Brussels, Belgium | June 25, 2026: The EU Cloud Investigation has officially entered a decisive phase. When the news broke out of Brussels, it didn’t exactly shock the tech world, but the sheer weight of it was hard to ignore.
- What the EU Cloud Investigation Officially Says
- What Actually Makes a “Gatekeeper”?
- The Brutal Honesty of the Financial Thresholds
- The Messy Reality of Counting Cloud Users
- How the EU Legally Defines “The Cloud”
- The Real Fight: Lock in, Portability, and Interoperability
- The Data Egress Problem
- The Clock is Ticking: How the Investigation Actually Works
- The Scariest Part: The Burden of Proof Flips
- What Happens If They Lose? The Obligations
- The Financial Hammer Waiting at the End
- The Bigger Picture: Europe’s Cloud Sovereignty Play
- The Analytical Closing: The End of the Cloud’s Free Ride
- Frequently Asked Questions (FAQs)
The European Commission has launched formal market investigations to determine whether Amazon Web Services and Microsoft Azure should be designated as “gatekeepers” under the Digital Markets Act.
If you’re running a startup, managing an enterprise IT budget, or watching tech stocks, this deserves your attention. This isn’t just another regulatory action. It’s the European Union examining the business models of the world’s two largest cloud providers and testing whether they meet the legal threshold for gatekeeper status.
I’ve been watching the Digital Markets Act take shape for a while now, and seeing it applied to cloud infrastructure changes the game entirely. For years, Brussels focused on consumer platforms such as app stores, social media, and search engines. Now, the investigation has moved deeper into the infrastructure that powers the internet itself.
What the EU Cloud Investigation Officially Says
You can’t just speculate on why the EU is doing this. To understand the EU cloud probe, you have to look at what the European Commission actually said. The Commission issued a very deliberate, very measured official press release explaining why this Digital Markets Act cloud investigation has been launched. Read between the lines, however, and the broader intent becomes clear. This is about far more than compliance. It is another major step in EU tech regulation aimed at reshaping competition in Europe’s digital economy.
European Commission Executive Vice President Margrethe Vestager didn’t mince words in that release.
“Cloud services are essential for European businesses to operate and innovate. If large cloud service providers act as gatekeepers, the DMA requires us to investigate this thoroughly. We need to make sure that markets remain competitive, including for cloud services.”
That quote, pulled straight from the European Commission’s official portal, tells you everything. Vestager isn’t just talking about prices. She’s talking about innovation, competition, and the future of Europe’s digital infrastructure. The Digital Markets Act cloud investigation is designed to determine whether dominant cloud providers have become critical gateways that can shape how businesses innovate.
The EU’s official position is now clear. If these massive cloud platforms are acting as bottlenecks that determine who gets to innovate and who doesn’t, then the DMA is the legal instrument to remove those barriers. That is why this EU cloud probe has become one of the most significant developments in EU tech regulation, extending the reach of the Digital Markets Act beyond consumer platforms and into the cloud infrastructure that powers much of the modern internet.
What Actually Makes a “Gatekeeper”?
The term gets thrown around a lot in the press, but people rarely look at the actual legal machinery behind it. I went back to the source text to see how this actually works. The Digital Markets Act was formally adopted and published in the Official Journal of the European Union. That document is the bible for this entire regulatory era.
According to the Official Journal of the European Union, a “gatekeeper” isn’t just a company that is big and kind of mean. It has to meet a highly specific legal definition. The company has to provide what the EU calls a “core platform service.”
More importantly, it has to serve as an important gateway for business users to reach end users. And it has to enjoy what the law calls an “entrenched and durable position” in the market. Think about what that means for cloud computing. If your entire company’s data, your AI models, and your customer databases live inside AWS or Azure, those platforms aren’t just service providers anymore. They are the gateway between your business and your customers.
The Brutal Honesty of the Financial Thresholds
Here is where the DMA gets genuinely interesting. The EU didn’t leave the definition of “big” up to a judge’s feeling. They wrote down hard numbers. To be presumed a gatekeeper under the DMA, a company has to clear two massive hurdles. The first one is all about money, and it’s laid out plainly in the Official Journal of the European Union.
A company is presumed to be a gatekeeper if it hits an annual Union turnover of at least 7.5 billion euros over the last three financial years. If it doesn’t hit the revenue mark, there’s a second route: an average market capitalization of at least 75 billion euros in the last financial year.
Let’s be real. Microsoft and Amazon don’t even feel a bump stepping over those thresholds. Their market caps are measured in trillions.
The European Commission’s official announcement flat out states that both companies clear this financial hurdle without breaking a sweat. There is no debate here. The financial side of the presumption is locked in.
The Messy Reality of Counting Cloud Users
But the DMA requires two things to trigger the presumption. The financial side was easy. The user side is where it gets incredibly messy, and frankly, it’s the exact reason the EU had to open a formal investigation instead of just slapping them with the label.
The Official Journal of the European Union states that the core platform service must have at least 45 million monthly active end users established or located in the EU. It also needs at least 10,000 yearly active business users established in the EU.
Sounds simple, right? It is if you are counting people who open a TikTok app on their phone. It is a total nightmare if you are counting cloud users.
Think about how a business actually uses Azure or AWS. A mid sized company might have five system administrators logging into the console. But the actual “end users” accessing the services could be 50,000 employees using a cloud hosted HR application.
Do you count the admins? The employees? The automated scripts? The European Commission explicitly noted in their official announcement that this methodological complexity is why they need a formal market investigation. They have the financials. Now they need to figure out how to legally count the scale of cloud consumption in Europe without getting their math thrown out by corporate lawyers.
How the EU Legally Defines “The Cloud”
You might think everyone knows what cloud computing is. But in a legal proceeding, definitions are weapons. If the EU used a weak definition, Microsoft and Amazon would poke holes in it instantly. So, the drafters of the DMA got incredibly specific.
Article 2 of the DMA, as published in the Official Journal of the European Union, contains the legal definition that is now driving this investigation.
“Cloud computing services” means services that allow users to access and use computing capacity, whether physical or virtual, including storage, processing and networking capabilities, over the internet, regardless of whether the service is labelled as cloud computing, utility computing or software as a service.
Read that carefully. They didn’t just say “servers.” They included storage, processing, and networking. And that last part “regardless of whether the service is labelled as… software as a service” is a massive tripwire.
It means the EU isn’t just looking at the raw infrastructure AWS rents out. They are looking at the entire software stack that sits on top of it, as long as it provides that underlying compute capacity. This is exactly why Microsoft is in the crosshairs alongside Amazon. It’s not just about Azure’s raw servers. It’s about how tightly Microsoft bundles its software ecosystem into that cloud infrastructure.
The Real Fight: Lock in, Portability, and Interoperability
When the European Commission announced this probe, they didn’t just say “we’re looking into cloud.” They specifically pointed their finger at two concepts: interoperability and data portability. This is the heart of the whole fight.
For years, the smartest cloud architects have warned about “vendor lock in.” You move your data into a cloud provider. You use their proprietary database tools. You use their proprietary security keys. After a few years, the cost of moving out becomes so high, both in money and engineering time, that you just stay. You are locked in. That lock in is a massive part of how these companies guarantee their massive, compounding revenue growth.
The DMA is designed to break that cycle. According to the obligations laid out in the Official Journal of the European Union, designated gatekeepers must ensure that their core platform services are interoperable with third party services.
They are legally required to provide effective, continuous, and real time access to user data. Furthermore, they cannot use technical barriers to stop a business user from taking their data and walking out the door.
If the Commission finishes this investigation and officially designates AWS and Azure as gatekeepers, the era of friction based lock in in Europe is over. They will literally be forced by law to build the exit doors for their customers.
The Data Egress Problem
While the European Commission’s main press release sticks to the legal terms like “data portability,” anyone who actually works in cloud infrastructure knows what this is really about: data egress fees. When you put data into AWS or Azure, it’s usually free, or incredibly cheap. When you pull it out say, to move it to a competitor they hit you with massive data transfer fees.
Critics have long argued that these fees aren’t tied to the actual cost of moving the data. They are artificial barriers designed to make leaving financially painful. Under the strict data portability requirements of the DMA, if the Commission determines that pricing models act as a barrier to portability, those models will have to change.
You can bet that Amazon and Microsoft’s legal teams are currently trying to figure out how to prove that their egress fees are just standard network costs, while the Commission is trying to prove they are illegal barriers. That clash is going to define the next ten months.
The Clock is Ticking: How the Investigation Actually Works
A lot of coverage treats this like a vague threat. It’s not. The DMA operates on a strict, legally binding clock. The European Commission doesn’t get to drag this out forever. The procedural rules are written directly into the regulation, found in the Official Journal of the European Union.
A formal market investigation under the DMA has a maximum time limit of five months. But, and this is a crucial caveat, the law is written by bureaucrats who understand that corporate obfuscation takes time.
If the Commission finds that the complexity of the cloud market requires more digging say, if Amazon hands over ten million pages of technical documentation on user metrics the Commission can extend the investigation by another five months.
That gives Brussels a hard maximum of ten months to look at the data, make a decision, and issue a designation. For enterprise IT leaders, that ten month window is a planning nightmare. Do you sign a three year contract with Azure today, knowing that in ten months, the EU might legally force Azure to make it incredibly easy for you to break that contract and leave?
The Scariest Part: The Burden of Proof Flips
I think a lot of American tech executives still don’t understand how brutal the DMA is compared to old school antitrust law. Under traditional EU competition law, the European Commission had to do all the heavy lifting. They had to prove a company was dominant. They had to prove the company was abusing that dominance. It took years of painstaking economic analysis.
The DMA flips that entire dynamic on its head. As explicitly stated in the Official Journal of the European Union, once a company hits those financial and user thresholds, the law presumes they are a gatekeeper.
The burden of proof shifts entirely to the tech giant. Microsoft and Amazon now have to prove a negative. They have to gather concrete evidence and prove to the European Commission that, despite their massive size and scale, they do not actually hold an “entrenched and durable position” in the cloud market.
Try arguing with a straight face that Microsoft Azure doesn’t have an entrenched position in enterprise IT. It’s an incredibly difficult legal bar to clear. The structure of the DMA was built specifically to prevent the endless delays that tech companies used in the past.
What Happens If They Lose? The Obligations
Let’s say the ten months pass, and the Commission drops the hammer. AWS and Azure are officially gatekeepers. What happens next? Article 5 and Article 6 of the DMA, published in the Official Journal of the European Union, contain a list of obligations that read like a startup’s wish list and a mega corp’s nightmare.
Gatekeepers are banned from combining personal data from different core platform services without the user’s explicit, informed consent. They are banned from preventing business users from offering better prices outside of the gatekeeper’s platform.
But the big one for the cloud sector is the self preferencing ban. A gatekeeper cannot treat its own services more favorably than third party services on its platform. Imagine you run a European software company. You build a great database tool. You try to sell it to companies running on Azure.
Right now, you are competing against Microsoft’s own proprietary database tools, which are deeply integrated into Azure’s billing, support, and dashboard. If Azure is a gatekeeper, Microsoft is legally required to ensure your third party database tool has the exact same level of technical access and functional integration as Microsoft’s own tool.
They can’t hide their tools in the premium tier while burying yours in the settings menu. It fundamentally levels the playing field.
The Financial Hammer Waiting at the End
If you think these companies will just ignore the rules and pay a minor fine, you haven’t read the DMA. The penalty structure in the DMA makes the old GDPR fines look like parking tickets. Article 30 of the Digital Markets Act, as recorded in the Official Journal of the European Union, lays out the math very clearly.
For a first infringement, the European Commission can impose a fine of up to 10% of the company’s total worldwide annual turnover. Let that sink in. Not EU revenue. Not cloud revenue. Total, global, worldwide annual turnover.
For a company like Microsoft, 10% of global turnover is tens of billions of dollars. And the EU built in an escalation clause that is genuinely terrifying for corporate boards. If a gatekeeper systematically and continuously fails to comply with the DMA, the Commission can ratchet the fines up to 20% of worldwide turnover.
The legislation even gives the Commission the theoretical power to force structural remedies. In the absolute worst case scenario, that could mean forcing a company to sell off parts of its business. When the financial risk is that high, compliance isn’t just a legal department issue. It becomes the entire corporate strategy.
The Bigger Picture: Europe’s Cloud Sovereignty Play
You can’t separate this investigation from the broader political mood in Europe. For years, European politicians have been losing sleep over “digital sovereignty.” They watch trillions of euros of European corporate data flow into data centers owned by American companies.
They see European tech champions struggling to scale because AWS and Microsoft can outspend them on data centers by orders of magnitude. The European Commission’s official digital strategy documents constantly hammer on the need for a “competitive, multi vendor cloud ecosystem” in Europe.
By dragging AWS and Azure into the DMA, the EU is effectively using regulation as a market making tool. If interoperability and portability are legally guaranteed, European enterprises lose the excuse that “it’s too hard to switch.” They will start looking at alternative providers.
Companies like OVHcloud in France, or the Open Telekom Cloud in Germany, suddenly become viable options for massive enterprise workloads because the cost and technical friction of moving data has been legally mandated to drop. This isn’t just about fairness. It’s industrial policy disguised as a competition law.
The Analytical Closing: The End of the Cloud’s Free Ride
If you take one thing away from this, let it be this: we have reached the definitive inflection point for enterprise technology. For the last fifteen years, the cloud computing boom operated on a brilliantly simple premise. You land the enterprise workload. You make the architecture so deep, so customized, and so proprietary that leaving becomes a practical impossibility. You monetize the data gravity.
That model drove the hyper growth valuations of Amazon and Microsoft. It funded the massive capital expenditure pipelines that are currently building out the physical AI infrastructure of the future. The Digital Markets Act is a legislative sledgehammer designed to shatter that exact premise.
If the European Commission successfully designates Azure and AWS as gatekeepers, the concept of vendor lock in transforms overnight from a competitive advantage into a massive regulatory liability.
The mandatory interoperability rules will effectively commoditize the foundational infrastructure layer of the cloud. AWS and Microsoft will no longer be able to rely on the friction of data migration to keep their customers captive.
They will be forced into a brutal, pure play competition. They will have to win business based solely on the marginal utility of their AI models, the raw efficiency of their chips, and the quality of their developer tools.
For founders, this is a massive opportunity. The walled gardens are about to have their walls legally torn down. For institutional investors, it means the guaranteed, compounding revenue growth driven by passive infrastructure lock in is facing an existential threat.
The next ten months of this market investigation will dictate whether the European cloud market fractures into a truly open, multi vendor landscape, or if the current oligarchy manages to navigate the legal maze intact.
Bookmark this moment. The rules of the cloud are being rewritten in real time, and the financial fallout is going to reshape the tech sector for the next decade.
Frequently Asked Questions (FAQs)
What exactly is the Digital Markets Act (DMA)?
According to the Official Journal of the European Union, the Digital Markets Act is a strict EU regulation that sets objective criteria to identify large, powerful tech companies as “gatekeepers.” Once designated, these companies are legally required to follow a specific set of rules designed to keep digital markets fair and open in Europe, preventing them from abusing their market power.
Why are Microsoft and Amazon being investigated right now?
The European Commission officially announced that both companies easily clear the DMA’s massive financial thresholds which require at least 7.5 billion euros in EU turnover or a 75 billion euro market cap. However, because counting “users” in a business to business cloud environment is incredibly complex, the Commission opened a formal market investigation to legally verify if AWS and Azure meet the 45 million end user and 10,000 business user thresholds required by the law.
What happens to AWS and Azure if they are officially designated as gatekeepers?
If designated, they must legally comply with the strict obligations in the DMA. According to the Official Journal of the European Union, this means they cannot favor their own software over competitors’ software on their platforms, and they must guarantee seamless data portability and interoperability, making it legally easy for businesses to pack up their data and move to a competing cloud provider.
How long will this EU investigation take?
The DMA operates on a strict legal clock. The European Commission stated that a formal market investigation takes up to five months. However, the legislation allows the Commission to extend this timeline by an additional five months if the market complexity demands it, meaning this process could take up to ten months to reach a final decision.
What are the financial penalties if Microsoft or Amazon break the DMA rules?
The penalties are designed to be devastating enough to force compliance. Under Article 30 of the DMA, as published in the Official Journal of the European Union, a first offense can result in a fine of up to 10% of the company’s total worldwide annual turnover. If a company continues to systematically violate the rules, the Commission can impose repeat fines of up to 20% of their global worldwide turnover.
Connect With Us On Social Media [ Facebook | Instagram | Twitter | LinkedIn ] To Get Real-Time Updates On The Market. Entrepreneurs’ Diaries Is Now Available On Telegram. Join Our Telegram Channel To Get Instant Updates.
Isabella is a global business journalist and former McKinsey analyst from Brazil. She brings sharp insights on economic shifts, policies, and founder journeys from around the world.
Luca is a tech ethicist from Italy exploring disruptive innovation through a human lens—from AI to biotechnologies to decentralization.
