EU Opens New Cloud Investigations Under the Digital Markets Act

Key Takeaways

• DMA Enforcement Expands: The European Commission has launched three market investigations targeting the cloud sector under the Digital Markets Act (DMA).
• Gatekeeper Probes: Two investigations focus on whether Amazon Web Services and Microsoft Azure should be designated as gatekeepers, despite not meeting standard DMA thresholds.
• Cloud Sector Scrutiny: A third investigation examines whether current DMA rules effectively address unfair practices in cloud computing, such as interoperability barriers, bundling, and restricted data access.
• Potential Designation Impact: If AWS and Azure are designated as gatekeepers, they would be added to the existing list of core platform services for which Amazon and Microsoft already hold obligations.

Deep Dive

The European Commission is taking a look at the foundations of Europe’s cloud computing market, opening three new investigations that could reshape how major providers operate across the EU.

At the center of the move are Amazon Web Services and Microsoft Azure, two cloud services that don’t meet the Digital Markets Act’s formal size or user thresholds but still sit at the heart of Europe’s digital infrastructure. Regulators want to know whether that practical influence makes them gatekeepers under the DMA, a designation that would bring additional responsibilities and obligations even without the usual quantitative triggers.

The Commission says recent analyses of cloud markets consistently point to the same conclusion: AWS and Azure hold extremely strong positions in how businesses and consumers access cloud services. Part of the investigation will look at whether the dynamics of the cloud sector, including high switching costs, vertical integration, and the sheer gravitational pull of dominant ecosystems, might be reinforcing that strength in ways the DMA is designed to address.

If the evidence shows that the two services act as “important gateways,” they’ll be added to the list of core platform services for which Amazon and Microsoft are already gatekeepers, setting off a six-month window to bring their cloud products fully in line with DMA requirements.

Alongside those two probes, the Commission is launching a broader review of whether the DMA’s current obligations are enough for the cloud market as it exists today. Officials are gathering information from cloud providers and business users to understand how issues like interoperability barriers, limited access to data, bundling, tying, or imbalanced contract terms may be affecting competition or fairness. The findings could ultimately lead to an update of the DMA’s cloud-related rules through a delegated act.

The investigations come at a moment when cloud services have become inseparable from Europe’s digital ambitions—particularly around AI development, where access to robust and flexible cloud resources is a prerequisite for innovation. That reality was reflected in comments from senior EU officials, who stressed that cloud computing underpins competitiveness, resilience, and tech sovereignty.

For now, the message from Brussels is that cloud has become too central, and too strategically important, to be left to assumptions. Whether the current framework is enough, or whether the rules need to evolve alongside the market, is exactly what these investigations aim to determine.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.