EU Probes AWS and Azure Under DMA: Cloud Competition in Focus

The European Union’s competition machinery has turned its sights on the two biggest names in public cloud: Amazon Web Services and Microsoft Azure. In a move that could reshape how enterprises buy infrastructure, the European Commission has opened three formal inquiries under the Digital Markets Act (DMA) — two focused on whether AWS and Azure function as gatekeepers in cloud computing, and a third to test whether the DMA itself is fit for policing the cloud sector. The investigations are intended to be completed within roughly a year and mark the most systematic EU review yet of hyperscaler power, interoperability, and platform conduct in infrastructure services.

Background​

The Digital Markets Act is the EU’s most ambitious regulatory tool aimed at reigning in the market power of a handful of dominant digital platforms. The DMA sets bright-line thresholds that trigger a presumptive “gatekeeper” designation and then imposes a laundry list of behavioral obligations intended to prevent self‑preferencing, lock‑in, and unfair conditions for business users.
Cloud computing — including Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) — is explicitly included among the Digital Markets Act’s “core platform services.” That inclusion gave Brussels the legal footing to ask whether the hyperscalers that run cloud infrastructure are acting as critical intermediaries between businesses and their customers, and whether they therefore should be treated like other gatekeepers that provide app stores, search engines, or social networks.
This latest action follows years of scrutiny: regulators have already designated several major tech groups as gatekeepers under the DMA, while opening targeted inquiries into specific services and rebuttals from the gatekeepers themselves. The EU’s cloud review is the next iteration of that enforcement, but carries unique technical and economic complexities.

---

Why the cloud matters to competition enforcers​

Cloud infrastructure has become the digital economy’s plumbing. Companies large and small run production systems, data platforms, and cutting-edge AI workloads in public cloud environments. That concentration of workloads with a few providers creates several competition concerns that the DMA and antitrust authorities worry about:

• Market concentration: A small number of hyperscalers account for a majority of global IaaS/PaaS spending. Where three firms dominate most enterprise infrastructure spend, a gatekeeper designation carries weight.
• Data and lock‑in: Cloud customers often face migration costs, proprietary formats, and API dependencies that make switching providers expensive and operationally risky.
• Self‑preferencing and bundling: Large cloud providers also offer software platforms, developer tooling, and marketplace services that can favor their own stacks or partners.
• Network effects for platforms and developer ecosystems: The more customers and third‑party services a cloud provider attracts, the harder it is for rivals to compete on price, features, or API compatibility.

From a policy perspective, the cloud is not just another app store: it’s a core input to enterprise services, public-sector systems, and the AI stacks that power modern products. Regulators are therefore concerned not only with consumer-facing gatekeepers but with upstream infrastructure that can exert de facto control over digital markets.

---

What Brussels is investigating​

The European Commission has opened three related inquiries:

• A probe to assess whether Amazon Web Services (AWS) meets the DMA’s criteria and behaves as a gatekeeper for cloud services.
• A parallel probe examining Microsoft Azure and whether its business practices and market role merit gatekeeper obligations.
• A broader market investigation into whether the DMA’s existing tools and obligations are adequate to address anticompetitive risks specific to cloud infrastructure.

These lines of inquiry will parse both legal thresholds and real‑world conduct. Practically, the Commission will examine whether AWS and Azure meet the DMA’s numerical thresholds (financial size, user counts, and cross‑border reach) and whether their behavior — contracts, technical interoperability choices, data access policies, and integration of platform services — creates barriers to competition or harms business users.
Officials have set a target to finish these inquiries in roughly 12 months. That timetable is ambitious by regulatory standards but consistent with the DMA’s fast-moving enforcement posture.

---

The Digital Markets Act: the legal lever​

The DMA contains specific, measurable criteria that create a presumption of gatekeeper status: significant EU revenue or market valuation, a large base of monthly end users, and tens of thousands of business users. Once designated, gatekeepers must follow a mix of “do’s” and “don’ts” intended to foster fair play:

• No self‑preferencing: Gatekeepers may not rank or favor their own services over competitors unfairly.
• Interoperability and access: Gatekeepers must enable certain forms of interoperability or access to data for business users or third parties.
• No unfair tying or bundling: Pre-installation, hard defaults, or tying of services to gain market advantage can be restricted.
• Data portability and business user protections: Gatekeepers must facilitate data portability and must not prevent business users from promoting competing services.

The DMA also brings hefty enforcement tools. For first-time breaches, fines can reach up to 10% of global turnover; repeat violations can push that to 20% and may invite structural remedies in extreme cases. The DMA’s enforcement architecture gives the Commission direct investigative powers and fast-track remedies — a big step beyond traditional merger or abuse-of-dominance law.

---

Market context and the strategic posture of AWS and Azure​

Cloud market share is dynamic but remains concentrated. Industry analysts consistently place AWS as the largest provider, followed by Microsoft Azure and Google Cloud. Exact percentages vary by quarter and by analyst firm, but the top three typically control between 60 and 70 percent of infrastructure spend. These market realities help explain why regulators are focusing on AWS and Azure first.
Both companies will approach the probes differently in tone and strategy. Microsoft has signaled a cooperative stance, indicating willingness to engage constructively with EU investigators. Microsoft’s older enterprise relationships, on-premises legacy customers, and positioning as a provider of integrated software-plus-cloud services shape its responses.
Amazon historically defends AWS’ competitive behavior as pro‑consumer and innovation‑friendly. Amazon is likely to argue that many cloud migration and performance choices are customer-driven and that imposing gatekeeper-style obligations on infrastructure providers could reduce flexibility, slow innovation, or raise costs for European businesses.
Both firms will also point to robust competition from Google Cloud, Oracle, Alibaba Cloud, regional providers, and an expanding universe of managed‑service players to rebut monopoly or gatekeeper narratives.

---

Technical red flags the Commission will examine​

Regulators are not just asking whether AWS or Azure are “big”; they intend to drill into precise technical behaviors that can entrench incumbency:

• APIs and proprietary extensions: If proprietary API features or proprietary service primitives create lock‑in, regulators may see this as an impediment to switching or interoperability.
• Data export formats and tooling: The ease with which customers can export data, including machine images, databases, and object storage, will be a focus. Are exports complete, timely, and usable in other environments?
• Marketplace and billing practices: Cloud marketplaces often bundle billing, licensing, and third‑party services. Scrutiny will look for preferential billing paths or marketplace mechanics that advantage the host provider.
• Network and service peering: Choices around private networking, edge placement, and integrated CDN or networking services can create a velocity advantage that’s hard to replicate.
• Service-level dependencies: Where higher‑level PaaS or SaaS offerings are tightly coupled to IaaS primitives, switching costs balloon. Regulators will assess whether such coupling is technical necessity or competitive design.

These are engineering as much as legal questions, and investigators will need technical explanations that connect architecture to competitive effects. Expect detailed interrogatories, technical workshops, and third‑party expert inputs.

---

Possible remedies the Commission could seek​

If the Commission finds gatekeeper behavior, it has a palette of remedies under the DMA — some behavioral, some structural:

• Interoperability mandates: For cloud, that could mean enforced standards or interfaces that allow third-party services to operate seamlessly across clouds.
• Data access and portability rules: Gatekeepers may be required to provide real‑time, high‑quality access to data generated in the use of cloud services by business users.
• Restrictions on preferential bundling: The Commission could prohibit certain forms of tying infrastructure to value-added services, or require open marketplace dynamics.
• Behavioral remedies with monitoring: Ongoing reporting, independent audits, and compliance programs to ensure non-discrimination.
• Structural remedies (unlikely but possible): In extreme or systematic non‑compliance scenarios, the Commission could impose divestitures or carve-outs — though such actions against cloud infrastructure suppliers would be legally and operationally complex.

Any remedy will have to strike a balance between enforceable rules and preserving the technical freedom for cloud architects to innovate. Overly prescriptive mandates risk breaking nuanced engineering tradeoffs; conversely, vague requirements risk being ineffective.

---

Business impact: enterprise customers, partners, and startups​

Short-term market reaction to the probes may be modest, but the long-term implications could be significant for several groups:

• Enterprises that fear being locked in to a single hyperscaler could benefit if the DMA leads to better portability, clearer SLAs, and improved interoperability.
• Smaller cloud providers and managed-service vendors stand to gain from enforced openness and less self‑preferencing by hyperscalers.
• ISVs, SaaS vendors, and marketplace partners may see changes to go-to-market economics if the Commission constrains bundling or preferential terms.
• Conversely, some customers may face short-term friction: compliance-driven changes can introduce new costs, require migration projects, or interrupt existing integrations.

For CIOs and cloud architects, the net effect is a new element of regulatory risk in vendor selection. Organizations may increasingly factor in regulatory posture and multi-cloud portability when designing architectures and negotiating contracts.

---

Strategic litigation and defenses​

Expect both Amazon and Microsoft to mount multi-front defenses grounded in economics, technology, and public policy. Key legal and factual defenses likely include:

• High switching elasticity: Providers may submit evidence that customers routinely move workloads between clouds and that migration tools and third‑party services mitigate lock‑in.
• Competitive constraints: Hyperscalers will point to intense competition and the rapid growth of other vendors to rebut claims of entrenched gatekeeper power.
• Innovation costs: Companies may argue that mandated interoperability or access could impede proprietary innovations and increase operational risk.
• Contractual freedom: Bilateral commercial arrangements with customers that reflect negotiated terms may be advanced as evidence of market dynamics rather than abuse.

At the same time, third parties — independent cloud providers, enterprise customers, and open-source vendors — can be expected to provide contrary evidence about lock‑in, anticompetitive tying, and marketplace dynamics.

---

Precedents and enforcement experience​

The DMA builds on a decade of EU tech enforcement under the antitrust framework, but it’s faster and broader in scope. Previous tech cases (app stores, search, advertising) give Brussels experience in behavioral remedies and compliance monitoring. The cloud — however — presents a different enforcement vector: infrastructure is not consumer‑facing in the same way as a marketplace or social network, and remedies that work for consumer platforms may not translate cleanly to server farms and APIs.
Other jurisdictions are watching closely. U.S. regulators have pursued antitrust scrutiny of tech firms through a different legal lens; a strong EU posture on cloud regulation could accelerate transatlantic policy debates about interoperability, data access, and fairness in digital infrastructure markets.

---

Risks and unintended consequences​

Regulating cloud infrastructure poses several structural risks that deserve explicit attention:

• Regulatory overreach vs. technical feasibility: Forcing interoperability at the wrong layer could create brittle standards that hamper performance and security. Technical mandates must be narrowly tailored and informed by engineers.
• Innovation dampening: Heavy-handed measures might reduce incentives for hyperscalers to invest in new regions, AI accelerators, or novel managed services.
• Compliance costs passed to customers: If gatekeeper obligations generate substantial compliance burdens, providers might increase prices or limit free tiers and promotional models, indirectly harming startups.
• Fragmentation: Poorly designed rules can create an EU‑specific cloud divergence, complicating global operations for multinational firms.
• Legal churn and uncertainty: If remedies are litigated or reinterpreted, multi-year uncertainty can slow enterprise cloud decisions and shift investment to less regulated vendors.

These tradeoffs underline the importance of precise, evidence-based remedies that address demonstrable harms without undermining the cloud’s technical vitality.

---

What to watch next: timeline and signals​

The Commission’s 12‑month horizon for these probes means that the next year will deliver a rich flow of regulatory filings, technical submissions, and public statements. Key milestones and indicators to monitor include:

• Formal requests for information and technical briefings from the Commission to AWS, Azure, and third parties.
• Market studies or public consultation windows in which enterprise customers or competing clouds weigh in.
• Interim findings or provisional remedies if the Commission deems rapid steps necessary to prevent irreparable harm.
• Changes in commercial conduct (pricing, contract terms, marketplace mechanics) announced by AWS or Microsoft during the probe.

Enterprises and market observers should plan for scenario-based outcomes: anything from targeted behavioral commitments to the imposition of data access or interoperability rules.

---

Practical guidance for organizations using the cloud​

While the regulators sort this out, customers should take practical steps to reduce exposure and preserve strategic flexibility:

• Inventory cloud dependencies: Map APIs, managed services, proprietary extensions, and data export pathways.
• Design for portability: Where feasible, prefer standardized formats, containerized workloads, and open APIs that simplify migration.
• Negotiate contract terms: Seek explicit data‑export, clear SLAs, and commitments around support for migration tooling.
• Adopt multi‑cloud patterns where appropriate: Multi‑cloud can increase resilience and bargaining power, though it introduces management complexity.
• Engage procurement and legal teams early: Regulatory shifts can create negotiation leverage; align vendor agreements with long-term business objectives.

These are defensive engineering and procurement moves that make sense regardless of regulatory outcomes.

---

Conclusion: a pivotal moment for cloud competition​

The EU’s decision to probe AWS and Azure under the Digital Markets Act is a clear signal that cloud infrastructure is now a core subject of digital market regulation. The inquiries reflect a wider regulatory appetite to ensure that the underlying platforms of the digital economy remain contestable and that business users retain meaningful choice.
The shape of any eventual remedies will matter deeply: well‑calibrated measures can open space for competitors and reduce harmful lock‑in, while clumsy rules could raise costs or slow innovation. For enterprise customers, the coming year is both an opportunity and a risk — an opportunity to press for greater portability and transparency, and a risk of regulatory uncertainty that may complicate vendor strategy.
In the end, the EU probe is likely to produce both technical debates and high‑level policy choices about the balance between competition, innovation, and operational practicality. The stakes are high: the way cloud is regulated in Europe will influence global cloud economics, the architecture of AI services, and the competitive dynamics of the tech industry for years to come.

---

Quick takeaways​

• The European Commission has launched three DMA investigations into AWS and Azure, examining gatekeeper status and the DMA’s fit for cloud regulation.
• The probes target market behavior, interoperability, data portability, and potential self‑preferencing.
• Outcomes could include interoperability mandates, data access rules, restrictions on bundling, or in extreme cases, structural remedies.
• The cloud market is concentrated; exact market-share figures vary by source and quarter, but the top three providers control a majority of global infrastructure spend.
• Enterprises should inventory dependencies, negotiate portability terms, and consider multi‑cloud strategies to mitigate regulatory and commercial risk.

The cloud has moved from infrastructure to public policy. The next twelve months will tell whether regulators can craft rules that preserve competition while keeping the cloud open, secure, and innovative.

---

Source: Devdiscourse https://www.devdiscourse.com/articl...azon-and-microsoft-over-cloud-dominance/?amp=