EU Probes AWS and Azure Under DMA for Cloud Gatekeeper Rules

The European Commission has opened formal investigations into Amazon Web Services (AWS) and Microsoft Azure to determine whether the two dominant cloud providers should face tighter controls under the EU’s Digital Markets Act (DMA), a move that could reshape cloud competition, enterprise contracts and the regulatory environment for AI infrastructure across Europe.

Background​

The EU’s scrutiny of cloud infrastructure is the logical extension of a broader campaign to rein in the market power of large digital platforms. The Digital Markets Act was written to impose gatekeeper obligations — rules that force platform operators to avoid self-preferencing, enable interoperability, and limit certain data-combining practices — on a shortlist of services that play a structural role in digital markets. Historically the DMA’s designation thresholds have targeted consumer-facing platforms (search, social, app stores), not core infrastructure such as cloud compute and storage. The Commission’s decision to open market investigations of AWS and Azure signals a strategic pivot: regulators now see cloud platforms as potential chokepoints that can shape entire ecosystems, from enterprise software to generative AI.
The investigations are explicitly aimed at two questions: (1) whether AWS and Azure operate in a way that functionally makes them “gatekeepers” for critical digital services in the EU even if they do not meet standard DMA user-based thresholds; and (2) whether the DMA’s current toolkit is fit for purpose in addressing competitive problems unique to cloud and AI infrastructure. The inquiry is expected to run on an accelerated timetable typical for DMA market investigations, aiming for conclusions within approximately a year.

---

Why this probe happened​

Cloud is the backbone of the modern digital economy​

Cloud providers supply the raw compute, storage and networking that powers almost every modern digital service. From enterprise SaaS to government IT to the training and hosting of large language models, cloud infrastructure is now a foundational economic input. Regulators are concerned that when a small number of providers control the physical and software stack that underpins these markets, they can influence prices, product design and the ability of rivals to compete.

Evidence of market concentration and lock-in​

Multiple regulatory reviews over the past year — notably in the United Kingdom — flagged the concentration of market share among the largest cloud providers. Those findings highlighted several structural issues:

• Market share concentration: The two largest providers hold a substantial share of IaaS spend in many markets, creating scale advantages in pricing, geographic footprint and service breadth.
• Switching costs and vendor lock-in: Data transfer fees, architecture lock-in, and differential licensing terms can make migration costly for enterprise customers.
• Vertical integration and self-preferencing: Providers that own both the infrastructure and key software stacks (middleware, OS licensing, developer tools) can design commercial terms that favor native consumption on their own clouds.
• Specialized AI capacity: Access to specialized accelerators and large-scale training environments is unevenly distributed, so market power in cloud can translate into control over who can compete in compute-heavy AI workloads.

These themes — concentration, lock-in and vertical leverage — are the same competitive mechanics that motivated the DMA for consumer-facing platforms. Applying that logic to cloud is the heart of the Commission’s current analysis.

Complaints and industry pressure​

Rivals and cloud customers have raised repeated concerns about cloud market practices: restrictive licensing terms for enterprise software, high egress fees, and preferential pricing for in-house software usage. At the same time, the rise of AI has increased the stakes: access to high-performance compute at scale is now a competitive bottleneck for new entrants and specialized cloud competitors.
The EU probe follows earlier regulatory activity (including high-profile inquiries in the UK) that made clear the competitive frictions in cloud services. Regulators argue that those frictions materially limit choice and can disadvantage EU businesses dependent on cloud infrastructure for digital transformation and AI innovation.

---

What the EU is looking at — themes and investigative focus​

Gatekeeper designation for cloud​

The DMA’s gatekeeper toolbox includes obligations to ensure interoperability, non-discriminatory treatment of third-party business users, and limits on combining personal data across services. The Commission will examine whether AWS and Azure functionally operate as gateways between European businesses and downstream markets in a way that would justify imposing DMA obligations even if typical thresholds (daily active end users, core consumer reach) are not literally met.
Key questions include:

• Do AWS and Azure act as essential intermediaries for downstream services?
• Can the Commission identify durable barriers that make their market position entrenched?
• Would DMA obligations materially improve contestability and consumer choice in the EU cloud market?

Commercial terms, licensing and pricing​

Investigators will probe commercial practices that produce lock-in:

• Differential licensing: Whether software vendors charge more when their products run on rival clouds, or whether software vendors offer materially better pricing or functionality when customers host on the vendor’s own cloud.
• Egress and data-mobility costs: Whether exit fees and transfer charges create friction that keeps customers from switching.
• Bundling and self-preferencing: Whether providers bundle services or apply preferential treatment to their own services and tools in ways that disadvantage competitors.

Interoperability for AI and portability​

With AI workloads consuming specialized hardware (GPUs, TPUs) and tightly coupled data pipelines, the Commission will examine whether cloud operators are taking steps to ensure portability of models, datasets and orchestration across providers, and whether their technical choices intentionally or unintentionally raise barriers to entry.

Whether the DMA fits the cloud era​

A central strand of the inquiry is normative: does the DMA, written with consumer platforms in mind, offer the right instruments for infrastructure markets? The Commission is considering whether the law needs reinterpretation or targeted guidance to address cloud-specific harms without undermining investments in infrastructure.

---

What can happen next — possible outcomes and remedies​

The investigation will explore a menu of regulatory outcomes. The most consequential possibilities are:

• Formal designation of AWS and/or Azure as gatekeepers for one or more cloud-related activities, with associated DMA obligations.
• A requirement for specific interoperability remedies, such as APIs or portability frameworks for compute workloads, storage, identity and billing data.
• Binding commitments from the companies to change commercial licensing and pricing practices.
• Monetary fines or structural remedies in the event of past or repeated non-compliance with EU law.

If designated, the companies would face obligations that can include preventing self-preferencing, offering business users non-discriminatory access, enabling switching and avoiding data cross-use. The DMA also carries significant penalties for breaches of obligations, with financial sanctions that can reach double-digit percentages of global turnover in aggravated or repeat cases.

---

How the companies have responded​

AWS and Microsoft publicly framed the probes as unwelcome regulatory intervention. Both companies emphasized ongoing investments in European capacity and committed to engaging constructively with the Commission. They warned that heavy-handed regulatory remedies could raise costs for customers and complicate the delivery of sophisticated services, including AI infrastructure.
From a corporate strategy standpoint, the providers are likely to pursue a multi-track approach:

• Argue that the DMA thresholds are not intended for cloud infrastructure and that market dynamics already show healthy competition.
• Offer tailored commitments (technical and contractual) to address specific competitive concerns without accepting full gatekeeper designation.
• Lobby governments and industry groups to highlight the investment, job creation and sovereign-tech arguments tied to large cloud projects.

---

The stakes for enterprise customers and EU policymakers​

For enterprises: portability, costs and risk management​

Enterprises should assume the regulatory environment is changing and take concrete steps to reduce exposure:

• Assess contract terms now: renegotiate licenses that tie pricing to where workloads run, and clarify egress, snapshot and backup fees.
• Prioritize portability: design application architectures to be cloud-agnostic where feasible; prefer containerized and Kubernetes-based deployments to minimize re-architecting cost.
• Use multi-cloud and hybrid strategies: establish redundancy and negotiating leverage by running critical workloads across providers or maintaining on-prem fallback.
• Audit data flows and compliance needs: ensure contractual terms align with EU data-protection and data-sovereignty requirements.

For policymakers: balancing enforcement and investment​

Regulators face a delicate trade-off. Strong enforcement can lower barriers and spur competition, but overly prescriptive intervention risks fragmenting standards, raising compliance costs and chilling investment in new data centers and specialized AI hardware. The Commission must calibrate remedies that increase contestability without undermining the incentives that drove billions of euros of infrastructure investment.

---

Strengths of the EU’s approach​

• Proactive handling of systemic risk: Treating cloud infrastructure as a potential gatekeeper addresses systemic concentration before it ossifies into irreversible market control.
• Modernizing digital competition law: Applying DMA principles to infrastructure recognizes that control over digital “pipes” matters as much as control over applications and storefronts.
• Protecting European sovereignty: Ensuring non-discriminatory access and portability could strengthen European firms’ ability to build independent AI stacks and lower dependence on a handful of foreign providers.
• Consumer and business benefits: If effective, remedies could result in better pricing, greater choice, and more resilient supply chains for EU businesses.

---

Risks and unintended consequences​

• Regulatory overreach and complexity: The DMA was designed for platforms, not infrastructure. Misapplied obligations could create compliance obligations that are technically or commercially infeasible.
• Investment disincentives: Cloud builds require multi-year capital commitments. Rules perceived as hostile could slow new datacenter projects in Europe, increasing costs or pushing investment elsewhere.
• Fragmentation of technical standards: Mandated APIs or interoperability specifications could diverge from industry-driven standards, creating a patchwork rather than real portability.
• Rising costs for smaller customers: If providers reduce cross-subsidies or change pricing to offset compliance and legal costs, small and medium enterprises could face higher bills.
• Risk of political backlash: Extraterritorial regulation of U.S. firms has already prompted political pushback. Prolonged regulatory conflict could spill into trade and diplomatic arenas.

---

Practical implications for developers, CIOs and procurement teams​

Technical actions​

• Prioritize containerization, stateless services and portable orchestration platforms.
• Ensure data export mechanisms are tested and priced into TCO models.
• Avoid proprietary managed services for mission-critical workloads unless vendor-neutral equivalents can be substituted.

Contract and procurement actions​

• Insist on clear, auditable definitions of egress charges, time-based pricing and SLA remedies.
• Negotiate terms allowing third-party audits or independent verification of portability and APIs.
• Include clauses that permit re-negotiation if regulatory outcomes materially change the vendor’s cost or contractual obligations.

Strategic actions​

• Map strategic workloads that would be hardest to move and build migration playbooks for each.
• Create a vendor risk register tied to regulatory scenarios.
• Consider engaging with industry coalitions to influence standardization and interoperability work.

---

What to watch over the coming 12 months​

• Whether the Commission designates one or both providers as gatekeepers for specific cloud services.
• Technical or contractual commitments offered by AWS and Microsoft in response to the probe.
• Any guidance from the Commission on how the DMA is to be interpreted in infrastructure markets — that guidance will be as influential as any formal designation.
• Complementary national regulator activity (for example, from the UK’s CMA) and any global regulatory coordination efforts.
• Industry standards bodies and open-source projects reacting with portability frameworks or reference implementations to ease regulator-company friction.

---

Critical analysis — balancing competition, innovation and sovereignty​

The EU’s move to bring cloud infrastructure within the ambit of the DMA is defensible on first principles. Cloud providers exert control over the infrastructure layer that increasingly determines who can compete in downstream software and AI markets. In economic terms, when the upstream provider both supplies a critical input and competes on the downstream layer, vertical leverage can distort markets and reduce consumer welfare.
That said, regulatory design matters. The DMA’s architecture — a set of behavioral obligations aimed at consumer-facing gatekeepers — may be a blunt instrument for infrastructure markets. Infrastructure competition is primarily about capacity, latency, specialized hardware, geography and long-term capital investment. Remedies that focus on behavioral fixes (for example, banning certain pricing structures) without addressing technical portability and standards will only go so far.
A better path is hybrid: use the DMA’s enforcement powers to require targeted, practical remedies (open, documented APIs for portability; enforceable commitments on licensing parity), while working with standards bodies and industry consortia to develop interoperable technical specifications that enable real switching at reasonable cost. This reduces the risk of producing regulatory artifacts that are costly but ineffective.
There is also a geopolitical layer. Cloud infrastructure is deeply international. Heavy-handed measures perceived as protectionist or punitive could accelerate geopolitical decoupling and complicate transatlantic cooperation on critical technology policy. Conversely, credible, proportionate EU enforcement that raises contestability could spur better global practices and lift the pace of innovation by enabling smaller cloud providers and independent AI platforms to compete.

---

Where the biggest uncertainties remain​

• Does the DMA law text clearly authorize imposing gatekeeper obligations on infrastructure providers whose services are predominantly B2B? Regulators will need robust legal reasoning to interpret the statute toward cloud.
• Will remedies produce real portability? The technical reality of moving petabytes of data and re-training models across different hardware/software environments is non-trivial.
• What is the balance between behavioral vs structural remedies? Structural remedies (e.g., forced separation) are politically and legally fraught but may be the only way to remedy some kinds of entrenched foreclosure.
• Can the EU coordinate with other jurisdictions? Global alignment would minimize fragmentation; failure to coordinate will raise compliance costs and risk creating competitive arbitrage.

Any claims about the probe’s ultimate direction remain speculative until the Commission publishes interim findings or the companies put forward legally binding commitments. Stakeholders should treat the next 12 months as a period of regulatory uncertainty that requires proactive risk management rather than passive waiting.

---

Bottom line for WindowsForum readers, CTOs and IT buyers​

The Commission’s investigations mark a pivotal moment for cloud governance. Enterprises and IT leaders should treat the regulatory shift as a material factor in cloud strategy. Practical steps — from auditing contractual terms and confirming portability to diversifying deployment and building migration playbooks — will pay off whether or not regulators ultimately impose DMA-style obligations on cloud providers.
Regulation can be a lever to open markets and lower long-run costs for customers, but only if it is applied with detailed technical understanding and policy restraint. The EU’s probe into AWS and Azure is a test of that judgment: it could produce meaningful reforms that level the playing field — or it could create burdensome compliance obligations that raise costs without solving the underlying technical challenges of cloud portability.
For now, the safest posture for enterprise teams is pragmatic: assume change is coming, harden your multi-cloud options, and treat vendor contracts as living documents that must reflect a future where portability, transparency and regulatory compliance are core procurement criteria.

---

Source: Bloomberg.com https://www.bloomberg.com/news/arti...u-probe-into-cloud-power/?srnd=phx-industries