Key Points:

On January 27, 2022, the Competition Authority announced that it had initiated an assessment of the competitive functioning of the cloud computing sector. After publishing an interim document during the summer of 2022 and consulting with all stakeholders, the Authority is now issuing its final opinion.

Cloud computing is one of the technological advancements at the heart of the digitization of the economy. It brings productivity gains for businesses and creates value for the economy.

In this opinion, the Authority focuses on the cloud layers related to infrastructure services (IaaS, “Infrastructure-as-a-Service”) and platform services (PaaS, “Platform-as-a-Service”) for professional customers. Developments also cover the entire cloud value chain, including software services (SaaS, “Software-as-a-Service”) when relevant for competitive analysis. The sector is dominated by three major players, known as “hyperscalers”: Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure. In 2021, they represented 80% of the growth in spending on public cloud infrastructure and application services in France. Amazon and Microsoft captured 46% and 17% of IaaS and PaaS service revenues, respectively. These hyperscalers, with their financial clout and digital service ecosystems, are capable of hindering competition.

The Authority presents an analytical framework outlining possible relevant markets in the cloud sector and analyzes different practices implemented or likely to be implemented in this sector that could restrict competition. Some risks broadly affect competition in the sector, such as cloud credits or egress fees. Others are specific scenarios, posing risks to companies during their initial migration to the cloud, when they develop their IT systems directly from the cloud, or when migrating from one cloud service provider to another. The Authority also examines the risks related to barriers to expansion for hyperscalers’ competitors.

To address these risks, the Authority emphasizes that it has a range of effective and swift tools to protect competition under the law of abuse of dominant position, antitrust law, abuse of economic dependence, and merger control. The law on anticompetitive practices may also be a suitable response in certain situations.

The Authority also identifies market failures that could be addressed by regulations currently under discussion, such as the European proposal for data regulation (the “Data Act”) or the government’s bill aimed at securing and regulating the digital space.

Finally, the Authority notes that in the future, several developments may potentially impact the competitive functioning of the sector. These include large language models (LLMs) like ChatGPT, edge computing, cloud gaming, cybersecurity issues, and the growing importance of environmental footprint. Competition authorities will need to ensure that established players do not hinder the development of smaller or new actors using these technologies.

The Cloud Sector and Its Operation

Cloud computing encompasses all shared services accessible over the internet, provided on-demand, and billed based on usage, including some of the underlying infrastructure. Despite experiencing significant growth (with an anticipated annual growth of 14% in business volume by 2025), cloud adoption in France lags behind, especially in small and medium-sized enterprises (SMEs) and very small enterprises (VSEs), where migration is slower compared to the rest of the European Union.

The sector is dominated by three major players, often referred to as “hyperscalers”: Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure. In 2021, they captured 46%, 8%, and 17% of spending on public cloud infrastructure and applications in France, respectively. These hyperscalers, with their financial capacity and digital service ecosystems, have the potential to hinder competition in a market marked by significant consolidation. In France, in 2021, the three aforementioned companies captured 80% of the growth in spending on public cloud infrastructure and applications.

For these reasons, the Authority believes that the probability of a new player gaining market share quickly appears limited unless they are already powerful in other markets. This probability could further diminish as businesses complete their migration to the cloud and select an ecosystem.

In this opinion, the Authority focuses on public cloud and hybrid cloud. Public cloud generally consists of commercial offerings that enable professional customers to access a wide range of services directly. Following the definitions provided by the National Institute of Standards and Technology, the opinion distinguishes three major service categories, each reflecting different responsibility divisions between the cloud service provider and the enterprise client:

• IaaS corresponds to the least outsourced model, where the provider offers users access to IT infrastructure, including servers or storage.
• PaaS represents an intermediate model, providing an environment for clients to access software and tools for application development without having to create or maintain the infrastructure or associated platform.
• SaaS is the most outsourced model, allowing users to access applications directly, fully managed by the provider, from any connected device.

Analysis of Relevant Markets in the Cloud Sector

The Authority provides an analysis framework presenting possible relevant markets in the cloud sector. The formulation of customer needs for cloud services could be conducted based on “workloads,” which encompass all IT resources or business processes that meet a specific need or objective of the customer. A segmentation based on the SecNumCloud certification could also be considered. However, segmentation based on sectors of activity does not appear to be relevant at this time.

Furthermore, the Authority has analyzed three related markets: the colocation services market in data centers, on-premises software markets, in which some companies active in the cloud markets are also involved, and the markets for cloud solution advice and integration intermediation. Leverage effects may come into play in the cloud markets, given the dominant position of certain software players also involved in the cloud sector.

The Competitive Risks Identified by the Authority

The Authority identifies cross-cutting competitive risks, highlights scenarios with specific competitive risks, and examines the consequences that business combinations can have.

The presence of essential players in the market can make it challenging for customers, even powerful ones, to negotiate contract terms.

Furthermore, due to the complexity of offerings and the lack of price transparency, customers may find it difficult to anticipate future cloud costs.

Two pricing practices, previously analyzed in Authority Opinion 23-A-05 on the draft law aimed at securing and regulating the digital space, are specific to the sector and have drawn the Authority’s attention.

• Cloud Credits

Cloud credits represent added value for many companies, especially startups, which avoid heavy investments that could hinder their development. They are also beneficial for cloud service providers who, thanks to them, promote the adoption of their technology.

However, the Authority believes that targeted support offerings should be scrutinized. The sometimes high amounts offered (up to $200,000 over two years), the wide ecosystem of companies involved, and their validity period distinguish them significantly from traditional free trials observed in other industries. These factors raise doubts about the ability of all cloud service providers to offer them profitably.

There are customer lock-in risks due to the long and costly developments implemented to establish a cloud architecture with a specific provider. This lock-in could be reinforced by the presence of clauses or practices limiting the ability to change providers or use multiple providers simultaneously.

• Egress Fees

Some cloud service providers, especially hyperscalers, charge their customers for data transfers to a competing provider, to their on-site infrastructure, or to their end users.

The investigation showed that these egress fees are potentially disconnected from the costs directly incurred by the providers. They are a major concern for the sector because of their price structure proportional to the volume of data transferred. Customers do not have the ability to anticipate future data traffic needs and bandwidth usage.

In their current structure, these fees could pose a risk of customer lock-in in a rapidly expanding market, making it more difficult for cloud users to leave their initial provider or use multiple providers simultaneously in a multi-cloud environment.

Specific Competitive Risks

Competitive Risks Related to the Migration of On-Premises Systems to the Cloud

Migrating clients from on-premises solutions to the cloud is complex and costly. This can lead them to turn to their historical IT service providers, who are also cloud service providers when choosing their cloud services.

The investigation has highlighted practices that could reinforce the barriers for a customer to switch to another cloud service provider, such as restrictive contractual clauses, bundled sales, pricing advantages favoring their products, and technical restrictions. If implemented by a dominant operator, these practices could constitute abusive practices.

Several complaints based on similar practices are pending before the European Commission.

Specific Competitive Risks Related to Cloud Service Provider Migration

Barriers to migrating workloads (i.e., specific IT resources serving a company’s specific needs) hosted in the cloud to another provider can hinder competition.

Technological barriers to migration can emerge at various levels, particularly related to the specificities of the architecture and solutions used. The variety of products and services, especially concerning PaaS services, the interconnection of IT services, and the lack of data and application portability can result in significant migration costs.

Beyond technical barriers, providers can impose additional technical and commercial obstacles to increase migration costs and strengthen their position. For instance, a company might intentionally use a specific data format to prevent data portability from one customer to another cloud service provider.

Specific Competitive Risks Related to Barriers to Expansion for Hyperscaler Competitors

The sector is characterized by technical barriers, especially related to interoperability. These barriers affect all competitors, with smaller providers being particularly affected due to the attractiveness of cloud ecosystems when choosing a primary provider. These barriers are illustrated in the opinion through concrete examples, such as the technical implications of interoperability regarding the Amazon S3 object storage service (IaaS). Interoperability with PaaS services is even more complex. For example, changing a basic database PaaS service requires rewriting the part of the application code that uses this service.

The Authority has also identified risks related to a provider’s presence in several related digital markets, risks related to certain commercial and pricing practices, as well as risks related to the conditions set by providers for accessing their cloud marketplaces and their operation. Deliberate barriers to interoperability are not ruled out.

Mergers and Acquisitions

The competitive risks identified by the Authority could be enhanced, especially by an aggressive acquisition policy on the part of companies already operating in the cloud sector to strengthen their position in an identified cloud market or a related market.

The hearings conducted by the Authority have revealed a concentration dynamic in the cloud sector, especially in the French market. While the Authority acknowledges that acquisitions can allow a provider to improve its offerings, bridge the gap with well-established competitors, or expand into new segments, it emphasizes that some concentrations can have negative effects on competition (reducing the number of players, potential bundling or tying, price increases, and impacts on innovation). The Authority also notes that, for the time being, acquisitions of this kind are more rare among European actors. The entry into force of the Digital Markets Act (DMA) is expected to enable competition authorities, including the European Commission, to scrutinize these acquisitions more closely. Such acquisitions often escape merger control scrutiny, as the acquired companies often have lower turnover thresholds for notification.

The Authority also raises a red flag regarding the creation of joint cloud ventures, especially in relation to “trustworthy cloud” offerings. These entities take the form of joint ventures and bring together major players in the sector who jointly offer services specially designed to cover new segments of the market. However, these entities can group companies that already have significant competitive advantages, effectively limiting the capacity of other, less powerful actors to compete with them. The Commission has recently approved the creation of the joint venture “Bleu,” a collaboration between Capgemini and Orange founded on Microsoft Azure technologies.

Finally, the Authority observes the existence of technological partnerships between hyperscalers and major software providers (e.g., agreements between AWS and Salesforce or Microsoft and Oracle) or integrators, etc. However, enhanced partnerships, whether among cloud service providers or between cloud service providers and software companies, integrators, or specific interoperability agreements between certain cloud and SaaS actors, could raise concerns under competition law, whether they are horizontal or vertical agreements.

Regulatory Tools

The Use of Regulation

The existence of market failures can justify the use of regulation. For example, if technical solutions exist to facilitate changing providers or adopting multi-cloud strategies, hyperscalers may not necessarily be motivated to develop high-performance interoperability solutions that could erode their market shares. The failure of joint initiatives to develop common standards, for instance, is often attributed by many actors to a lack of willingness on the part of hyperscalers.

Regulatory initiatives are underway to address these issues, as evidenced by the adoption of the DMA and, more importantly, the proposed Data Act and the aforementioned bill. In its Opinion 23-A-05 of April 20, 2023, the Authority makes several recommendations in this regard.

The Authority welcomes the Data Act, as it is likely to positively alter the competitive functioning of the sector. Given the conclusion of the trilogue on June 27, 2023, it is not relevant to propose amendments to the current text. However, since the Commission is expected to conduct an evaluation exercise in three years, the Authority believes that it is pertinent to submit points of vigilance to the concerned parties:

• Distinguish the regime applicable to egress fees from other migration fees.
  Conduct an impact study on cloud credits.
  Specify measures in favor of portability and interoperability.

Tools Available to the Competition Authority

When it can intervene quickly enough, competition law is a particularly effective tool for maintaining competitive dynamics in the digital economy. It is a flexible and comprehensive law that has demonstrated its ability to address unprecedented practices and adapt well-established solutions to new services, especially in cases involving digital giants. To address the cloud sector’s challenges, it may be considered to use traditional tools of competition law, including abuse of dominant position, combating illicit agreements, merger control, and abuse of economic dependence. Other instruments from Book IV of the Commercial Code, such as the law on restrictive competition practices, could potentially be implemented by the Directorate-General for Competition, Consumer Affairs, and Fraud Prevention.

While it may not be legally possible for the Authority to examine these issues within the framework of an opinion, the General Reporter announces that its services will conduct a preliminary review of the gathered information to assess whether there is a need to initiate one or more contentious investigations.

JUIN 2023 June 29th

French Competition Authority