Tech Policy Press - Google’s Wiz Deal Could Become a Trojan Horse in Europe’s Cloud
Europe research fellow Claire Lavin co-wrote an article arguing that Google’s proposed $32 billion acquisition of Wiz would dangerously concentrate control over Europe’s cloud security infrastructure in the hands of a U.S. tech gatekeeper, threatening competition, data governance, and digital sovereignty—and must be rigorously investigated and potentially blocked by EU regulators.
On January 6, Google notified its proposed USD 32 billion acquisition of cloud security company Wiz to the European Commission. This marks a pivotal moment, not only for the future of cloud markets, but also for whether European competition policy is finally willing to confront the expanding power of Big Tech companies.
The deal follows an earlier USD 23 billion takeover attempt in 2024 that collapsed due to alleged concerns about regulatory hurdles in the United States. This time, Google has upped its game and sweetened the deal with a USD 3.2 billion break-up fee if the deal fails. A change in the US administration appears to have paved the way for early merger approval there in November.
Wiz is a fast-growing cybersecurity success story founded in 2020 as a cloud-agnostic challenger to both hyperscalers’ native tools and traditional vendors. It has become a central component of cloud security for governments, critical infrastructure operators and large enterprises. As a multi-cloud security layer, Wiz provides visibility across Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP) and other environments. If Google acquires Wiz, this neutral multi-cloud visibility would be absorbed into a single hyperscaler’s ecosystem, enabling Google to align Wiz’s products and roadmap with its own cloud strategy.
While Wiz would be Google’s largest acquisition to date, no European competition authority opened a review before the deal reached Brussels. This is striking at a time in which Big Tech’s excessive market power in cloud not only hurts businesses and citizens, but has become an increasingly tangible geopolitical threat to Europe’s digital sovereignty agenda. The European Commission must now review the notification and decide by February 10 whether to clear the deal or open an in-depth merger investigation. To prevent the possibility of Google from taking control of the cloud, Europe must step up and stop a structural consolidation that would give the US gatekeeper unprecedented leverage over Europe’s cloud security architecture.
The Wiz deal threatens competition - and more
This transaction is the latest in Google’s long-standing strategy of expanding its empire. Globally, Google acquired at least 43 companies between 2019 and 2025, and since 2010, it has invested in nearly 6,000 companies globally. However, the Wiz transaction stands out from the others: in addition to being Google’s largest, it follows a series of recent cloud security acquisitions, in particular Mandiant, Chronicle and Siemplify, aimed at strengthening its position against Microsoft and Amazon. The scale of this takeover reflects Google’s gargantuan ambition to become an essential player in “left of boom” (i.e., before cybersecurity attacks happen) cloud security.
With Wiz, Google will become one of the most powerful players in cloud security, combining its GCP with a security platform used across all major clouds. This creates an inherent conflict of interest. Google could shape Wiz’s tools to work best with its own cloud, bundle them across its AI and other services, or steer product development in a way that favours GCP. Independent cybersecurity vendors cannot match these advantages and some have already warned that customers operating on other non-Google clouds risk becoming second-class citizens. Large businesses and public bodies would be left with fewer genuinely independent alternative security providers and weaker bargaining positions.
The merger would also strengthen an already dominant tech giant across yet another layer of the digital stack. By gaining control over a key multi-cloud security tool, Google would be in a position to shape the practical level of interoperability across competing cloud environments. This risks customers becoming more dependent on one provider for cloud and security. That is precisely the type of lock-in the EU’s Data Act is meant to reduce.
Read full article here.