Assessing Structural Risks and Market Entrenchment in India’s Cloud Ecosystem

[Monesh and Kartikeya are students at Tamil Nadu National Law University and Maharashtra National Law University, Mumbai.]

Cloud computing provides on-demand access to computing resources such as servers, storage, databases, networking, and software via the internet. This model allows users to use resources as needed on a pay-as-you-go basis, eliminating the need to manage physical infrastructure. Although cloud technology offers many benefits such as cost savings, scalability, collaboration, and data recovery it also presents challenges. High egress fees, poor interoperability, and vendor lock-ins make switching costly, leaving most users reliant on a few dominant cloud service providers (CSPs). This concentration raises important competition law concerns, as the market power of leading providers increases, so does the risk of practices that may restrict contestability and make it harder for rivals to compete.

Against this backdrop, the article proceeds in four parts. First, it examines how a few global CSPs have come to dominate the market and how this dominance is reinforced through high switching costs. Second, it considers specific exclusionary practices, such as excessive egress fees, long-term contractual lock-ins, and bundling, that further entrench incumbents. Third, it explains why India’s competition law framework is ill-suited to tackle these challenges. Finally, it sets out targeted measures, from regulatory guidance and procurement standards to lessons from international frameworks, aimed at keeping India’s cloud markets open, contestable, and innovation-driven.

Market Structure and Concentration

The global cloud infrastructure market is characterized by a significant level of concentration among a limited number of suppliers. In the second quarter of 2025, Amazon Web Services (AWS) held roughly 30% of the global market, with Microsoft Azure at 21% and Google Cloud at 12%. Together, these “big three” dominate over 60% of the market, whereas other competitors like Alibaba Cloud (4%), IBM Cloud (3%), Salesforce (2%), Oracle (2%), and Tencent Cloud (2%) stay within the low single digits, with the rest divided among many minor providers. In India, Microsoft Azure (27%) and AWS (15%) together command around 42% of the market, while each of the other providers holds less than 5% individually. 

A valuable metric for market concentration is the Herfindahl-Hirschman Index (HHI), which is computed by adding the squares of the market shares of each firm. Based on the aforementioned figures of the global market, the worldwide cloud computing market displays an HHI of 2,098 (Sum of squares of the market shares of each player). The “big three” alone together add around 1,485 points to the HHI (AWS 30² = 900, Microsoft Azure 21² = 441, and Google Cloud 12² = 144), accounting for nearly 71% of the overall index value. In certain jurisdictions with a more rigorous competition evaluation, any HHI over 1,800 signifies a market that is highly concentrated. Given that, the cloud computing market already falls into the high-concentration category, as the supremacy of the leading three providers is the primary factor behind this situation. This indicates that most market concentration can be traced back to them, enhancing their power to affect market conditions and presenting major structural obstacles for smaller rivals trying to establish a presence.

The restricted competition in the market enhances the capacity of dominant suppliers to enforce stringent terms and conditions, which regulators have more frequently identified as barriers to equitable competition. Increasingly, regulators across jurisdictions have highlighted that these structural features translate into specific contractual and pricing practices that directly limit customer mobility and undermine competition.

Exclusionary Practices and Anti-Competitive Conduct in Cloud Services

Building on these structural concerns, a recurring issue is the application of egress fees or the costs incurred when users move data out of a provider’s cloud setting. While uploading data is typically free, the costs associated with downloading or transferring data can be high. Beginning in 2024, AWS introduced tiered pricing for data transfers, charging USD 0.09 per GB for the initial 10 TB each month from its US regions, and USD 0.085 per GB for the subsequent 40 TB. Consequently, transferring 100 TB might still incur nearly USD 8,800 prior to technical costs, highlighting how egress fees continue to pose a significant obstacle to migration, even with slight discounts. The Competition and Markets Authority of the UK, in its July 2025 report regarding Cloud Infrastructure Services, observed that these fees have minimal correlation with genuine network transit expenses and serve as artificial switching costs, hindering multi-cloud adoption and binding customers to existing providers.

Regulators have also scrutinized minimum spend commitment clauses embedded in long-term contracts. These clauses stipulate users to commit to purchasing a fixed volume of services from a single provider, often in return for discounted rates. The U.S. Federal Trade Commission’s 2023 Cloud Computing Request for Information recorded concerns that such commitments incentivize users to concentrate their workloads with one provider, since diverting spend to a rival risks breaching thresholds and losing discounts. This consolidation reduces opportunities for competitors even when they offer better terms.

A further area of concern is the practice of tying and bundling, through which dominant firms link their cloud infrastructure to adjacent products. The European Commission’s 2023 investigation into Microsoft centered on allegations that Microsoft 365 licences and functionality were more favorable when hosted on Azure than on rival clouds. Such differential treatment may amount to unlawful tying or bundling under Article 102 Treaty on the Functioning of the European Union, leveraging dominance in software to foreclose cloud competition. 

While these practices have been flagged globally across jurisdictions, the more pressing concern for India is whether its existing legal framework can adequately address them. The limitations of the Competition Act 2002 (Competition Act) in tackling such conduct will be dealt with in the following section.

Why the Current Competition Framework Falls Short

First, the Competition Act works on an ex-post basis. In fast-moving cloud services markets, where providers can quickly lock-in customers through bundled infrastructure, platforms, and software, such intervention often comes too late. By the time an investigation is complete, high switching costs and contractual lock-ins may have already caused irreversible harm to competition. 

Cloud services combine Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) into tightly integrated ecosystems. In competition law, enforcement begins with defining the relevant market. In cloud, however, the boundaries between IaaS, PaaS, and SaaS are blurred. Pricing, switching barriers, and technical dependencies often span multiple layers, making it difficult to decide whether the harm is in infrastructure, platform, software, or all three together. 

For example, a dominant software vendor could offer cheaper licences only if its products are hosted on its own cloud, steering customers away from competitors without a straightforward breach in any single market. While these can significantly weaken competition, proving anti-competitive intent and effect under the Competition Act requires long, resource-heavy investigations. By the time action is taken, rival providers may have already lost ground.

The now-withdrawn Draft Digital Competition Bill (DCB) is particularly relevant in this context because it sought to introduce ex-ante obligations for systemically significant digital enterprises. Such forward-looking tools could have directly tackled the structural risks in cloud markets before anti-competitive effects became entrenched. However, with the rollback of the DCB, India is left solely with the Competition Act. This reactive framework is ill-suited to fast-moving digital markets, where customer lock-in and high switching costs can entrench dominance long before an investigation concludes. 

The Standing Committee on Finance, in its Twenty-Fifth Report (2025), observed that the Competition Act suffers from deeper structural gaps: it was framed for conventional markets and offers only ex-post remedies, leaving the Competition Commission of India (CCI) without the ability to impose forward-looking obligations on gatekeepers. The Committee also flagged that the Competition Act does not directly address practices such as self-preferencing, bundling, or data-driven leveraging of market power, and provides no framework for equipping the CCI with the technical expertise needed to evaluate algorithmic and data-based harms in digital markets. 

Second, a structural concern in the cloud market is the possibility of collective dominance. The “big three” not only control the majority of market share but also follow strikingly similar pricing patterns. For instance, their egress fee structures and discount-linked contracts operate on comparable terms. Even without explicit collusion, such parallel conduct can produce the same effect: customers face uniformly high switching costs and limited choice, while smaller providers struggle to compete. Yet, the Indian competition legislation does not provide a framework to address this issue. Section 4 of the Competition Act refers only to abuse by “an enterprise or a group,” leaving no scope for recognizing dominance exercised collectively by multiple independent players. The has reiterated this position in Ashok Kumar Vallabhaneni v. Geetha SP Entertainment LLP, where it held that the Competition Act does not recognize “collective dominance” and ruled out such claims in the absence of cartelization.

Finally, the law operates on a case-by-case basis, indicating it can only tackle particular occurrences of abuse after they happen. It does not grant the regulator the authority to enforce industry-wide protections like compulsory data portability, clear and comparable pricing, or interoperability standards for all key providers. Nevertheless, these comprehensive preventive measures are essential for maintaining open and competitive cloud markets, which the existing framework cannot provide. 

Recommended Regulatory Measures for India

First, the CCI should initiate extensive market studies centered around the cloud services market. These studies should assess on three aspects: (i) the framework and justification of egress fees among leading CSPs, differentiating actual network expenses from fabricated switching costs; (ii) the frequency and competitive effects of committed-spend incentives and bring-your-own-license limitations, potentially binding users to a sole vendor even with available technological alternatives; and (iii) empirical evidence regarding the switching durations and expenses encountered by Indian companies attempting transition.

Second, India can leverage government cloud procurement to set competitive benchmarks. Central and state contracts (whether through MeghRaj or sector-specific clouds) should be designed to prevent lock-in and promote competition by requiring: (a) full price transparency, including separate charges for data egress; (b) a contractual right to export data and applications in open formats without penalty; (c) interoperability commitments for core systems to facilitate workload migration; and (d) prohibitions on rebates or technical settings that make multi-cloud deployment unviable.

Finally, India can draw significant lessons from emerging international regulatory frameworks, most notably the European Union’s Data Act. The Act provides for a phased elimination of switching-related fees, culminating in a complete prohibition of egress charges by January 2027, alongside statutory termination rights that override contractual lock-ins. While India may not need to replicate this legislative model verbatim, adopting its substantive principles would provide a critical safeguard against entrenched dominance. Such measures would harmonize India’s enforcement approach with global best practices, while tailoring them to local conditions.

Conclusion

India’s  micro, medium and small enterprises are predominantly under-digitized, with only around 12% fully digitalized, while 72% intend to increase their cloud investments, finding themselves at a crucial juncture. The worldwide cloud services market is becoming more concentrated, with a handful of leading CSPs using significant switching costs and bundled services to solidify their standings. India’s existing competition framework, functioning on a reactive, case-by-case approach, is not suitable for tackling structural and collective dominance in rapidly changing cloud markets. Focused strategies like industry-specific market analysis, clear procurement criteria, and insights from global frameworks are crucial to uphold competition. In the absence of proactive regulatory measures, leading providers might keep stifling competition, innovation, and consumer options. Maintaining an open and competitive cloud environment is essential for India’s digital economy and lasting technological strength.