EU sides with Big Tech as Google’s Wiz takeover gets a green light

Civil society organisations across Europe seriously regret the European Commission’s decision(opens in new window) to unconditionally clear Google’s proposed acquisition of Wiz. The decision runs counter to lessons drawn from past under-enforcement in the digital sector, the Commission’s stated objectives of strict application of competition rules to Big Tech and the growing systemic risks arising from cloud concentration.

As outlined in our formal submission(opens in new window) to the Commission, this $32 billion deal – Google’s largest acquisition to date – raises serious competition concerns, puts the resilience of the European economy at risk and interferes with Europe’s ongoing efforts to become digitally sovereign. This is particularly concerning in times of such geopolitical uncertainty. The proposed deal would mark a major strategic expansion that further entrenches Google’s power in cloud infrastructure and cloud security. This alone warrants the highest level of scrutiny under European merger control.

Google is a dominant digital conglomerate with entrenched power across key parts of the digital economy, operating systems, search, advertising, data analytics, and Artificial Intelligence (AI). Alphabet, the parent company of Google, is also designated as a gatekeeper under the EU’s Digital Markets Act. Wiz, by contrast, has emerged as one of the most important independent cloud security providers precisely because of its cross-cloud, vendor-agnostic model. Its ability to operate neutrally across competing cloud environments is central to its value for customers, including smaller European cloud providers, and to competition in the wider cloud ecosystem. 

As explained in our submission, Google will have the ability and incentive to favour its own services to the detriment of rivals, including cloud challengers. The acquisition threatens to hamper innovation by eliminating one of the few independent, fast-growing security providers capable of constraining hyperscalers’ security stacks, and it would concentrate sensitive cross-cloud security insights within a single corporate ecosystem, thereby undermining trust and neutrality in a sector where independence is essential. In our view, clearing the deal without conditions leaves these risks unaddressed.

These harms are not hypothetical. The Commission’s experience in digital markets shows how control over a strategic layer can be used to reinforce power over adjacent markets and, over time, make customers face higher switching costs. Clearing this acquisition risks repeating the mistakes of past under-enforcement.

This case should not have been cleared through a narrow assessment based on market shares and price parameters. The presence of Azure and AWS in cloud will not prevent Google from entrenching its market position and raising barriers to entry for smaller cloud providers. As we argued, the Commission should have closely considered the impact of the deal on cloud security, a strategic layer of the digital stack with direct implications for cybersecurity, resilience, and public sector autonomy.

In our view, a Phase I assessment was insufficient to capture the full scope of the competitive and structural risks at stake. In our submission, we urged the Commission to focus on  non-price and technical parameters that cannot be resolved safely at  Phase I. It is disappointing to see the European Commission allow another major technology merger to proceed at the expense of competition, innovation and Europe’s digital future. Europe needs merger control that protects contestability, customer choice and resilience in essential digital infrastructure.