The European Union is leveraging its flagship digital regulations, the Digital Markets Act (DMA) and the Data Act, to address the market dominance of the three largest cloud computing providers. According to analysis from legal scholars, these regulations target Amazon Web Services, Microsoft Azure, and Google Cloud Services, which collectively control over 75% of the global public cloud market.
The European Commission has designated cloud computing as a “core platform service” under the Digital Markets Act, bringing it within the scope of the new rules designed to ensure fair and contestable markets. This designation occurred despite the fact that, according to a post by Professor Kalpana Tyagi, the major cloud providers did not meet the standard quantitative thresholds outlined in the DMA’s Article 3(2)(b). The decision was instead based on broader fairness and contestability concerns, which have also drawn scrutiny from national competition authorities like the Dutch Autoriteit Consument & Markt (ACM), the French Autorité de la Concurrence (AdlC), and the UK’s Competition and Markets Authority (CMA).
While cloud computing is now a core platform service, the obligations imposed on providers are notably limited compared to other services like search engines. The regulations primarily focus on specific articles within the DMA aimed at preventing anti-competitive practices. In addition to the DMA, the EU’s Data Act introduces complementary rules specifically targeting cloud services to enhance competition.
The specific DMA obligations applied to cloud services include:
- Article 5(2): Sections concerning gatekeepers’ use of non-public data.
- Article 5(6), 5(7), 5(8): Rules related to tying, bundling, and self-preferencing.
- Article 6(2), 6(5), 6(6): Provisions on data access for business users and interoperability.
- Article 6(9), 6(10), 6(13): Obligations regarding fair, reasonable, and non-discriminatory access conditions.
Furthermore, Chapters VI and VIII of the Data Act are designed to facilitate seamless switching between different cloud providers and ensure greater interoperability, directly addressing customer lock-in issues.
The primary driver for this regulatory action is the significant concentration of power within the cloud computing market. With just three “hyperscalers” dominating the Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) markets, the European Commission and national bodies have raised concerns about the lack of competition. The regulations aim to dismantle barriers to entry for smaller cloud providers and give customers more freedom to choose and switch services, thereby fostering a more competitive and innovative European cloud market.
The practical effectiveness of the limited set of DMA obligations on the cloud market remains to be seen. It is not yet clear how vigorously the European Commission will enforce these specific rules or what penalties will be applied for non-compliance. Furthermore, the full impact on cloud service pricing, innovation, and the contractual terms offered to enterprise customers is currently unknown.
The industry is now focused on the implementation timeline for the Data Act, which will introduce significant changes regarding data portability and switching. Cloud providers will need to adapt their technical and contractual frameworks to comply with the new interoperability standards by the time the act becomes fully applicable. Observers expect continued investigations and market studies from both the European Commission and national competition authorities to monitor the behavior of the designated hyperscalers.
For organizations relying on cloud infrastructure, the new regulatory landscape presents both opportunities and compliance requirements. Recommended actions include:
- Reviewing current cloud service agreements to identify clauses related to data egress, switching providers, and service interoperability that may be affected by the Data Act.
- Engaging with legal and IT departments to understand the new rights granted under the DMA and Data Act, particularly regarding data portability.
- Monitoring official communications from the European Commission for guidance on the implementation and enforcement of these new cloud regulations.
- Evaluating multi-cloud or hybrid-cloud strategies that could leverage the increased interoperability mandated by the new rules.
Follow us on Bluesky , LinkedIn , and X to Get Instant Updates
