EU Approves $32B Google-Wiz Purchase After Antitrust Review

European regulators determined Tuesday that Google’s proposed $32 billion buy of Wiz raises no competition concerns due to Google’s relatively weak position in cloud infrastructure.

See Also: Reduce Cloud Risk in Healthcare with Security by Default

The European Commission ruled the Silicon Valley-based search and cloud computing giant can proceed with its buy of the New York-based cloud security superstar because of the existence of credible alternative cloud security providers and the absence of commercially sensitive data risks resulting from the deal. The Google-Wiz transaction cleared the U.S. Justice Department’s antitrust review in November.

“Google stands behind Amazon and Microsoft in terms of market shares in cloud infrastructure, and our assessment confirmed that customers will continue to have credible alternatives and the ability to switch providers,” European Commission Executive Vice President Teresa Ribera said in a statement. “The transaction therefore does not raise competition concerns in cloud services or cloud security.”

Google grew its IaaS public cloud services business by a quarter in 2023 to $11.45 billion, but that’s still only 8.2% of a $140 billion market. Google significantly lags behind Amazon and Microsoft in public cloud – who control 39% and 23% of the market, respectively. A coalition of civil society organizations wanted a more detailed review of the Google-Wiz deal over concerns related to competition in cloud and cybersecurity (see: Groups Warn $32B Google-Wiz Deal Threatens Cloud Competition).

Commission: Customers Can Still Switch After Google Buys Wiz

Feedback from customers and rival suppliers indicated that switching would remain available even if Google were to integrate Wiz closely with its own offerings, the European Commission found. It also highlighted the functional separability of Wiz’s product, noting that clients could migrate to competing security platforms if Google attempted to degrade Wiz’s interoperability or bundle it coercively.

“The European Commission’s approval is a significant step toward our goal of joining Google Cloud to redefine the future of artificial intelligence and cloud security,” a Wiz spokesperson said in an emailed statement to Information Security Media Group. “We look forward to completing the remaining regulatory reviews and getting to work.”

Customers that rely on multi-cloud strategies would quickly defect if Wiz ceased to function effectively across AWS, Azure and other environments, the European Commission found, positioning customer behavior as a natural safeguard against anti-competitive conduct. Google is therefore constrained by market incentives to preserve Wiz’s cross-cloud operability, according to the Commission.

“Increasing access to multi-cloud security solutions, as this acquisition will do, will provide businesses and governments more choice in how they protect themselves,” a Google spokesperson said in an emailed statement to ISMG. “We look forward to completing the review process with other jurisdictions, as we have done in the U.S. and EU. The acquisition of Wiz is still expected to close in 2026.”

Commission: Wiz Won’t Give Google Commercially Sensitive Info

The commission said that bundling Wiz too tightly with Google Cloud would backfire, and emphasizes the presence of rival security vendors that could step in if Google attempted to foreclose competitors. But civil society groups believe the deal could degrade competition by slower feature rollouts for rival clouds, lower prioritization of non-Google integrations or more support for Google-native deployments.

“Foreclosure is most likely to occur through subtle, cumulative forms of discrimination rather than an overt refusal to supply, through slower feature parity for non-GCP environments, reduced priority for AWS/Azure connectors and integrations, differences in reliability or responsiveness in non-GCP deployments, or support and escalation practices that systematically favor GCP-native deployments,” the civil society groups wrote.

Wiz doesn’t provide Google with commercially sensitive information that rivals can’t otherwise obtain, and the commission therefore views the risk of informational advantage as limited and insufficient to distort competition materially. Civil society groups said Google could leverage this telemetry to identify rivals’ weaknesses, optimize migration strategies and tailor development in ways rivals can’t replicate.

“Google would have increased incentives to leverage this cross-cloud telemetry and associated insights to reinforce its competitive position in cloud and cloud security, including by shaping product strategy and road map prioritization, targeting customers with tailored migration and bundling narratives, and optimizing commercial and technical offerings in ways that competing cloud providers cannot replicate,” the civil society groups wrote.

The commission said its Phase I clearance is the product of a thorough and evidence-based probe, noting engagement with customers and competitors and procedural rigor and consistency with established principles. Civil society groups argued the complexity and long-term implications of the deal make it unsuitable for rapid clearance since it’s tied to digital infrastructure resilience and sovereignty.

“This is not a case that can be safely resolved through unconditional Phase I clearance, nor is it suitable for resolution within Phase I through straightforward commitments,” the civil society groups wrote. “It is our position that the commission requires a more complete evidential basis and market validation to reach a robust conclusion.”