The global pressure on Microsoft is increasing. A seemingly endless series of security incidents, a lack of communication, the continuation of forced active customizations and the most inseparable integration of Microsoft services possible are calling the competition authorities worldwide into action.
On June 25, the EU Commission got serious. In an official statement, it declared its preliminary finding that Microsoft holds a dominant position in the market for SaaS business applications for commercial users worldwide.
Following a complaint, the European Commission has been investigating Microsoft’s link between Office and Teams for some time. After the Salesforce subsidiary Slack filed a competition complaint with the EU in summer 2020, another provider followed suit in 2023. The deep integration of teams into the M365 services is being criticized.
To avert a possible EU antitrust fine, Microsoft then began offering Teams separately from Microsoft 365 and Office 365 in the EU and Switzerland from October last year, followed by global implementation in March.
However, concerns remained as to whether this would be enough. With a turnover of around 230 billion US dollars in 2023, Microsoft faces considerable losses in the event of an antitrust fine of up to ten percent of turnover.
DMA as a strengthening of liberal market forces
The view of excessive market position was strengthened by the Digital Markets Act (DMA), which came into force on November 1 last year.
The DMA is primarily aimed at the Internet giants and is intended to prevent them from abusing their dominant market position. To this end, it prohibits these so-called gatekeepers from engaging in certain anti-competitive practices.
At the same time, it has since become clear that the scope of application in terms of products and services is still very limited. In particular, the ubiquitous Office applications and cloud services such as OneDrive and Azure are apparently not yet covered by the DMA. The widely used Microsoft Teams as part of the Office subscription suite is also not included. However, this is now the focus.
Microsoft is alarmed
Microsoft is accordingly alarmed and is trying to avoid consequences here. Microsoft CEO Brad Smith recently announced after a meeting with EU Competition Commissioner Margrethe Vestager in Brussels that it may not be enough to separate Teams from Microsoft Office in order to comply with EU competition rules. Microsoft is prepared to find a solution to dispel the concerns of the competition authorities. According to Smith, Microsoft would not be surprised to receive a statement of objections or an indictment from the EU competition authority. However, this is not an irreversible step towards resolving the matter, reports Reuters.
The apparent calmness indicates that Microsoft does not want to submit to government sanctions without restriction. But the impression could be deceptive.
EU Commission provisionally assumes Microsoft is in breach
On June 25, it became clear that the EU Commission is getting serious. In an official notice, the Commission stated its preliminary finding that Microsoft holds a dominant position worldwide in the market for SaaS business applications.
The Commission fears that Microsoft has been coupling Teams with its main SaaS productivity applications since April 2019 at the latest, thereby restricting competition in the market for communication and collaboration software and foreclosing its market position in productivity software and its package-centric model to competing providers of individual software.
This may give Microsoft Teams a sales advantage by not allowing customers to decide for themselves whether or not they want access to Teams when subscribing to Microsoft’s SaaS productivity applications. This advantage may have been exacerbated by the restrictions on interoperability between programs competing with Teams and Microsoft’s software packages. This behavior may have prevented Teams’ competitors from competing with Teams to the detriment of customers in the European Economic Area, thereby also driving innovation competition.
If the Commission’s concerns are confirmed, this would constitute a breach of Article 102 of the Treaty on the Functioning of the European Union, which prohibits the abuse of a dominant market position.
In the Commission’s view, the changes made at Microsoft are not sufficient to dispel its concerns; rather, it considers further changes in behavior to be necessary in order to restore competition.
Microsoft under constant fire – also in the USA
Microsoft has long since come under massive criticism, and not just in the EU. In addition to competition issues, data security and dealing with other deficits play a decisive role.
According to the report of the European Data Protection Supervisor (EDPS), the use of Microsoft 365 by the EU Commission violates the existing data protection laws of the European Union. A report from the US Department of Homeland Security (DHS) was also recently published. The background to this is that the suspected Chinese hacker group Storm-0558 captured a master key last year that gave them access to numerous Microsoft email accounts. US government employees were also affected.
The report by the Cyber Safety Review Board (CSRB) shows that the hackers’ intrusion could have been avoided. The agency identified a number of operational and strategic decisions by Microsoft that point to a corporate culture that neglects investment in security and rigorous risk management. Microsoft’s inadequate communication is also criticized. Microsoft knew in November 2023 that its blog entry of September 6, 2023 was incorrect with regard to the cause. However, this was not updated until March 12, 2024, long after the CSRB had completed its review and repeatedly asked about Microsoft’s plans to fix the problem, culminating last month in a subpoena and questioning of Microsoft’s president by the U.S. Congress.
Outlook
The outlook is difficult to predict. On the one hand, the pressure from the authorities on Microsoft has probably never been so high. New regulations such as the DMA also make a decisive contribution to this.
On the other hand, Microsoft’s continuing failings are so serious and its strategy of promoting maximum dependency so obvious that it is surprising that the response is not much greater. Basically, given Microsoft’s policy, which has been underlined once again by the latest Windows feature, no government agency or private company can rely on the corresponding subscription products in a way that is commensurate with the risk. Not only your own information security, but also data protection and compliance are at stake.
Unfortunately, the decisive factor is the existential dependence on Microsoft products, which also affects state institutions in particular. This is the only explanation for the still muted response, the lack of outcry and the hesitant use of less critical alternatives such as on-premise or second-hand software.
An effective reduction of dependencies on providers such as Microsoft is unlikely to succeed despite new laws and measures by the authorities. The cross-product dependency of companies and the state on Microsoft is far too great for this and has been ignored by customers for decades. Accordingly, even current on-premise software was “swapped” for the next level of dependency in the form of M365 through incentive programs such as Microsoft’s “from SA”.
However, many companies only realize the disadvantages of a corresponding subscription/cloud migration, and preferably from a single source, when it is too late. These exist in particular in terms of dependency, which is reflected commercially in continuous price increases, for example. At the same time, a failure of the cloud services means that their customers’ infrastructure is also paralyzed. The more applications are obtained from just one provider, the greater the impact of these effects.
With AI, integrated in Microsoft’s Copilot+ PCs, this will increase considerably, because undesirable side effects are obvious. The mistakes of the past – a hasty migration to the cloud – should be avoided at all costs today. Companies are well advised not to become dependent on individual providers.
This is why hybrid systems – consisting of on-premise software and cloud software – are always the better solution for companies. These combine the advantages of both worlds without the disadvantages of a pure cloud solution. Hybrid systems can be operated cost-effectively, particularly through the use of used software.
Andreas E. Thyen, Chairman of the Board of Directors of LizenzDirekt AG and a qualified economist, summarizes the situation as follows: “It was long overdue for the EU to take a closer look at the major providers and develop effective means of enforcing European values. It is certainly helpful that the US authorities are also taking action. A possible antitrust fine could also send a certain message. However, it is crucial that the customer also takes personal responsibility. Obtaining all software from a single source, if possible, leads to unacceptable risks, especially in the age of AI. Hybrid models such as bring-your-own-license and a return to traditional on-premise licenses and structures, on the other hand, represent an improvement. This also reduces legal data protection and data security concerns and generates positive effects such as the liberal forces of the secondary market through the purchase and sale of used software.”