AWS and Azure logos beside EU flag stars symbolizing 2026 cloud vendor lock-in antitrust investigationThe EU just named AWS and Azure as gatekeepers in its biggest cloud vendor lock-in crackdown yet.
EU Targets AWS, Azure Over Cloud Vendor Lock-In
Cloud Infrastructure / Regulation

EU Targets AWS, Azure Over Cloud Vendor Lock-In

On June 25, 2026, the European Commission did something it had never done before: it named Amazon Web Services and Microsoft Azure as candidate “gatekeepers” under the Digital Markets Act, the same law that already cost Apple and Meta hundreds of millions in fines. The reason is one word your procurement team already knows too well: cloud vendor lock-in.

If you run infrastructure, own a cloud contract, or sign off on FinOps budgets, this isn’t a policy footnote. It’s a negotiating lever you can use this quarter, and a deadline (January 12, 2027) that changes what your vendor is legally allowed to charge you for leaving.

What the EU’s Gatekeeper Ruling Actually Says

The Digital Markets Act has spent its first few years going after consumer platforms. App stores. Messaging apps. Ad targeting. The June 25 preliminary finding against AWS and Azure is the first time Brussels has pointed the DMA at cloud infrastructure specifically, and the underlying logic will sound familiar to anyone who has tried to move a production workload off S3: enormous customer bases, deep integration into everything downstream, and switching costs steep enough to keep customers in place even when they’d rather leave.

Nothing is final yet. AWS and Microsoft can respond in writing and request an oral hearing, and the Commission is expected to issue a final designation before the end of 2026. But the stakes are not small. Non-compliance under the DMA can trigger fines of up to 10% of global annual turnover, a ceiling that would dwarf the €500 million fine Apple has already faced and the €200 million levied against Meta.

Why this matters to your contract, not just the headlines This is the first regulatory body treating cloud switching costs as an antitrust issue rather than a pricing detail. Procurement teams at regulated industries, especially finance, already answer to exit-strategy rules under frameworks like DORA. This ruling gives every other industry the same kind of leverage in a renewal conversation.

What Cloud Vendor Lock-In Really Means

Vendor lock-in isn’t a single fee. It’s a structural dependency that builds up quietly across years: proprietary APIs your engineers have written against, managed database formats that don’t export cleanly, IAM and identity systems wired into everything, and staff expertise that only transfers within one platform’s ecosystem of tools. Individually, none of these look like a trap. Together, they make switching providers too costly, too slow, or too risky to be a real option, even when a competitor is cheaper.

The concern is close to universal now. According to Parallels’ 2026 State of Cloud Computing Survey, 94% of organizations report concern about vendor lock-in, a figure that’s climbed year over year across a panel of 540 IT professionals in the US, UK, and Germany.

The Real Cost of Leaving, in Dollars

Egress fees, the charge you pay to move your own data out of a cloud provider, are the most visible piece of the lock-in problem, and they scale fast.

ProviderStandard egress priceCost to move 1 petabyte
AWS S3$0.09/GB (first 10TB)$90,000–$120,000 (industry estimate)
Microsoft Azure$0.087/GBComparable range
Google Cloud$0.12/GBComparable to slightly higher
Cloudflare R2$0.00$0

Pricing verified June 2026 via egresscost.com, cross-checked against provider documentation.

That math is not theoretical. When Basecamp’s parent company 37signals exited the cloud entirely in 2023 and 2024, AWS reportedly waived roughly $250,000 in egress fees as part of the departure, a number widely reported by DHH and the company itself. 37signals has since projected $7–10 million in savings over five years from running its own hardware instead.

The UK Cabinet Office has run the same math at government scale. Its analysis estimates that overreliance on a single cloud provider could cost UK public bodies £894 million, a figure cited across multiple 2026 explainers tied to the UK Competition and Markets Authority’s cloud market investigation.

The “free egress to leave” programs are narrower than they sound

All three hyperscalers now offer free egress for customers who fully exit their platform, a move that predates the EU’s enforcement push and rolled out back in 2024. Here’s the part most coverage skips: these waivers require discretionary approval from the vendor’s own support team, apply only to a complete exit, and explicitly do not cover data you move for ongoing multi-cloud use. If your strategy is “run workloads across two providers permanently,” the free-egress headline doesn’t apply to you at all.

Multi-Cloud and Repatriation: Two Different Bets

Enterprises are responding to lock-in risk in two very different ways, and it’s worth being precise about which one you’re actually running.

Multi-cloud is the dominant approach. Flexera’s State of the Cloud 2026 report found that 89% of enterprises now run a multi-cloud strategy, with 42% naming lock-in avoidance as the primary driver. It’s a hedge: spread workloads across providers so no single vendor holds all the leverage.

Repatriation is the opposite move: bringing workloads back from public cloud to on-premises or private infrastructure. Barclays’ Q4 2024 CIO survey found 86% of CIOs plan to repatriate at least some workloads, and IDC independently put the figure at 80% within 12 months. Broadcom’s own internal shift off public cloud database services and onto VMware Data Services Manager reportedly saved the company over $10 million, with Broadcom’s broader analysis suggesting modern private cloud can deliver 40 to 50% lower total cost of ownership for steady-state workloads.

Read those repatriation numbers carefully, though. They describe intent to move some workloads, not a wholesale exodus from public cloud. Synergy Research still put public cloud spend growth at 35% year over year in Q1 2026. Both trends are true at once: enterprises are repatriating specific, predictable workloads while continuing to grow their overall public cloud footprint for everything else.

“Despite the enormous scale of the cloud market, in Q1 the cloud market growth rate increased for the tenth successive quarter.” John Dinsdale, Chief Analyst, Synergy Research Group · via Statista

That growth is concentrated. AWS, Azure, and Google Cloud together hold an estimated 63 to 68% of global cloud infrastructure revenue, with Synergy’s most directly sourced Q1 2026 breakdown putting AWS at 28%, Azure at 21%, and Google Cloud at 14%. European alternatives like OVHcloud, Hetzner, and Scaleway combined hold roughly 15% of EU cloud market revenue, which tells you how limited the “just switch to someone else” option really is inside Europe today.

The Contrarian Case Against Multi-Cloud

Not everyone thinks the multi-cloud hedge is worth it. Corey Quinn, Chief Cloud Economist at The Duckbill Group and one of the most-cited voices on AWS billing and contracts, has argued the opposite of conventional wisdom for years.

“the worst practice to be avoided by default” Corey Quinn, Chief Cloud Economist, The Duckbill Group, on multi-cloud strategy · via InfoQ

His argument, in plain terms: running two or three clouds to avoid depending on one means paying twice for security tooling, twice for skills training, and twice for the operational overhead of keeping teams fluent in different platforms, and you rarely get to use the redundancy you’re paying for. Managing the friction between providers, in his view, often costs more than the lock-in it was supposed to prevent.

Our read: Quinn’s position isn’t an argument against caring about lock-in. It’s an argument that the fix has to match the actual risk. A payments company with regulatory exit requirements needs a different answer than a 40-person startup running a single web app.

The New Lock-In Layer: AI Workloads

Traditional lock-in ran through storage formats and compute APIs. In 2026, a second layer has stacked on top of it. GPU access, managed AI services like Amazon Bedrock, Google Vertex AI, and Azure AI Foundry, and proprietary model integration are creating dependencies that didn’t exist three years ago. Move your inference pipeline off one provider’s managed AI stack and you’re not just fighting egress fees anymore, you’re rebuilding prompt orchestration, fine-tuning pipelines, and often the model access itself.

Google Cloud, for what it’s worth, positions itself as the exception. Jeanette Manfra, Senior Director for Global Risk and Compliance at Google Cloud, has publicly framed the original promise of cloud computing as open and elastic, free of artificial switching barriers, and said Google Cloud continues to support customers’ ability to choose their provider. Whether that public positioning matches actual contract terms and pricing behavior is exactly the kind of gap regulators are now starting to test.

What to Do With Your Contract Right Now

  • Add an exit-cost line item to every renewal. Not just the renewal price, the documented cost to leave, including egress, migration engineering, and parallel-run overhead.
  • Cite the regulatory timeline in negotiations. The EU Data Act’s January 12, 2027 deadline for eliminating switching-related egress fees is a real, dated commitment. Vendors are already moving ahead of it. Use that.
  • Read the free-egress waiver terms before you rely on them. They cover full exits only, need discretionary approval, and don’t apply to ongoing multi-cloud operation.
  • Separate the AI stack from the IaaS conversation. Your managed AI services may be creating a lock-in risk your existing cloud governance policy has never evaluated.
  • Match your strategy to your actual regulatory exposure. If you’re not under DORA or a similar exit-strategy mandate, Corey Quinn’s warning about multi-cloud complexity is worth weighing seriously before you default into it.

UK CMA research offers a sobering reality check on timing: one documented Azure-to-AWS migration ran from March 2023 to September 2024, over a year, with the enterprise running both environments in parallel throughout. Planning for portability before you sign is dramatically cheaper than engineering an exit after the fact.


Frequently Asked Questions

What is vendor lock-in in cloud computing?

Vendor lock-in happens when switching cloud providers becomes too costly, slow, or technically risky to be practical, usually due to proprietary APIs, data formats, egress fees, and staff expertise built around one platform. It turns a technology choice into a long-term structural dependency.

How much does it cost to switch cloud providers?

It scales with data volume. Moving 50TB can run $3,500 to $7,000 in egress fees alone; a full petabyte off AWS S3 can cost $90,000 to $120,000. Add migration engineering and parallel-running costs, and large enterprise switching bills can reach into the millions.

Are cloud providers eliminating egress fees?

AWS, Azure, and Google Cloud now offer free egress for customers fully exiting the platform, driven by EU Data Act pressure. The Act mandates egress fee elimination for switching customers by January 12, 2027, but current waivers are narrower and exclude ongoing multi-cloud use.

Is multi-cloud the best way to avoid vendor lock-in?

It’s the most common approach. 89% of enterprises now run multi-cloud, per Flexera. But it’s contested: cloud economist Corey Quinn argues it often trades lock-in risk for operational complexity that costs more than the risk it prevents, making it the wrong default for many organizations.

What is cloud repatriation and why is it happening in 2026?

Cloud repatriation means moving workloads from public cloud back to on-premises or private infrastructure. It’s accelerating due to cost overruns, egress fees, data sovereignty rules like DORA, and AI-driven data gravity. 86% of CIOs report plans to repatriate at least some workloads, per Barclays.


Where This Goes Next

The core fact hasn’t changed: three companies still control roughly two-thirds of global cloud infrastructure, and the technical dependencies that keep customers in place, proprietary APIs, managed data formats, identity systems, are largely untouched by any current regulation. What’s new is that a regulator with real fining power is now treating those dependencies as a competition problem rather than a private pricing decision.

Watch three things over the next 6 to 18 months: whether the DMA gatekeeper designation becomes final before year-end, whether AWS and Azure restructure egress pricing ahead of the January 2027 deadline rather than waiting for enforcement, and whether AI-service lock-in becomes the next target once IaaS switching costs come down. The contract you sign this year should assume all three are coming, not just the one already in the headlines.

Leave a Reply

Your email address will not be published. Required fields are marked *