Killinghall Parish Council’s £1,100-a-year Microsoft bill is a small local-government line item with a national competition problem inside it: the council wanted Teams, found full use depended on Microsoft-hosted email, and told the UK Competition and Markets Authority in June 2026 that the requirement had not been made sufficiently clear. The figure is not large enough to move Microsoft’s accounts, but that is precisely why it matters. The CMA’s investigation into Microsoft’s business software ecosystem is about the cumulative effect of thousands of apparently rational procurement decisions that stop feeling like choices once identity, email, collaboration, cloud, security, databases, browsers and AI assistants all point back to Redmond.
The most revealing evidence in a competition case is often not the grand theory but the awkward invoice. Killinghall Parish Council is not a multinational trying to arbitrage cloud workloads across continents. It is a parish body with nine councillors, one clerk and ten users, paying for an ecosystem because the thing it thought it was buying turned out to work best when attached to other Microsoft services.
That is the mundane face of lock-in. It is not always a contract clause written in flaming red ink. It is a meeting tool that works better with Microsoft mailboxes, a security dashboard that assumes Microsoft identity, an AI assistant that has privileged access to Teams and SharePoint, and a procurement framework where adding another Microsoft component feels simpler than holding a new contest.
The CMA’s Strategic Market Status investigation is therefore not merely another skirmish over whether Microsoft is too big. It is a test of whether modern business software should be regulated as a set of separate product markets or as a connected operating environment. Microsoft’s defence depends on the former view. Its critics depend on the latter.
The distinction matters because Microsoft can plausibly say that each layer has rivals. Google competes in productivity. Apple and Linux compete in operating systems. Okta competes in identity. PostgreSQL competes with SQL Server. AWS and Google Cloud compete with Azure. But the complaint before the CMA is that a customer does not experience those categories one by one; it experiences them as a stack.
That is why this case is bigger than Office, bigger than Azure and bigger than Teams. The CMA is looking at Microsoft’s business software ecosystem at the moment when AI is being folded into the daily work surface of organisations. The investigation covers the relationship among productivity software, Windows, server products, cloud licensing, identity, security, browser defaults and Copilot-style AI assistants.
Microsoft would prefer the CMA to disaggregate the picture. Its submission argues that the regulator is really looking at several distinct digital activities, each exposed to meaningful competition. That argument has legal and commercial force, but it also asks the CMA to ignore how IT departments actually buy and operate technology.
A chief information officer does not wake up every morning with a blank spreadsheet and a frictionless market in front of them. They inherit years of mailboxes, documents, access policies, device management rules, audit logs, user training, procurement approvals and compliance processes. A rival application may be available in theory, but in enterprise IT the phrase available in theory often means “expensive to prove, risky to deploy and politically hard to justify.”
This is where the CMA’s investigation becomes unusually consequential. The regulator is not simply asking whether Microsoft has popular products. It is asking whether popularity has been converted into a system of dependency that makes meaningful substitution impractical.
For many IT teams, standardising on Microsoft reduces complexity. Users already know Word and Excel. Administrators can apply identity policies across services. Security teams get a unified management plane. Finance departments prefer predictable licensing over a patchwork of point products. The Microsoft stack has become the conservative choice not because it is always cheapest, but because it is legible.
That is also why the competition question is difficult. Integration can be pro-consumer when it reduces friction, but anti-competitive when it turns adjacency into inevitability. The same design that makes a platform convenient can make rivals look incomplete before they are ever evaluated on merit.
The strongest submissions to the CMA appear to understand this tension. They do not argue that Microsoft has built bad software. They argue that Microsoft has built an ecosystem in which customers can lose the practical ability to choose good software from anyone else.
That is the hinge of the case. If the CMA treats integration as efficiency alone, Microsoft is on strong ground. If it treats integration as a route by which power in one layer is carried into the next, the regulator has a much larger problem to solve.
Emails sit in Exchange Online. Files sit in OneDrive and SharePoint. Meetings happen in Teams. Access is governed through Entra ID. Compliance and security policies increasingly flow through Microsoft tooling. An AI assistant that can see, summarise and act across those surfaces has an enormous advantage over one that arrives as an outsider asking for permission through connectors, APIs and add-ons.
That is why challengers are alarmed by Copilot and Copilot Chat being woven into Microsoft 365. The concern is not just price. It is distribution, default placement and privileged context. A rival AI product may be technically impressive, but if Microsoft’s assistant is already present in the tenant, already visible in the workflow and already attached to the data estate, the rival must overcome more than product comparison.
Microsoft’s response is that AI is making software markets more competitive, not less. It points to the rapid adoption of ChatGPT, Gemini and other AI tools as evidence that users and businesses are willing to adopt new entrants at scale. This is the most compelling part of Microsoft’s defence because AI has plainly lowered some barriers to building software.
But the CMA has to distinguish between building a tool and becoming part of the enterprise nervous system. A startup can build an impressive AI agent quickly. It cannot quickly reproduce the permissions graph, document store, meeting history, compliance posture and administrative trust that Microsoft already sits on top of.
That is the crossroads. AI can either loosen the grip of incumbent suites by making interfaces more flexible, or it can deepen that grip by making access to incumbent data the decisive input. The CMA’s job is to decide which future is being built by today’s defaults.
Microsoft can argue that Edge is a modern, Chromium-based browser competing on features. That is true as far as it goes. But the complaint is less about rendering engines than about the route to the user. On Windows, the browser is not merely another app in a store; it is part of the first-run experience, the search experience, the sign-in experience and, increasingly, the AI experience.
This is where the old browser war rhymes with the new AI gateway. Control over the interface lets a platform owner decide which services feel native and which feel bolted on. If a third-party browser, cloud service or AI assistant must fight the operating system’s own prompts just to remain the user’s choice, the market is not operating on neutral terrain.
The CMA does not need to relitigate every browser grievance to understand the pattern. Defaults matter. Prompts matter. Friction matters. In business environments, where users often cannot change defaults freely and administrators are under pressure to minimise support burdens, those small frictions compound quickly.
Microsoft learned decades ago that the edge of the operating system is a powerful place to stand. The question now is whether the company has carried that lesson into every layer of the business software stack.
The CMA’s earlier cloud work already put Microsoft licensing under pressure. The recurring allegation is that customers using Windows Server or SQL Server face better economics on Azure than on rival infrastructure. That matters because many enterprises are not choosing between abstract compute platforms; they are choosing where to run workloads built around Microsoft software.
If the licence travels cheaply to Azure but not to AWS, Google Cloud or a smaller provider, the software layer becomes a steering mechanism for the infrastructure layer. The customer may still be formally free to choose another cloud, but the economics have been tilted before the procurement begins.
Microsoft’s defenders will say there are programmes, benefits and licensing options that reduce these concerns. They will also point out that cloud competition remains fierce and that Linux workloads are widely used, including on Azure. Those facts are relevant, but they do not erase the core issue: Microsoft owns software inputs that many organisations still need, and it also sells the cloud that benefits when those inputs are priced or packaged advantageously.
This is the kind of vertical leverage that makes regulators nervous because it does not require an outright refusal to deal. A platform owner can preserve choice on paper while making one route commercially obvious. In procurement, “obvious” has a habit of becoming “mandatory” after the first renewal cycle.
Public bodies are especially vulnerable to ecosystem gravity because they prize continuity. They must support nontechnical users, comply with records obligations, maintain security baselines and procure through frameworks that reward established vendors. A rival product does not merely have to be better; it has to be better enough to justify migration risk, retraining and accountability if something breaks.
That creates a market in which incumbency becomes self-reinforcing. Microsoft’s presence in one part of the organisation makes its next product easier to approve. The security team can justify Defender because it integrates with the identity system. The collaboration team can justify Teams because it is already in the licence. The AI team can justify Copilot because it is already close to the data.
None of these decisions is irrational. In isolation, many are prudent. The competition problem is that the aggregate result can be a public sector that no longer has a realistic exit plan.
This is why the Killinghall example resonates beyond its £1,100 price tag. It captures the feeling of discovering that a purchase was not really a purchase, but an entry point. For small organisations, the annual cost is visible. For larger public bodies, the same dynamic disappears into enterprise agreements and framework renewals.
That realism should matter to the CMA. If the only complaints came from direct competitors, Microsoft could portray the investigation as a rent-seeking exercise by rivals that failed to win customers. But when large users describe high adoption of embedded Microsoft tools as making switching unrealistic in the short term, the regulator is hearing from the demand side of the market.
Enterprise lock-in is not only technical. It is organisational. Users build habits around Teams channels, SharePoint folders, Outlook calendars and Excel workflows. Administrators build processes around Microsoft portals. Security teams write playbooks around Microsoft alerts. Procurement teams learn the rhythms of Microsoft renewals. Over time, the stack is not just installed; it is institutionalised.
This is why “just switch” is rarely a serious answer. Switching means migration, training, data governance, business interruption and risk allocation. It also means explaining to executives why the organisation should spend money to escape tools that appear to be working.
The CMA’s challenge is to avoid confusing customer satisfaction with competitive freedom. A customer can be broadly satisfied and still locked in. In fact, that is often how lock-in survives: the pain of leaving is more obvious than the cost of staying.
But enterprise software is not consumer chat. In the workplace, the decisive question is not whether an employee can open another AI tool in a browser. It is whether the organisation can safely deploy that tool across regulated data, permission boundaries, retention policies, audit requirements and existing workflows without losing functionality that Microsoft reserves for its own services.
This is where Microsoft’s “AI lowers barriers” argument becomes too broad. AI may lower the barrier to generating code, drafting documents or building a prototype. It does not automatically lower the barrier to enterprise distribution, trust, compliance or embedded context.
A third-party AI provider that cannot access Teams meetings as cleanly as Copilot, cannot traverse Microsoft 365 data with the same ease, or must depend on less complete connectors is not competing on identical terrain. The model may be brilliant and the user interface elegant, but the product is still downstream of Microsoft’s gatekeeping.
The CMA should therefore be wary of measuring AI competition by headline user numbers alone. The relevant question is narrower and harder: can a competing AI provider become a first-class participant inside Microsoft-heavy organisations, or only a tolerated guest?
A small price differential between bundled and unbundled SKUs may not be enough to trigger switching. Customers must believe that the alternative is worth the procurement effort, the integration work and the internal change management. By the time a regulator forces a separate SKU into existence, the bundled product may already be embedded in workflows.
That is why the UK process cannot stop at formal separability. A remedy that says “you may buy this without that” is weaker than one that ensures technical parity, neutral defaults, clean interoperability and commercially meaningful pricing. Otherwise, unbundling becomes a compliance aesthetic rather than a competitive reset.
Microsoft’s critics argue that the company has a long history of changing packaging while preserving commercial effect. That accusation is hard to prove in every instance, but it captures a real regulatory problem. Large platform companies are extremely good at adapting to the letter of a remedy while defending the architecture of advantage.
If the CMA designates Microsoft with SMS, it will need remedies that anticipate adaptation. Conduct requirements must be specific enough to enforce, but flexible enough to catch new versions of the same behaviour as AI changes the interface.
Those cautions are not frivolous. The CMA has finite resources, and digital markets are full of entrenched power. A regulator that tries to fix every platform dependency at once risks doing none of it well. There is also a legitimate concern that intervention in software can create compliance burdens without improving user outcomes.
But the cautionary argument weakens if it becomes an argument for waiting until AI lock-in is mature. The point of the SMS regime is to act before a market tips beyond repair. If the CMA waits until every organisation’s AI workflows are deeply fused to Microsoft 365 context, the eventual remedy will be more disruptive and less effective.
The better caution is not “do nothing.” It is “do not write vague rules.” The CMA should resist remedies that merely punish size or force symbolic unbundling. It should focus on conduct that determines whether rivals can reach customers on fair terms: licensing portability, API parity, default neutrality, data access, admin controls and procurement transparency.
In other words, the risk of overreach is real. The risk of underreach is also real. The investigation matters because both errors would be expensive.
That is an uncomfortable problem for competition law because it looks less like exclusion and more like convenience. The incumbent does not need to slam the door. It only needs to make the door unnecessary.
AI intensifies this dynamic. If a Copilot feature is pre-enabled, included, discounted or administratively simple, the organisation may experiment with it before a rival has a chance to make its case. Usage then becomes familiarity. Familiarity becomes internal process. Internal process becomes renewal logic.
This is why the “free” or bundled AI tool is not free in competitive terms. It consumes attention, shapes expectations and establishes a default workflow. By the time procurement asks whether a dedicated AI provider might be better, the answer may be judged against the cost of replacing a habit rather than the merits of the product.
For startups, that is deadly. They do not need the CMA to guarantee them customers. They need a market in which customers still encounter them before the incumbent’s default becomes the organisation’s operating procedure.
The line should be drawn where integration becomes coercive or discriminatory. Microsoft should be able to make Teams work well with Exchange; it should not be able to make competing mail, calendar, meeting or AI tools second-class citizens through avoidable technical or commercial barriers. Microsoft should be able to sell Copilot; it should not be able to use privileged access to Microsoft 365 data to deny rivals a fair contest.
That implies remedies focused on behaviour rather than corporate structure, at least initially. Licensing portability across clouds would address one of the clearest economic distortions. API and connector parity would help AI and collaboration rivals compete inside Microsoft-heavy environments. Neutral defaults and simpler switching would reduce interface steering. Transparent bundling and procurement disclosures would help customers understand what they are actually buying.
The hardest remedy will be data-context access for AI. This cannot be solved by throwing open every tenant to every app. Enterprise data is sensitive, permissioned and regulated. But the security challenge should not become a convenient excuse for incumbent preference. If Microsoft can safely give Copilot contextual access, regulators will ask why comparable access cannot be governed for trusted third parties under equivalent controls.
That is the future-proofing problem. The CMA is not writing rules for yesterday’s Office suite. It is writing rules for agentic systems that may soon read, schedule, summarise, draft, approve and execute work across the enterprise.
The Small Council Bill That Explains the Big Platform Case
The most revealing evidence in a competition case is often not the grand theory but the awkward invoice. Killinghall Parish Council is not a multinational trying to arbitrage cloud workloads across continents. It is a parish body with nine councillors, one clerk and ten users, paying for an ecosystem because the thing it thought it was buying turned out to work best when attached to other Microsoft services.That is the mundane face of lock-in. It is not always a contract clause written in flaming red ink. It is a meeting tool that works better with Microsoft mailboxes, a security dashboard that assumes Microsoft identity, an AI assistant that has privileged access to Teams and SharePoint, and a procurement framework where adding another Microsoft component feels simpler than holding a new contest.
The CMA’s Strategic Market Status investigation is therefore not merely another skirmish over whether Microsoft is too big. It is a test of whether modern business software should be regulated as a set of separate product markets or as a connected operating environment. Microsoft’s defence depends on the former view. Its critics depend on the latter.
The distinction matters because Microsoft can plausibly say that each layer has rivals. Google competes in productivity. Apple and Linux compete in operating systems. Okta competes in identity. PostgreSQL competes with SQL Server. AWS and Google Cloud compete with Azure. But the complaint before the CMA is that a customer does not experience those categories one by one; it experiences them as a stack.
The CMA Is Investigating the Stack, Not Just the Suite
The UK’s new digital markets regime gives the CMA a different kind of lever from traditional antitrust enforcement. Strategic Market Status is not a fine after the fact; it is a designation that can unlock binding conduct requirements and pro-competition interventions. In plain English, it gives the regulator the ability to shape the rules of the market before the next layer of dependency hardens.That is why this case is bigger than Office, bigger than Azure and bigger than Teams. The CMA is looking at Microsoft’s business software ecosystem at the moment when AI is being folded into the daily work surface of organisations. The investigation covers the relationship among productivity software, Windows, server products, cloud licensing, identity, security, browser defaults and Copilot-style AI assistants.
Microsoft would prefer the CMA to disaggregate the picture. Its submission argues that the regulator is really looking at several distinct digital activities, each exposed to meaningful competition. That argument has legal and commercial force, but it also asks the CMA to ignore how IT departments actually buy and operate technology.
A chief information officer does not wake up every morning with a blank spreadsheet and a frictionless market in front of them. They inherit years of mailboxes, documents, access policies, device management rules, audit logs, user training, procurement approvals and compliance processes. A rival application may be available in theory, but in enterprise IT the phrase available in theory often means “expensive to prove, risky to deploy and politically hard to justify.”
This is where the CMA’s investigation becomes unusually consequential. The regulator is not simply asking whether Microsoft has popular products. It is asking whether popularity has been converted into a system of dependency that makes meaningful substitution impractical.
Microsoft’s Best Products Are Also Its Best Moat
A serious analysis has to begin by admitting something Microsoft’s critics sometimes rush past: the company’s products are sticky because they are useful. Microsoft 365, Teams, Entra ID, Defender, SharePoint, OneDrive, Windows Server, SQL Server and Azure solve real problems for real organisations. The integration is not a mirage invented by lawyers.For many IT teams, standardising on Microsoft reduces complexity. Users already know Word and Excel. Administrators can apply identity policies across services. Security teams get a unified management plane. Finance departments prefer predictable licensing over a patchwork of point products. The Microsoft stack has become the conservative choice not because it is always cheapest, but because it is legible.
That is also why the competition question is difficult. Integration can be pro-consumer when it reduces friction, but anti-competitive when it turns adjacency into inevitability. The same design that makes a platform convenient can make rivals look incomplete before they are ever evaluated on merit.
The strongest submissions to the CMA appear to understand this tension. They do not argue that Microsoft has built bad software. They argue that Microsoft has built an ecosystem in which customers can lose the practical ability to choose good software from anyone else.
That is the hinge of the case. If the CMA treats integration as efficiency alone, Microsoft is on strong ground. If it treats integration as a route by which power in one layer is carried into the next, the regulator has a much larger problem to solve.
AI Turns Old Lock-In Into a New Gateway
The AI angle is not decorative. It is the reason this investigation cannot be treated as a replay of the 1990s browser wars or the more recent cloud licensing fights. Enterprise AI is only as useful as the business context it can safely access, and for millions of workers that context lives in Microsoft-controlled systems.Emails sit in Exchange Online. Files sit in OneDrive and SharePoint. Meetings happen in Teams. Access is governed through Entra ID. Compliance and security policies increasingly flow through Microsoft tooling. An AI assistant that can see, summarise and act across those surfaces has an enormous advantage over one that arrives as an outsider asking for permission through connectors, APIs and add-ons.
That is why challengers are alarmed by Copilot and Copilot Chat being woven into Microsoft 365. The concern is not just price. It is distribution, default placement and privileged context. A rival AI product may be technically impressive, but if Microsoft’s assistant is already present in the tenant, already visible in the workflow and already attached to the data estate, the rival must overcome more than product comparison.
Microsoft’s response is that AI is making software markets more competitive, not less. It points to the rapid adoption of ChatGPT, Gemini and other AI tools as evidence that users and businesses are willing to adopt new entrants at scale. This is the most compelling part of Microsoft’s defence because AI has plainly lowered some barriers to building software.
But the CMA has to distinguish between building a tool and becoming part of the enterprise nervous system. A startup can build an impressive AI agent quickly. It cannot quickly reproduce the permissions graph, document store, meeting history, compliance posture and administrative trust that Microsoft already sits on top of.
That is the crossroads. AI can either loosen the grip of incumbent suites by making interfaces more flexible, or it can deepen that grip by making access to incumbent data the decisive input. The CMA’s job is to decide which future is being built by today’s defaults.
The Browser Complaints Are a Warning From an Older War
Browser providers see the Microsoft case through familiar glass. Edge is not the core of the CMA investigation, but the browser submissions matter because they describe the user-interface tactics that competition authorities have seen before: default nudges, reset prompts, proprietary link handling, operating-system integration and update flows that steer users back to the house product.Microsoft can argue that Edge is a modern, Chromium-based browser competing on features. That is true as far as it goes. But the complaint is less about rendering engines than about the route to the user. On Windows, the browser is not merely another app in a store; it is part of the first-run experience, the search experience, the sign-in experience and, increasingly, the AI experience.
This is where the old browser war rhymes with the new AI gateway. Control over the interface lets a platform owner decide which services feel native and which feel bolted on. If a third-party browser, cloud service or AI assistant must fight the operating system’s own prompts just to remain the user’s choice, the market is not operating on neutral terrain.
The CMA does not need to relitigate every browser grievance to understand the pattern. Defaults matter. Prompts matter. Friction matters. In business environments, where users often cannot change defaults freely and administrators are under pressure to minimise support burdens, those small frictions compound quickly.
Microsoft learned decades ago that the edge of the operating system is a powerful place to stand. The question now is whether the company has carried that lesson into every layer of the business software stack.
Cloud Licensing Is the Hard Economics Under the User-Experience Story
The browser and Teams examples are easy to understand because they meet users where they click. Cloud licensing is less visible, but it may be more structurally important. The complaint from cloud rivals and software licensing campaigners is that Microsoft’s licensing terms make it more expensive or less practical to run key Microsoft workloads on competing clouds.The CMA’s earlier cloud work already put Microsoft licensing under pressure. The recurring allegation is that customers using Windows Server or SQL Server face better economics on Azure than on rival infrastructure. That matters because many enterprises are not choosing between abstract compute platforms; they are choosing where to run workloads built around Microsoft software.
If the licence travels cheaply to Azure but not to AWS, Google Cloud or a smaller provider, the software layer becomes a steering mechanism for the infrastructure layer. The customer may still be formally free to choose another cloud, but the economics have been tilted before the procurement begins.
Microsoft’s defenders will say there are programmes, benefits and licensing options that reduce these concerns. They will also point out that cloud competition remains fierce and that Linux workloads are widely used, including on Azure. Those facts are relevant, but they do not erase the core issue: Microsoft owns software inputs that many organisations still need, and it also sells the cloud that benefits when those inputs are priced or packaged advantageously.
This is the kind of vertical leverage that makes regulators nervous because it does not require an outright refusal to deal. A platform owner can preserve choice on paper while making one route commercially obvious. In procurement, “obvious” has a habit of becoming “mandatory” after the first renewal cycle.
Public Sector Procurement Turns Convenience Into Policy
The public sector dimension gives the CMA case political weight. When a small council or a school system drifts deeper into Microsoft licensing, the cost is not just a private efficiency trade-off. It is taxpayer money, public data, institutional resilience and the state’s bargaining power with a single supplier.Public bodies are especially vulnerable to ecosystem gravity because they prize continuity. They must support nontechnical users, comply with records obligations, maintain security baselines and procure through frameworks that reward established vendors. A rival product does not merely have to be better; it has to be better enough to justify migration risk, retraining and accountability if something breaks.
That creates a market in which incumbency becomes self-reinforcing. Microsoft’s presence in one part of the organisation makes its next product easier to approve. The security team can justify Defender because it integrates with the identity system. The collaboration team can justify Teams because it is already in the licence. The AI team can justify Copilot because it is already close to the data.
None of these decisions is irrational. In isolation, many are prudent. The competition problem is that the aggregate result can be a public sector that no longer has a realistic exit plan.
This is why the Killinghall example resonates beyond its £1,100 price tag. It captures the feeling of discovering that a purchase was not really a purchase, but an entry point. For small organisations, the annual cost is visible. For larger public bodies, the same dynamic disappears into enterprise agreements and framework renewals.
The Enterprise Evidence Is Not Anti-Microsoft So Much as Anti-Inevitability
The most persuasive enterprise responses are not written like manifestos. They acknowledge that Microsoft delivers significant benefits in usability, collaboration, security integration and productivity. They also warn that the features making the ecosystem attractive are the same features making it hard to mix and match alternatives.That realism should matter to the CMA. If the only complaints came from direct competitors, Microsoft could portray the investigation as a rent-seeking exercise by rivals that failed to win customers. But when large users describe high adoption of embedded Microsoft tools as making switching unrealistic in the short term, the regulator is hearing from the demand side of the market.
Enterprise lock-in is not only technical. It is organisational. Users build habits around Teams channels, SharePoint folders, Outlook calendars and Excel workflows. Administrators build processes around Microsoft portals. Security teams write playbooks around Microsoft alerts. Procurement teams learn the rhythms of Microsoft renewals. Over time, the stack is not just installed; it is institutionalised.
This is why “just switch” is rarely a serious answer. Switching means migration, training, data governance, business interruption and risk allocation. It also means explaining to executives why the organisation should spend money to escape tools that appear to be working.
The CMA’s challenge is to avoid confusing customer satisfaction with competitive freedom. A customer can be broadly satisfied and still locked in. In fact, that is often how lock-in survives: the pain of leaving is more obvious than the cost of staying.
Microsoft’s AI Defence Has a Blind Spot
Microsoft is right that AI has produced astonishingly fast adoption curves. ChatGPT and Gemini are not obscure challengers begging for distribution. They are widely recognised products backed by powerful companies and massive infrastructure investment. If the question were simply whether anyone can build an AI assistant, Microsoft’s market-power case would look weaker.But enterprise software is not consumer chat. In the workplace, the decisive question is not whether an employee can open another AI tool in a browser. It is whether the organisation can safely deploy that tool across regulated data, permission boundaries, retention policies, audit requirements and existing workflows without losing functionality that Microsoft reserves for its own services.
This is where Microsoft’s “AI lowers barriers” argument becomes too broad. AI may lower the barrier to generating code, drafting documents or building a prototype. It does not automatically lower the barrier to enterprise distribution, trust, compliance or embedded context.
A third-party AI provider that cannot access Teams meetings as cleanly as Copilot, cannot traverse Microsoft 365 data with the same ease, or must depend on less complete connectors is not competing on identical terrain. The model may be brilliant and the user interface elegant, but the product is still downstream of Microsoft’s gatekeeping.
The CMA should therefore be wary of measuring AI competition by headline user numbers alone. The relevant question is narrower and harder: can a competing AI provider become a first-class participant inside Microsoft-heavy organisations, or only a tolerated guest?
Europe’s Teams Remedy Shows Why Price Cuts May Not Be Enough
The European Commission’s Teams action is the cautionary tale hanging over the UK process. Microsoft accepted commitments to unbundle Teams from Office and Microsoft 365, but competitors have argued that the practical market effect has been limited. That does not prove the remedy failed, but it does show how hard software bundling is to unwind once habits have formed.A small price differential between bundled and unbundled SKUs may not be enough to trigger switching. Customers must believe that the alternative is worth the procurement effort, the integration work and the internal change management. By the time a regulator forces a separate SKU into existence, the bundled product may already be embedded in workflows.
That is why the UK process cannot stop at formal separability. A remedy that says “you may buy this without that” is weaker than one that ensures technical parity, neutral defaults, clean interoperability and commercially meaningful pricing. Otherwise, unbundling becomes a compliance aesthetic rather than a competitive reset.
Microsoft’s critics argue that the company has a long history of changing packaging while preserving commercial effect. That accusation is hard to prove in every instance, but it captures a real regulatory problem. Large platform companies are extremely good at adapting to the letter of a remedy while defending the architecture of advantage.
If the CMA designates Microsoft with SMS, it will need remedies that anticipate adaptation. Conduct requirements must be specific enough to enforce, but flexible enough to catch new versions of the same behaviour as AI changes the interface.
The Cautionary Camp Is Right About One Thing
Not every respondent wants the CMA to charge ahead. Some argue that business software may not be the UK’s most urgent digital market problem, especially compared with digital advertising or broader cloud concentration. Others warn that focusing on Microsoft in isolation could miss similar patterns among AWS, Google and other large platforms.Those cautions are not frivolous. The CMA has finite resources, and digital markets are full of entrenched power. A regulator that tries to fix every platform dependency at once risks doing none of it well. There is also a legitimate concern that intervention in software can create compliance burdens without improving user outcomes.
But the cautionary argument weakens if it becomes an argument for waiting until AI lock-in is mature. The point of the SMS regime is to act before a market tips beyond repair. If the CMA waits until every organisation’s AI workflows are deeply fused to Microsoft 365 context, the eventual remedy will be more disruptive and less effective.
The better caution is not “do nothing.” It is “do not write vague rules.” The CMA should resist remedies that merely punish size or force symbolic unbundling. It should focus on conduct that determines whether rivals can reach customers on fair terms: licensing portability, API parity, default neutrality, data access, admin controls and procurement transparency.
In other words, the risk of overreach is real. The risk of underreach is also real. The investigation matters because both errors would be expensive.
The Real Market Is the Moment Before Procurement
One of the sharpest ideas in the submissions is that competition can be foreclosed before a customer consciously chooses. If an organisation already has Microsoft licensing, and a new Microsoft capability appears as an extension of that estate, a rival may never reach the shortlist. The market does not fail at the final bid; it fails because there was never a bid.That is an uncomfortable problem for competition law because it looks less like exclusion and more like convenience. The incumbent does not need to slam the door. It only needs to make the door unnecessary.
AI intensifies this dynamic. If a Copilot feature is pre-enabled, included, discounted or administratively simple, the organisation may experiment with it before a rival has a chance to make its case. Usage then becomes familiarity. Familiarity becomes internal process. Internal process becomes renewal logic.
This is why the “free” or bundled AI tool is not free in competitive terms. It consumes attention, shapes expectations and establishes a default workflow. By the time procurement asks whether a dedicated AI provider might be better, the answer may be judged against the cost of replacing a habit rather than the merits of the product.
For startups, that is deadly. They do not need the CMA to guarantee them customers. They need a market in which customers still encounter them before the incumbent’s default becomes the organisation’s operating procedure.
The Remedy Should Protect Choice Without Freezing the Stack
The CMA’s most important task is to protect practical substitutability without forcing organisations into artificial fragmentation. Nobody benefits if IT teams are pushed into brittle multi-vendor architectures for the sake of regulatory theatre. Integration is valuable, and customers should be allowed to buy integrated products.The line should be drawn where integration becomes coercive or discriminatory. Microsoft should be able to make Teams work well with Exchange; it should not be able to make competing mail, calendar, meeting or AI tools second-class citizens through avoidable technical or commercial barriers. Microsoft should be able to sell Copilot; it should not be able to use privileged access to Microsoft 365 data to deny rivals a fair contest.
That implies remedies focused on behaviour rather than corporate structure, at least initially. Licensing portability across clouds would address one of the clearest economic distortions. API and connector parity would help AI and collaboration rivals compete inside Microsoft-heavy environments. Neutral defaults and simpler switching would reduce interface steering. Transparent bundling and procurement disclosures would help customers understand what they are actually buying.
The hardest remedy will be data-context access for AI. This cannot be solved by throwing open every tenant to every app. Enterprise data is sensitive, permissioned and regulated. But the security challenge should not become a convenient excuse for incumbent preference. If Microsoft can safely give Copilot contextual access, regulators will ask why comparable access cannot be governed for trusted third parties under equivalent controls.
That is the future-proofing problem. The CMA is not writing rules for yesterday’s Office suite. It is writing rules for agentic systems that may soon read, schedule, summarise, draft, approve and execute work across the enterprise.
The £1,100 Invoice Is a Map of the Next Decade
The concrete stakes of the CMA’s Microsoft case are easy to lose in the alphabet soup of SMS, DMCC, CRs and PCIs. They should not be. The case is about whether British organisations can keep using Microsoft where it makes sense without being quietly funnelled into Microsoft everywhere.- Killinghall Parish Council’s complaint matters because it shows how small organisations can discover ecosystem dependency only after adopting a seemingly narrow service.
- Microsoft’s strongest defence is that each product layer has serious competitors, but the CMA is testing whether those layers combine into a harder-to-escape stack.
- AI raises the stakes because enterprise assistants need access to email, files, meetings, identity and permissions that often sit inside Microsoft 365.
- Browser and cloud licensing complaints point to the same structural issue: defaults, technical integration and commercial terms can steer customers before a formal choice is made.
- The most useful remedies would not punish integration itself; they would target discriminatory licensing, unequal API access, coercive defaults and opaque bundling.
- The CMA’s timing matters because remedies imposed after AI workflows become institutional habits will be weaker than rules set while the market is still forming.
References
- Primary source: Computer Weekly
Published: 2026-06-24T12:23:08.045244
The £1,100 lock-in: CMA Microsoft probe exposes software ecosystem at a crossroads | Computer Weekly
A parish council, a £60m public sector bill, and the AI question that could define UK digital competition for a generation in responses to the CMA’s Strategic Market Status investigation.www.computerweekly.com - Related coverage: gov.uk
CMA launches strategic market status investigation into Microsoft’s business software ecosystem - GOV.UK
CMA sets out scope of its investigation to determine whether Microsoft should be designated with strategic market status for its business software ecosystem.www.gov.uk
- Related coverage: lexisnexis.com
CMA opens strategic market status investigation into Microsoft’s business software, targeting bundling, interoperability, default settings and cloud licensing; consultation closes 4 June 2026; final decision expected by February 2027. - Legal News -
CMA opens SMS investigation into Microsoft’s business software ecosystem The Competition and Markets Authority (CMA) has begun a strategic market status (Swww.lexisnexis.com
- Related coverage: finance.yahoo.com
CMA launches probe into Microsoft business software ecosystem
The UK watchdog will examine whether Microsoft has SMS in business software and whether it limits customer choice and competition.finance.yahoo.com - Related coverage: thenextweb.com
The CMA opens its fourth Strategic Market Status case into Microsoft
The CMA has launched its fourth Strategic Market Status investigation, into Microsoft's business software, including cloud licensing and Copilot defaults.thenextweb.com - Related coverage: windowscentral.com
Microsoft’s growing AI influence is under scrutiny in the UK — here’s what’s happening | Windows Central
The CMA is investigating Microsoft, raising concerns about AI and ecosystem control.www.windowscentral.com
- Related coverage: techradar.com
UK opens antitrust enquiry into Microsoft dominance of business software | TechRadar
CMA formalizes its SMS investigation into Microsoftwww.techradar.com - Related coverage: itpro.com
CMA launches Microsoft probe amid software licensing concerns | IT Pro
The regulator hopes to “ensure a level playing field” when it comes to competition in the business software marketwww.itpro.com - Related coverage: techxplore.com
- Related coverage: appliedantitrust.com
Microsoft’s response to the provisional findings
</rdf:Alt> </dc:description> <dc:creator> <rdf:Seq/> </dc:creator> <pdf:Producer>Adobe PDF Library 22.3.86</pdf:Producer> <pdf:Keywords/> <pdfaid:part>1</pdfaid:part> <pdfaid:conformance>B</pdfaid:conformance>...appliedantitrust.com
- Related coverage: connect.cma.gov.uk
Invitation to comment
</rdf:Alt> </dc:description> <dc:creator> <rdf:Seq> <rdf:li>Competition and Markets Authorityconnect.cma.gov.uk