EU Targets Amazon and Microsoft Cloud Services as Market 'Gatekeepers' Under New Tech Rules

The European Union has moved to extend its landmark technology regulations into cloud computing, with antitrust enforcers recommending that Amazon Web Services and Microsoft Azure be formally classified as 'gatekeepers' under the Digital Markets Act. This decision, announced in late June following a seven-month investigation, marks a significant widening of the EU's regulatory reach beyond its traditional focus on search engines, social media platforms, and app stores into infrastructure services that underpin the continent's digital economy.

The gatekeeper designation carries substantial consequences for both companies. Once formally confirmed, Amazon and Microsoft would face stringent obligations governing their conduct in European markets, including prohibitions on unfair self-preferencing practices—where platforms favour their own services over those of competitors—alongside requirements to maintain interoperability with other cloud providers and facilitate data portability for customers. These measures are designed to prevent the market leaders from leveraging their dominant positions to create artificial barriers that lock in users and squeeze out rivals.

Cloud infrastructure has emerged as critical infrastructure for modern European businesses, with over half of EU companies now depending on public cloud services for their operations. This dependency deepens further as artificial intelligence technologies become increasingly central to competitive advantage across industries. By targeting AWS and Microsoft Azure specifically, the EU is signalling that it views cloud computing not merely as a commercial service but as foundational technology that demands regulatory oversight to preserve fair competition and protect the continent's technological independence from American technology giants.

EU Tech Commissioner Henna Virkkunen framed the initiative as essential to Europe's digital sovereignty and future prosperity. Her statement emphasised that cloud services must operate within competitive frameworks that build consumer trust while safeguarding European interests in technology development. The regulatory move reflects broader European anxiety about technological dependency on major American companies and the risk that concentrated control of cloud infrastructure could disadvantage European innovators and entrench the market power of incumbents.

The Commission's investigation identified several factors that justified the gatekeeper classification. AWS and Microsoft Azure demonstrate substantially larger turnovers and operational capacity than competing cloud providers, commanding vast customer bases that produce significant lock-in effects. The cost and complexity of migrating existing workloads between cloud providers create powerful switching barriers, effectively trapping customers. Additionally, the integration of artificial intelligence tools and strategic partnerships with major AI providers within their cloud offerings has become a determinative factor in procurement decisions, further entrenching their dominance.

Both companies have already mounted defensive responses to the preliminary findings. Amazon Web Services contends that the assessment overlooks the diversity of cloud solutions available to European customers and warns that imposing gatekeeper obligations risks discouraging investment from American technology firms. AWS argues that the EU's existing Data Act already provides comprehensive cloud regulation, and that layering additional DMA requirements creates unnecessary bureaucratic complexity that undermines European competitiveness and access to advanced technology.

Microsoft adopted a different rhetorical strategy, pointing to the rising competitive threat from Google Cloud. The company expressed concern that the Commission's focus on AWS and Azure, while overlooking Google's expanding cloud capabilities and its integrated Gemini artificial intelligence platform, would skew market conditions to Google's advantage. This argument attempts to reframe the regulatory action as selective enforcement that inadvertently helps competitors rather than genuinely promoting fair competition.

For Malaysian and Southeast Asian readers, these regulatory developments carry important implications. The EU's extension of the Digital Markets Act into cloud infrastructure establishes a precedent that other major regulatory jurisdictions, including potentially Singapore and other ASEAN nations, may eventually follow. Companies operating across borders will face increasingly divergent regulatory obligations, raising compliance costs and complexity. Moreover, the designation of AWS and Microsoft Azure as gatekeepers may prompt these providers to restructure their European operations, potentially including price adjustments, service modifications, or changes to data handling practices that could indirectly affect regional pricing and service availability.

The regulatory action also reflects a broader geopolitical dimension. By restricting the operational freedom of American cloud giants, the EU is attempting to create space for European competitors to develop and compete on more equal terms. However, the effectiveness of this approach remains uncertain. Stringent operational constraints could instead push American companies to reduce investment or innovation in European markets, potentially harming consumers through reduced service quality or higher costs. Alternatively, the requirements could spur new cloud providers to enter the market, but building competitive alternatives to AWS and Azure demands enormous capital investment and technical expertise.

The gatekeeper obligations themselves represent a novel regulatory approach. Rather than breaking up dominant companies through structural separation, the EU is imposing conduct rules designed to constrain how gatekeepers operate while preserving their existence. This behavioural remedy approach offers flexibility but also creates ongoing administrative challenges for regulators monitoring compliance. The Commission will need to develop detailed guidance on what constitutes prohibited self-preferencing, how interoperability should function in practice, and what data portability requirements actually entail in cloud environments.

Amazon and Microsoft now have the opportunity to submit formal responses contesting the preliminary findings before the Commission issues a final decision. This procedural phase typically lasts several months and allows companies to present evidence, alternative arguments, and commitments aimed at addressing the Commission's concerns. In some cases, companies have successfully persuaded regulators to modify or abandon proposed gatekeeper designations by offering behavioural remedies or demonstrating that competitive conditions are less restrictive than regulators initially assessed.

The cloud gatekeeper designation, once finalised, will establish the template for how the EU approaches regulating other critical digital infrastructure going forward. If AWS and Microsoft Azure face gatekeeper obligations in Europe without demonstrating significant competitive harm, regulators in other jurisdictions may feel emboldened to apply similar frameworks to cloud providers, digital payments systems, and other foundational digital services. The regulatory trajectory of cloud computing in Europe thus has implications extending well beyond the European market, shaping how technology companies globally structure their operations and how they balance innovation with regulatory compliance.