In this piece for Pro Market, author Roslyn Layton (Aalborg University) looks into the recent failures of major digital infrastructure providers, comparing last year’s CrowdStrike software malfunction with the more far-reaching Amazon Web Services (AWS) outage. Layton notes that while the CrowdStrike incident revealed risks linked to market concentration in cybersecurity tools, it also showed how dominant providers can offer strong everyday protection—provided safeguards like AI-driven testing and gradual rollouts are in place. By contrast, the October AWS outage stemmed from a core infrastructure failure that disrupted websites, payment platforms, logistics systems, and even government services, with economic losses reaching tens of billions of dollars. Unlike CrowdStrike, which accepted responsibility, AWS has routinely disclaimed liability, raising concerns about an essential yet unregulated infrastructure on which the internet itself depends.
The article then explores possible policy responses, noting that cloud computing operates under a “best efforts” model that leaves end users—who depend on cloud-based work, school, health, and government services—with no alternatives or protections when outages occur. Some policymakers advocate for enhanced competition, arguing that diversifying providers or breaking up AWS could improve resilience. However, Layton explains that diversification requires costly technical and governance capacity that many businesses lack, and smaller cloud providers often lag technologically behind the dominant firms. Even if regulators pursued an AWS breakup, it would take years and might not survive legal challenge, as evidenced by other tech antitrust cases. Antitrust law, she emphasizes, targets abuse of market power but does not guarantee reliability in critical services.
Layton continues by examining regulatory options, including treating cloud providers more like telecommunications operators, who must meet strict reliability, reporting, backup, and consumer-protection obligations. Cloud services, despite supporting essential economic functions, face none of these requirements. As a practical interim measure, she suggests that cloud hyperscalers could be required to help fund infrastructure resilience through contributions to the Universal Service Fund (USF). Such funding could expand redundant connectivity, strengthen edge infrastructure, and reduce single points of failure—ultimately helping communities and institutions remain operational during future outages.