The European Commission has launched a trio of market investigations that could push Amazon Web Services and Microsoft Azure under the European Union’s strictest digital competition rules, testing whether the hyperscale cloud platforms functionally operate as “gatekeepers” and whether the Digital Markets Act (DMA) needs rewriting to cover cloud infrastructure.
Background: what Brussels announced and why it matters
The Commission’s announcement on 18 November 2025 opened two company‑specific market investigations — one into Amazon Web Services (AWS) and one into Microsoft Azure — plus a separate, horizontal probe to determine whether the DMA’s existing toolkit is effective in addressing competition and fairness issues in cloud markets. The three inquiries ask a central legal question: do IaaS/PaaS cloud services act as “important gateways between businesses and consumers” in ways that justify designation under the DMA even when the usual numeric thresholds do not neatly apply? Why the DMA pathway is unusual for cloud: the DMA’s gatekeeper designation normally depends on objective thresholds — such as market capitalisation or explicit user counts — that are easier to apply to consumer platforms (search, app stores, social media). Cloud markets, by contrast, are measured by contract value, infrastructure capacity, and enterprise accounts; the Commission is therefore using the DMA’s qualitative market‑investigation route to test whether cloud providers can be designated based on their market function rather than raw user metrics.
The Commission signalled an ambition to complete the investigations within roughly 12 months, a brisk timetable that could put new regulatory obligations and legal tests on a fast track if investigators find gatekeeper‑style market power.
Overview: the facts the Commission will examine
The probes are framed around a short, concrete list of competition and technical questions:
- Market concentration and entry barriers — whether AWS and Azure hold positions that materially restrict rival entry and growth.
- Lock‑in mechanisms — whether contractual terms, egress charges, proprietary APIs or licensing differences create substantial switching costs.
- Self‑preferencing and bundling — whether first‑party managed services, marketplaces or integrated stacks are being given unfair advantage.
- Interoperability and portability — whether practical migration tools, open APIs and standard interfaces actually permit rapid multi‑cloud operations.
- Contractual fairness — whether terms for business customers are balanced or systematically biased in favour of the incumbent.
Those lines of inquiry align with concerns repeatedly raised by national competition authorities and independent market analysts about hyperscaler dominance in Europe and the strategic role cloud plays in AI development, public services, and critical infrastructure.
The legal mechanics: how the DMA could apply to cloud services
What “gatekeeper” designation means
Under the DMA, designated gatekeepers face a set of ex‑ante obligations intended to guarantee contestability and prevent exclusionary conduct. Key obligations typically include:
- Non‑discrimination toward third‑party services and business users.
- Interoperability where technically feasible.
- Data‑portability and access requirements for business users.
- Restrictions on self‑preferencing and tying of services.
Gatekeepers also face powerful enforcement tools: fines of up to
10% of global annual turnover for a first infringement and
up to 20% for repeated breaches, plus potential behavioural or structural remedies in extreme cases. These financial penalties and remedial powers are central to the DMA’s deterrent effect.
Qualitative designation route: the Commission’s lever
Because cloud services do not map easily to the DMA’s original numeric thresholds (for example, 45 million monthly end‑users), the law allows the Commission to open market investigations and, on qualitative grounds, to designate services that effectively act as “important gateways.” That discretion is exactly what Brussels is now using to test whether AWS and Azure function as indispensable intermediaries between businesses and consumers.
Market context: concentration, market share, and strategic importance
Independent market trackers and industry analysts consistently show that the “big three” hyperscalers —
AWS, Microsoft Azure, and Google Cloud — control a large majority of public cloud spending in Europe and globally. Estimates vary by dataset and time period, but multiple sources place their combined share in the ballpark of
60–70% of the market, leaving European incumbent providers with a relatively small local share. That concentration is the core economic rationale for Brussels’ scrutiny. Key market realities that shape the policy stakes:
- Cloud is now the backbone for enterprise systems, public services, and AI model training, not just commodity hosting.
- AI workloads increase demand for specialized hardware, integrated managed services, and service‑level guarantees that can deepen vendor lock‑in.
- Large contracts, bespoke integrations, and complex licensing mean switching workloads is frequently expensive and technically risky.
Immediate triggers: outages, resilience and digital sovereignty
Recent high‑impact outages at major cloud providers have sharpened political attention on concentration risks. In October 2025, a significant AWS disruption centred on the US‑EAST‑1 region caused widespread downtime for apps and services ranging from social media to financial platforms; later that month a Microsoft Azure outage disrupted airline check‑in systems, Microsoft 365 access and retail services. Those incidents exposed real‑world fragility that can cascade across sectors when a single provider fails. Regulators have pointed to these events as evidence that resilience and systemic risk merit regulatory scrutiny. Beyond outages,
digital sovereignty — the political desire to reduce strategic dependencies on non‑EU providers for critical infrastructure and data protection — provides an additional policy overlay that helps explain why Brussels is willing to test the DMA’s reach into cloud markets.
Responses from industry: warning shots and engagement
Cloud providers have pushed back publicly while signalling willingness to engage with regulators. Amazon (AWS) warned that
designating cloud providers as gatekeepers could stifle innovation and raise costs for European companies, arguing the sector remains dynamic and competitive. Microsoft has emphasised cooperation and the constructive role of large cloud providers in supporting European digital transformation, while also pointing to competitive choices in the market. Expect formal submissions, technical evidence, and wide stakeholder engagement as the investigations proceed.
What the Commission could do next — practical outcomes and scenarios
The investigations open several regulatory and market pathways. Each has distinct implications for customers, competitors, and European policy.
Scenario A — No gatekeeper designation, but DMA guidance or soft remedies
The Commission could conclude that, while concentration and lock‑in are concerns, the DMA’s obligations are not the right technical fit for cloud markets. In that case, Brussels might:
- Recommend tailored guidance for cloud portability and contractual fairness.
- Propose sectoral non‑legislative remedies or code‑based interoperability initiatives.
- Encourage public procurement and investment to expand European cloud options.
This is the least disruptive route for the hyperscalers and most incremental for customers.
Scenario B — Designation of AWS and/or Azure as DMA gatekeepers
If the Commission finds that AWS or Azure function as important gateways, it could designate those cloud services as gatekeepers via the DMA’s qualitative route. Practical consequences would include:
- Mandatory opening of technical interfaces and APIs where feasible.
- Restrictions on self‑preferencing and bundling of first‑party managed services.
- Stronger data‑access and portability obligations for business users.
- The risk of substantial fines for non‑compliance and the possibility of structural remedies in extreme cases.
This would be a novel and consequential application of DMA tools to infrastructure markets and would reshape contracting and architecture choices across Europe.
Scenario C — DMA amendments or new sectoral regulation
The horizontal probe could recommend
updates to the DMA (e.g., different thresholds or tailored obligations for infrastructure) or propose
new legislation specifically aimed at cloud and AI infrastructure. That outcome would create a longer legislative path but potentially a more precise rulebook for cloud markets.
Practical guidance for IT leaders, procurement teams and cloud customers
The next 12 months will be a critical planning window. Organizations should take pragmatic steps to reduce risk and preserve strategic options:
- Inventory critical dependencies: map workloads, managed services, and third‑party integrations tied to any single hyperscaler.
- Revisit contracts: seek better exit clauses, clearer service‑level commitments, and transparent egress pricing.
- Stress‑test multi‑cloud plans: validate portability tools and run disaster‑recovery exercises that do not rely on a single provider region.
- Engage with suppliers: ask hyperscalers for technical proof of interoperability, documented migration paths, and licensing parity for alternative deployments.
- Monitor regulatory timelines: track Commission filings, targeted data requests, and public stakeholder consultations that could change procurement rules or contract language.
These steps are practical risk management measures regardless of the investigation’s outcome.
Risks and trade‑offs: what Brussels must balance
Regulating cloud services through the DMA or similar measures involves difficult trade‑offs.
- Benefits of designation:
- Could reduce lock‑in and improve contestability, potentially lowering long‑term costs for European businesses.
- Might force improved interoperability and clearer contractual terms, benefiting SMEs and public bodies.
- Could strengthen digital sovereignty and resilience by unlocking procurement choices.
- Potential downsides:
- Technical complexity: forcing interoperability at cloud scale risks performance, security, and architectural fragility if not implemented carefully.
- Investment impacts: heavier regulatory burdens might reduce incentives for hyperscalers to invest in European data‑centre capacity or specialized AI infrastructure.
- Short‑term cost: compliance and re‑engineering work could raise costs for both providers and their customers during transition periods.
Policymakers face a classic regulator’s dilemma: strengthen contestability and resilience without unintentionally undermining the high‑performance, low‑cost model that has driven cloud adoption and AI innovation.
What to watch next: timeline and evidence gathering
- Evidence phase (now – ~12 months): the Commission will collect contractual data, pricing evidence, technical documentation, and stakeholder testimony. Companies should expect formal information requests and may file confidential submissions.
- Preliminary conclusions: if investigators find gatekeeper characteristics, the Commission can move to designation; if not, it may publish recommendations or propose DMA clarifications.
- Enforcement window: a designation triggers mandatory compliance duties and opens the enforcement regime that includes fines and possible structural remedies.
Wider strategic consequences: Europe, AI and the global cloud market
The outcome of these investigations will ripple beyond EU borders. If Brussels chooses designation or meaningful DMA amendment, other jurisdictions could follow suit or adapt similar ex‑ante rules for cloud infrastructure. That would reshape global cloud economics, procurement, and the architecture of AI stacks.
Conversely, if Brussels opts for tailored guidance or non‑legislative remedies, the path forward may be slower but less disruptive to investment signals and short‑term cloud operations. Either way, European policymakers have signalled that cloud competition, resilience, and sovereignty will be central public‑policy issues as AI demands continue to grow.
Strengths and weaknesses of the Commission’s approach
Strengths
- Uses an existing legal instrument (the DMA) to move quickly against structural risks rather than relying solely on slow, case‑by‑case antitrust litigation.
- Addresses legitimate public‑policy concerns — switching costs, systemic fragility, and strategic dependence on a few foreign providers.
- Sends a clear market signal that behavioural and technical practices enabling lock‑in will be scrutinised.
Weaknesses and risks
- The DMA framework was designed for consumer platforms, not enterprise infrastructure; adapting it to cloud markets risks mis‑aligned remedies or unintended consequences.
- Technical and operational complexity of cloud services may make prescriptive obligations hard to implement without degrading performance or security.
- Overly broad or ill‑timed regulation could deter investment in European cloud infrastructure at a moment when AI capacity is a global competitive factor.
Given those trade‑offs, the Commission’s third, horizontal probe is a prudent step: testing whether the DMA’s toolbox is fit for purpose before applying rigid gatekeeper obligations at scale.
Key numbers and verified claims (short checklist)
- The Commission announced three market investigations on 18 November 2025.
- Two company‑level probes target AWS and Microsoft Azure; the third is a horizontal DMA fitness study.
- The DMA allows fines of up to 10% of global turnover for first violations and 20% for repeated infringements.
- Independent trackers place the combined share of the top three hyperscalers at roughly 60–70% of the cloud market in Europe.
- High‑impact AWS and Azure outages in October 2025 produced widespread service disruption, illustrating systemic dependency risks.
Any claim above that lacks precise numeric uniformity (for example, exact market‑share percentages) stems from differences in methodology among market trackers; those ranges are broadly consistent across independent sources. Where precise figures matter for business decisions, organizations should consult primary market‑research reports and the Commission’s formal discovery documents as they become public.
Final assessment: what this means for the cloud landscape
Brussels’ three‑pronged move is the most consequential regulatory test to date of whether hyperscale cloud platforms will be treated as regulated gatekeepers rather than lightly‑regulated infrastructure providers. The Commission is striking a balance between the urgency of structural risks — market concentration, lock‑in, and resilience — and the technical difficulty of enforcing consumer‑style obligations in enterprise‑grade infrastructure markets.
For cloud customers and procurement teams, the pragmatic takeaway is to treat the next 12 months as a strategic planning window: harden portability plans, review contractual levers, and press vendors for technical evidence that migration and interoperability are feasible in practice.
For policymakers, the challenge will be to design remedies that actually expand contestability without undermining the performance, security, and investment model that has enabled cloud‑driven innovation and AI scale.
The outcome will shape not only European cloud policy but the global architecture of digital infrastructure for years to come.
Source: Head Topics
Amazon, Microsoft Cloud Services Could Face Tougher EU Rules