The European Commission has initiated formal market investigations to determine whether Amazon Web Services (AWS) and Microsoft Azure should be designated as regulated "gatekeepers" under the Digital Markets Act (DMA), potentially subjecting the dominant cloud hyperscalers to new interoperability, data-access, and anti-self-preferencing obligations. This regulatory scrutiny represents a significant escalation in Europe's efforts to ensure fair competition in digital markets, with potential penalties reaching up to 10% of global turnover for non-compliance. The move comes as cloud infrastructure has evolved from back-office utility to strategic infrastructure underpinning artificial intelligence, financial services, and virtually all modern digital services.

The DMA's Gatekeeper Framework and Cloud Services

The Digital Markets Act, Europe's flagship competition instrument for Big Tech, establishes a special legal status—"gatekeeper"—for firms that serve as pivotal intermediaries between businesses and consumers. Gatekeepers must adhere to a comprehensive set of obligations designed to protect business users and end users, with failure to comply risking substantial fines and remedial actions.

What makes this investigation particularly noteworthy is that cloud services don't neatly align with the DMA's original quantitative thresholds, which focus on annual EEA turnover and minimum EU user counts. Instead, the Commission is employing the DMA's market-investigation powers to assess whether AWS and Azure function as "important gateways between businesses and consumers"—a qualitative test that can yield gatekeeper designation even when strict numerical thresholds aren't met. This approach has been used previously for services falling outside conventional threshold calculations.

What the Commission is Investigating

The market inquiry aims to establish several critical factors regarding AWS and Azure's market position and practices. First, regulators are examining whether these cloud platforms function as indispensable intermediaries for businesses and end users in ways that confer entrenched market power. Second, the investigation focuses on whether technical, contractual, or commercial lock-in mechanisms hamper customer switching or multi-cloud strategies. Finally, the Commission is evaluating whether specific conduct patterns could be addressed through the DMA's established obligations around interoperability, non-discrimination, and data access.

These investigations represent fact-finding processes rather than immediate enforcement actions, with the Commission having up to 12 months to complete investigations using the qualitative designation route. The outcome could lead to designating cloud services as new gatekeeper platforms under the DMA's Article 3(8) pathway or implementing tailor-made remedies if systemic issues are identified.

Potential Consequences of Gatekeeper Designation

Should AWS or Azure receive gatekeeper designation for their cloud services, several operational consequences would follow. The most relevant DMA obligations for cloud providers include:

  • Interoperability requirements: Mandating that third-party services can interoperate with gatekeeper functions where technically feasible
  • Data access provisions: Enabling business users to access data they generate on the platform while preventing unfair data capture for self-preferencing
  • Non-preferencing rules: Prohibiting gatekeepers from treating their own cloud-adjacent services more favorably in rankings or procurement contexts
  • Transparency and auditing obligations: Requiring explanation of automatic decision systems and publication of compliance reports

Non-compliance could trigger fines up to 10% of worldwide turnover, escalating to 20% for repeated breaches. For systematic failures, the Commission could order structural remedies, making the DMA an unusually powerful regulatory instrument.

Why Cloud Regulation Has Become a Priority

Cloud platforms have transformed from back-office utilities to strategic infrastructure supporting AI development, large-scale analytics, and enterprise software deployments. The EU's policy objective centers on securing a fair, open, and competitive cloud ecosystem that supports European AI ambitions and digital sovereignty. Commission officials have expressed concern that a small set of hyperscalers controls access to critical computing and data resources underpinning emerging markets.

Parallel investigations in other jurisdictions have intensified regulatory momentum. The UK's Competition and Markets Authority (CMA) published provisional findings in its cloud market inquiry, concluding that AWS and Microsoft hold "very strong positions" with high concentration levels and significant barriers to entry. The CMA proposed designating them with Strategic Market Status in serious scenarios, findings that directly inform the EU's assessment.

Simultaneously, U.S. authorities have been examining cloud pricing and licensing practices, with the Federal Trade Commission and legislators flagging egress fees, bundling arrangements, and exclusive contracts as potential competition concerns. This transatlantic scrutiny adds geopolitical dimensions to Europe's regulatory assessment.

Technical Complexities of Regulating Cloud Infrastructure

Applying DMA provisions to cloud infrastructure presents unique challenges compared to consumer-facing services like app stores or search engines. Several technical and definitional complexities complicate regulatory implementation:

  • End user definition: For cloud IaaS and PaaS services, primary customers are businesses rather than individual consumers, raising questions about how the DMA's "business user" versus "end user" distinctions apply
  • Legitimate switching costs: Migrating large datasets and stateful workloads between providers involves substantial engineering, porting, and revalidation efforts that represent genuine technical challenges rather than mere marketing friction
  • Security and confidentiality constraints: Data-access obligations could create operational security trade-offs if poorly scoped, potentially exposing sensitive infrastructure topology and customer relationships

These complexities explain why the Commission is approaching cloud regulation through market investigation rather than immediate designation, allowing for technical evidence gathering and stakeholder input before any regulatory decisions.

Industry Response and Competitive Concerns

AWS and Microsoft have responded to the investigations with predictable pushback. Amazon Web Services argues that the cloud sector remains dynamic and highly competitive, warning that designating cloud providers as gatekeepers risks stifling innovation and increasing costs for European businesses. Microsoft has emphasized its commitment to competition while expressing willingness to engage constructively in the market inquiry.

Industry objections typically center on two recurring arguments: that market concentration reflects superior product offerings and scale efficiencies rather than anti-competitive conduct, and that heavy-handed regulation could raise compliance costs, slow product rollouts, and deter European investment. These arguments highlight the fundamental policy trade-offs regulators must balance between promoting competition and preserving innovation incentives.

Practical Implications for Cloud Customers and Providers

If AWS or Azure receive gatekeeper designation, several practical outcomes could emerge that directly impact enterprise customers and independent software vendors:

  • Reduced switching friction: Potential restraints on contractual egress fees, clearer portability standards, or mandated APIs for exporting data and application state in common formats
  • Enhanced third-party interoperability: Requirements enabling competing specialized services to operate seamlessly alongside incumbent platforms without discriminatory treatment
  • Improved data governance: Obligations allowing business customers to access telemetry and datasets they generate on platforms, reducing information asymmetries that enable self-preferencing
  • Self-preferencing prohibitions: Limits on bundling proprietary managed services in ways that disadvantage competing offerings

These measures could facilitate migration and competition but would impose implementation and compliance costs on providers, potentially affecting product roadmaps, pricing structures, and contractual models.

The Commission's qualitative designation route allows up to 12 months for investigation, during which regulators will gather evidence through stakeholder questionnaires and technical briefings. Key tests the Commission will apply include whether cloud services create "important gateways" for business users to reach end users, whether entrenched switching costs reduce market contestability, and whether specific conduct patterns materially disadvantage competitors.

Several areas are likely to generate legal challenges, including definitions of "business user" and "end user" in IaaS/PaaS contexts, the scope of data-access obligations where confidentiality or national security concerns arise, and remedies that could be framed as extraterritorial regulation of non-EU companies. Given the high stakes, any designation would likely face intense scrutiny in EU courts and prompt robust lobbying efforts on both sides of the Atlantic.

Strategic Implications and Future Scenarios

Several plausible scenarios could emerge from the current investigations, each with distinct competitive implications:

  1. Targeted remedies without designation: The Commission identifies competition problems but imposes narrow behavioral remedies focused on specific issues like egress fees or interoperability APIs
  2. Full gatekeeper designation: AWS and/or Azure acquire comprehensive DMA obligations for cloud services, forcing systemic changes to how managed services are packaged and priced
  3. Coordinated transatlantic response: EU action is mirrored by UK and targeted U.S. scrutiny, creating overlapping obligations that cloud vendors must reconcile across jurisdictions

Each scenario produces different competitive incentives. Gatekeeper designation could accelerate alternative cloud growth in Europe if combined with market-opening measures, but might also prompt strategic responses from incumbents to shift product offerings or investment patterns globally.

Enterprise and Vendor Preparedness

Companies consuming cloud services and cloud providers themselves should prepare for increased regulatory scrutiny through several practical steps:

For cloud customers:
- Conduct rapid audits of data egress exposure and contractual exit terms
- Enhance multi-cloud portability planning and document migration costs for regulatory consultations
- Engage proactively in EU consultations to ensure factual records accurately reflect technical realities

For cloud providers:
- Inventory technical interoperability options and document legitimate security constraints
- Reconsider pricing structures and egress policies to reduce regulatory friction
- Allocate legal, policy, and engineering resources for regulatory questionnaires and technical workshops

These measures will help organizations reduce compliance exposure while making credible arguments about necessary trade-offs for security and performance.

Balancing Innovation and Competition

The Commission's investigation represents a proactive approach to competition oversight in a sector fundamental to digital economic activity. Early scrutiny could prevent lock-in that would become increasingly difficult to reverse as cloud adoption deepens. The DMA's toolbox—particularly interoperability, non-preferencing, and data-access obligations—aligns well with many complaints about cloud market practices.

However, regulators must avoid overreach or mis-specification that could harm innovation incentives, increase costs for downstream businesses, or slow product rollouts in Europe. Divergent remedies across the EU, UK, and U.S. could increase compliance complexity for global suppliers and fragment cloud-native product design. Additionally, regulatory escalation risks political friction, with some U.S. policymakers framing EU digital rules as protectionist measures.

A balanced, evidence-based approach is essential. The Commission's market inquiry provides the appropriate mechanism for gathering granular technical evidence needed to avoid blunt remedies. Regulators should design narrowly tailored obligations addressing specific foreclosure problems—such as limiting abusive egress fees or requiring standardized export APIs—rather than imposing sweeping architectural mandates that could undermine efficiencies delivered by scale. Evidence-based, proportionate remedies would maximize consumer and business value while minimizing unintended harms to innovation and competition.