The Netherlands: ACM’s cloud services market study flags competition problems and prompts for amendments of the Data Act proposal

Written By

pauline kuipers Module
Pauline Kuipers

Partner
Netherlands

I am a partner in our NL office, based in The Hague, where I was one of its founding lawyers in 2001.

manuela cox Module
Manuela Cox

Associate
Netherlands

As an associate in our office in The Hague, I specialise in regulatory matters, including data protection and telecommunications law.

On September 5th 2022 the Dutch Authority for Consumers & Markets (Autoriteit Consument & Markt, ‘ACM’) published its market study into the functioning of the market for cloud services (both in English and Dutch). In this study, the ACM investigates the structure of the cloud market and the behaviour of market players. It also identifies market risks and discusses how these may be best addressed. Based on its findings the ACM has recommended further amendments to the proposed Data Act.

For an overview of the draft Data Act and its obligations, click here. In this article, we set out the most important findings of the market study and discuss the ACM’s proposed amendments to the draft Data Act. We conclude by outlining what’s next. 

The ACM’s market study on cloud services

The “Digital Economy” is a focus area on the ACM’s agenda for 2022-2023. In this context, and given the broad and continuously growing use of cloud services within Europe and the Netherlands, the ACM decided to investigate the functioning of the market for cloud services. The ACM’s market study specifically focuses on companies and organizations as users of cloud services. 

The functioning of cloud services

The study describes how companies have a hard time switching cloud service providers or combining cloud services from different providers. The reason why originates in the functioning of cloud services. 

Cloud services are IT services that enable users to utilise services running on the provider’s infrastructure. This means that users do not have to invest in hardware themselves, they simply use whatever they need on the infrastructure of the provider. 

Cloud services are built up out of approximately three layers. The bottom layer is the Infrastructure as a Service (IaaS) layer. This is the fundamental layer of the cloud, on which all other cloud services are built. On this layer you find services such as storage. The second layer is the Platform as a Service (PaaS) layer. On this layer building blocks are offered that make it easier for programmers to build an application. Because of these building blocks programmers no longer have to program each different component of an application themselves. The top layer is the Software as a Service (SaaS) layer. On this layer you will find software that can be directly used after installment (e.g., productivity software).

Market problems

In its market study the ACM emphasizes the importance of the initial moment of choice and identifies three risks in the market. These relate to: 

  1. Switching barriers;
  2. Poor interoperability; and
  3. Increasing consolidation

These risks are interrelated and largely find their origin in the functioning of cloud services. Providers that are active on multiple layers of the cloud are most attractive to new users, because cloud services from different providers are not always interoperable. There is a high degree of concentration in the cloud services market. Furthermore, according to the ACM, consolidation is likely to further increase because of vendor lock-in. After companies have chosen a provider, they are locked-in with this provider because of switching barriers, e.g.  such as insufficient suitable alternatives for the cloud services they are using. Even where there is a suitable alternative, data cannot always be transferred properly and /or uncertainties exist around the financial consequences of switching. The risk of increasing consolidation is that users become increasingly dependent on a few vertically integrated cloud providers. 

Moreover, due to vendor lock-in the initial choice for a cloud service provider is most important. Cloud service providers mainly compete on attracting new users. Once users have chosen their provider, the competitive pressure for providers diminishes as the likelihood of customers leaving (due to vendor lock-in) reduces. Due to this lack of competition, the risk exists that said providers may then unilaterally change conditions and rates and companies are unable to sufficiently protect themselves against these changes. 

Conclusions of the ACM

The ACM’s findings can be summarized in two conclusions.

First, the ACM finds that it is difficult for users of cloud services to switch between providers. There are significant barriers, both of a technical and financial nature but also in relation to portability of data as a result of lack of open interfaces. This outcome is at odds with the desired situation in which users can easily switch to services with the best price-quality ratio.

Secondly, cloud services from different providers cannot easily be combined due to a lack of interoperability. The options for multi-cloud services are limited and users cannot choose the combination of services from different providers that would best meet their demand. As a result, ACM discerns competitive risks with respect to the price, quality and innovation of cloud services.

Proposal to enhance the draft Data Act

The ACM is generally positive with respect to the draft Data Act. Nevertheless, considering its market study, it finds that the proposed Data Act provides a solution for the switching barriers that it has found, but does not address the second market failure of lack of interoperability and choice for users to combine services from different providers.

Therefore, the ACM has proposed several concrete text amendments with respect to Chapter VI (“switching between data processing services”) of the draft Data Act. The ACM argues that the draft Data Act could be more effective in addressing potential competition issues with cloud services, by:  

  • Introducing a distinction between data portability and interoperability;
  • Requiring APIs to be made publicly available for the purpose of interoperability;
  • The development of European standards that enable different cloud service types to be able communicate with each other (i.e., not only services of the same service type);
  • Lowering egress fees for interoperability;
  • Requiring exporting cloud service providers to ensure that third-party service providers enjoy functional equivalence when interconnecting their services. 

The ACM has also called for effective coordination of national and/or EU oversight on cloud services but has not proposed any concrete text amendments in this respect.

What’s next?

With the introduction of new rules on how data can be accessed, shared and transferred, the proposed Data Act is expected to become a landmark regulation. Unsurprisingly, it contains many contentious points and has received a wide array of stakeholder views. A summary of which can be found here. The extent to which the views of the ACM will impact the final text of the Data Act is yet to be seen.

The proposal is currently with the European Parliament, where amendments are being tabled. The European Parliament and the Council are expected to adopt their respective positions in early 2023, after which the trialogue negotiation will follow. 

While the legislative train continues, the ACM is not sitting still. It announced that it is continuing its research into switching barriers, most notably egress fees, in the cloud services market. It will specifically investigate the extent to which these switching barriers create competition issues and whether these issues can be best addressed on the basis of competition rules, or other instruments such as the Digital Markets Act or the Data Act. 

Other regulators, such as the French Autorité de la concurrence and the UK Communications regulator Ofcom have also recently started investigations into the cloud sector.

For more information, please contact Pauline Kuipers or Manuela Cox

This contribution was created with the assistance of Anne-Sophie Heijne.

VISIT OUR COMPETITION & EU HOMEPAGE

Latest insights

More Insights
mountain scape

European Union Artificial Intelligence Act Guide

Nov 06 2024

Read More

California’s AI bill vs. the EU AI Act: a cross-continental analysis of AI regulations

Nov 06 2024

Read More
Keyboard and tablet on yellow background

New consumer rights in the Polish Electronic Communications Law

3 min Nov 05 2024

Read More