EU Regulators Target AWS and Azure for Gatekeeper Status Under Digital Markets Act
The European Commission has taken a significant step toward extending the Digital Markets Act’s gatekeeper obligations to cloud computing, issuing preliminary findings that both Amazon Web Services and Microsoft Azure qualify as critical gateways for businesses and consumers in the EU. The designation would impose new interoperability, data access, and anti-self-preferencing requirements on the two largest cloud providers, even though they fall short of the DMA’s quantitative thresholds of 45 million monthly active end users and €7.5 billion in annual turnover.
This development arrives as enterprises accelerate AI workloads that depend on hyperscale infrastructure, raising the stakes for how cloud platforms compete and how customers can switch providers. The Commission’s focus on “entrenched and durable” market positions, bolstered by AI-related demand, signals that regulatory attention is shifting from consumer-facing apps to the foundational layer powering digital transformation.
Commission Cites Structural Advantages Beyond User Thresholds
The European Commission’s June 25 press release emphasizes that AWS and Azure have achieved leading market positions sustained over many years through operational scale, investment velocity, and ecosystem lock-in effects. Although the providers already carry gatekeeper status for other services, the Commission argues their cloud offerings function as indispensable intermediaries between businesses and end customers, particularly as AI tooling and partnerships become decisive factors in procurement decisions.
Microsoft responded that it continues to engage constructively while warning that overlooking Google Cloud’s growth could distort competition. Amazon’s statement, though truncated in available reporting, is expected to contest the preliminary view during the upcoming consultation period. Both companies now face the prospect of obligations that could require greater openness in their cloud marketplaces and data portability mechanisms.
The move aligns with broader EU efforts to address concentration in foundational digital infrastructure. If finalized, the designation would mark the first time cloud infrastructure itself falls under DMA rules, potentially influencing similar reviews in other jurisdictions.
Native Azure Embedding Deepens Commvault Partnership
On June 24, Commvault announced a multiyear agreement to deliver its data resilience and cyber-recovery platform as a native ISV service inside Azure. Azure customers can now discover, provision, and operate Commvault capabilities without separate infrastructure or manual integration, with billing available through the Microsoft Marketplace and eligible for Azure Consumption Commitment credits.
The collaboration builds on more than 25 years of joint work and responds directly to enterprise concerns about recovering from ransomware, outages, or misconfigurations while running AI workloads. Commvault CEO Sanjay Mirchandani noted that boards now view resilience as a prerequisite for any digital or AI initiative. Microsoft Azure Core president Girish Bablani highlighted that native integration gives customers additional choice within a unified experience.
This type of embedded partnership illustrates how Azure is evolving from a general-purpose cloud into a curated platform where specialized resilience tools operate as first-class services. Similar arrangements are likely to proliferate as organizations demand tighter integration between protection mechanisms and the AI infrastructure they increasingly rely upon.
Datacenters Reduce Water Intensity Despite AI Scaling
Microsoft’s June 24 sustainability update reports a nearly 90 percent improvement in water-use effectiveness since its earliest datacenters, with average efficiency reaching 0.27 liters per kilowatt-hour in 2025. The company has already achieved a 25 percent reduction in fleet-wide water-use intensity against a 2030 target of 40 percent improvement, while declaring it reached water-positive status for fiscal 2025 by replenishing more water than it withdrew.
These gains stem from iterative advances in cooling technology and operational practices that decouple infrastructure growth from resource consumption. The update explicitly ties the progress to rising AI demand, noting that datacenters remain essential yet must minimize local water stress. Microsoft’s Community-First AI Infrastructure initiative and its broader 2030 water-positive commitment provide the strategic frame for continued investment.
The results demonstrate that efficiency improvements can coexist with rapid capacity expansion, offering a template other hyperscalers may need to follow as environmental scrutiny intensifies alongside regulatory oversight of cloud services.
AI-Assisted Operations Disrupt Shared Cybercrime Infrastructure
Microsoft’s Digital Crimes Unit, working with Europol, executed coordinated legal action against two widely used malware families—Amadey and StealC—after AI analysis revealed they share underlying infrastructure. In the first two weeks of May alone, the tools were linked to more than 140,000 compromised devices globally. By treating the families as part of a single conspiracy under expanded application of U.S. racketeering statutes, investigators simultaneously severed command-and-control channels and notified affected network providers.
The operation marks an evolution in Microsoft’s approach: rather than pursuing individual services, the company is targeting the “assembly line” of cybercrime that supplies initial access, credential theft, and ransomware deployment. AI tools, including Copilot, accelerated code analysis and connection mapping that previously required days of manual review.
This infrastructure-focused strategy complements defensive cloud security offerings and may influence how regulators assess the responsibilities of cloud providers in mitigating systemic risk.
Risk Prioritization and Agentic AI Define Next-Generation Platforms
Recent Microsoft publications on Cloud-Native Application Protection Platforms and financial-services AI highlight a consistent theme: security and intelligence capabilities are moving from siloed visibility tools toward unified, context-aware platforms. Frost & Sullivan’s 2026 analysis positions Microsoft among vendors advancing risk prioritization based on exploitability rather than severity alone, with tighter integration across code, runtime, identity, and SOC workflows.
In parallel, financial institutions are embedding trusted external data directly into governed workflows to support agentic AI systems. The emphasis on inheriting existing permissions and compliance controls reflects the regulatory reality that AI scale in finance depends on trustworthy data movement rather than model access alone.
These technical and commercial shifts occur against the backdrop of potential DMA obligations on the underlying cloud platforms, creating a complex environment where providers must simultaneously expand AI capabilities, harden resilience, improve sustainability, and prepare for new interoperability mandates.
The convergence of regulatory designation proceedings, native ecosystem partnerships, measurable infrastructure efficiency gains, and AI-enabled threat disruption points to a cloud market entering a phase of heightened accountability. Providers that can demonstrate both innovation velocity and responsible stewardship of data, water, and security infrastructure will hold structural advantages as enterprises and regulators scrutinize the foundations of AI deployment.
