regulatory nudges, replicating economies of scale is difficult. Europe’s strategic autonomy ambitions would benefit from clearer procurement rules and targeted investment to scale alternative suppliers beyond regulatory rebalancing.

---

Industry reaction and political context​

AWS and Microsoft have both signalled caution. They contend that cloud markets are highly dynamic, competitive and critical to innovation — particularly for AI workloads — and have warned that heavy‑handed obligations could raise costs or slow investment. The Commission has to weigh those commercial arguments against structural competitiveness concerns and strategic policy goals. The move follows parallel scrutiny in the UK: the CMA’s provisional findings recommended designating AWS and Azure as having strategic market power under the UK’s digital competition framework, citing “lock‑in” and contractual barriers. That cross‑jurisdictional alignment strengthens the signal to hyperscalers that competition authorities are increasingly alert to cloud market dynamics. On the political stage, this is a transatlantic flashpoint: U.S. administrations and industry groups have repeatedly lobbied against aggressive regulatory intervention in cloud markets, arguing for global standards and investment incentives. European leaders, in turn, frame action as necessary to protect competition, consumer choice and Europe’s technological sovereignty. The outcome will be judged both on legal merit and geopolitical optics.

---

Strengths of the Commission’s approach​

• Focused, rule‑based review: Using the DMA’s established qualitative route allows the Commission to apply a legal framework with known obligations rather than inventing ad hoc remedies.
• Timely attention to systemic risk: The inquiry recognises that cloud concentration creates dependencies that go beyond typical product markets and touches on resilience, continuity and sovereignty.
• Procedural clarity on timelines: The 12‑month probe timeline plus six months for compliance gives stakeholders a predictable schedule for decision and implementation planning.

---

Risks and open questions​

• Technical feasibility and unintended consequences: Forcing interoperability at hyperscaler scale risks creating standards that lock in the regulator’s view of how cloud should work, potentially stifling innovation or pushing costs onto customers.
• Measurement and evidence challenges: Quantifying “important gateways” in cloud is inherently different from counting active users on a social network. The Commission will need robust, technical evidence to justify a gatekeeper designation — a difficult burden when services are complex, multi‑layered and often embedded in enterprise contracts.
• Cost of compliance: Implementing DMA obligations could require enormous engineering and contractual overhaul. There is a non‑trivial risk those costs are passed through to European customers, at least in the short term.
• Regulatory fragmentation and global coordination: Divergent outcomes between the EU, UK, U.S. and other jurisdictions could introduce compliance fragmentation, complicating multinational cloud operations and procurement.

Where claims or quotes have circulated in media coverage — for example, specific attributions to named commissioners or precise wording in leaked briefings — these should be treated with caution unless confirmed by the Commission’s formal press releases or published minutes. At the time of writing, public reporting about the inquiry is consistent across multiple outlets but specific attributions of quotes to individual commissioners should be verified against official Commission statements before being re‑used.

---

What to watch next — a practical timeline​

• Commission opens market inquiry and sets the scope (day 0). Expect public notices and calls for evidence from stakeholders.
• Evidence‑gathering phase (weeks 1–24): the Commission will request documents, meet customers, rivals and trade groups, and may hold technical workshops.
• Preliminary findings (by month 6): if the Commission decides the qualitative route is warranted, it will publish its provisional view and invite replies.
• Final decision (by month 12): designation as gatekeeper or a finding that the DMA is not the appropriate tool for cloud. If designated, cloud services would have six months to implement specified DMA obligations. These timelines are part of the DMA’s procedural architecture and have been explained in European legal commentary and implementing guidance.

Practically, stakeholders — including enterprise customers, national regulators, cloud rivals and procurement officers in governments — should prepare contingency plans for both outcomes: one where portability and non‑discrimination obligations increase, and one where the status quo remains with intensified competition enforcement under traditional antitrust tools.

---

Critical analysis and likely scenarios​

• Scenario A — designation and compliance: If the Commission designates AWS and/or Azure as gatekeepers and defines obligations for cloud services, expect a multi‑year transformation in contract terms, APIs and multi‑cloud tooling. Cloud providers will invest to create compliant portability mechanisms and reduce the most obvious forms of supplier lock‑in. Smaller cloud providers may gain commercial traction but will still face scale economics that regulation cannot instantly cure.
• Scenario B — non‑designation but targeted remedies: The Commission might conclude that the DMA is not a perfect fit for cloud and instead use targeted remedies through competition enforcement, interoperability standards or cooperation with national agencies. This hybrid approach could achieve softer change with less disruption but may leave structural lock‑in concerns partially unresolved.
• Scenario C — narrow designation with limited obligations: The Commission could choose a middle path, designating narrow gatekeeper responsibilities that focus on transparency, contractual fairness and specific anti‑tying practices. This is politically and practically plausible, and would aim to lower switching costs without mandating full technical portability at hyperscaler scale.

Each scenario has trade‑offs. A full DMA designation is the most legally forceful option but also the most disruptive. A non‑designation keeps technical status‑quo advantages intact but places the burden on antitrust litigation and national remedies that are slower and less predictable. The Commission must balance economic evidence, technical feasibility, and EU policy goals like digital sovereignty and AI readiness.

---

Practical takeaways for WindowsForum readers and IT decision‑makers​

• Audit cloud dependencies now: identify where applications, CI/CD pipelines, data flows and identity systems are tightly coupled to a single cloud provider.
• Map contractual friction points: catalog egress fees, proprietary managed services used in production, licence discounts that condition usage and specific contract clauses that hinder migration.
• Consider portability strategies: adopt data formats, open APIs and infrastructure‑as‑code patterns that ease future migration or multi‑cloud operation.
• Engage with vendors and procurement teams: ask hyperscalers what internal roadmaps they will pursue should DMA obligations be applied to cloud; obtain commitments and migration support in writing.
• Monitor the Commission’s inquiry closely: regulatory outcomes can materially affect cost structures, vendor roadmaps and procurement rules across the EU.

---

Conclusion​

The European Commission’s decision to inspect whether AWS and Azure should be brought within the DMA’s gatekeeper regime marks a consequential moment in digital regulation. It recognises that modern gatekeeping is not confined to consumer‑facing app stores and social networks: it can be embedded in the infrastructure that hosts those services. The Commission’s qualitative route is legally established and procedurally constrained — a 12‑month market investigation followed by a possible six‑month compliance window — but the technical complexity of cloud markets raises real analytical and enforcement challenges.
For cloud providers, the inquiry will require a careful legal and engineering response. For customers and European cloud challengers, it represents both an opportunity to reduce lock‑in and a period of potential disruption as the market and regulation adjust. For policymakers, the central calculus will be whether the DMA’s toolkit can be adapted to a fundamentally different kind of platform — one defined less by millions of end‑user accounts and more by deep, enterprise‑grade integrations and infrastructure dependencies.
The inquiry will not be resolved overnight. What it guarantees is a sustained public, technical and legal debate about how to preserve innovation and investment while ensuring contestable, resilient and sovereign cloud markets for Europe’s digital future.

---

Source: Українські Національні Новини Amazon and Microsoft 'under investigation' for compliance with fair competition rules in the EU | УНН