Microsoft and Amazon Adjust Practices Amid UK CMA Regulations and Rising Cloud Costs
In This Article
Enterprise cloud infrastructure had an unusually “physical” week—where policy, capital, and security all collided. On one end, Microsoft and Amazon adjusted cloud service practices in the UK following scrutiny tied to a 2025 Competition and Markets Authority (CMA) investigation, with changes aimed at egress fees, switching, and interoperability—core mechanics that shape how easily customers can move workloads and manage costs. The reaction was split: some saw pragmatic progress, others wanted tougher action to ensure fairness and innovation. [1]
On the other end, the fragility of cloud’s real-world footprint was underscored by a second drone strike on an Amazon data center in the Middle East amid escalating regional tensions. Amazon hadn’t disclosed the full extent of damage or any service impact, but the incident itself is a reminder that “the cloud” is still a network of buildings, power, and connectivity—assets exposed to geopolitical risk. [2]
Meanwhile, Oracle signaled a major capacity push, announcing plans to raise $45–$50 billion in 2026 to expand cloud infrastructure to meet demand from large cloud clients including AMD, Nvidia, Meta, OpenAI, TikTok, and xAI. [3] That scale of financing points to continued infrastructure arms-racing driven by AI-era workloads.
Taken together, the week’s developments highlight a new enterprise reality: cloud infrastructure strategy is no longer just about performance and features. It’s about portability and pricing mechanics, physical resilience, and the capital intensity required to keep up with AI-driven demand.
UK cloud practice changes: egress, switching, and interoperability move to center stage
Microsoft and Amazon implemented changes to their cloud service practices in response to issues raised after a 2025 UK CMA investigation, specifically targeting cloud egress fees, customer switching, and interoperability. The stated intent is to enhance customer choice and reduce costs for UK businesses and public sector organizations. [1]
Those three levers matter because they define the “exit ramps” of cloud infrastructure. Egress fees influence the economics of moving data out of a provider. Switching processes determine how quickly an enterprise can migrate or adopt multi-cloud patterns. Interoperability affects whether services and tooling can integrate cleanly across environments. When these mechanics are restrictive or expensive, they can lock customers into a single platform even when better technical or commercial options exist.
Industry reaction, as reported, was mixed. Some experts appreciated the targeted approach—suggesting that focusing on specific friction points could yield practical improvements without destabilizing the market. Others argued that more assertive regulatory action is needed to ensure fairness and promote innovation. [1] That split is important: it signals that the debate has shifted from “should regulators intervene?” to “how strong should the intervention be, and what outcomes should it enforce?”
For enterprise infrastructure leaders, the immediate takeaway is to treat these changes as a governance and procurement opportunity. If egress, switching, and interoperability terms are evolving—especially for UK operations—then contract language, migration plans, and architecture decisions should be revisited with fresh eyes. Even incremental improvements can change the ROI of data replication, disaster recovery patterns, and multi-cloud designs.
Physical resilience becomes a board-level cloud topic after a second drone strike
A second drone attack hit an Amazon data center in the Middle East, according to Network World, amid escalating tensions in the region. The report emphasizes the vulnerability of critical cloud infrastructure to geopolitical conflict and notes that Amazon had not disclosed the full extent of damage or any potential service disruptions. [2]
Even without confirmed outage details, the event is a stark reminder that cloud infrastructure is not abstract. Data centers are physical facilities with perimeter security, power systems, cooling, and network links—often concentrated in industrial zones that can become targets or collateral in regional instability. For enterprises, this reframes “availability” from a purely technical SLA discussion into a broader resilience question: what happens when a region’s risk profile changes quickly?
The practical implication is not that enterprises should abandon global cloud regions, but that they should validate assumptions about geographic redundancy and operational continuity. If a workload is pinned to a single region for latency, data residency, or cost reasons, the organization should be able to articulate what the failover plan is—and whether it is tested. The incident also raises questions about how much transparency customers can expect during security events, since the extent of damage and service impact was not disclosed at the time of reporting. [2]
This week’s lesson: cloud resilience planning must include geopolitical and physical security considerations alongside the usual capacity, network, and software failure modes. The “shared responsibility model” may not assign customers responsibility for facility security, but it does leave them responsible for business continuity.
Oracle’s $45–$50bn funding plan signals AI-era infrastructure intensity
Oracle announced plans to raise between $45 billion and $50 billion in 2026 to expand its cloud infrastructure capacity, citing growing demand from cloud clients. The list of named customers includes AMD, Nvidia, Meta, OpenAI, TikTok, and xAI—organizations associated with large-scale compute and data needs. [3]
The headline number matters because it reflects the capital intensity of modern cloud infrastructure, especially as AI workloads expand. Building capacity is not just adding servers; it implies broader investments across data center space, power delivery, and the supporting infrastructure required to operate at scale. Oracle’s move also suggests that demand signals are strong enough to justify financing at a level that would materially expand footprint and capability. [3]
For enterprises, the significance is twofold. First, it indicates that major providers are still in expansion mode, which can translate into more available capacity and potentially more competitive offerings over time. Second, it reinforces that AI-driven demand is reshaping the infrastructure market—pushing providers to secure funding and build out faster to meet client needs.
It’s also a reminder that cloud strategy is increasingly intertwined with provider balance sheets and buildout timelines. When capacity is tight or demand spikes, customers can feel it through pricing, availability of certain instance types, or regional constraints. While this week’s reporting does not detail Oracle’s specific deployment plans, the scale of the funding target alone signals that cloud infrastructure competition is entering a new phase—one where access to capital is a strategic differentiator. [3]
Analysis & Implications: portability pressure, sovereign trade-offs, and cost volatility converge
This week’s stories connect into a single enterprise theme: cloud infrastructure decisions are being shaped simultaneously by regulation, risk, and runaway variability in consumption.
Start with portability. The UK-focused practice changes by Microsoft and Amazon—aimed at egress fees, switching, and interoperability—show that the mechanics of moving data and workloads are now a policy concern, not just a technical one. [1] For enterprises, that means cloud architecture and procurement are becoming more interdependent: the way you design data flows and dependencies can either amplify or reduce exposure to egress and switching friction.
Now add resilience. The second drone strike on an Amazon data center in the Middle East highlights that geopolitical instability can directly threaten cloud infrastructure. [2] This pushes enterprises to revisit regional concentration risk and to ensure that continuity plans are aligned with real-world threats, not just theoretical outages. It also intersects with the broader “cloud-first vs. sovereign-first” debate: organizations must balance the agility of public cloud with the control and compliance of sovereign approaches, aligning strategy to business objectives and regulatory requirements. [4] While the sovereign-first discussion is often framed around compliance and jurisdiction, this week’s events underline that risk can also be physical and geopolitical.
Finally, cost. Cloud spending is increasingly hard to predict, especially as AI workloads drive variability. A CIO report notes that cloud costs are now the second-largest expense at midsize IT companies behind labor, with AI adoption contributing to significant month-to-month swings. [5] That cost volatility makes portability and resilience more than “nice-to-haves.” If bills fluctuate sharply, enterprises will look harder at workload placement, data movement patterns, and the feasibility of shifting workloads across providers or regions.
Oracle’s plan to raise up to $50 billion for infrastructure expansion is the supply-side response to this demand environment. [3] But more capacity doesn’t automatically solve customer pain if switching remains difficult, if regional risk rises, or if AI workloads keep driving unpredictable consumption.
The implication for infrastructure leaders: treat cloud strategy as a three-axis optimization problem—(1) portability and commercial terms, (2) resilience across regions and risk profiles, and (3) cost governance that can handle AI-driven variability. This week made clear that ignoring any one axis can undermine the other two.
Conclusion
March 30 through April 6, 2026, was a week where cloud infrastructure stopped being a background utility and reasserted itself as a strategic enterprise concern. Regulatory pressure in the UK is pushing hyperscalers to adjust the practical realities of egress, switching, and interoperability—areas that directly affect customer choice and long-term cost. [1] At the same time, the drone strike on an Amazon data center in the Middle East is a blunt reminder that cloud resilience is inseparable from physical security and geopolitics. [2]
On the capacity front, Oracle’s intent to raise $45–$50 billion to expand infrastructure shows how aggressively providers are gearing up for AI-era demand. [3] Yet for many enterprises—especially midsize firms—cloud is also becoming a dominant budget line item, with AI workloads driving unpredictable monthly bills. [5]
The takeaway isn’t that cloud is becoming less viable. It’s that cloud infrastructure strategy now requires a broader lens: commercial portability, sovereign and regulatory alignment, physical resilience, and disciplined cost management must be designed together. The organizations that treat these as one integrated program—not separate initiatives—will be best positioned for what comes next.
References
[1] Microsoft, Amazon cloud practice changes spark mixed industry reaction — ITPro, April 1, 2026, https://www.itpro.com/business/policy-and-legislation/microsoft-amazon-cloud-practice-changes-spark-mixed-industry-reaction?utm_source=openai
[2] Amazon Middle East datacenter suffers second drone hit as Iran steps up attacks — Network World, April 2, 2026, https://www.networkworld.com/cloud-computing/?utm_source=openai
[3] Oracle to raise up to $50bn for cloud infrastructure buildout — Infomarine, April 6, 2026, https://infomarine.net/en/insight/117-financial-news/60984-oracle-to-raise-up-to-%2450bn-for-cloud-infrastructure-buildout.html?utm_source=openai
[4] Cloud-first vs. sovereign-first: Navigating the trade-off — Network World, April 7, 2026, https://www.networkworld.com/cloud-computing/?utm_source=openai
[5] Cloud costs now No. 2 expense at midsize IT companies behind labor — CIO, April 7, 2026, https://www.cio.com/cloud-management/?utm_source=openai