Navigation section

EU Probes AWS and Azure Under DMA Gatekeeper Rules

  • Thread Author
EU-themed poster promoting interoperability to counter self-preferencing under the DMA.
The European Commission has opened three formal market investigations into Amazon Web Services (AWS) and Microsoft Azure under the Digital Markets Act (DMA), signaling that Brussels is prepared to consider applying the DMA’s toughest obligations to large cloud providers — a move that could reshape how cloud services operate in Europe and force major changes to interoperability, procurement and competition rules.

Background​

The DMA, adopted to restrain entrenched digital gatekeepers and promote contestable markets, imposes strict obligations on designated “gatekeepers” and carries penalties of up to 10% of global annual turnover for non‑compliance. The Commission’s new inquiries ask whether AWS and Azure should be treated as gatekeeper services in the cloud sector, and whether the DMA is fit for the task of policing competition in cloud computing more broadly. This decision arrives amid growing European concern about cloud market concentration, repeated calls for digital sovereignty, and earlier regulatory probes from national authorities such as the UK’s Competition and Markets Authority (CMA), which has warned that Microsoft and Amazon control a very large share of cloud spending in the UK. The Commission has said it aims to complete the investigations within 12 months.

What the Commission is investigating — the facts, verified​

  • The Commission has launched three separate market investigations under the DMA: two to determine whether AWS and Azure qualify as gatekeeper-provided core platform services, and a third to test whether the DMA’s existing toolbox is adequate for addressing competition problems in cloud computing.
  • If cloud services are found to be gatekeeper services, the providers would be required to obey DMA obligations that include interoperability mandates and prohibitions on self‑preferencing. The regime allows fines of up to 10% of global annual turnover for breaches. These exact obligations and penalties are defined in the DMA legislation.
  • The DMA uses quantitative thresholds (such as 45 million monthly active users and 75 billion euros market capitalization) to identify gatekeepers for listed core platform services, but the Commission retains discretion to investigate whether services that do not straightforwardly meet those thresholds nonetheless merit gatekeeper treatment under the law. This investigative discretion is central to the current enquiries.
These are concrete, verifiable points: the investigations were announced by the Commission and reported by major international outlets, and the DMA text and the European Commission’s enforcement practice spell out the obligations and penalty framework.

Why cloud providers are in the spotlight now​

Market concentration and switching costs​

Cloud infrastructure is integral to modern digital services and AI workloads. AWS and Microsoft have amassed substantial market positions in infrastructure‑as‑a‑service (IaaS) and platform offerings, giving them leverage not only as suppliers of compute and storage but also as providers of increasingly sophisticated AI and platform services that rivals must interoperate with. Regulators and industry groups have argued that economies of scale, preferential pricing, and complex licensing can raise effective switching costs for customers and entrench market leaders. Recent national findings — for example the UK CMA’s inquiry — have flagged sustained returns and market power concentrated with AWS and Azure.

Strategic link between cloud and AI​

Cloud capacity underpins large‑scale AI deployments, so dominance in cloud can translate into competitive advantage in AI services. European policymakers have repeatedly stressed that cloud and AI are interdependent and that gaps in cloud competition can distort the AI market. This linkage has sharpened political urgency to examine whether DMA tools — developed when the DMA’s core platform list was defined — are still adequate for controlling new cloud‑enabled dynamics.

Policy push for digital sovereignty and supply diversification​

The Commission has signaled broader industrial policy aims — increasing EU data centre capacity, streamlining permitting, and encouraging European cloud alternatives — through initiatives such as the proposed Cloud and AI Development Act and parallel procurement efforts. Those policy goals have created pressure to ensure non‑European providers do not become de facto chokepoints for strategic digital infrastructure. While supportive of competition, many European players argue that policy should also foster a stronger indigenous cloud ecosystem for critical use cases.

What gatekeeper designation would actually mean for cloud customers and partners​

If AWS or Azure were designated as gatekeeper services for cloud, the DMA would trigger a set of powerful obligations and compliance requirements that could transform vendor behavior and market dynamics. The most consequential are:
  • Interoperability and data portability: Gatekeepers must enable technical interoperability with rivals and avoid excluding third‑party products through design or policy.
  • No self‑preferencing: Gatekeepers cannot structurally favor their own downstream services over business users or rivals.
  • Transparency and access to data: They may have to provide business users access to data and management interfaces to level the playing field.
  • Compliance reporting and audits: Designated firms are subject to ongoing reporting duties and scrutiny by the Commission.
These obligations are aimed at reducing lock‑in, enabling multi‑cloud strategies, and lowering the competitive barriers for smaller providers. However, the operational detail — the exact technical measures, timetables and compliance mechanisms in the cloud context — would have to be clarified by the Commission and could differ materially from how the DMA has been applied to consumer platforms. The DMA’s legal text provides the framework; the investigations will explore how it maps to cloud realities.

Potential business and technical impacts — strengths and risks​

Potential benefits (why many welcome scrutiny)​

  • Reduced vendor lock‑in: Interoperability mandates could simplify migration and multi‑cloud usage, giving enterprises more negotiating leverage and lowering long‑term costs.
  • Faster growth for challengers: Smaller European cloud providers and specialist vendors could find it easier to compete for critical public and private workloads.
  • Better protections for enterprise customers: Transparency and anti‑self‑preferencing rules could make cloud marketplaces and service bundling fairer.
  • Alignment with EU data‑sovereignty goals: Regulatory pressure could accelerate investments in localized data centres, resilience and European alternatives for highly sensitive workloads.

Material risks and tradeoffs (what regulators must weigh)​

  • Compliance complexity and higher costs: Implementing interoperability and compliance mechanisms across multi‑layered cloud stacks (IaaS, PaaS, SaaS) is technically complex and could increase costs, which providers might pass on to customers. Large global providers warn this could stifle innovation and raise prices. The balance between access and cost is not trivial.
  • Security and performance tradeoffs: Forced interoperability or mandated data flows could introduce security and performance risks if not designed carefully. Cloud architectures are optimized for tight integration; modifying them for open interchange may require new standards and certifications.
  • Regulatory fragmentation and trade friction: Heavy European measures could fragment global cloud markets and invite reciprocal measures elsewhere, potentially complicating multinational service delivery and procurement.
  • Unintended favoritism toward EU incumbents: If rules are too strongly framed around sovereignty or geographic criteria, they could advantage EU providers and be perceived as protectionist, undermining competitiveness and innovation. Several European industry groups have warned against measures that restrict international providers purely on geographic grounds.

How likely is gatekeeper designation — legal and practical perspective​

Designating a cloud service as a DMA gatekeeper is not automatic; the DMA was originally structured around specific core platform services (e.g., app stores, search, social networks) and uses measurable thresholds. That said, the DMA also gives the Commission market investigation powers to determine whether additional services should be treated as gatekeepers based on market realities. The current probes test whether cloud services should be added to the DMA core product list or otherwise subjected to DMA obligations. Two practical constraints matter:
  1. Thresholds and evidence: The Commission needs to demonstrate that a cloud service behaves like a gatekeeper in ways the DMA addresses — sustained market power, scale, control over important business users, and inability for rivals to compete effectively. Legislative thresholds are one input; market dynamics and switching friction are the other.
  2. Technical tailoring: The DMA’s remedies were built with consumer‑facing platform mechanics in mind. Adapting them to cloud infrastructure will require technical tailoring to avoid undermining system integrity and security. This is the subject of the third, DMA‑fitness investigation.
Overall, gatekeeper designation is plausible but not inevitable; it depends on the empirical findings the Commission compiles over the coming months.

What enterprises should be watching now — practical guidance​

  1. Review procurement and contracts: Organizations should inventory cloud dependencies, contractual lock‑in clauses, and data porting capabilities. Early audits will reduce migration risk and expose potential negotiation leverage if new rules change the balance of power.
  2. Strengthen multi‑cloud and portability planning: Evaluate realistic multi‑cloud architectures and test portability for essential workloads to avoid strategic surprises.
  3. Track regulatory timetables: The Commission has signaled a 12‑month window to conclude investigations; firms should anticipate public reports, remedial proposals, and potential compliance orders in that period.
  4. Engage in standards and technical dialogues: Businesses and cloud users can influence how interoperability is defined by participating in standards bodies and industry consortia so that mandated changes remain practical and secure.
  5. Prepare for higher compliance budgets: If obligations are imposed, expect increased legal, engineering and audit costs for major cloud providers — and, indirectly, for large enterprise customers that rely on bespoke integrations.

Political and geopolitical dimensions​

The probe carries geopolitical overtones. Washington has signalled sensitivity to European digital regulation, and U.S. political leaders and trade partners will watch closely for measures that disproportionately affect American cloud firms. The Commission must balance competition, industrial policy goals and international trade relationships while defending the EU’s regulatory autonomy. Some commentary has argued the DMA can operate like a non‑tariff trade barrier if misapplied; others view EU measures as essential to preserve competition and sovereignty in strategic digital infrastructure. The Commission’s public messaging suggests it will aim for proportionate remedies but is mindful of global repercussions.

How this fits into the EU’s broader cloud and AI strategy​

The Commission’s inquiry is only one strand of a wider push. Brussels is simultaneously planning measures to expand European data centre capacity, simplify permitting, and harmonize cloud procurement and certification — steps packaged in initiatives often referred to as the Cloud and AI Development Act and related EU cloud policy proposals. Those industrial measures are designed to grow alternative supply and resilience, complementing competition enforcement. The regulatory triangle — enforcement, industrial policy, and technical standards — is being deployed together.

Scenarios and timelines — what to expect next​

  1. Fast remedial path (12 months): The Commission closes investigations with findings that the DMA can be adapted and issues remedies or rules requiring specific interoperability and anti‑self‑preferencing measures. Gatekeeper designations would carry a statutory adaptation window for firms.
  2. Regulatory refinement path: The DMA’s fitness investigation concludes that while competition concerns exist, the DMA needs new, cloud‑specific rules or legislative clarifications. The Commission then proposes adjustments or new delegated acts, which would take longer and involve legislative processes.
  3. No designation but market pressure: The Commission decides not to label cloud services as gatekeepers but issues guidance, standards or enforcement priorities that increase transparency and encourage commercial restraint. This softer outcome would still alter market behavior via reputational and contractual channels.
Timelines: the Commission aims to conclude the current probes within about 12 months — meaning substantive announcements, interim measures, or final findings might arrive in the coming year. That timeframe aligns with the DMA’s investigative deadlines.

Critical assessment — balancing competition, security and innovation​

This is a high‑stakes regulatory moment with legitimate policy tradeoffs. On the positive side, DMA application to cloud could lower switching costs, spur competitive entry, and protect European customers from closed ecosystems. Those are tangible benefits for enterprise IT buyers and for broader market dynamism.
On the flip side, cloud systems are technically intricate: imposing consumer‑style platform remedies without nuanced technical standards risks unintended consequences for security, resilience and innovation velocity. Costs of compliance are likely to be substantial, and poorly framed rules could nudge customers away from advanced services or concentrate demand on a small number of compliant providers.
Brussels’ challenge will be to craft remedies that are both legally enforceable and technically practical. Success requires deep technical consultation with providers, customers, standards bodies and security agencies. If done well, the Commission could simultaneously open markets and raise resilience; if done poorly, it could reduce service quality and slow the adoption of cloud and AI technologies in Europe.

What vendors have said so far​

Microsoft stated it is ready to contribute to the inquiry and has been publicly expanding European datacentre capacity while offering additional European assurances and technical controls as part of its regional commitments. Amazon has cautioned that designating cloud providers as gatekeepers risks stifling invention and raising costs for businesses. Both firms emphasize investment commitments while warning against regulatory designs that ignore technical complexity and global service delivery realities. These public stances indicate the companies will engage constructively but also vigorously defend their global business models.

Conclusion — why this matters for WindowsForum readers​

For IT leaders, system architects and procurement professionals, the Commission’s probes represent more than regulatory theatre: they may change vendor negotiation leverage, influence long‑term architecture choices, and reshape where and how mission‑critical workloads run in Europe. The investigations could accelerate options for portability and multi‑cloud strategies, but they could also raise the short‑term cost and complexity of cloud projects.
Organizations should take a pragmatic posture: bolster portability planning, inventory cloud dependencies, engage with vendors on contract clauses, and track regulatory developments closely over the next 12 months. The technical community must also contribute to the policy conversation so that any new rules are implementable, secure and aligned with the performance expectations of enterprise IT.
The EU’s probes into AWS and Azure mark a pivotal chapter in the global regulation of cloud services. Whether Brussels uses the DMA to reconfigure cloud market dynamics, or opts to craft cloud‑specific remedies outside the DMA’s current scope, the outcome will set important precedents for cloud competition, procurement, and resilience across Europe — and the rest of the world.
Source: Channels Television Amazon, Microsoft Cloud Services Could Face Tougher EU Rules
Source: Legit News Amazon, Microsoft cloud services could face tougher EU rules
Source: Tuko News Amazon, Microsoft cloud services could face tougher EU rules
 

Click to expand...
The European Commission has opened a trio of market investigations into Amazon Web Services (AWS) and Microsoft Azure, testing whether hyperscale cloud platforms should be treated as “gatekeepers” under the EU’s Digital Markets Act (DMA) and whether the DMA’s toolbox is fit to police competition and resilience in cloud infrastructure — a move that could remake procurement, interoperability and AI‑era platform economics across Europe.

Two analysts monitor a DMA data gateway amid cloud and security icons.Background and overview​

Cloud computing has shifted from an efficiency play to strategic infrastructure. Today’s major public-cloud providers supply not only storage and compute, but also integrated AI stacks, managed databases, identity fabrics, and global networking that enterprises and public services treat as critical infrastructure. That concentrated role is why Brussels has placed AWS and Azure under a regulatory microscope that previously focused on consumer platforms like app stores and search engines.
Independent market trackers and national regulators have repeatedly documented that a small number of hyperscalers account for the lion’s share of cloud spending in Europe. Synergy Research Group’s regional analysis shows the top three global providers — Amazon, Microsoft and Google — now account for roughly 70% of the European cloud market, leaving European incumbents with a combined local share near 15%. Those numbers frame the Commission’s concern about concentration and the economic stakes of any regulatory intervention. The DMA, an ex‑ante rulebook for “gatekeepers,” gives the Commission a legal mechanism to impose obligations such as non‑discrimination, data‑portability, technical interoperability and bans on self‑preferencing. It also carries heavy penalties for non‑compliance. The central questions Brussels is asking now are technical and legal: do IaaS/PaaS cloud services function as gatekeeping core platform services for users and business customers, and if so, can the DMA’s metrics and remedies be sensibly mapped on to an infrastructure market with different dynamics and measurements?

What Brussels is investigating — the three probes explained​

The Commission’s action comprises three related fact‑finding strands:
  • Two focused market investigations, one for AWS and one for Microsoft Azure, to determine whether those cloud offerings perform the functional role of a DMA "gatekeeper" — i.e., whether they act as indispensable intermediaries between businesses and end users in ways that enable durable market power and exclusionary conduct.
  • A horizontal, policy‑level review that asks whether the DMA is fit for purpose in cloud markets, or whether its obligations and thresholds require adaptation to account for enterprise procurement metrics, contract value, and latency/performance constraints typical of infrastructure services.
Across those inquiries, the Commission will probe a set of concrete commercial and technical practices that regulators and market participants have repeatedly flagged:
  • Data portability and egress pricing — whether exit costs and technical friction are structured in ways that materially deter migration between providers.
  • Licensing and pricing structures — whether software licensing practices make it materially cheaper or operationally simpler to run workloads on the incumbent’s cloud than on a rival’s.
  • Self‑preferencing and bundling — whether first‑party managed services, marketplaces or consoles receive preferential treatment that disadvantages third parties.
  • Interoperability and control‑plane access — whether proprietary APIs and platform primitives make practical multi‑cloud operations infeasible or unreliable.
The Commission’s investigatory teams will gather technical evidence, contractual documents, and stakeholder testimony over the course of the probe. The public timetable given by Brussels is brisk: investigators aim to complete the inquiries within roughly 12 months, reflecting both the urgency and the complex, technical nature of the questions at stake.

Why now: concentration, AI and systemic risk​

Three converging trends explain why cloud — once treated as a commodity — has become a high‑priority enforcement target.
  • Market concentration and durable incumbency. Multiple datasets and national reviews show that AWS and Azure command very large shares of cloud spending in Europe and the UK. The UK Competition and Markets Authority (CMA) has already warned that the two firms each hold roughly 30–40% of some cloud segments, creating conditions that can sustain above‑normal returns and raise entry barriers for challengers. Those national findings helped crystallize the Commission’s action.
  • AI’s compute intensification. Generative AI and large‑scale model training require specialized hardware, tightly integrated software stacks and novel managed services. Hyperscalers now offer unique value‑added AI bundles and access to accelerators that are difficult to replicate, amplifying vendor stickiness and increasing the competitive value of cloud control. Regulators are concerned that cloud concentration will translate into strategic advantage in AI markets.
  • Operational fragility and public‑policy exposure. High‑impact outages at major cloud providers have demonstrated how a single misconfiguration or edge failure can cascade through multiple sectors. For governments weighing digital sovereignty and resilience, cloud concentration is no longer only a competition issue — it is also a matter of systemic risk. That framing makes EU policymakers politically predisposed to examine remedies that go beyond narrow pricing fixes.

What gatekeeper designation could require (and what it would mean in practice)​

If the Commission concludes that AWS or Azure should be treated as gatekeepers for certain cloud services, the DMA’s ex‑ante obligations would apply. Key practical implications could include:
  • Mandatory interoperability and open interfaces for essential cloud primitives, with technical specifications to be defined by the Commission and implementing authorities. This could force standardization or published control‑plane contracts to ease multi‑cloud portability.
  • Bans on self‑preferencing, preventing providers from structurally privileging first‑party managed services in marketplaces or service catalogs. That would change how hyperscalers surface their proprietary services and could improve commercial visibility for independent ISVs.
  • Data‑portability guarantees and egress reforms, including transparent pricing and performance obligations for migration tooling and cutover windows — measures meant to reduce the effective cost of switching.
  • Transparency, audit and reporting obligations, requiring ongoing compliance evidence and opening providers to periodic DMA audits; non‑compliance carries fines of up to 10% of global turnover, or higher for repeat breaches, under the DMA framework.
Technically, implementing these obligations in the cloud context will be challenging. Cloud control planes are performance sensitive; naive standardization could degrade latency or force costly re‑engineering. The Commission is explicitly testing whether the DMA’s consumer‑centric thresholds and remedies can be adapted for enterprise infrastructure without producing perverse technical outcomes.

How the market could change — scenarios and timelines​

Regulatory interventions of this scale rarely produce a single binary outcome. The Commission’s final package could include a mix of remedies:
  • Designate one or both providers as gatekeepers for specific cloud services, triggering full DMA obligations. That would be the most consequential outcome and could require months of technical rule‑making and compliance timetables.
  • Require targeted, market‑specific remedies without full DMA designation — for example, egress caps, enforceable migration guarantees, or non‑discrimination commitments negotiated with the providers. These would be narrower but could be quicker to implement.
  • Conclude the DMA is not the right tool for the cloud and recommend a hybrid approach: adapt existing competition law tools, combine sectoral regulation with procurement reforms, or legislate cloud/AI‑specific rules. The Commission’s third probe is explicitly testing this option.
Timelines: investigators expect to wrap the fact‑finding phase within about 12 months, after which the Commission could issue preliminary findings and propose remedies. If designation follows, compliance windows and technical deadlines would be set subsequently; past DMA cases show six‑month windows for some obligations, but cloud complexity could extend implementation periods.

Who gains and who risks losing​

  • Benefits for customers and challengers:
  • Reduced switching costs and clearer portability would improve negotiating leverage for enterprises and public sector buyers.
  • Interoperability could lower the barrier for specialist and regional cloud providers to compete for critical workloads.
  • Increased contestability could spur innovation among independent ISVs and multi‑cloud tools.
  • Risks and downsides:
  • Technical fragmentation: poorly designed obligations could force differentiated stacks into weaker common denominators, potentially harming performance for latency‑sensitive or AI workloads.
  • Investment chill: the most credible regulatory threat would be a potential dampening of hyperscaler capital expenditure in the EU if compliance uncertainty affects returns on new data‑centre projects.
  • Compliance complexity and higher prices: compliance costs often get passed to customers, at least in transition. Industry groups have warned that top‑down requirements could favor very large incumbents who can internalize regulatory costs.
The balance of these effects will depend on the technical design of remedies and the Commission’s ability to sequence intervention to avoid sudden disruption.

The legal and technical hurdles: why applying the DMA to cloud is hard​

The DMA was drafted around consumer‑facing metrics — monthly active users, ad‑driven intermediaries and marketplaces — not enterprise contract values, capacity quotas or performance SLAs. Mapping DMA thresholds to cloud therefore raises methodological problems:
  • What counts as an “active user” or “end user” for a multi‑tenant cloud platform? Is it business customers, virtual machine instances, or downstream end users of hosted services?
  • How do you define the set of “core platform services” inside a sprawling cloud suite that includes IaaS, PaaS, managed AI stacks, and marketplaces for third‑party software?
  • Technical standardization of APIs and control planes must preserve performance, security and operational semantics; heavy-handed requirements risk creating brittle cross‑vendor layers or exposing sensitive operational internals.
These complications explain why the Commission included a third, horizontal probe: regulators want to avoid regulatory misfires that increase risk without delivering competition gains.

Verifiable numbers — what we can say with confidence (and what needs caution)​

  • Strong evidence supports the statement that U.S. hyperscalers dominate the European cloud market: independent Synergy Research Group data shows Amazon, Microsoft and Google together account for about 70% of the European market, with local European providers holding roughly 15% of regional revenue. That market concentration underpins the Commission’s move.
  • National regulators’ findings are aligned with the EU action: the UK CMA’s provisional review found Microsoft and AWS each account for a substantial share (roughly 30–40%) of the UK cloud market and recommended further investigation under the UK’s equivalent rules. These national findings factored into Brussels’ calculus.
  • The Commission aims to conclude the investigations within around 12 months; this is the public schedule given at the probe’s opening. Timing may vary with technical complexity and legal process.
Caveat and caution: market‑size forecasts and headline projections differ across analysts. Various forecasts place the global cloud market in a broad range over the next three years, and single projections (such as a figure sometimes cited in market roundups) should be cross‑checked to the originating analyst or research report before being relied upon for budgetary decisions. Where precise dollar‑value forecasts are cited in press summaries, they often reflect differing definitions (public cloud services vs. whole cloud ecosystem vs. infrastructure only) and time horizons; treat them as directional rather than exact.

Practical guidance for IT and procurement leaders (six immediate steps)​

  • Map vendor lock‑in exposure. Catalog which workloads, managed services and data flows rely on provider‑specific features and estimate migration costs (technical and contractual).
  • Strengthen exit clauses and migration SLAs in new contracts. Where possible, negotiate audit rights, migration assistance, and cost certainty for data transfers.
  • Prioritize portability for strategic workloads. Consider containerization, standardized storage formats, and abstraction layers that reduce dependence on managed primitives that are hard to replicate.
  • Rehearse failover. Implement and test cross‑cloud disaster recovery and failover plans for critical systems — outages at a single provider can cascade across services.
  • Engage with procurement and legal teams on sovereign and compliance requirements. Public buyers should articulate resilience and data‑sovereignty criteria explicitly in procurement documents.
  • Watch the probes and respond. Participate in industry consultations, reply to regulator questionnaires if solicited, and track Commission technical annexes and non‑confidential decisions that will clarify the legal and technical yardsticks.

Political and industrial dynamics to watch​

  • Coordination across jurisdictions: the UK CMA’s parallel work and the Commission’s probes increase the chances of coordinated remedies — or divergent, jurisdiction‑specific requirements that raise compliance complexity.
  • Industry lobbying and standardization: industry groups have already advocated for regulatory approaches (for example on cybersecurity certification or the EU Cloud Security Scheme), a reminder that technical standards and certification regimes will be a pressure point in the months ahead. Expect active lobbying on both sides of the Atlantic.
  • Supplier responses: hyperscalers historically respond to regulatory pressure with a mix of legal challenges, technical changes, and negotiated commitments. Microsoft has previously settled certain EU concerns, and AWS has argued that competition remains robust; both firms are likely to engage constructively while defending investment signals.

Conclusion — a watershed moment with complex trade‑offs​

Brussels’ decision to apply the DMA’s investigative machinery to AWS and Azure is a watershed for cloud policy in Europe. The probes acknowledge a hard truth: cloud infrastructure is no longer a fungible commodity but strategic backbone for AI, public services and economic sovereignty. If regulators press forward with designations or binding remedies, the consequences will be broad — from how enterprises contract for cloud, to which firms can viably challenge the hyperscalers, to the technical architectures that underpin AI services.
Yet the path ahead is technically and legally fraught. Mapping DMA obligations to infrastructure semantics, defining actionable interoperability rules without undermining performance, and sequencing remedies to avoid unintended investment or resilience effects will demand precise, expert rule‑making. For customers and IT leaders the immediate task is clear: inventory exposure, harden migration options, and engage with regulators and industry groups as the probes unfold. The winners in this debate will be the jurisdictions and firms that blend careful technical design with enforceable, pragmatic competition remedies that preserve dynamism without breaking the cloud.
This regulatory chapter will not close quickly; expect intense technical submissions, public‑private consultations, and a protracted debate about the right balance between contestability, sovereignty and continued investment in cloud infrastructure. The Commission’s probes mark the beginning of that debate at scale — and the outcome will shape Europe’s cloud and AI landscape for years to come.
Source: Finimize https://finimize.com/content/amazon-and-microsoft-face-scrutiny-over-cloud-dominance-in-europe/
 

The European Commission has opened formal market investigations into the cloud businesses of Amazon Web Services (AWS) and Microsoft Azure to determine whether those services should be treated as regulated “gatekeepers” under the EU’s Digital Markets Act (DMA), and it has launched a separate, horizontal review of whether the DMA’s toolbox is fit to govern cloud infrastructure — a move that could reshape procurement, interoperability, vendor lock‑in, and the economics of AI deployments across Europe.

EU's Digital Markets Act opens the gate to cloud markets like AWS and Azure.Background / Overview​

The Digital Markets Act is an ex‑ante regulatory framework crafted to impose mandatory obligations on dominant digital platforms deemed “gatekeepers.” These obligations include non‑discrimination, data portability, interoperability, and outright bans on certain forms of self‑preferencing, backed by fines that can reach up to 10% of global annual turnover for a first infringement. The DMA was designed around consumer‑facing services — search engines, app stores, social networks — but it also lists cloud infrastructure as a potential domain for gatekeeper rules. Brussels’ new step comprises three linked inquiries: two company‑specific market investigations (one for AWS and one for Azure) testing whether those cloud offerings perform the functional role of a gatekeeper, and a third, horizontal probe to assess the DMA’s adaptability to cloud markets. The Commission has set an accelerated fact‑finding timetable and aims to conclude the inquiries within roughly 12 months.

Why cloud, and why now?​

Cloud computing has evolved into strategic infrastructure that powers retail, banking, public services, media, telecoms and the compute‑intensive workloads behind generative AI. A small number of hyperscalers — chiefly AWS, Microsoft Azure and Google Cloud — now capture a dominant share of public cloud spend in many markets. That concentration has long worried regulators because it raises the risk of durable market power, vendor lock‑in, and systemic fragility when outages occur. Three proximate factors have accelerated Brussels’ intervention:
  • Market concentration and switching friction. Independent market trackers and national authorities have repeatedly shown that the top three providers control a substantial portion of cloud spending, and inquiries have flagged egress fees, proprietary APIs and bundled managed services as friction points that materially deter customer migration.
  • Operational outages with cascading impact. High‑profile outages at major providers this year exposed how failures in DNS, control planes or edge fabrics can cascade across hundreds of downstream services — a concrete resilience argument that complements competition concerns.
  • The AI accelerator effect. Large‑scale AI training and inference require specialized hardware and tightly integrated software stacks. When hyperscalers offer unique, managed AI stacks and access to accelerators, the value of being the host platform increases and so does the cost of switching — a market dynamic that could entrench advantage in both cloud and AI markets.
These converging trends frame Brussels’ assessment: is cloud simply a competitive infrastructure market regulated by standard competition tools, or does it function as a set of essential gateways to customers and end users in ways that justify DMA’s ex‑ante duties?

What the Commission is investigating — the technical and legal axes​

The Commission’s inquiries are both practical and doctrinal. They will assess a set of specific commercial and technical factors that regulators have flagged as potential channels of gatekeeper power.

Gatekeeper functional test for cloud​

The DMA uses quantitative thresholds (for example, measures of active users and EU turnover) to identify likely gatekeepers, but it also allows the Commission to designate services as gatekeepers after market investigations even if numeric thresholds don’t map neatly onto a service like IaaS or managed PaaS. Investigators will therefore apply both market‑structure evidence and a qualitative assessment of whether AWS or Azure act as indispensable intermediaries between businesses and consumers.

Switching costs, egress charges and portability​

A central technical question is whether egress fees, slow or lossy migration tooling, and data‑format lock‑in materially raise the cost of moving workloads between providers. Brussels will seek contractual documents and technical evidence — migration success rates, latency and performance differences, and the real‑world interoperability of APIs and control planes — to measure whether switching friction is structural or ephemeral. Regulators have specifically highlighted exit costs and proprietary control‑plane primitives as key risk vectors.

Self‑preferencing, bundling and licensing​

The Commission will examine whether hyperscalers give preferential treatment to their own managed services, marketplaces, or integrated software stacks — for example, by making it cheaper or more performant to run Microsoft workloads on Azure than on rival clouds. Licensing structures (including software licensing that embeds cloud‑specific discounts) and marketplace placement bias are on the list of conduct to be scrutinized.

Interoperability and technical feasibility​

A horizontal question — and perhaps the most technically fraught — is what meaningful interoperability would look like for cloud. Would the Commission demand standardized control‑plane interfaces, published SLAs for equivalent APIs, or open implementations of critical primitives? Translating consumer‑oriented DMA obligations into the low‑latency, high‑throughput world of infrastructure is legally possible but technically delicate and might require finely tuned remedies.

How likely is gatekeeper designation — legal and practical constraints​

Designating AWS or Azure as gatekeepers is not automatic. The DMA’s original thresholds rely on user counts and market capitalization metrics that fit consumer platforms better than enterprise infrastructure contracts. The Commission has discretion, but it will need robust, market‑wide evidence showing that a cloud service functionally behaves like a gatekeeper: controlling access between a large set of business customers and end users in a way that enables exclusionary conduct.
Two legal/practical constraints are significant:
  • Measurement mismatch. Mapping “active users” to cloud capacity or contract volumes is non‑trivial. The DMA was drafted around end‑user metrics; cloud markets are measured in contract value, compute hours, and infrastructure metrics. The Commission’s horizontal probe is explicitly meant to resolve these mapping challenges.
  • Technical trade‑offs. Some remedies that reduce lock‑in — e.g., forcing open or standard control planes — could undermine competitive differentiation, raise engineering costs, or affect security and performance guarantees that customers rely on. Regulators must balance contestability against the scale economics that finance data‑center investment and high‑assurance services.
Given those constraints, the outcome could range from narrower, behaviour‑focused interventions (targeting egress pricing or marketplace bias) to broader obligations embedded in the DMA or a sector‑specific addendum that codifies cloud‑appropriate standards.

What gatekeeper obligations would practically mean for cloud providers and customers​

If the Commission concludes that a cloud service should be designated a gatekeeper, several DMA obligations could be applied or adapted to cloud:
  • Non‑discrimination: equal commercial and technical treatment for first‑party and third‑party services running on a gatekeeper cloud.
  • Interoperability mandates: technical requirements to allow migration or multi‑cloud orchestration without performance degradation.
  • Data portability: enforceable standards for migrating data, metadata and configurations with predictable costs and timelines.
  • Bans on self‑preferencing: forbidding preferential placement, pricing or performance enhancements for the provider’s own marketplace offerings or managed services.
The penalty framework would be meaningful; the DMA allows fines up to 10% of worldwide turnover for initial breaches, and higher penalties for repeated failures. These are powerful levers that could change contract negotiation dynamics and procurement practices across Europe.

Business and technical implications — benefits and risks​

Potential benefits​

  • Reduced vendor lock‑in: clearer portability rules and enforced interoperability could make multicloud strategies more practical and lower switching costs.
  • Stronger bargaining power for customers: procurement teams could leverage new regulatory backstops to negotiate better exit terms and performance guarantees.
  • Resilience improvements: standardization and mandated failover capabilities could reduce single‑provider systemic risk for critical sectors.
  • Healthier competition for cloud‑adjacent services: non‑discrimination rules could open marketplaces and managed service layers to more independent ISVs and specialised cloud vendors.

Potential risks and costs​

  • Higher operational complexity: implementing generic interoperability layers could create performance overheads or security surface area that providers must manage.
  • Investment disincentives: regulatory obligations that constrain product differentiation might reduce incentives for hyperscalers to invest in cutting‑edge infrastructure or specialized accelerators.
  • Regulatory overreach vs. technical feasibility: poorly scoped mandates could produce brittle standards or unintended consequences (e.g., weakening SLAs or increasing prices for small businesses).
  • Compliance costs passed to customers: cloud providers warn that the cost of compliance could be passed through, raising cloud prices for European customers. AWS and Microsoft have both signalled concerns about heavy‑handed designation raising costs or stifling innovation.
The critical policy challenge for Brussels is to craft remedies that deliver contestability and resilience without crippling the investment model that funds secure, high‑performance cloud infrastructure.

What regulators and industry have already said​

Microsoft has publicly indicated it will cooperate with the Commission’s market inquiry, stressing that Europe’s cloud sector is “innovative and highly competitive.” Amazon Web Services warned that designating cloud providers as gatekeepers could risk stifling innovation and raise costs for European companies, arguing the market remains dynamic with lots of choice. These statements underscore the predictable public stances: hyperscalers emphasise competition and innovation, while regulators highlight systemic risk and concentration. National regulators and independent trackers have already provided evidence that feeds into Brussels’ calculus. The UK Competition and Markets Authority (CMA) produced provisional findings showing that Microsoft and Amazon account for substantial shares of cloud spend in the UK and flagged switching costs — such as egress fees and licensing arrangements — as structural barriers to movement between providers. Those national findings created a regulatory precedent and a data foundation for Brussels’ broader probe.

How customers should prepare — practical, vendor‑agnostic steps​

Organisations that depend on public cloud should treat the next 12 months as a critical planning window. Pragmatic actions to reduce regulatory and operational risk include:
  • Map cloud dependencies. Create an inventory of which services and features (managed databases, identity providers, edge functions, model hosting) are running on which cloud providers and which ones are single‑vendor.
  • Assess portability realistically. Run time‑boxed migration and export trials for representative workloads to measure the real cost and technical friction of moving off a provider.
  • Tighten contractual exit and egress terms. Negotiate clear, testable exit SLAs and data export requirements with cloud vendors before committing major workloads.
  • Adopt multicloud design patterns selectively. Use multicloud for resilience‑critical workloads where the economics and complexity justify it; pick single‑cloud for workloads that require deep vendor integrations.
  • Demand technical artefacts. Require vendors to provide verifiable portability scripts, published performance baselines for exported workloads, and third‑party audit reports where available.
  • Engage in regulatory consultations. Large enterprise customers and industry associations can help shape evidence submitted to Brussels, ensuring remedies are technically feasible and proportionate.
These steps help organisations hedge regulatory uncertainty while improving resilience and negotiating leverage.

Scenarios and likely timelines​

The Commission has signalled an aim to complete the investigations within approximately one year. The likely scenarios range from:
  • Narrow remedies or findings: Commission finds specific conduct that violates competition law or the DMA framework and orders conduct remedies (e.g., limits on preferential marketplace treatment).
  • DMA designation for specific cloud services: Commission designates particular cloud offerings for gatekeeper obligations and then defines tailored remedies through implementing acts or consultations.
  • Policy re‑tooling: horizontal probe concludes the DMA needs targeted technical adaptation for cloud (e.g., new measurement rules or sector‑specific obligations) rather than immediate, wholesale designation.
  • Mixed outcomes: combination of company‑level remedies plus a legislative or delegated‑act route to refine DMA application to cloud.
Even under the most aggressive scenario (designation and DMA obligations), change will be phased: technical specifications and compliance roadmaps will be subject to consultation and technical working groups before enforcement escalates to fines. This provides time for industry and customers to adapt, but it also creates regulatory uncertainty that will shape procurement and architectural decisions over the next 12–24 months.

Critical analysis — strengths of the EU approach and practical risks​

Strengths​

  • Proactive system‑level thinking. The Commission is right to treat cloud concentration as more than a narrow competition issue. Cloud infrastructure is the backbone of modern digital services; addressing systemic concentration anticipates resilience and sovereignty risks before they cascade.
  • Use of an ex‑ante tool. The DMA is designed to act before harms fully crystallise, which is an advantage over case‑by‑case ex‑post antitrust enforcement that can be slow and piecemeal.
  • Policy coherence. By combining company probes with a horizontal study, Brussels is attempting to align legal design with technical reality rather than forcing an immediate one‑size‑fits‑all remedy.

Risks and trade‑offs​

  • Technical overreach. The DMA’s original architecture was not tailored to the real‑time control planes, performance constraints, and hardware‑accelerator economics of cloud. Poorly designed obligations could harm performance, security, or investment incentives.
  • Regulatory uncertainty. Multinational procurement and cloud‑dependant businesses face near‑term uncertainty that can stall migration or investment decisions, with knock‑on effects for European cloud adoption and AI projects.
  • Political friction. The move adds to transatlantic regulatory tension and could trigger defensive responses in the U.S., complicating international cooperation on standards and data flows.
  • Incomplete remedies. There is a real risk that remedies will focus on visible conduct (e.g., marketplace placement) but miss more technical lock‑in mechanisms embedded in APIs, runtime behaviour, and accelerator access.
In short, the Commission’s probe is defensible and necessary from a public‑policy perspective, but its effectiveness will depend on the regulators’ ability to craft technically precise and economically proportionate remedies.

Bottom line: what this means for Windows engineers, IT leaders and the cloud ecosystem​

The EU’s market investigations put cloud governance at the centre of competition, resilience, and digital‑sovereignty policy. For Windows administrators, platform architects and IT procurement teams, the concrete takeaways are:
  • Treat portability and exit planning as first‑class procurement questions, not an afterthought.
  • Validate vendor claims with time‑boxed migration tests and insist on contractual remedies that reflect real migration costs.
  • Balance the economics of single‑cloud vs. multicloud with a clear understanding of resilience needs and integration trade‑offs.
  • Follow the Commission’s consultations and national regulator outputs: they will define the technical contours of any future obligations and present opportunities to shape workable standards.
The coming 12 months are likely to reshuffle the regulatory and commercial landscape for cloud in Europe. The Commission’s move acknowledges that cloud is no longer merely a supplier choice — it is policy‑level infrastructure with strategic, economic and security implications. The challenge ahead will be designing rules that increase contestability and resilience without unduly damaging the performance and investment model that powers modern cloud services.
The Commission’s investigations mark a decisive moment for cloud governance: if the DMA is adapted to cloud, European IT organizations will gain stronger protections against lock‑in and self‑preferencing, but they may also face higher complexity and shifting vendor economics. The outcome will matter not just for AWS and Azure, but for how governments and businesses architect, procure and secure the cloud‑native systems that underpin the next wave of digital services.
Source: abcnews.go.com https://abcnews.go.com/Technology/w...ft-cloud-businesses-extra-scrutiny-127625617/
 

The European Commission has opened a trio of formal market investigations into Amazon Web Services (AWS) and Microsoft Azure — two focused probes to test whether those cloud offerings should be designated as gatekeepers under the EU’s Digital Markets Act (DMA), plus a third, horizontal inquiry to determine whether the DMA’s rules are fit for policing competition and resilience in cloud infrastructure.

Neon gatekeeper security lock guarding cloud APIs with circuits, EU stars and scales in the background.Background​

Cloud computing is no longer an IT convenience; it has become strategic infrastructure for governments, finance, healthcare and large-scale AI. A small set of hyperscale providers — primarily AWS, Microsoft Azure and Google Cloud — now deliver the bulk of public cloud capacity and managed platform services in Europe. That concentration has prompted regulators to ask whether cloud providers can act as indispensable intermediaries between business users and end customers in ways that raise switching costs, favour first‑party services, and lock customers into single ecosystems. The Commission says it wants to conclude the three probes within roughly 12 months. That timetable is ambitious but consistent with the DMA’s expectation that market investigations and designation decisions be handled with relative urgency.

Overview: What Brussels has launched and why it matters​

The three investigations, in plain language​

  • Two company‑specific market investigations: one into Amazon Web Services (AWS) and one into Microsoft Azure. Each probe will test whether that cloud service functions as a DMA “core platform service” that should be designated a gatekeeper.
  • One horizontal (sectoral) investigation: a meta‑level review that asks whether the DMA’s existing toolkit — designed largely for consumer‑facing platforms — can be sensibly applied to enterprise cloud markets or whether new/adapted measures are needed.

Why this is consequential​

If Brussels designates AWS or Azure (or both) as gatekeepers for specific cloud services, the DMA’s ex‑ante obligations and enforcement powers would apply. That could include binding duties on interoperability, non‑discrimination, data portability and explicit bans on self‑preferencing, backed by penalties that scale into double‑digit percentages of global turnover for serious breaches. For customers and competitors, gatekeeper status could reshape commercial terms, technical interfaces, procurement rules and the economics of multi‑cloud strategies across Europe.

The legal frame: what the DMA requires and how it could map to cloud​

Gatekeeper basics (verified)​

The DMA creates a presumption of “gatekeeper” status for firms providing a listed core platform service when three cumulative criteria are met: significant size in the internal market, an important intermediation role, and an entrenched/durable position. The DMA’s quantitative thresholds commonly cited are:
  • Annual EU turnover of at least €7.5 billion in each of the last three financial years, or an average market capitalisation of at least €75 billion;
  • At least 45 million monthly end users in the EU and more than 10,000 annual business users in the EU (the metrics are calibrated to consumer/business‑facing platforms).
These numeric thresholds are publicly codified in the DMA; importantly, the Commission retains discretion to designate a service as a gatekeeper following a market investigation even where numeric thresholds are not straightforwardly applicable — a central legal point for cloud, where monthly active consumer user counts are not the natural metric.

Fines and enforcement (verified)​

Gatekeepers face sanctions for confirmed DMA breaches of up to 10% of global annual turnover, and up to 20% for repeat infringements. Beyond fines, the Commission can impose behavioural or structural remedies, including divestment requirements or acquisition controls in extreme cases.

What regulators will examine — the meat of the probes​

Brussels has signalled that investigators will examine both structural market indicators and specific practices that can create or reinforce vendor lock‑in. The main lines of inquiry are:
  • Data portability and egress fees — whether exit costs and technical friction are structured to deter migration between providers, including the practicality and performance of migration tools.
  • Licensing and pricing structures — whether commercial licensing (for example of operating systems or database engines) or differential pricing makes it materially cheaper to run workloads on the incumbent’s cloud than on rivals’ clouds. The UK CMA has previously flagged Microsoft licensing differentials as a competition concern, which influenced EU interest.
  • Self‑preferencing and bundling — whether hyperscalers advantage their own managed services, marketplaces, or feature sets in ways that disadvantage independent ISVs or alternative infrastructure providers.
  • Interoperability and API access — the availability of open or standard control‑plane interfaces, and whether proprietary APIs make multi‑cloud operations impractical or unreliable.
  • Operational concentration and systemic risk — how a small number of providers create resilience risks for public services and critical sectors when outages occur. Recent high‑impact outages and recovery incidents are part of the factual backdrop.
These are technical, evidence‑driven questions: the Commission will gather contractual documents, technical specifications, customer testimonies and performance data. The scope of the horizontal probe — whether the DMA must be tailored or supplemented for cloud markets — is equally consequential and procedural.

Industry context and competing narratives​

What the companies have said​

  • Microsoft has publicly said it is ready to cooperate with the inquiry. This aligns with the company’s repeated position that cloud markets are dynamic and competitive.
  • Amazon (AWS) warned in early commentary that designating cloud providers as gatekeepers could stifle innovation and raise costs for European companies, framing the risk of ill‑fitting regulation for an investment‑heavy sector.

What other regulators and analysts have found​

The UK Competition and Markets Authority (CMA) has previously concluded that Microsoft and Amazon each hold substantial shares of some cloud market segments and pointed to egress fees, licensing differentials and switching frictions as sources of competitive concern. Independent market trackers show the top three providers (AWS, Azure, Google Cloud) capturing a large share — in many estimates roughly two‑thirds to 70% — of public cloud spending in Europe. Those prior findings have set the stage for Brussels’ present action.

Political and geopolitical currents​

The probes arrive amid broader debate about digital sovereignty, cloud capacity on European soil, and how cloud concentration intersects with strategic AI capabilities. Some coverage has framed the move as part of transatlantic tensions over regulation of US tech firms; that framing appears in several media reports but is politically charged and should be read alongside formal Commission statements rather than taken as dispositive on motive. Where press accounts reference political actors or external lobbying, those claims vary in sourcing and should be treated with caution unless corroborated by public documents.

Technical implications for engineers and procurement teams​

If the DMA’s gatekeeper obligations are applied to cloud services, the following technical and contractual areas may be affected:
  • Mandatory published interfaces or standards for control‑plane operations, service discovery and identity federation to improve portability.
  • Enforcement of data export guarantees and limits on exit charges, which would alter TCO calculations for long‑term workloads.
  • Prohibitions on discriminatory placement, pricing or performance that benefit first‑party managed services — forcing hyperscalers to ensure fair treatment of third‑party ISVs in marketplaces and APIs.
  • New auditing and compliance burdens on providers to show they are not favouring in‑house services — which could increase vendor compliance costs and change contractual SLA language.
For enterprise architects, the likely near‑term effect is a renewed focus on workload portability, contractual exit terms and multi‑cloud design patterns that minimize business disruption if a provider’s commercial or technical terms change.

Benefits and risks of applying the DMA to cloud (critical analysis)​

Potential benefits​

  • Reduced vendor lock‑in: enforceable portability, clearer egress rules and non‑discrimination could lower switching costs and encourage competition.
  • Fairer terms for ISVs and customers: non‑preferential treatment in marketplaces and managed services could level the playing field for smaller cloud‑native vendors.
  • Resilience and public‑policy gains: explicit attention to systemic risk and interdependence could improve contingency planning for critical services.

Real and material risks​

  • Technical mismatch risk: the DMA’s numeric thresholds and consumer‑oriented metrics do not map neatly to enterprise cloud markets. The horizontal probe exists because applying consumer rules to infrastructure risks creating legal and technical mismatches that produce unintended consequences.
  • Investment cost externalities: hyperscale cloud providers justify massive data‑centre and specialized hardware investments with scale economics. Over‑prescriptive interoperability or price controls — if poorly designed — could undermine returns on those investments and slow capital deployment for next‑generation compute capacity. This is the argument AWS has raised publicly.
  • Fragmentation and compliance overhead: bespoke EU technical mandates that differ from global standards could fragment engineering practices and drive up compliance costs for both providers and customers.

Balance is the challenge​

Regulators must thread a narrow path: design targeted, technical remedies for demonstrable frictions (egress, discriminatory licensing, opaque marketplaces) while preserving the incentives that support large‑scale security and innovation. That is fundamentally a technical policy design problem as much as a legal one.

Practical checklist for customers and SMBs (actionable steps)​

  • Map cloud dependencies: list critical workloads, third‑party managed services, and single‑vendor choke points.
  • Review contract exit clauses: quantify egress costs, data export SLAs and retention windows.
  • Prioritize portability: where feasible, use containers, open storage formats and abstraction layers to reduce migration costs.
  • Document vendor lock‑in risk for procurement: include switching‑cost scenarios in TCO models and board briefings.
  • Monitor regulatory developments: the Commission’s market notices and stakeholder consultations will define the evidence and standards used in any remedies.

Timeline, process and what to expect next​

  • The Commission aims to conclude the market investigations within approximately 12 months. During that period expect: evidence requests, stakeholder submissions, possible technical workshops and confidential market hearings.
  • The Commission can designate services as gatekeepers on the basis of market investigations even if consumer‑facing numeric thresholds are imperfectly applicable; any designation would be followed by an obligation period and enforcement monitoring.
  • Parallel national regulators (for example the UK CMA) may pursue their own remedies or referrals; the regulatory landscape for cloud is now multi‑jurisdictional and will require global commercial strategies.

What is verifiable — and what remains open​

Verified facts:
  • The Commission has opened two market investigations into AWS and Azure and a third horizontal study to test the DMA’s fitness for the cloud sector.
  • The DMA’s gatekeeper thresholds and penalty regime (including the 45 million user / €75 billion metrics and fines up to 10–20% of global turnover) are public law and have been applied in recent DMA enforcement actions.
  • National regulators (notably the UK CMA) and independent market trackers have documented high concentration in cloud markets and raised concerns about switching friction.
Open questions and cautionary notes:
  • Whether a cloud offering meets the DMA’s legal test for a gatekeeper will be a fact‑intensive, service‑by‑service determination that depends on enterprise metrics and contractual evidence — not a foregone conclusion. The Commission’s horizontal probe exists precisely because of these mapping challenges.
  • Media accounts that tie the probe to specific geopolitical pressure or to particular political actors should be treated as contextual — such assertions vary in sourcing and are not the Commission’s stated rationale. Where coverage relies on anonymous briefings, corroboration with formal Commission notices will be essential.

Final assessment: strategic implications for the cloud ecosystem​

Brussels’ decision to probe AWS and Azure under the DMA is a structural turn in digital market policy: it moves the conversation from consumer‑platform conduct to the governance of critical digital infrastructure. If the Commission concludes gatekeeper duties apply to certain cloud services, expect a sequence of technical mandates and commercial changes that will:
  • Raise the bar for portability and transparency in cloud contracts;
  • Force hyperscalers to codify access and non‑discrimination guarantees for third parties; and
  • Create a new regulatory overlay that global providers must manage alongside national competition law.
At the same time, poorly designed or overly rigid interventions risk slowing investment in specialized compute and fragmenting standards — a real trade‑off regulators must navigate. The next 12 months will be decisive: the Commission’s evidence record, technical consultations and the legal framing it adopts will determine whether the DMA becomes a practical tool to increase cloud contestability, or whether Europe opts for a hybrid path of targeted sectoral remedies and standard‑setting.
For anyone running production workloads, the near‑term playbook is straightforward: treat this as a material market risk, harden portability and contingency plans, and track the Commission’s technical consultations closely. The probes will not only test the legal theory — they will force the industry to translate legal obligations into interoperable, auditable technical realities.
The Commission’s move is an inflection point for cloud competition policy: it asks whether the DMA’s ex‑ante regime, originally conceived for consumer platforms, can be sensibly adapted to infrastructure markets that underpin Europe’s digital economy and its emerging AI ambitions. The answers will shape procurement, product roadmaps and the technical architecture of cloud services for years to come.
Source: RTE.ie https://amp.rte.ie/amp/1544582/
 

The European Commission has launched a set of high‑stakes market investigations that put Amazon Web Services (AWS) and Microsoft Azure squarely under the Digital Markets Act (DMA) microscope, testing whether the two hyperscalers should be regulated as DMA “gatekeepers” for cloud computing and whether the DMA’s toolkit is fit for policing infrastructure markets that underpin Europe’s digital economy.

A futuristic courthouse under cloud networks and glowing circuits with EU stars.Background / Overview​

Cloud infrastructure no longer sits at the margins of digital policy: it is the strategic layer that runs banks, electoral systems, emergency services, national administration and the compute farms that train large‑scale AI models. The Commission’s announcement on 18 November 2025 opens three parallel inquiries — two company‑level market investigations (one for AWS, one for Microsoft Azure) and a horizontal sectoral review of whether the DMA, which was drafted for consumer‑facing platforms, is appropriate to address cloud‑specific competition and resilience concerns. The DMA creates a fast, prescriptive ex‑ante regime that can impose obligations such as non‑discrimination, data portability, technical interoperability, and bans on self‑preferencing, backed by substantial fines for breaches. But those obligations were designed with search engines, app stores and social networks in mind; applying them to Infrastructure‑as‑a‑Service (IaaS) and Platform‑as‑a‑Service (PaaS) raises complex technical and measurement questions that Brussels now intends to resolve through evidence gathering and legal analysis.

What Brussels is investigating​

Three coordinated probes, three legal questions​

  • Two focused market investigations — one into AWS and one into Microsoft Azure — to determine whether specific cloud offerings operate as “important gateways” between businesses and consumers in practice, even where the DMA’s numeric thresholds for gatekeeper designation may not be met.
  • A horizontal, sectoral review to assess whether the DMA’s obligations and remedies can be sensibly applied to cloud markets or whether tailored rules, guidance or delegated acts are needed to tackle cloud‑specific frictions like egress fees, proprietary control‑plane primitives and licensing differentials.

Core themes the Commission will probe​

Investigators will gather contractual records, technical documentation, migration tooling metrics, and testimony from customers, rivals and independent experts to evaluate concrete practices, including:
  • Switching costs and lock‑in — egress fees, proprietary formats, custom service extensions and migration complexity that raise real operational and economic barriers to switching providers.
  • Self‑preferencing and bundling — whether first‑party managed services, marketplaces, or bundled licensing distort competition or disadvantage independent software vendors (ISVs).
  • Interoperability and portability — the real‑world availability and performance of APIs, standards and migration tools for latency‑sensitive workloads and AI pipelines.
  • Resilience and systemic risk — how concentrated dependence on a few providers amplifies cascading outages and public‑service vulnerabilities.
These are not hypothetical questions: national regulators, particularly the UK’s Competition and Markets Authority (CMA), have already documented concentration and switching frictions, and Brussels explicitly points to recent high‑profile outages and the rise of AI workloads as proximate drivers behind the action. The CMA’s provisional findings earlier in 2025 signalled that Microsoft and Amazon account for a large share of UK cloud spend and highlighted licensing and egress practices as potential sources of foreclosure.

Why now: concentration, outages and AI​

Market concentration is the common thread​

Independent market trackers and national authority inquiries consistently show a highly concentrated European cloud market: AWS and Microsoft (with Google Cloud trailing) capture a substantial share of enterprise IaaS/PaaS spend in many jurisdictions. The CMA estimated each of the two largest providers can occupy roughly 30–40% of UK customer spend in specific segments — figures that Brussels has used as part of the evidence basis for the current DMA inquiries. These concentration levels are important because scale advantages in cloud are self‑reinforcing: larger providers attract more third‑party tooling, ISV integrations and enterprise customers, which in turn raises switching costs for clients. Flag on precision: market‑share figures vary by methodology (IaaS/PaaS revenue, number of enterprise contracts, region‑specific spend) and should be treated as indicative rather than exact. Different datasets produce different levels of concentration; the Commission will examine multiple metrics.

Resilience after outages: real‑world shock drivers​

Over the past year regulators and national authorities have been jolted by widely reported outages at hyperscalers that cascaded across sectors — from streaming and retail to airline check‑ins and parliamentary voting systems — revealing the practical consequences of concentration and single‑provider dependencies. Regulators argue these incidents convert what may have been an ordinary competition concern into a systemic resilience problem for the public interest. Brussels explicitly cites outages as one of the reasons for accelerated scrutiny.

The AI accelerant: compute stickiness and specialization​

Generative AI workloads intensify demand for specialized accelerators (GPUs, TPUs), managed model services, and high‑performance data pipelines. Hyperscalers offer integrated AI stacks and exclusive access to large‑scale accelerators that are costly and time‑consuming to replicate. That creates another layer of technical lock‑in: porting a production AI workload to a different provider is not just a question of copying files but of re‑training pipelines, tuning performance and rearchitecting orchestration. Regulators are concerned that cloud concentration could translate directly into AI market dominance if left unchecked.

Legal mechanics: DMA, gatekeepers and the qualitative pathway​

The DMA uses bright‑line thresholds to designate gatekeepers for listed core platform services, but it also provides an investigative pathway that allows the Commission to designate services that functionally act as gateways even if they don’t meet the numeric tests. That qualitative route is central to the current cloud investigations. If a cloud service is designated as a gatekeeper, the DMA can compel obligations including non‑discrimination, interoperability, data portability, and requirements to avoid self‑preferencing, with fines up to 10% of global turnover for breaches (and up to 20% for repeat violations). Two practical legal challenges for Brussels: measuring “end users” or “business users” in infrastructure markets, and defining what meaningful interoperability looks like for performance‑sensitive infrastructure. The DMA’s original metrics (e.g., 45 million monthly end users) don’t map neatly onto enterprise procurement or capacity metrics, which is why the Commission’s horizontal review will consider whether interpretative guidance or tailored remedies are necessary.

Possible regulatory outcomes and remedial tools​

The Commission’s investigations can lead to a range of outcomes, from limited behavioural commitments to full gatekeeper designation or bespoke remedies. The most consequential possibilities include:
  • Formal designation of AWS and/or Azure as DMA gatekeepers for specific cloud services, bringing them within the DMA’s obligations and enforcement regime.
  • Negotiated, binding commitments without a full designation — tailored changes to contractual terms, egress fees, or portability mechanisms.
  • Sector‑level adaptations to the DMA — the horizontal review could recommend delegated acts, guidance or clarifications to ensure DMA obligations are technically feasible and do not unintentionally undermine investment incentives.
  • Structural or behavioural remedies in extreme cases — including mandated APIs, forced interoperability layers, or even divestment (unlikely but legally possible in theory under extreme abuse scenarios).

What the obligations would mean in practice​

  • Interoperability requirements could force hyperscalers to publish or support standard interfaces for compute orchestration, identity, and storage formats. That could lower technical switching costs but would be technically complex for latency‑sensitive services.
  • Non‑discrimination rules would limit preferential pricing or placement for first‑party managed services and marketplaces, potentially reshaping vendor go‑to‑market strategies.
  • Data portability and egress commitments could cap exit fees or mandate practical migration tooling, improving mobility but creating cost and product‑design tradeoffs for providers.

Strengths of Brussels’ approach​

  • Proactive, systemic framing: By treating cloud as strategic infrastructure, Brussels aligns competition policy with broader resilience and sovereignty objectives rather than narrowly focusing on price effects alone. This holistic framing is appropriate because cloud failures can have outsized societal impacts.
  • Use of ex‑ante tools: The DMA allows faster, targeted interventions compared with traditional merger and abuse‑of‑dominance enforcement, reducing dependence on long hindsight inquiries that may come too late to protect competition.
  • Evidence‑based, multi‑metric inquiry: The Commission’s plan to examine a broad evidence set — technical logs, contracts, customer testimony — recognizes that cloud market power is multi‑dimensional and not fully captured by a single market‑share metric.

Risks and potential unintended consequences​

  • Regulatory overreach could chill investment. Cloud infrastructure is capital‑intensive. Heavy‑handed or poorly calibrated remedies (for example, prescriptive performance requirements or open‑access mandates) could reduce incentives to invest in new data centres and specialized accelerators in Europe. Hyperscalers have warned that such measures could raise costs for customers and slow service rollouts.
  • Technical complexity and measurability. Mandating interoperability in low‑latency, high‑throughput environments is profoundly complex and could create new reliability and security risks if not designed with deep technical input. The horizontal review must avoid one‑size‑fits‑all prescriptions.
  • Fragmentation risk. Divergent rules between the EU and other large markets could fragment global cloud platforms and complicate cross‑border operations for multinational customers. That said, the EU’s approach may also shape global norms and inspire comparable rules elsewhere.
Flag on uncertainty: some claims from market participants about precise costs or damages from outages (e.g., “hundreds of billions” extrapolations) are expert projections and are not audited economy‑wide totals; regulators will weigh those projections against hard contractual and operational data.

Practical implications for enterprise IT and procurement​

For IT leaders, the Commission’s action is immediate and actionable even before any formal remedies:
  • Strengthen exit clauses, escrow arrangements, and audit rights in cloud contracts to reduce migration risk and retain leverage.
  • Demand technical portability guarantees: defined SLAs for data export, tested migration runbooks, and staged egress tests.
  • Design workloads with mobility in mind: containerize where possible, adopt infrastructure‑as‑code and modular architectures to reduce provider‑specific lock‑in.
  • Insist on transparency: audit logs, performance baselines and clear pricing terms for data transfer and managed services.
These steps hedge against regulatory uncertainty and will improve operational resilience regardless of the Commission’s final decisions.

Investor and market implications​

Investors must price regulatory risk into valuations and forecasts for hyperscalers’ European businesses. Possible impacts include:
  • Short‑term legal and compliance costs as providers respond to information demands and negotiate commitments.
  • Medium‑term product and pricing adjustments if non‑discrimination or egress rules limit revenue models tied to bundled services.
  • Long‑term effects on growth if adaptation increases operating margins or slows infrastructure rollouts — though outcomes are uncertain and depend heavily on the Commission’s chosen remedies.
Markets should also monitor secondary effects: if stricter rules lower switching costs and enable smaller cloud players, competition could deepen, yielding downward pricing pressure and innovation in specialized cloud niches.

What to expect next: process and timeline​

The Commission has signalled an ambition to complete the fact‑finding phase of the company‑level investigations within roughly 12 months, with the horizontal sectoral review possibly taking 12–18 months due to its technical and legal complexity. During that period the Commission will collect documents, interview stakeholders and may open formal proceedings or seek interim remedies if urgent harms are identified. Key milestones to watch:
  • Requests for information and data from the Commission to AWS and Microsoft (immediate to short term).
  • Stakeholder consultations and public responses from industry groups and customers (weeks to months).
  • Interim findings or proposed commitments (months).
  • Formal designation decision or sectoral recommendations (within 12–18 months, barring legal extensions).
Legal challenges are likely if the Commission attempts gatekeeper designation — expect litigation that could delay implementation timelines and produce clarifying case law on how the DMA applies to infrastructure.

Opportunities for competition and policymakers​

If well‑designed, regulatory action can produce clear gains:
  • Lower lock‑in and better portability would reduce switching costs, unlocking more competitive procurement and potentially enabling European‑based cloud providers and specialized players to scale.
  • Mandated transparency and auditing can level the playing field for ISVs and enterprise customers.
  • Thoughtful interoperability standards, developed in consultation with industry, could reduce integration costs for multi‑cloud architectures and promote resilience.
However, policymakers must balance these benefits against the risk of undermining investment incentives; hybrid, outcome‑oriented remedies (e.g., mandating results rather than prescriptive technical designs) may strike the best balance.

Bottom line: a regulatory inflection point for cloud​

Brussels’ DMA‑based inquiries represent a decisive escalation in how competition and resilience issues in cloud computing will be framed and addressed in Europe. The Commission is moving beyond case‑by‑case antitrust remedying and into ex‑ante rule‑making territory, asking whether the gatekeeper model can — or should — be adapted to infrastructure that underpins national services and the continent’s AI ambitions. The outcome will have broad knock‑on effects for cloud contracts, procurement strategies, technical architectures and the global regulatory playbook for hyperscale platforms. This is not merely a legal spat between Brussels and US tech giants: it is a substantive policy debate about how to preserve competition and resilience in the era of cloud‑native AI while sustaining the investment needed to operate and upgrade global infrastructure. Firms, governments and customers will all need to adjust to the possibilities and uncertainties that the next 12–18 months will clarify.
Conclusion
The EU’s decision to open three focused probes into AWS and Microsoft Azure, and to test the DMA’s fitness for cloud, is the most consequential regulatory development for European cloud markets in years. The Commission’s enquiries combine competition, resilience and industrial strategy into a single agenda: protect contestability and public interest without fatally undermining the capital‑intensive investments that power cloud and AI. For businesses, the immediate imperative is to reduce technical and contractual lock‑in; for policymakers, the challenge is to craft remedies that are technically sensible and economically sustainable; and for investors, the message is clear: regulatory risk in Europe now matters more to hyperscalers’ cloud economics than it did a year ago. Unverifiable claims or loose estimates in public commentary — particularly large macroeconomic loss figures tied to outages — should be treated cautiously until independently audited figures are produced; the Commission’s formal evidence collection will provide the more reliable basis for policy decisions.
Source: Finimize https://finimize.com/content/eu-examines-amazon-and-microsofts-grip-on-cloud-services/
 

You must log in or register to reply here.

Similar threads

ChatGPT
  • Featured
  • Article Article
EU Probes AWS and Azure Under DMA Gatekeeper Rules for Cloud Markets
Replies
0
Views
16
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
EU Probes AWS and Azure Under DMA for Cloud Gatekeeper Rules
Replies
0
Views
22
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
EU Probes AWS and Azure Under DMA to Test Cloud Gatekeeper Rules
Replies
2
Views
29
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
EU Probes AWS and Azure Under DMA as Cloud Gatekeeper Investigations
Replies
0
Views
23
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
EU Opens DMA Gatekeeper Inquiry Into AWS and Azure Cloud
Replies
0
Views
27
ChatGPT
ChatGPT
Back
Top