The European Commission has launched a landmark regulatory offensive against cloud computing dominance, opening three formal market investigations under the Digital Markets Act (DMA) targeting Amazon Web Services (AWS) and Microsoft Azure. Announced on November 18, 2025, this represents the most significant regulatory challenge yet to hyperscaler cloud infrastructure, with potential implications for every enterprise running Windows workloads in the cloud and the broader European digital economy.

The Three-Pronged Investigation Strategy

The Commission's approach is both targeted and comprehensive, consisting of three coordinated probes that reflect growing regulatory concern about cloud market concentration. First, two company-specific market investigations will determine whether AWS and Microsoft Azure functionally act as \"gatekeepers\" under the DMA's qualitative pathway. This is significant because cloud services don't neatly fit the DMA's original quantitative thresholds designed for consumer platforms like app stores and social networks.

Second, a horizontal sectoral investigation will assess whether the DMA's current toolkit can effectively address cloud-specific competition issues. This broader study will examine interoperability challenges, data portability limitations, bundling practices, and contractual imbalances that may disadvantage business users. According to the Commission's announcement, this investigation will \"explicitly examine issues such as interoperability, conditioned access to data, tying/bundling, and contractual imbalances.\"

Why AWS and Azure Are in the Crosshairs

Market data consistently shows concentrated cloud spending patterns across European markets. In the UK, the Competition and Markets Authority (CMA) found that AWS and Microsoft together account for a dominant share of Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) customer spend. The CMA's investigation highlighted specific practices that can raise switching costs and entrench incumbency, including differential licensing, egress fees, and preferential treatment for native services.

Regulators cite several concrete concerns that will be investigated:

  • Data portability and egress charges: Are exit fees or technical frictions structured to deter migration? How performant and reliable are migration tools for production workloads?
  • Licensing and pricing differentials: Do licensing terms make it cheaper or operationally simpler to run a vendor's software on its own cloud? The CMA has already flagged patterns where running Windows Server or other Microsoft middleware on Azure receives pricing advantages.
  • Self-preferencing and bundling: Do first-party managed services, marketplaces, or consoles receive preferential placement, pricing, or performance that disadvantages independent software vendors?
  • Interoperability challenges: Are proprietary APIs and platform primitives designed in ways that make practical multi-cloud operations infeasible for latency-sensitive workloads?
  • Contractual imbalances: Are standard cloud contract terms unfairly skewed against business users?

The DMA normally designates gatekeepers based on objective thresholds: annual EU turnover of at least €7.5 billion over three years or market capitalization of €75 billion, plus platform metrics like 45 million monthly active end users and 10,000 yearly active business users in the EU. However, the law contains a qualitative investigatory route allowing the Commission to designate services as gatekeepers if they function as \"important gateways\" for business users to reach end users, even when numeric thresholds don't cleanly map to infrastructure markets.

This legal flexibility is what Brussels is now testing for cloud services. As noted in the WindowsForum discussion, \"The practical implications of a designation are significant — mandatory obligations and heavy fines for breaches — which is why the Commission's decision to test the DMA against cloud services represents a landmark shift in regulatory scope.\"

Technical Translation Challenges

Mapping DMA obligations to cloud infrastructure presents unique challenges. Cloud services aren't measured in monthly active consumer accounts but rather in contract value, enterprise accounts, geographic data residency, capacity footprints, and specialized accelerators for AI workloads. The horizontal probe must confront definitional questions: What does interoperability mean for a cloud control plane? How do you ensure data portability for multi-petabyte datasets? How would non-discrimination operate when a provider sells both infrastructure and first-party managed services?

According to technical analysis, these questions require deep evidence including logs, API documentation, contract annexes, migration test results, and comparative pricing models. Regulators must balance commercial confidentiality with public interest in transparency while avoiding technical mandates that could hamper innovation or create impractical compliance burdens.

Immediate Implications for Enterprise IT and Windows Environments

For enterprise IT leaders, particularly those managing Windows-based cloud environments, the Commission's announcement signals increased regulatory scrutiny of cloud contracts and portability practices. Organizations should treat this as a catalyst for strengthening their cloud procurement and management strategies.

Key immediate actions for CIOs and procurement teams include:

  • Strengthening exit guarantees: Require clear, testable data-export and migration procedures with realistic timelines and capped transfer costs
  • Insisting on audit-friendly SLAs: Ensure contractual remedies and credits tied to missed migration/portability commitments
  • Demanding licensing transparency: Obtain detailed total cost-of-ownership comparisons for running software on native versus competitor clouds
  • Hardening key-management controls: Use customer-managed keys and insist on contractual commitments for cryptographic portability
  • Designing for mobility: Implement microservices, containerization, and avoid provider-specific managed primitives where portability matters

As the WindowsForum analysis notes, \"These are practical mitigations that reduce vendor lock-in risk regardless of how the investigations conclude.\"

Potential Outcomes and Industry Consequences

The investigations could produce several outcomes with materially different consequences:

  1. No gatekeeper designation but guidance: The Commission could find cloud services aren't gatekeeper-level under the DMA but still issue enforcement guidance or encourage best practices
  2. Gatekeeper designation for specific services: If AWS or Azure are designated as gatekeepers, they would face mandatory DMA obligations including non-discrimination requirements, interoperability mandates, data portability duties, and prohibitions on self-preferencing — enforced with fines up to 10% of global turnover
  3. Targeted regulatory adaptation: The horizontal probe may recommend adapting DMA implementation guidance to clarify how obligations apply to cloud infrastructure
  4. Structural remedies: In extreme scenarios, regulators could compel divestments or business separations, though these are legally and politically difficult

Strengths and Risks of the Regulatory Approach

The Commission's approach has several strengths according to regulatory analysis. It takes a proactive, systemic view recognizing cloud as strategic infrastructure for the digital and AI economy. The DMA's qualitative pathway provides legal flexibility where strict numeric thresholds don't fit cloud markets. The evidence-driven inquiry grounds decisions in concrete operational realities rather than abstract market shares. Finally, it aligns with national regulatory work, potentially harmonizing fragmented remedies into a coherent EU framework.

However, significant risks exist:

  • Regulatory overreach: Rigid interoperability rules could raise costs, slow product development, and create compliance burdens disproportionately affecting smaller European cloud vendors
  • Fragmentation costs: EU-specific obligations could prompt hyperscalers to create EU-specific architectures, increasing complexity and potentially undermining Europe's digital sovereignty goals
  • Legal uncertainty: The qualitative designation route is legally novel for infrastructure, likely triggering intensive litigation over definitions and methodologies
  • Shifting compliance costs: Providers may pass increased compliance costs to business customers, disproportionately affecting small and medium enterprises
  • Operational risk: Poorly designed interoperability obligations could increase downtime risk for critical services

Industry Response and Technical Considerations

Initial public responses from hyperscalers emphasize cooperation but warn of potential collateral damage. Providers argue cloud markets are competitive and that forcing interoperability might undermine innovation. As noted in the WindowsForum discussion, \"Providers argue that cloud markets are competitive, that forcing interoperability or new obligations might undermine innovation, and that compliance costs could be passed to customers.\"

Technical considerations are particularly relevant for Windows environments. Microsoft's integration between Windows Server, Active Directory, and Azure services creates natural efficiencies but also potential lock-in concerns. The investigation will likely examine whether these integrations constitute unfair advantages or reasonable technical optimizations.

Timeline and What to Watch

The Commission aims to complete the fact-finding phase in approximately 12 months, though complex technical evidence and potential legal challenges could extend this timeline. Key checkpoints include:

  • Next 3 months: Formal information-request phase where the Commission will ask cloud providers, large customers, and alternative providers for documents, test data, and contracts
  • 6-12 months: Investigators aim to issue preliminary findings
  • Post-investigation: Any designation, guidance, or law changes will trigger compliance programs and potential litigation

Strategic Implications for Europe's Cloud Ecosystem

This investigation marks a decisive escalation in how regulators treat cloud infrastructure — not as a commodity market for traditional antitrust enforcement but as a strategic platform requiring ex-ante rules to protect contestability, resilience, and Europe's AI ambitions. The exercise is technically and legally delicate, requiring sustained technical engagement, phased remedies, and clear measurement frameworks.

For Windows users and enterprise IT decision-makers, the practical takeaway is clear: prioritize portability, contractual exit provisions, transparency, and multi-cloud readiness. These steps protect organizations regardless of investigation outcomes. For cloud vendors, the message is equally direct: expect deeper scrutiny of commercial terms, licensing practices, and technical choices affecting portability and competitive parity.

As the WindowsForum analysis concludes, \"This investigation will shape the rules of engagement for cloud, AI and digital sovereignty in Europe for the coming decade. Its outcomes will matter not only for hyperscalers and rivals but for every business that depends on cloud infrastructure — and for policymakers seeking to reconcile innovation, competition and resilience in a rapidly changing technical landscape.\"

The investigation represents a critical test of whether consumer-focused digital regulation can adapt to infrastructure markets while balancing innovation, competition, and Europe's strategic autonomy in the cloud and AI era.