The European Commission’s decision to open three formal market investigations — two focused on Amazon Web Services (AWS) and Microsoft Azure, and a third examining whether the Digital Markets Act (DMA) can meaningfully be applied to cloud computing — marks a decisive escalation in Brussels’ effort to bring hyperscale cloud infrastructure under ex‑ante platform rules and could reshape procurement, interoperability and resilience across Europe.
Background / Overview
Cloud computing is no longer a commodity input; it is strategic infrastructure. Governments, banks, healthcare systems, telcos and countless enterprises host core services and sensitive data in public clouds, and hyperscalers now supply not just raw compute and storage but integrated AI stacks, managed databases, identity fabrics and global networking. The European Commission has therefore launched a trio of inquiries to determine (a) whether AWS and Azure function as
“gatekeepers” under the DMA’s framework, and (b) whether the DMA’s toolbox — drafted with consumer‑facing platforms in mind — needs to be adapted to address cloud‑specific competition and resilience risks. Brussels has set an expedited public timetable: investigators expect to complete the inquiries within roughly 12 months, though complex technical evidence collection can extend that timeline in practice. The Commission’s move follows years of national and industry scrutiny — notably the UK Competition and Markets Authority (CMA) provisional findings that flagged AWS and Microsoft as dominant players and raised concerns about switching friction, egress fees and licensing practices.
Why the EU is acting now
Market concentration and strategic stakes
Independent market trackers and national regulators consistently show that a handful of hyperscalers — led by AWS and Microsoft with Google Cloud trailing — command the lion’s share of public cloud spending in Europe. That concentration creates conditions where scale advantages, integrated product stacks and specialised AI infrastructure can produce persistent market power. Brussels explicitly links this concentration to risks for competition, innovation and
European digital sovereignty. The UK’s CMA, in its provisional findings, concluded that AWS and Microsoft may each account for
up to roughly 40% of customer spend in the UK cloud market, with Google substantially smaller — a national analysis that sharpened the Commission’s focus. The CMA also identified technical and commercial frictions that make true multi‑cloud mobility hard for customers.
Resilience and systemic risk after outages
High‑impact outages at major cloud providers this year have given the debate an operational urgency. Visible service disruptions — from airline check‑in systems to streaming platforms and messaging apps — offer tangible examples of how a single provider failure can cascade across sectors. Regulators argue these incidents convert what might once have been a narrow competition problem into a broader public‑policy issue of systemic resilience. Recent press accounts and regulator statements have referenced outages as a concrete driver of the probes.
The AI accelerant
Generative AI and large‑scale model training intensify demand for specialised hardware (GPUs, tensor accelerators) and tightly integrated software stacks. Hyperscalers bundle access to accelerators, managed model platforms, data pipelines and tooling — increasing the value of incumbency and raising the cost and complexity of switching providers. European policymakers worry that cloud dominance could translate into AI market dominance if left unchecked.
The legal frame: the Digital Markets Act (DMA) and “gatekeepers”
The DMA is the EU’s ex‑ante platform law designed to prevent dominant digital platforms from using their position to block competition or favour their own services. Designated
gatekeepers already include major firms such as Amazon and Microsoft for other core platform services; gatekeeper obligations require non‑discrimination, technical interoperability, data portability and bans on self‑preferencing, and breaches can attract fines up to
10% of global turnover for first infringements (and higher penalties for repeat breaches). Crucially, the DMA was written around consumer and marketplace services — with quantitative thresholds such as EU turnover and monthly active users that do not map neatly to enterprise cloud markets. The Commission’s three probes therefore pursue two linked questions: can cloud services be treated as
core platform services that act as intermediaries between businesses and end users, and if so, do AWS or Azure meet the functional and economic criteria for gatekeeper designation; and separately, is the DMA’s toolbox fit for the technical realities of cloud?
What Brussels will investigate (technical and commercial lines of inquiry)
The Commission’s investigations are structured and practical. Key lines of inquiry include:
- Gatekeeper role and measurement — do AWS or Azure act as indispensable gateways between businesses and end users in ways that justify DMA obligations, and how should the DMA’s quantitative thresholds (built for consumer services) be translated to cloud metrics like contract value, capacity or enterprise reach?
- Switching costs and data portability — are egress fees, export tooling limitations or contractual terms structured in ways that materially deter migration between providers? The Commission will examine contracts, invoices and migration tooling performance.
- Licensing and bundling — do software licensing rules (for example for Windows Server, SQL Server or productivity suites) create price or performance differentials that favour running Microsoft workloads on Azure? The CMA’s provisional findings already raised such concerns about Microsoft licensing.
- Self‑preferencing and marketplaces — do first‑party managed services, marketplaces or features receive preferential treatment (performance, placement, pricing) that hinders independent software vendors or competing infrastructure providers?
- Interoperability and control‑plane access — are proprietary APIs, orchestration primitives or control‑plane semantics designed in ways that practically lock workloads to one stack and impede robust multi‑cloud failover?
- Systemic risk and operational concentration — how do outages, control‑plane fragility and dependence on a few providers affect critical sectors and public services? The Commission is explicitly treating resilience as a policy objective connected to competition.
The Commission’s third, horizontal probe will test whether the DMA’s enforcement model and obligations can be
sensibly and safely applied to cloud markets, or whether targeted legislative or delegated‑act changes are needed.
How credible are the claims against hyperscalers?
Cross‑referencing independent sources shows a consistent narrative: both regulators and industry observers document high market concentration and structural switching costs. The CMA’s provisional findings are explicit: AWS and Microsoft each account for a high share — up to ~40% — of UK customer spending, and customers report technical and contractual barriers to multi‑cloud adoption. International press coverage and Commission statements align with that picture. At the same time, cloud providers contest the picture: hyperscalers argue the sector is dynamic, competitive and delivering low costs and innovation. AWS publicly warned that designating cloud providers as gatekeepers could stifle invention and raise costs for European businesses, while Microsoft stated it would cooperate with the probe. Those company statements are part of the public record and will be weighed against documentary evidence the Commission collects.
Where claims are
less verifiable: precise market‑share claims vary by methodology (revenue vs. customer spend vs. compute capacity), and public market trackers use different scopes (IaaS/PaaS vs. total cloud). Regulators typically rely on procurement, contractual and customer‑survey evidence that is not always public. Therefore, while concentration and switching friction are well documented, the degree to which those features constitute actionable gatekeeper power will be a technical, evidence‑based judgement. The Commission’s probes are explicitly designed to make that assessment.
Possible regulatory outcomes — and what each would mean
- Full gatekeeper designation for AWS and/or Azure (most consequential)
- Would trigger the full palette of DMA obligations: mandated interoperability, strict non‑discrimination, data‑portability rules, bans on self‑preferencing, transparency and audit obligations.
- Enforcement could include fines (up to 10% of global turnover for initial breaches) and even structural or behavioural remedies over time.
- Practical impact: providers might need to publish open interfaces, change marketplaces and modify licensing and bundling practices, with material compliance costs and product re‑engineering.
- Targeted regulatory remedies without gatekeeper designation
- The Commission could require narrowly tailored measures (egress fee caps, enforceable migration guarantees, audited migration tooling, non‑discrimination undertakings) under competition powers or negotiated commitments.
- Practical impact: faster to implement, technically precise measures could improve portability while avoiding sweeping obligations that might harm latency‑sensitive workloads.
- DMA adaptation or legislative follow‑on
- The Commission could conclude the DMA needs sector‑specific updates (delegated acts or new rules) to address cloud and AI — creating a hybrid regulatory overlay with the Data Act and the AI Act.
- Practical impact: longer timeframe but potentially better‑tailored obligations.
- No substantive intervention
- If the Commission finds insufficient evidence of gatekeeper effects or unworkable mapping of DMA rules to cloud, it could decline designation and defer to competition/sectoral tools.
- Practical impact: status quo, with stronger emphasis on public procurement and national measures for resilience.
Each route carries trade‑offs. Gatekeeper designation provides strong, clear enforcement powers but risks heavy implementation costs and potential technical side effects if interoperability mandates are naively specified. Narrow remedies are faster but may leave structural market power intact.
What the investigations mean for enterprise IT and procurement
The probes create an urgent planning horizon for IT leaders, cloud architects and procurement teams. Practical, actionable steps:
- Map dependencies
- Catalogue all workloads, managed services and data flows tied to a single vendor feature (managed databases, serverless functions, identity providers). Quantify migration cost and technical blockers.
- Strengthen contractual exit terms
- Negotiate clear egress clauses, performance guarantees for migration tools, audit rights and contractual commitments to keep critical APIs documented and stable.
- Insist on EU‑centric controls
- Require customer‑managed encryption keys, EU data residency guarantees and contractual assurances about data access and legal jurisdiction.
- Prioritise portability where it matters
- For workloads where portability is mission‑critical, prefer architectures that separate compute, data and orchestration layers and leverage open standards (where feasible).
- Pilot multi‑cloud resilience strategically
- Implement multi‑cloud only where the business case is compelling; use automated failover for critical services with well‑tested runbooks.
- Engage with regulators and industry consortia
- Participate in technical consultations and standardisation efforts to shape practicable interoperability definitions.
These steps reduce lock‑in risk and put buyers in a stronger bargaining position if the DMA or sectoral remedies require providers to offer portability tools or lower exit costs.
Benefits and risks of bringing cloud under the DMA
Potential benefits
- Lower long‑term switching costs: enforceable portability rules, limits on egress fees and open interfaces would lower the economic friction of migration.
- Greater fairness for ISVs and smaller cloud providers: bans on self‑preferencing and non‑discrimination could improve market access for independent software vendors.
- Stronger transparency and auditability: DMA‑style obligations would force hyperscalers to disclose certain ranking, allocation and interoperability practices.
- Policy alignment with digital sovereignty goals: clearer rules can support public procurement objectives and resilience planning.
Potential risks
- Technical feasibility: cloud control planes are performance‑sensitive. Poorly specified interoperability rules could create latency, reliability or security regressions.
- Compliance costs: accelerated rule‑making and heavy compliance obligations could translate into higher prices for customers, at least in the near term.
- Innovation drag: mandates that reduce the ability of providers to tightly integrate hardware and software could slow the pace at which hyperscalers can innovate on specialised AI stacks.
- Fragmentation risk: conflicting national or sectoral measures could create a patchwork of rules that complicate global cloud operations.
Regulatory design will need to thread a narrow technical needle: deliver enforceable portability, non‑discrimination and resilience improvements without undermining the economies of scale and integrated engineering that currently underpin many cloud innovations. The Commission’s horizontal probe is specifically about testing whether the DMA’s remedies can be molded to this challenge.
How providers are responding (public posture and practical moves)
Cloud providers have already signalled a mix of cooperation and caution. Microsoft has said it will cooperate with the Commission’s investigation; AWS has warned that designating cloud providers as gatekeepers “isn’t worth the risks of stifling invention or raising costs for European companies,” framing the DMA as potentially harmful if applied bluntly. Both companies have deployed technical and contractual measures in recent years (regional data centres, compliance toolkits, migration tooling) that will factor into the evidence the Commission assesses. These public stances will be tested against documentary contracts, telemetry, customer testimonies and internal pricing structures submitted during the probe.
What to watch next (timeline and signals)
- Commission formal notices and statements: investigators have signalled a 12‑month target to conclude fact‑finding — monitor the Commission’s official case pages and any calls for evidence.
- CMA and national outcomes: the UK CMA’s final decisions and any enforcement actions will influence Brussels’ calculus; the CMA’s provisional findings already pushed the discussion forward.
- Technical consultations and standardisation moves: watch European technical groups, industry consortia and standards bodies for proposed interoperability specifications.
- Provider product changes: any concrete roadmap announcements from AWS, Microsoft or Google that lower switching costs or improve portability could reduce the need for heavy‑handed regulation.
Final analysis: balancing contestability, resilience and innovation
The Commission’s probes mark a pivotal moment: regulators are acknowledging that cloud is both a competition and a public‑policy issue. The DMA provides a powerful, proven framework for policing gatekeeper power, but its original design targets consumer platforms, not latency‑sensitive infrastructure. The central challenge is therefore normative and technical: enforce
contestability and fairness without disabling the scale economies and integrated engineering that make modern cloud services performant and secure.
For Europe, the stakes are strategic. Effective remedies could reduce vendor lock‑in, strengthen the bargaining position of European businesses and accelerate the emergence of locally governed alternatives. Poorly specified rules, by contrast, could raise costs, slow certain forms of innovation and create operational risk if technical standards are mismatched to real‑world cloud control planes.
The next 12 months will be intensive: data requests, confidential submissions, technical audits and industry lobbying. IT leaders should use this period to harden contractual protections, map vendor dependencies and invest in selective portability where it materially reduces business risk. Regulators should use it to craft narrowly tailored, technically informed remedies that deliver real portability and resilience without imposing unintended technical burdens.
The Commission’s probes do not presage an inevitable break with today’s cloud market architecture, but they do signal a turning point where legal frameworks, procurement policy and technical design must be reconciled to ensure a competitive, resilient and innovation‑friendly cloud ecosystem in Europe.
Conclusion
Brussels’ decision to probe AWS and Azure under the DMA framework is more than regulatory theatre: it is a substantive attempt to align market structure, public‑interest resilience and the fast‑moving demands of AI with enforceable rules. Whether the outcome is gatekeeper designation, targeted remedies, or a legislative update, the inquiry will force a practical reckoning between the technical realities of cloud and the policy imperative to preserve contestability. Enterprises should treat this as a call to action — clarify dependencies, negotiate stronger escape hatches, and prepare for a shifting regulatory landscape that will influence cloud economics and architecture for years to come.
Source: The Mountain Press
https://www.roanecounty.com/news/na...cle_76f0ae4d-5fd2-564c-aa2d-9c94d73e17e9.html