On Friday 19 July, a computer breakdown affected millions of Microsoft computers around the world, causing major disruption in several sectors, particularly aviation.
While the origin of the problem was quickly identified - a faulty update to the company’s Crowdstrike cybersecurity software - Microsoft now believes that the European Union and its legislation are also responsible.
In an interview with the Wall Street Journal, a spokesperson for the US company said that the EU was indirectly involved in the blackout, because of an agreement reached in 2009 in a case of abuse of a dominant position (see EUROPE 9659/22).
Following a complaint, Microsoft agreed to give external security software manufacturers the same level of access to Windows as the company itself.
Unlike Apple or Google, which operate in a closed ecosystem with compartmentalised operating systems, Microsoft has to share its APIs with third-party software publishers. This would expose the system to problems originating from external applications.
When questioned on Tuesday 23 July, the European Commission denied any responsibility, arguing that, on the contrary, opening up to competition makes it possible to increase the resilience of IT systems, by preventing a breakdown at a single operator from affecting all consumers.
“Furthermore, the incident was not limited to the EU, and Microsoft never raised any security concerns with us, either before or after the problem”, added its spokesperson. (Original version in French by Isalia Stieffatre)