Image Source: Data Center Dynamics

The cloud computing industry is under increasing scrutiny from anti-trust regulators. Investigations launched by the European Commission (EC) and the US Federal Trade Commission (FTC) in 2019 did not bring immediate results, but they signalled the start of a gradual shift towards more thorough, intersectional examination by authorities. As broader crackdowns loom large in the future of Big Tech, the growing understanding that the cloud represents critical, complex infrastructure means it will face similarly heightened oversight.

The main issues to consider are:

• Regulators are now taking a more holistic view of tech companies and the connections between their products and digital infrastructure, including cloud services
• Complaints by industry competitors have prompted investigations into larger, more established players and the way they integrate their services
• The cloud sector now faces more tangible influences in the market by way of legislation and regulatory policy

As regulators grapple more intently with new dynamics in digital markets, they have graduated from ad hoc investigations to more structural inquiries, and from there to comprehensive regulation.

At first, US and EU regulators launched focused probes of specific products and services, including Microsoft Teams and Amazon Marketplace. In the case of the Microsoft Teams probe, among others, this was triggered by a complaint from an industry competitor, so  queries were initially fixed on the details of this complaint. However, the EC soon began to ask broader questions, reflecting the wider trend of regulators moving to more structural inquiries. Many of these were largely delayed over the last couple of years, due to the Covid-19 pandemic and more immediate concerns at moments of acute political upheaval.

Nevertheless, through listening to official complaints from industry competitors, and interacting more closely with market participants, regulators learned more and more about the digital landscape and its players. This has led them to focus their attention on the infrastructure (such as cloud storage and platforms) that underpins the products facing objections, and on company practices of integrating their various services.

From investigation to regulation

As investigations shift to more comprehensive approaches, this has in turn led to more comprehensive regulation. One of the European Commission’s flagship legislative proposals is the Digital Markets Act (DMA), which proposes a set of criteria for designating a company as a “gatekeeper” in various digital services, including cloud computing.

Once designated as a gatekeeper, these companies will be prohibited from engaging in certain behaviour. For instance, they will be prevented from ranking services and products they offer more favourably than similar ones offered by third parties on their platform, and they will not be allowed to prevent users from un-installing any pre-installed software or apps. The French Presidency of the EU Council has identified passing the DMA before the presidency changes hands at the end of June 2022 as one of its top priorities.

In the UK, the Government is consulting on proposed legislation to give a statutory basis and additional powers to the Digital Markets Unit (DMU) of the CMA. Its main task will be to regulate businesses that are deemed to have ‘strategic market status’ (SMS). These businesses will need to comply with bespoke, legally binding Codes of Conduct and their planned corporate transactions will be subject to the DMU’s oversight under a special merger control regime.

The proposed new merger rules have drawn particular criticism. They will require SMS firms to notify the CMA of all their acquisitions, and the regulator will be able to block them using a lower standard of proof, i.e. only needing to show a ‘realistic prospect’ of a substantial lessening of competition, so the CMA would no longer need to show a 50%+ probability. It will therefore become significantly harder for start-ups to be acquired by incumbents with SMS status, which, in turn, will make it harder for start-ups to attract much-needed growth capital.

Drifting into view

The way that regulators and legislators have adopted a more holistic view of interconnected services and infrastructure which hinges on access to the cloud reflects how they are developing their understanding of the intricacies of the market. It is also indicative of the anxieties which have been communicated to authorities that cloud services could be overlooked in the impending wave of legislation focusing on digital markets around the world.

Once adopted, both the DMA and the proposed legislative basis of the DMU will likely serve as a model for other jurisdictions to regulate cloud services, much like the GDPR has served as a global model. It is therefore vital that these proposals are considered carefully and holistically as they progress through their respective legislatures and that those with an interest in this legislation already start considering their approach in soon-to-be-regulated ‘third’ countries.