MS (and other enterprise big tech) gets laws in their favor in the EU because the EU has no solid alternative to MS. There is no EU based big cloud provider with similar capabilities, software ecosystem, integration, nobody offering a comparable office suite, familiar operating system with legacy compatibility, collaboration platform, etc.
Even when you have solid competitors for individual components, the whole package is hard to resist. So they're stuck with MS for the moment, and slowly get absorbed in that ecosystem making it even more entrenched. But MS doesn't need to pay to get the law, they just have to let EU companies try out alternatives until they go back to being slowly boiled with MS. The EU is looking for excuses to excuse MS because everyone decided the price we all know now is worth paying to get access to a full ecosystem that fills all other needs.
Effectively the EU is "paying" MS to stay, not the other way around.
As I said at the beginning, this applies to most other enterprise big tech companies from the US. MS in particular has a hook others don't: most companies right now are still solidly tied to Windows, Office, AD/Entra. This is the slope that easily leads to the whole M365 environment. It's hard even for Google to compete with this. And it's impossible for the almost non-existing EU offering in this space to compete. There are lots of individual services that could compete 1:1 with the equivalents from MS or Google but nothing that can compete with the full ecosystems and vertical integration they provide.
Even so, a law that benefits MS will also benefit Google under these circumstances. Any law that locks out MS or Google (like GDPR which constantly sees "exceptions" carved out) will have some severe economic repercussions on EU companies, not to speak of the political/diplomatic ones with the US.
MS doesn't need to do anything. They don't need to pay anyone off. EU bureaucracy is extremely strongly wedded to MS products like Windows, Office, Teams, Outlook etc. As are all EU national bureaucracies and public institutions.
There are firm opinions by e.g. the BSI (German IT security office, comparable to something between NSA, mostly NIST, DHS and ANSI) and other equivalent European national offices that it is practically impossible to operate modern MS products securely. E.g. there are guidelines from BSI like "we know that in that exact version (which is years old, because the guideline took ages to write) you need to set the following registry keys to prevent data exfiltration. Btw. this won't help you, because you also HAVE to upgrade within a few weeks of each available update". There are firm opinions by multiple European data protection offices that basically say the same about GDPR compliance in MS products. Practically impossible to achieve, there might have been that one configuration, "Once upon a time of writing the report, with that specific version of Windows and Office, when firewalling off half of azure, setting those 300 registry keys, manually deleting the following files, illegal telemetry could no longer be observed. Also, you are obliged by GDPR to follow good practice and update regularly, so good luck with that...".
Basically it is illegal to process any personal data using MS products in the EU if the processing system has any kind of outgoing internet connection. All the bureaucracies ignore this systematically, citing the "impossibility" of working without said MS products. Migration plans away from those illegal processes are regularly cancelled, ignored or never completed. MS is free to do whatever it wants, they are never really investigated, fined or held to any laws.
Meanwhile, other big IT firms like Meta, Google, Twitter/X and lots of others are held to far higher standards. Where tons of your local government's data about you like tax report, criminal records, school records and similar things are subject to being exported to the US via Azure, MS telemetry and what not. With FAANG there is complaining about comparably laughable stuff like "well, that IP address that Google Fonts could observe...".
The problem, why this doesn't change, is that the local government institution is responsible for their data processing (according to GDPR and other laws), MS being only their contractor. And those government institutions are usually (in almost all EU states) free from GDPR and other penalties, and those penalties would be left-pocket-to-right-pocket anyways.
This is why MS gets a free pass on everything. Imho this must end.
Even when you have solid competitors for individual components, the whole package is hard to resist. So they're stuck with MS for the moment, and slowly get absorbed in that ecosystem making it even more entrenched. But MS doesn't need to pay to get the law, they just have to let EU companies try out alternatives until they go back to being slowly boiled with MS. The EU is looking for excuses to excuse MS because everyone decided the price we all know now is worth paying to get access to a full ecosystem that fills all other needs.
Effectively the EU is "paying" MS to stay, not the other way around.