AWS, Microsoft Azure, and Google Cloud have built business models that make leaving expensive and technically painful. Egress fees, proprietary APIs, tightly coupled managed services, and licensing practices create a gravitational pull that traps organisations — often without their realising it until migration becomes necessary. Understanding the mechanisms of lock-in is the first step toward avoiding it.
The most visible lock-in mechanism is data egress pricing. Cloud providers typically do not charge for data ingress (uploading data), but apply per-gigabyte fees for data egress (downloading or transferring data out). For organisations with petabytes of data accumulated over years of cloud operation, these fees can amount to hundreds of thousands or even millions of euros.
Historically, AWS charged $0.09/GB for the first 10 TB of monthly data transfer out (in EU regions), with tiered pricing for higher volumes. Azure and Google Cloud had comparable rates. This asymmetric pricing — free to enter, expensive to leave — has been widely criticised as an anti-competitive practice designed to increase switching costs.
Regulatory pressure has begun to shift the landscape. The EU Data Act (Regulation (EU) 2023/2854), applicable from 12 September 2025, requires cloud providers to eliminate switching charges after a three-year transitional period. In anticipation, providers have already begun adjusting: Google Cloud announced in January 2024 the elimination of egress fees for customers migrating entirely off the platform. AWS followed with free data transfer out for customers leaving AWS.
However, these announcements come with significant caveats. The free egress typically applies only to customers who are completely leaving the platform, not to ongoing multi-cloud operations. Standard egress fees continue to apply for day-to-day cross-cloud data transfers, inter-region transfers, and transfers to on-premises infrastructure. The Cloudflare Bandwidth Alliance and European providers like Hetzner, OVHcloud, and Scaleway — which charge zero or minimal egress fees — continue to offer structurally different pricing models.
Egress fees are the most quoted lock-in mechanism, but architectural lock-in through proprietary managed services is often more consequential. Modern cloud applications are not simply VMs running on rented hardware — they are built on dozens of tightly integrated managed services: serverless compute (AWS Lambda, Azure Functions), proprietary databases (DynamoDB, Cosmos DB, Cloud Spanner), message queues (SQS, Azure Service Bus), identity services (AWS IAM, Azure AD), and machine-learning platforms (SageMaker, Azure ML).
Each of these services has its own API, data model, and operational semantics. An application built on AWS Lambda + DynamoDB + SQS + API Gateway cannot simply be "moved" to another cloud — it must be substantially re-architected. The migration is not a lift-and-shift but a rebuild, often requiring months of engineering effort and carrying significant regression risk.
This is by design. Cloud providers invest heavily in managed services because they create deep, sticky dependencies that compound over time. Each additional proprietary service adopted increases the technical switching cost. After several years of cloud-native development, organisations often discover that their application's architecture is, in practice, inseparable from a specific provider's platform.
The mitigation strategy is well understood but requires discipline: favour open-source and standards-based alternatives where they exist. Use PostgreSQL instead of DynamoDB or Cloud Spanner. Deploy on Kubernetes instead of proprietary container orchestration. Use Terraform or OpenTofu instead of CloudFormation or Bicep. Adopt RabbitMQ or NATS over SQS. These choices add modest operational overhead but preserve the ability to migrate.
A distinct and particularly insidious form of lock-in operates through software licensing. In October 2019, Microsoft changed its on-premises licensing terms to restrict customers' ability to run Windows Server and SQL Server licences on third-party cloud platforms (listed providers including AWS, Google Cloud, and Alibaba). Customers who had purchased these licences could continue to use them on Azure under favourable terms, but running them on competing clouds required purchasing separate, more expensive licences — a practice known as the "Azure tax."
Following pressure from cloud competitors and European regulators, Microsoft updated its licensing terms in October 2022, allowing listed providers' customers to deploy licences via dedicated hosted infrastructure. However, critics argued the changes were insufficient, as running Microsoft software on non-Azure clouds remained more expensive and operationally complex.
The European Commission opened a formal investigation in September 2024 into Microsoft's cloud licensing practices, following a complaint by CISPE (Cloud Infrastructure Services Providers in Europe) — a trade body representing European cloud providers including OVHcloud, Aruba, and IONOS. CISPE's complaint alleged that Microsoft's licensing practices constitute an abuse of its dominant position in productivity software (Office 365) and server operating systems (Windows Server) by tying these products to Azure. Although CISPE subsequently settled its complaint, the Commission's investigation continues.
For organisations evaluating cloud sovereignty, licensing lock-in is a critical and often overlooked factor. The cost of running Microsoft workloads on European clouds may be artificially inflated by licensing restrictions, creating a structural disadvantage for non-Microsoft providers that has nothing to do with technical capability.
The EU has recognised cloud lock-in as a market dysfunction requiring regulatory intervention. The Data Act's Chapter VI (Articles 23-31) directly targets switching barriers:
Beyond regulation, the open-source ecosystem provides the most robust structural protection against lock-in. The Cloud Native Computing Foundation (CNCF) — which governs Kubernetes, Prometheus, Envoy, and dozens of other projects — has created a rich ecosystem of cloud-agnostic infrastructure tools. European organisations adopting CNCF-graduated projects as their primary platform layer can maintain genuine multi-cloud optionality.
European cloud providers have increasingly positioned themselves as lock-in-free alternatives. Hetzner offers simple, transparent pricing with no egress fees. Scaleway provides Kubernetes, object storage, and GPU instances with open APIs. OVHcloud operates the largest European-headquartered cloud, with a public commitment to open standards. The economic case for European alternatives strengthens as regulatory costs of hyperscaler lock-in become more transparent.
Cloud vendor lock-in occurs when an organisation becomes dependent on a specific cloud provider through proprietary APIs, managed services, data formats, and egress fees that make switching providers technically painful and expensive. AWS, Azure, and Google Cloud all employ lock-in mechanisms.
AWS and Google Cloud charge between 0.08 and 0.12 euros per GB for data leaving their network. For organisations with large datasets, egress fees can cost tens of thousands of euros, creating a financial barrier to migration. Many European providers like Hetzner and Scaleway offer significantly lower or zero egress fees.
Use containerisation (Kubernetes), infrastructure-as-code (Terraform), open-source databases instead of proprietary managed services, and standard APIs. Design for portability from the start, maintain exit plans, and avoid deep dependencies on provider-specific features like AWS Lambda or Azure Functions.