Built on Sand: Antitrust, Platform Risk, and the Five-Year Tech Strategy Nobody Has Written Yet
There is a column missing from most enterprise technology strategies. It sits between "vendor roadmap" and "market trends," and it would be labelled, if anyone had thought to include it, something like "things a judge might order." This column is currently empty in almost every five-year plan I have encountered. It should not be.
Antitrust enforcement against the major technology platforms has crossed a threshold. It is no longer a legal story that occasionally produces fines and makes headlines before everyone moves on. It is a series of product decisions, made in courtrooms and regulatory offices, that are actively reshaping what platforms do, how they behave, and in some cases whether they will continue to exist in their current form. If your architecture depends on these platforms, and almost all enterprise architecture does, then the legal proceedings are now directly your problem.
What Has Actually Happened
It is worth being specific about the scale of what is under way, because the individual stories tend to be reported in isolation and the cumulative picture is considerably more dramatic than any single case suggests.
In September 2025, US District Court Judge Mehta issued the remedies decision in United States v. Google, the search monopoly case. Google was prohibited from exclusive distribution contracts for Search, Chrome, and its associated products. A five-member Technical Committee was established, with expertise spanning software engineering, information retrieval, economics, and data privacy, to oversee mandatory data sharing with competitors and enforce compliance over a six-year period. The Department of Justice had asked for Chrome and Android to be divested. The judge declined. The DOJ appealed in February 2026, describing Google as a "recidivist monopolist" and arguing the remedies were inadequate. That appeal is currently in progress.
Separately, a different judge, Judge Brinkema, found in April 2025 that Google had monopolised two further markets: publisher ad servers and advertising exchanges. The remedies in that case have not yet been decided. This is the case to watch. The search case established that behavioural remedies were preferred over structural ones. The ad tech case may test whether that preference holds when the monopolised markets are more clearly separable from Google's core business. A decision to force divestiture of Google's ad technology stack would be one of the largest structural separations in US corporate history.
Meanwhile, the EU has been considerably less restrained. In 2025 alone: Apple fined €500 million for blocking app developers from communicating directly with their own customers. Meta fined €200 million for forcing users to choose between surrendering personal data and paying for the service. Google fined €2.95 billion. X fined €120 million. The European Commission also opened formal investigations into whether Amazon Web Services and Microsoft Azure should be designated as gatekeepers under the Digital Markets Act, which would subject them to an entirely new tier of behavioural obligations around interoperability, data access, and service bundling. The projected enforcement fines for 2026, if current investigations result in findings, are estimated at over €100 billion in aggregate.
The Apple antitrust case in the US, filed in March 2024 and covering smartphone market monopolisation, survived its motion to dismiss in June 2025. It alleges that Apple uses its ecosystem to prevent viable competition in smartwatches, digital wallets, and app store alternatives. Trials are expected to continue into 2027. The DOJ's case against Apple is, if anything, more structurally ambitious than the Google search case: it is directly targeting the lock-in model that Apple has spent fifteen years perfecting.
The Part Nobody Is Putting in Their Strategy Documents
Each of these cases is reported, correctly, as a legal and regulatory matter. What is less commonly discussed is that they are also, simultaneously, product and market events.
Consider what the Apple €500 million fine actually produced. Apple was required to allow app developers to communicate directly with users about alternative payment options outside the App Store. This is not a fine that Apple paid and then forgot about. It is a permanent change to how the platform operates, enforced by ongoing regulatory oversight, that altered the economics of app distribution in every market where the EU ruling applies. Developers gained a capability they did not previously have. The commission structure that had applied to every in-app purchase was opened to competition from alternative mechanisms. A court order became a product feature.
The Microsoft-Activision acquisition followed the same pattern. Regulatory approval was conditional on commitments that included binding obligations not to give preferential treatment to Microsoft's own apps in the Microsoft Store, and to maintain Activision Blizzard game availability on rival platforms. These commitments did not expire with the approval. They became durable constraints on how Microsoft operates its gaming business, enforceable by regulators across multiple jurisdictions. The acquisition reshaped the market. The conditions reshaped what Microsoft could do with it.
Now consider the pending Google ad tech remedies. If a court orders Google to divest its publisher ad server or ad exchange businesses, the programmatic advertising market that currently runs on Google infrastructure will be required to transition to independent alternatives. Every enterprise that runs digital advertising, or that has built marketing technology on top of Google's ad stack, will face a transition they did not choose and did not plan for. The timeline will not be set by your roadmap. It will be set by a court.
The Geopolitical Complication
The analysis above assumes a relatively stable regulatory environment in which enforcement happens predictably within established legal frameworks. This assumption has become significantly less reliable.
The Trump administration has characterised EU enforcement of the Digital Markets Act and Digital Services Act as "overseas extortion" of American technology companies. In December 2025, the administration threatened to deploy "every tool at its disposal" against EU enforcement, with specific named targets including Spotify, DHL, Accenture, and Siemens as potential subjects of US restrictions or fees. In February 2026, Vice President Vance used the Munich Security Conference to attack European enforcement as censorship. A Trump executive memo ordered investigation of any foreign government taxing US technology companies or implementing policies that "incentivise censorship," and authorised tariffs as a retaliatory instrument.
The EU's response was, to its credit, calm and brief. A Commission spokesperson noted that EU rules apply equally and fairly to all companies operating in the EU. Investigations into Meta and Google were announced in December 2025. Enforcement continued.
The result is a bifurcated regulatory environment in which the rules governing the same platform are diverging between jurisdictions, and in which the political dynamics around those rules are themselves unstable. An enterprise operating across US and EU markets is now building on platforms that are subject to different obligations in different regions, enforced by regulators who are in active disagreement about whether each other's enforcement is legitimate.
This is not a situation that simplifies on its own.
What This Means for Architecture Decisions
The conventional framework for evaluating platform dependency has three variables: capability (does it do what we need?), cost (at what price?), and lock-in risk (how hard is it to leave?). Antitrust enforcement adds a fourth variable that interacts with all three: regulatory contingency (how likely is it that what this platform currently does will be required, or prohibited, or restructured by external legal action?)
This is not theoretical. It has concrete implications for decisions being made now.
If you are building search and discovery functionality on top of Google's advertising and data infrastructure, the pending Google ad tech remedies are a planning assumption, not a remote risk. The DOJ has won the liability finding. The question is now what the remedy will be, not whether there will be one.
If you are building mobile applications and your distribution and payment economics depend on current App Store arrangements, the Apple antitrust case and the EU enforcement actions have already begun changing those arrangements, with more change likely as cases proceed. The 15-30% platform commission that your business model assumed may not be the commission that applies in all jurisdictions in three years.
If you are evaluating AWS and Azure as cloud platforms, the EU Commission's investigation into their gatekeeper status under the DMA has the potential to impose interoperability requirements, data portability obligations, and restrictions on how they bundle their own services. These are the kinds of requirements that directly affect how lock-in works in practice.
None of this means you should not use Google's infrastructure, or build on iOS, or run workloads on AWS. It means that the risk column in your platform evaluation should include a row for regulatory contingency, and that row should be populated with specific reference to specific cases, not left empty or filled with "monitor situation."
The Uncomfortable Practical Point
I am aware that adding "track antitrust litigation" to the responsibilities of a technology strategy function is, on its face, an absurd suggestion. Technology leaders are not lawyers, courtrooms are not familiar territory, and the timelines of major antitrust cases are measured in years during which the technical landscape changes multiple times independently of any legal outcome.
The alternative, however, is to continue building five-year strategies on the assumption that the platforms you depend on will continue to work in the ways they currently work, with the economics they currently have, offering the capabilities they currently provide. This assumption was always somewhat optimistic. In the current environment it is, in several specific and identifiable cases, demonstrably wrong.
The technical committee overseeing Google Search compliance has real authority over real systems. The EU enforcement actions have already produced real changes to real products. The Apple antitrust trial will, when it concludes, produce real remedies. Courts have become product managers for a portion of the technology stack, and they are exercising that role with increasing confidence regardless of whether enterprise architecture planning has noticed.
The five-year technology strategy that accounts for this is longer to write and harder to defend in a budget review. It is also more likely to be accurate.
There is perhaps something philosophically interesting in the observation that the most significant constraints on the technology choices available to large enterprises in 2026 are being set neither by engineers nor by markets, but by judges and regulators working through frameworks written in the 1970s and applied to products that did not exist until the 2000s. The Sherman Act was not designed with cloud interoperability obligations in mind. It is producing them anyway.
The universe, as noted elsewhere, has a long history of delivering outcomes that were not in the original specification. It is generally advisable to plan for this.