Apple’s war in Europe

Some say good government is less government. Others have a different point of view. But the least you should be able to expect from any kind of governance is that following one law doesn’t force you to break another. That is, unless you’re Apple and the laws are made in Europe.

In a letter seen by Computerworld, Apple Vice President Kyle Andeer has come out swinging against yet another investigation into the company’s business. Apple faces a pair of inquiries under Europe’s Digital Services Act (DSA), a sprawling piece of legislation that pretends to make the online world safer and probably won’t. (UK legal firm Slaughter and May offers a useful guide here.)

Apple comes out fighting

The problem is that the two investigations arguably reflect requirements made under the DSA’s companion law, the Digital Markets Act. Apple isn’t happy, and its latest furious complaint against EU regulators pulls no punches in pointing out the futile and contradictory hypocrisy in play. 

“We are concerned that these new inquiries are cynical attempts to distract from the core problems caused by the Commission’s misguided DMA enforcement efforts,” the letter says.

As part of an initial investigation, the European Commission has thrown Requests for Information (RFI) at Apple. These say regulators suspect that Apple:

“Has not put in place reasonable, proportionate and effective mitigation measures tailored to this specific systemic risk [of the dissemination of illegal content related to financial scams through App Store].”

“Has not put in place appropriate and proportionate measures to ensure a high level of safety and security of minors on their service.”

Apple helpfully points to its extensive and provable track record of having put numerous protections in place to protect customers and their children, while also pointing out that the Commission has made the task far more challenging in how it applies the DMA.

Apple is the world’s safest ecosystem

“We find it difficult to square the premise of these [requests] with the Commission’s aggressive interpretation and application of the Digital Markets Act (DMA). The Commission has consistently taken positions under the DMA that undercut Apple’s ability to protect its users,” the company said.

“Apple has always focused on protecting its users from bad actors on its platforms and in its App Store. For almost two decades, we have been investing heavily in systems and processes to identify risks of financial scams, apps that could potentially harm children, and other apps that we believe pose risks to our users on iOS and iPadOS. We have taken a number of steps to protect our users from harm — whether the risk is at the app level or the payment processor level.”

The extensive letter points to numerous things Apple already does. From App Store and App Review and beyond, its approach helps control fraud, prevent distribution of pornography, and defend against malware. But, of course, the Commission is actively eroding these protections with the DMA.

Europe is fundamentally undermining itself

“The Commission has forced Apple to change that successful approach — while simultaneously refusing to allow it to implement proven safeguards that have helped ensure that iOS users are better protected from malicious actors than users of any other [approach]. Without those protections, risks to users on our devices will inevitably increase.”

Apple also warns that giving developers permission to link out of their apps to wherever they want to link without any significant protections also threatens user security. Needless to say, this is precisely what Europe has demanded Apple do — a move that will inevitably expose people to additional risks. Europe is also insisting Apple “fundamentally undercut” many of the tools it currently uses for parental protection and control, even to the extent of refusing to permit Apple to institute key safeguards. 

“For decades, Apple has been meeting the challenges of an ever-evolving threat landscape by constantly innovating to keep our users safe from harm. Our efforts have made iOS the most secure mobile platform,” the company, quite justifiably, explains.

Apple also points to some of the big companies that have undermined the very protections the Commission now claims to want to encourage.”

European enshittification

“The Commission has made the App Store less safe for users: It introduced new vulnerabilities and undermined the protections Apple has long put in place to protect users of the App Store,” Apple said. “At the same time, the Commission has done nothing to address abuses by developers. Authorities in the United States have condemned Epic Games, Match Group, and other developers for misleading and deceiving users (specifically including children, in at least one case). The silence of the Commission has been deafening. It has turned a blind eye to these abuses, as they would expose the hypocrisy of the Commission’s approach to the digital marketplace. The loser is the user.

“It does not make sense for the Commission to press Apple to protect users, including minors, from fraud within the App Store while at the same time requiring Apple to create functionalities like link-outs and web views that increase the risk of fraud without necessary safeguards.”

Where’s the consistency?

“The Commission cannot both prohibit Apple from taking the steps it has found essential in mitigating the risk of scams and fraud on the App Store while simultaneously scrutinizing Apple for not providing even more measures to mitigate these risks on the App Store.”

Apple is quite evidently in a Catch-22 situation. On one hand, it’s being forced to introduce fundamental insecurities into its platforms, while at the same time facing punishment for what it is required to do. Central to all of this is what appears to be a commitment to denial on the part of Europe, which can’t even accept, for example, that many fraudsters play a long game; that is why intentional use of third-party payment systems with multiple layers of approval is so important when it comes to NFC.

What next?

With that total lack of consistency, Apple will surely see the cost of doing business in Europe increasing fast. So, when will it become so burdensome and expensive to do business in Europe that it becomes worth quitting the market? 

This has to be a question Apple’s senior leadership teams must discuss at morning meetings as Europe’s regulators hammer Cupertino with contradictory and inconsistent requests. If European voters feel like the long wait for Apple Intelligence was painful to them, just how will they feel in the event Apple chose to withdraw some products and services from that market entirely?

Perhaps Europe’s Parliament, which hires the leaders of the Commission, might want to consider that in the prelude to the next election in 2029.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.