Apple said "hey, can we not comply with the law", the EU said no, so it didn't launch. Seems pretty straightforward to me.
I can see why Apple might want to request an 18 month exemption, there's clearly extra work required to comply with EU regulations. But on the other hand it also feels like a straightforward play for consumer sympathy: let them get used to using it every day for 18 months, then pressure the EU to let it continue or you rip the feature away and anger users (who you then point to the EU as the problem)
It's not as if Apple doesn't have the money to dedicate a team to matching the EU's requirements on a deadline. They just choose not to.
> It's not as if Apple doesn't have the money to dedicate a team to matching the EU's requirements on a deadline. They just choose not to.
Exactly, that's actually why I LIKE this decision so much. I'm not on Apple's side, but I REALLY like the idea that a company just says, "Fine, we'll comply by not even offering this product." It's a perfectly legitimate choice, and it FORCED Apple to evaluate the pros and cons.
I want more companies to not get exemptions and thus not offer law-breaking products. I LIKE that the government is saying, "fix it or don't bring it here" and Apple just has to live with it. I like that Apple also is refusing to just bend over to the EU. We need more of these types of conflicts so we can work out good regulations, and not just always bend over and take it from whatever party won.
While I like a lot of Euro regulations, some of the privacy ones go too far with the whole "we're going to enforce this on the whole world" crap. I like California's method of "to sell it here you have to have this but we're not going to sue you for selling a noncompliant product elsewhere."
Yes, exactly! Also forced EU voters to consider how much they value these services, and whether the regulations are worth it not to have them, or to have watered down versions of them. I say this without judgment - I see it as a legitimate area of consideration.
I think the worst is hugely impactful laws for which exceptions are constantly carved out so nobody can truly evaluate whether the law/reg is a good one or not.
> Also forced EU voters to consider how much they value these services
It's been a while since I left Europe, and I'm rusty on that particular layer of civics. Do EU voters actually have a say in this kind of regulation? Or is it all decided on the executive side which is only accountable to member states and not to individual citizens?
It might be that we have a say, but there are a lot of decisions happening in Brussels that it "feels like" we, EU voters, don't have a say in. Such as:
- Chat Control
- Vehicle regulations (mandates on "eCall", disturbing audio visuals and other "safety measuers) in Regulation (EU) 2018/858
- Eventual upcoming ethanol restrictions
- Ban on plastic drinking straws
- Drink caps that are stuck to the bottles
- Ban on plastics with one hand, on the other handd there are huge plastic enclosers for batteries, scissors and in countries with a "green" profiles, such as Netherlands it seems impossible to just buy one or two apples - you have to buy a emplastered six pack of apples (lots of waste if I just wanted one apple).
Maybe this is just a fantasy, but drink producers were previously responsible for their "waste". Bottlers would pick-up and recycle glass bottles, but the onus shifted completely to the consumer - first with a glass bottle deposit, then with the advent of disposable plastic containers. Glass bottles largely didn't require a straw, unlike the latest frappuccino, which generally comes with a plastic container, lid, and soggy paper straw.
Instead of banning plastic bottles or unrecyclable plastic-lined paper cups (or, as you mention, apple blister packs...what?) where the vast majority of plastic resides, we now have paper straws to deride. Each time you peel your lips off a dry paper tube, you're reminded of your personal culpability in the global waste shell game.
The only viable solution seems to be to stop consuming (see 'fantasy' in the opening line). I'm guilty as charged, BTW, but will politely decline paper straws (I have my own stash of plastic straw contraband).
I don't even know whom they try to fool (apparently, they are succeeding in many ways...), but as you mention.. they (the politicians and institutions) complain about nanoplastics, and at the same time moves towards a plastic world. It is hypocrisy of many degrees. Milk containers used to be only paper, but now they are both paper and plastic for some reason. It's hard to find drinking bottles that are glass as they most turned plastic (I do, however, choose metal before plastic due to taste).
Drinking straws.. in the super market it's now possible to buy "reusable" (Made in P.R.C) drinking straws for a really cheap price (that they are in practise, one time straws)..
the idea was to have less of those things people buy and consum on the way and throw them away and the wind puts them put of the trash and now shitload of plastic everywhere ....
i switch between clean beaches in europe to cigarrete and plastic straw infested ones on other parts of the world.
As a european i like thos clean beaches etc
Have to say I love the drink cap thing. It makes a lot of sense. The caps wind up everywhere so the regulation probably/most likely does some good (have not seen any data so who knows). But once you get used to it you appreciate not being able to lose the cap. Straws seem pretty useless to me in general so why not avoid plastic? but that is probably a me problem. Plastic on fruit is annoying as hell but it is not a mutually exclusive problem.
If you don't personally find straws useful that's fine but why should something like that be dictated for everyone else let alone at such a high level of government and without a direct vote by the citizens?
To make matters worse the expected environmental impact is miniscule and the entire thing is predicated on a popular misconception that gained virality. It's a perfect example of the government failing to function well.
Is that really a perfect example of a government failing to function well? In what country government does every action require a direct vote? Representative democracy is by definition imperfect.
Bet you can think of a better “perfect” example of a government failing to function well. It all depends on which government you are referring to but the best example to me would probably be a government needlessly bombing another country. Not a ban on plastic straws.
Who said anything about a direct vote for every action? You're putting words in my mouth.
Yes, I think it's a particularly good example of government dysfunction. The issue itself is simple enough to easily make sense of and it's clear that it's a suboptimal outcome. The regulator should obviously not be getting caught up in nonsensical hype.
Don't confuse impact of the described action with quality as an example. The best examples of mathematical concepts are usually not particularly useful for anything in the real world.
> If you don't personally find straws useful that's fine but why should something like that be dictated for everyone else let alone at such a high level of government and without a direct vote by the citizens?
That is cleary advocating for something as small straws being worthy of a direct vote.
Is there a reasonable expectation for government to be mathematically optimal in any possible way? Why should I not confuse your example as an example?
>"why should something like that be dictated for everyone else let alone at such a high level of government and without a direct vote by the citizens"
Not the user you were replying to, but they clearly asked why it was done at high-level, and without a vote; you are completely focusing on the latter, and ignoring the former.
I am not sure I agree with that comment, but you shouldn't straw-man it.
Don't know where you get your apples but I can buy 1 if I want. Just not at the supermarket since they optimise to sell you more than you need. No regulation involved here.
I believe it was both in Albert and Aldi (during 2023). Felt really awkward to waste fruit, but that's nice that there are sanity among other stores. I get it that folks can be annoyed when I hand pick my potatoes at the grocery store to match for size and to have good coloured exemplars, but to pick and choose is one of the few delights buy groceries.
The ideal solution for all this is would be what the Japanese have: a population trained to just throw garbage in the bin instead of on the ground. I don't think I've heard any politician who is even considering measures to get there. He would get my vote.
> It might be that we have a say, but there are a lot of decisions happening in Brussels that it "feels like" we, EU voters, don't have a say in.
Well... your government certainly has a say in Brussels. Often enough, national politicians use "Brussels" as a scapegoat... nothing can happen in Brussels if national governments (or the Commission) don't propose it first, the Parliament has no right to initiative.
If people would stop electing dumb fucks to national governments or to at least hold their dumb fucks in national governments accountable (yes, it is possible, even Hungary managed to do so), you'd get a lot less "Brussels" bullshit.
(And yes, I am aware, this statement is particularly ironic given I'm German and we were utterly infamous for shipping off utter wastes of space to Brussels)
> and in countries with a "green" profiles, such as Netherlands it seems impossible to just buy one or two apples - you have to buy a emplastered six pack of apples (lots of waste if I just wanted one apple).
That's a Dutch specialty. Here in Germany, I can buy single apples, pears, bananas or whatever just fine if I want - although I don't because apples suck.
If I were to guess, it's a logistics thing. Sixpacks of apples are easier to handle and transport than a bunch of loose apples.
Not sure where you live in the Netherlands, but where I live we have plenty of places where you can buy single pieces of fruit. Maybe it changes per supermarket.
They do have a say. They can elect representatives who could change the legal framework and the incentives for the bureaucrats, or even remove the ability of the bureaucrats to regulate certain things. Then these regulations would not get passed and that would be that.
We have a say at a 4th level of derived decision, which is 2 levels more than what people call a democracy. Also, the other political party will do it too.
= We don’t have a say. We voted NO to the new EU treaties in 2008 and the new president decided that electing him meant that we approved the same treaties.
The lower chamber of parliament that votes on the regulation is directly elected and can rewrite and amend proposals. The higher chamber (EU Council) is comprised from government (or state?) heads which are either directly of indirectly elected with a length of 1. The commission (executive branch) that drafts the laws that are amended and passed by the parliament is voted in by a parliament which is directly elected.
Where do you get 4th level of deriviation exactly?
But MEPs can't even introduce legislation, they have to get all of Parliament to ask the European Commission to initiate legislation, and the Commissioners are pretty far removed from direct election. Nobody elected by the citizens can initiate legislation.
Not sure what other mechanism would be possible for creating a rule system like the DMA presuming that the EU countries remain independent. Treaties are too slow, and direct democracy on an issue this complicated is the realm of science fiction (see Alastair Reynolds' Revelation Space universe for a take on this -- particularly the Demarchist faction).
Tons of people have died for a variety of causes throughout human history. It does not mean that the causes were not silly or deluded. (e.g religious wars, Communism, Fascism etc.)
Carlin didn’t say it was silly, he said it didn’t matter. Religion, communism, fascism were all world-defining ideas, and they very much mattered to those who fought for them and against them. What am I saying, “mattered”. Go check social media, they matter right now.
They cannot. The EU Parliament cannot pass, change or repeal laws. Its representatives can't represent.
If you mean elect national representatives, then the EU treaties were deliberately written to only give them one option - exit entirely and be trade sanctioned by the others as a result, who must obey constitutionally even if it's self harm and they don't want to do it.
The EU is designed from the ground up to look slightly democratic from a distance without actually being so. Ordinary people living and working in member states have zero influence over these kinds of regulations which is why stuff like the DMA doesn't reflect their actual legislative priorities, which according to polls for a long time are primarily economic and immigration related, sometimes climate.
If you look at how the political class treated Brexit, you can see why it's so hard to influence these decisions.
If it's not in the EU parliaments jurisdiction, it's in the EU council's. As a rule, all members states have to be democratic and you can simply vote out your EU council member i.e. your head of state. It is democratic.
The EU Councils decisions are taken in secret. You have no idea if it's democratic or not, nor does it matter even if they do hold a vote because by convention none of them ever campaign on the decisions they make there.
To see this, try and find out how Ursula von der Leyen ended up the most powerful woman in Europe. What qualified her for that, who were the alternative candidates considered, what was said during the debate and by whom.
You can't because the entire process was secret from end to end. Was she even voted on? Nobody knows.
Again, the EU is designed to pass itself off as democratic without being so. But so is China.
Ah but look closely at those votes - do you see anything strange about them? Anything at odds with the idea that they are being cast by directly elected heads of government based on national policy programmes?
Edit: Nevermind, I'll be more direct.
What you linked to isn't the European Council that has elected heads of state in it. It's the votes of the Council of the European Union. Yes, this naming choice is astoundingly stupid, and because it's never been fixed despite many decades of confusion there are many who speculate the confusion is deliberate. It creates exactly the kind of false appearance of democracy that's tripped you up here.
The European Council, the one with Macron, Merz, etc in it, doesn't publish anything about their decision making process. There probably aren't votes. They don't approve or disapprove laws, either. Officially they decide things by consensus. Unofficially nobody knows because they all swear each other to secrecy.
The laws are approved by the Council of the European Union who are, theoretically, still ministers from the different governments i.e. a vote on a trade law would have trade ministers. In reality, that's not how it works either. You can easily verify it. Here's a random law that got approved recently by the 'democratic' parts of the system, on "the welfare of dogs and cats and their traceability":
1. Why does dog welfare have to be imposed on members via transnational law they can't change?
2. Why are nearly all the votes of the Council passing with 95%+ support, all the time? Aren't they supposed to be from different political parties in different countries?
3. Is it really plausible that elected trade ministers from all over Europe travelled somewhere, met and had a meaningful debate about dog welfare?
The answers are respectively:
1. It doesn't and shouldn't.
2. Because they aren't real votes.
3. https://agenceurope.eu/en/bulletin/article/13873/27/eu-counc... says "The EU Council adopted the regulation ... without debate." (note the same naming confusion in the EU's own websites - they use "EU Council" to mean the body that approves laws, which isn't the body made up of heads of state that calls itself the European Council).
This law was waved through by some low level civil servants on behalf of the ministers. Probably neither group even read it. As is true for almost all EU law: most of the work is done by lobbyists.
So, when people tell you the EU is a democracy because of the Council, think about that. Or just ask them which council they mean, because they probably don't know themselves. Fun fact: there's also the Council of Europe which isn't connected to the EU at all.
You're correct on me posting the wrong link sorry. Thank you for the detailed reply.
But I disagree slightly with your take on the secrecy thing. Many of those discussions are diplomatic or internal administration. It is normal for these things to be kept private even in domestic governments. As it can put the state at a disadvantage to have the matters disclosed publicly (the state acts on behalf of the people).
There seems to definitely be shortcomings in transparency however on legislative debates like you mention, and should atleast have a period of public consultation on all of them. Also the presidency sets the talking points and just ignore legislative proposals they don't like.
It is democratic but yes I 100% agree it's entirely open for abuse, and I'm sadly sure is being abused. Separately and unrelated, imo lobbyists should not feature on the system at all.
Legislative matters are supposedly not secret and appointments can be (whether it's wrong or right is a bit grey imo, and that isn't a good thing).
1. The European Council
The European Council primarily decisions by consensus. However, where the EU treaties specify a formal vote, certain appointments allow for or require a secret ballot.
When it is used: Secret votes are strictly reserved for specific appointments or personnel decisions, most notably the election of the President of the European Council.
Legal Basis: Article 4(4) of the Rules of Procedure of the European Council states that a secret ballot shall be held if requested by any member of the European Council supported by a simple majority.
2. The Council of the European Union
Because the Council of the European Union acts as a legislative body, its operations are bound by strict transparency requirements under the Treaty of Lisbon.
Legislative Debates: When the Council deliberates or votes on a draft legislative act, the meeting must be public, and voting records are made visible. Secret votes are prohibited for legislative matters.
Non-Legislative/Administrative Matters: Secret ballots are permitted only for specific appointments or selections to individual positions (such as nominating members of the European Central Bank Executive Board or Court of Auditors) if a member state requests it and the decision receives majority support to proceed secretly.
And dog welfare being across borders make sense legally (single market) and ethically.
It's a constitutional fact. The most they can do is propose amendments to laws proposed by the Commission, but the Commission drives the whole process and isn't required to accept them (worst case, they just cancel the law and then try again later).
There is literally nobody you can vote for to if you want to repeal the DMA.
You get to vote for one of ~5 alternatives every 4 years. This then propagates to hundreds of decisions in a way that dilutes your influence to practically nothing.
Yup, but laws have to be approved by the EU parliament and that's not just a formality. As I said, I do think it is valid to critizise that system, but what you stated is plain wrong and even when I pointed it out you wouldn't admit it.
You have anything to back up that claim, or is it just knee-jerk drivel with no evidence based on your feelings and distrust of scary government bureaucrats?
And how is that different from any other governmental level? Seriously, we in Berlin got a freeway that nobody I know wanted or wants. It's not the EU's fault.
I think you mean DMA, not DMCA. DMCA mostly protects copyright holders. DMA is about protecting users and competitors from platform lock-in. Bending for Apple would just make that lock-in harder to challenge.
DMCA provides some rather important protection for service providers (including small-scale services like web forums, not just ISPs and web hosts) - it makes them not liable for copyright violations by their users, so long as they take down infringing content upon receipt of a DMCA notice.
Precisely. What it replaced was rightsholders suing web services (like a forum or web host) as a first resort, which was a much more cumbersome and painful process for all parties.
> If it was more painful for the suing party, it was a good thing.
It's a lot easier for a large plaintiff - like a record label, a movie studio, or a software publisher - to file a lawsuit than it is for a small defendant like a web site operator to defend against one.
I totally agree cookie banners are awful, but you could equally lay the blame at the foot of website owners who are so keen to track your movements across the web that they'll layer this awful UX on their users. No tracking cookies => no cookie banners.
Yes, European Commission decides the laws. Then a “trilogue” negotiation happens between the Commission, MPs, and EU government representatives, but the MPs don't hold the pen on the final wording (Commission does).
MPs can't therefore repeal laws; they can at most ask the Commission to set themes on the program. The Commission is therefore strongly dominant, as it is composed of career unelected officials who can wait for a compliant Parliament to pass the laws they want and target MPs in negotiations. This is what they do with ChatControl.
Of course there are no checks and balances for the Commission officials, who are bureaucrats with an opaque agenda. The EU is a weak form of democracy, which is geared toward bureaucratic capture and legal inflation.
It's a bit complicated to feed more stability into the system, but then this gets hijacked by national governments as an excuse to never take any blame for any shit that follows. Everything good is us, sovereign entities and all that is bad is always the other people in Brussels. Even zo the people in Brussels are mostly deputies of the same people or just themselves, but 26x.
It's not true, the Parliament can't choose the laws it has to vote on. All negotiations are done behind closed doors, in a truly democratic and transparent manner, that allows us to lecture the rest of the world on how to govern.
The parliament can't choose the laws that are submitted, but it can and does change the text of it all the time. I don't think the actual discussions are ever public in any other modern democratic body anyways.
This isn't exactly true. They can't propose but they can amend. The final text has to be agreed by the commission, the lower chamber (the parliament) and the higher chamber (the council, which is heads of states).
I'd argue the average EU citizen has absolutely no idea how any of the Brussels bullshit works in reality. We learned it in school once, very briefly, just long enough to learn it is a clusterfuck of chambers. We are told it is democratic, and that's it. Once you get older, all you hear is: Brussels forbids this, forbids that. The EU is ripe for disruption.
As EU voter, I couldn't care less that Apple behaves like a spoiled brat when it comes to following laws it doesn't like, it is one customer they will never get.
I only use Apple hardware that is project assigned to me, my household is Apple free.
In fact, this applies to every single company that thinks they should control governments and not the other way around.
That's not exactly how I would summarize the current moment in time.
This OP article doesn't really go into it, but they did actually propose a solution to the divide, they just needed more time to develop it. The Reuters article is reporting on one person's response to the proceedings, which involve more details than this particular article covers.
For instance:
> To address those concerns, Apple designed a system called Trusted System Agent, an intermediary that would let competing virtual assistants safely access the same features and capabilities as Siri AI on EU devices. Apple also proposed launching Siri AI in Europe while rolling out the Trusted System Agent gradually over 18 months. The European Commission rejected both proposals, and according to Apple, did not agree to any alternative.
That only reinforces my argument. Apple could have waited, but they decided to go ahead now and bring it to the EU later when they can address the concerns. That's great, that's the law working.
Jurisdiction concept is not strictly bound by territory. Classic example is two parties based in two jurisdiction dealing with each other somehow.
Imagine there is a law in your jurisdiction saying if you hire a person there are rules A, B, C which are a bit inconvenient to you, the employer. What if you incorporate in a different jurisdiction where the salaries are higher but there are no rules B and C, but there are rules B and D. Then this incorporated entity offers to hire people in your jurisdiction, but not offer the higher salaries of the other one.
Which rules should apply? The answer, as usual, is -- "it depends".
GDPR also applies to companies that provide services to EU citizens, no matter where the company is based.
This makes a lot of sense, because otherwise you'd get situations where Multi Corp X could claim, "Oh, but our Berlin office is actually offering this service hosted in Kiribati. We just happen to have German users" and not offer access to personal data.
Seen as enforcement is through fines, companies that do not have an EU presence are completely unaffected. So even if technically true, in practice claiming that there's global reach is false. Concretely, no one is going after a hypothetical Baton Rouge Herald for not providing an opt-out of data harvesting on their news website.
I know about that. These situations are logical, if you'd ask me. The OP suggested EU law works where all parties involved are outside EU. Like EU playing world police, or something.
> And as a consumer, I am somewhat happy that a company says "well, then not" if it cannot comply with the law.
As a citizen, I find it both fascinating and disturbing that this is even a thing. Of course companies have to follow the law. Why is this even a thing? If the product fills a real need and the externalities are acceptable, that will be a demonstration that the law needs an update.
Yes. If a company in another country elects not to deliver a product or feature because of local regulations, consumers should take that up with their local legislators. That company has no obligation to sell something just because local consumers want it. And if those consumers want to bypass local regulations in some manner, that's their business.
Totally agree. Granting exemptions feels like trying to have their cake and eat it too. If regulations mean anything they need to be enforced so we can see the real downstream effects.
> I want more companies to not get exemptions and thus not offer law-breaking products. I LIKE that the government is saying, "fix it or don't bring it here" and Apple just has to live with it.
The idea that there is such a thing as "law-breaking products" when consumers ACTIVELY CHOOSE TO SPEND THEIR MONEY ON THEM is insane to me. This is authoritarian nonsense.
It is not the state's place to tell people what they should or should not be allowed to buy.
> The idea that there is such a thing as "law-breaking products" when consumers ACTIVELY CHOOSE TO SPEND THEIR MONEY ON THEM is insane to me. This is authoritarian nonsense.
Remember Silk Road? You could order cocaine, heroin, and even execution contracts, which the founder himself go caught doing. I don't think making something illegal to buy is authoritarian nonsense. I don't want people ordering a murder on me from Uber Hits.
FWIW, the contract-for-hire charges were never prosecuted probably because the agents who cajoled Ulbricht into setting it up were eventually convicted of stealing bitcoin from the operation. See: https://reason.com/2016/08/02/ross-ulbrichts-conviction-sent...
> It is not the state's place to tell people what they should or should not be allowed to buy.
You will always find people willing to spend money on anything. The whole point of politics is that we have to draw a line between what people want to do and the effect that it can have on other people. To put it simply, if your freedom affects mine, then someone needs to decide how far you can go and how much I have to accept.
We commonly accept that scams are bad, even though someone might participate willingly, just because it is much more likely that someone is taken advantage of in a way that most people find immoral, for example. Even in bastions of free speech such as the US. That someone somewhere knowingly gave money to someone else is neither here nor there.
The most extreme example would be child prostitution or child porn, in my opinion.
But I guess it would be authoritarian to deny people from purchasing such services/items???
You should remember that according to a court testimony the whole European area (which goes beyond EU) gives Apple 7% of their revenue, whereas breaking DMCA may incur penalties of ups to 10% of global turnover.
Those numbers make withholding "risky" products a no-brainer strategy. Also, those numbers put a hard limit of how much Apple will want reevaluate their general strategy of tightly integrated first-party software.
Google eng mgr here. I've worked on a few projects related to compliance with various government policies. This isn't "assign a two-pizza team to it, will be done in a quarter"; these types of compliance efforts can mean completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc. These efforts can involve hundreds to thousands of people for multiple years.
Sure, there's a messaging component to this. However, any company that isn't trying to just skirt the law will aim to do this sort of thing correctly, and it's an enormous effort.
To me that reads as an even greater reason not to delay it. If you knew the restrictions day one you’d be able to engineer the system to accommodate them. Waiting until post launch now means a massive amount of re-engineering.
I know it’s not quite as simple as that but I do think it shows Apple are more interested in blaming the EU than reducing the potential issues ahead of time.
> If you knew the restrictions day one you’d be able to engineer the system to accommodate them
This slows down deploying the system globally. Particularly if the target is moving, it may make sense to build lightly so one can pivot, and then build in the compliance stuff after you know you have a winning configuration.
The EU has its laws. Apple has its strategy. The only thing I fault anyone on is the public bickering.
If Apple is so pro-privacy like they claim, then they'd look for the most strict international privacy laws and abide by them. Then they could feel safe in knowing they could release the product anywhere. The fact they want to make the product available under the "rules" of the least privacy protecting countries first says a lot to me
The EU isn't asking for more privacy. This is about interoperability and competition. They don't like Apple controlling the AI interface and want a portal. They want Apple to put a backdoor into their system to allow third parties to access the data. This is insanely difficult to do while maintaining Apple's super-strict (yay!) privacy policy.
> If Apple is so pro-privacy like they claim, then they'd look for the most strict international privacy laws and abide by them. Then they could feel safe in knowing they could release the product anywhere.
Those are not equivalent statements. You're assuming that privacy is a one-dimensional quantity, so that anything that complies with "the strictest international privacy laws" automatically also complies with any other privacy laws. But this is not actually true. It can easily be the case that every national law allows some set of behavior (different sets for different legal systems), at the same time that the intersection of all those sets is empty.
How does that reflect poorly (or positively) on their privacy chops? The dispute is about a competition law, a law Apple is complying with by withholding this feature.
Its because the standard product development strategy is to get the product into the hands of users to determine value and iterate based on feedback.
The EU has rules that are expensive to implement correctly, so if you want early feedback from users, you release elsewhere first. It's a very rational way to approach it.
Apple's concern is at the intersection of DMA and privacy. Apple is worried that other parties having the same level of data access that Apple has today would create privacy issues. This is because Apple's current privacy posture is "Trust Apple with your data" rather than "Trust no one with your data - including Apple", but that would be less profitable, but would have prevented the request for an exception because Apple would be on an equal footing with everyone else, if all they could see was client-encrypted data indistinguishable from random bytes.
That's the crux of my point; Apple could have solved this on day zero if they had a consumer-centered threat-model and/or considered user data to be a liability rather than a hook for service subscriptions.
> The problem is the work it takes to solve it isn’t worth the hit to time to market. (And possibly even the cost.)
I don't consider this to be a problem, but the DMA working as intended and preventing gatekeepers from competing unfairly.
> Apple could have solved this on day zero if they had a consumer-centered threat-model
Consumer-centered threat model is perfectly well served with on-device models and Private Cloud. What isn’t is interoperability.
> the DMA working as intended and preventing gatekeepers from competing unfairly
I agree. And at the end of the day, Apple is following the law. I am sympathetic to their position, however, that this isn’t something worth building and optimizing for at launch. If we wanted to be rose tinted, EU consumers will get a fully-baked product. (EU developers get somewhat screwed, but I suppose their offshore offices could start.)
> This slows down deploying the system globally. Particularly if the target is moving, it may make sense to build lightly so one can pivot, and then build in the compliance stuff after you know you have a winning configuration
This kind of approach is how startups justify everything, however for established companies this would be backward.
I get a feeling that Apple never wanted to do it. They already knew the compliance requirements existed and if they would have wanted to test things then the narrative could have that they are rolling out in other markets first and would roll out with compliance in EU later. Asking for exemption was a bet they tried to play here, they lost and now spinning the narrative.
Nothing usually gets fixed by making belligerent appeals to emotion in the court of public opinion (which, in the EU, isn't nearly rooting for Apple as much as they might imagine, fwiw). If you want to launch something in a market you know to be heavily regulated, you figure it out or you don't launch. Sure, drop a hint here and there when asked in interviews about your product strategy, but you generally don't pick a public fight with the regulator or legislator in question.
Just imagine a European bank publishing a press release about how onerous the US credit card consumer protection laws are, or a Japanese car maker publicly whining about European car safety testing protocols delaying the market release of some of their models. Apple really is behaving in a very unusual way here.
And even though I don't like the implication of this (the law should not disadvantage anyone purely for being critical of it), I can't help but wonder how many fewer pages the DMA would be if Apple had engaged with its predecessors in good faith instead.
> imagine a European bank publishing a press release about how onerous the US credit card consumer protection laws are, or a Japanese car maker publicly whining about European car safety testing protocols
Both of these happen. European banks complain about American securities law. And all manner of car makers delay releasing vehicles in America and the EU.
Yet. But they are probably working with Chinese partners (including the government) on releasing something (maybe with Alibaba models instead of Google models, on a Chinese-local cloud rather than google cloud).
A quick check showed it is estimated that Apple gets about 18% of it's profits from China but only maybe 7% from EU countries (ignore Apple's definition of Europe!).
Maybe China is easier to work with - perhaps their rules are made clearer?
China has 1.4 billion people and they are rapidly increasing their wealth. The only surprising factor is that Chinese cell phone producers haven't eaten up apple's marketshare yet.
I imagine complying with all kinds of laws and regulations slows releases in some way or another and having none of them would allow people to ship faster, so what makes these EU regulations so distinct? Do what you have to do to comply with the law and release, as always.
> complying with all kinds of laws delays release in some way or another and having none of them would allow people to ship faster, so what makes these EU regulations so distinct?
DMA was designed to be a comprehensive regulatory suite. Lawmakers knew it would be onerous; that’s why it only applies to large companies.
Also, the DMA’s interoperability requirement creates external partners. Let’s face it, Apple’s track record with Siri sucks. If they launch a system and it is crap again, they may not now want an entire ecosystem of folks who will cry foul if they dump the API and start over.
> Do what you have to do to comply with the law and release, as always
Just follow the law. If that means not releasing in a jurisdiction, do that and then don’t tweet snotty things about it. (Siri AI isn’t launching in China, either. I don’t see PMs complaining about that in public.)
No one complains (out loud) about US regulations either. Ultimately it’s about the weight you can throw as well as PR. Probably easier for Apple to make the EU look bad and drag their feet on it. I imagine they’re still not thrilled about the Lightening->USB-C change
Apple was literally the first major company to go all-in on USB-C. They shipped entire devices that only had USB-C ports.
If anything, I would wager they were happy about it. They were going to have to do it anyway, and it would inevitably cause friction for users who were already invested in Lightning cables and third-party devices. The EU forcing this just meant they could shift the blame for any negative sentiment onto the EU.
They weren’t all-in or first because they refused to add them to their mobile products until years after everyone else. They fought tooth and nail against integrating it into the iPhone until the EU forced them to. It’s well documented. The MFi program - namely the associated accessories - was very important to them.
Putting USB-C on their laptops in 2016 is a different discussion and it wasn’t a tough decision because none of their computers had lightning integrated into it anyways. If anything we should be asking why they did that and then took 7 years to put them on their phones. They could’ve had one port for literally everything since 2016 and yet the EU had to force them to do it.
We know why it took seven years. For the same reason it took ages for them to replace the 30-pin: Lightning was good enough for what users needed (and was better along some axes), and users had prior investment in an ecosystem of Lightning devices, cables, adapters, and accessories. iPad Pro went USB-C in 2018, MacBooks in 2016. Apple was clearly sold on USB-C, they just had a stranded install base problem on the iPhone.
If you want evidence that Apple was going to move to USB-C anyway, consider that at no point after 2012 did they invest in improvements to Lightning. They never upgraded the protocol speeds, never pushed higher wattage charging. That’s not the behavior of a company that wants to extend a platform’s life.
When the EU forced the USB-C switch, Apple notably didn’t fight it as hard as people assumed they would. The EU handed them a smooth exit ramp on a platter.
So win-win. EU consumers get a fully-baked, slower-rolled-out product. American consumers and developers get to see it earlier, warts and opportunities and all.
Okay? I don’t see the problem, these requirements are known from the beginning so if complying wasn’t planned and requires re-architecturing the software to make it happens that’s on the engineering org not on the EU regulator. Unless I’m missing something?
The point is complying with the DMA from the outset could mean having to launch a year later everywhere. Skipping the EU makes sense in a fast-moving market (if you’re designated as a gatekeeper).
> Skipping the EU makes sense in a fast-moving market (if you’re designated as a gatekeeper).
Skipping the EU makes sense if the company doesn't want to comply with regulations aimed directly at it.
> complying with the DMA from the outset could mean having to launch a year later everywhere.
Oh no! Anyway...
Once upon a time, companies delayed launches specifically so they'd launch a better product. That seems to be gone these days and end-users have garbage products as a result.
If, like me, you specifically do not want third parties inside the Apple ecosystem, Apple has done a great job. I totally hate the EU's insistence of tearing down Apple's walled garden. That is a huge reason I like their products so much.
Interoperability only requires Apple to allow third parties to have the same capabilities that Apple does on your device. It doesn't require you to purchase or use a third party service or device. It merely allows you to have that choice in the first place.
> Skipping the EU makes sense if the company doesn't want to comply with regulations aimed directly at it
It makes sense if you’re prioritizing time to market and agility. Once you’ve nailed down your product, you can make it compliant for more-onerous jurisdictions. You see this in finance all the time, where the U.S. tends to have the tightest rules around e.g. betting and crypto.
> Once upon a time, companies delayed launches specifically so they'd launch a better product
Because software shipped in a box. Also, compliance is orthogonal to how good a product is. Siri AI might be crap. It might be great. It might be almost perfect and then made great on second release. Everything slows down if the entire development process has to deal with open APIs and lawyers at every turn.
It’s perfectly legitimate to say we’ll develop this in other markets and ship it to the EU when it’s fully baked.
> It’s perfectly legitimate to say we’ll develop this in other markets and ship it to the EU when it’s fully baked.
It's also perfectly legitimate to legally require business to slow the fuck down and consider how the thing will be used or abused, to make the product not crash for even just basic usages, and to put real safeguards in place against problematic scenarios.
But no, move fast and break things wins the day every day in the US.
Whatever Apple is cooking and however long its taken them, the DMA is not a surprise and they could well have been taking it into account from the very beginning.
These are relatively recent and may have come into force after development began, definitely after Siri development an initial integration into personal data.
I suppose if you think these rules are reasonable, you’d be happy to not have this functionality. The rest of the world will be happy to not allow third parties access to our data.
As a small developer, the cost to support something like this would be so overwhelming I wouldn’t consider supporting the EU officially.
> These are relatively recent and may have come into force after development began,
If it were the case, Apple would just say it (with receipts).
> I suppose if you think these rules are reasonable, you’d be happy to not have this functionality.
As a European Apple user I am absolutely OK with not having these functionalities, which I am 100% sure would not even work as advertised given the company track record.
> These are relatively recent and may have come into force after development began, definitely after Siri development an initial integration into personal data.
The DMA was substantially finalised by 2020, and came into force in 2023. Apple's AI thing was developed with the full knowledge that it existed. The issue isn't personal data here (that'd be the GDPR, and maybe to some extent the AI Act). The DMA is about _competition_. The EU's issue here is that Apple is giving its own AI thing a level of access unavailable to other vendors' AI things, I'd assume.
> As a small developer
You are not covered by the DMA. You'd need an EEA turnover of 7.5bn and/or a market cap of 75bn, for a start. And you'd also need to be a _platform_. The DMA only really applies to a few companies.
AS we all have complained, Apple has been working on Apple Intelligence for, roughly speaking, forever. Their private compute cloud thing and the protocols that protect it have, I bet, been in place for years. That's what you are missing.
The point isn’t that it’s easy or straightforward to do. The point is that one of the world’s wealthiest companies can spare the resources needed to comply with the regulations of one of the world’s largest markets.
> one of the world’s wealthiest companies can spare the resources needed to comply with the regulations of one of the world’s largest markets
At what cost? This is Apple’s second bite at AI. Giannandrea fucked up the first time. I’m honestly with Cupertino on not over complicating it the second time around. If they found the right mix of features and architecture, great, then work to port it to high-bar jurisdictions.
> At what cost? This is Apple’s second bite at AI. Giannandrea fucked up the first time. I’m honestly with Cupertino on not over complicating it the second time around. If they found the right mix of features and architecture, great, then work to port it to high-bar jurisdictions.
I totally agree with you in principle here, but Apple have a pretty large vested interest in not supporting interoperability here (and in the other cases, like Mac mirroring) so I honestly don't see that happening at all.
This is purely a lobbying move against the EU to get EU citizens/politicians to complain about the laws and get an exemption.
And to be fair, Apple's business model is currently structurally incompatible with a lot of the DMA (which I personally think is a good thing), so they kinda have to fight it for a while.
It doesn't _have_ to stop - the features just can't ship in the EU while these requirements are in place, which is exactly what is happening here. The law is working as intended, just not in the way the proponents thought it would.
It can be more than one thing. It’s a lobbying move, to be sure. But it’s also almost certainly a time-to-market and potentially cost-mitigation play, too.
I do take your general point here, but if you know you need to implement the DNA requirements then you need to build and plan for some of that well in advance of launch.
I guess I don't see how much time they gain unless they don't plan to ever release a DMA compliant version.
Having worked at Apple and similarly giant companies, the idea that "they have enough money to do it" is incredibly naive. Rewriting all the basic software primitives of the iPhone, or the Mac, or iCloud, or CloudKit, or choose whatever massive surface area this legislation impacts, is not a matter of simply spending enough. Doing so requires the time and attention of the very few subject matter experts who are able to competently do it. The true cost is to your strategy, your business plan, and your product roadmap.
So it becomes a purely business decision: Do we risk a 10% global revenue penalty to release this globally, do we release this everywhere the DMA does not apply, or do we simply not build it? And make no mistake, even if Apple moved heaven and earth to try to comply with DMA they are STILL RISKING the full 10% penalty if the EU decides against them.
Didn’t write “money”, wrote “resources”, but sure.
Yes, there’s a risk to releasing a product whenever you can be held accountable for that product. I understand that Apple seeks to be as unaccountable as possible.
So we ultimately agree with one another: Apple can do it, but doesn’t want to, for various reasons.
It's simply a prioritizing time to market over a global release. You tend to release into the most restrictive environments last and the most forgiving environments first, for obvious reasons.
> these types of compliance efforts can mean completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc.
Maybe the phrasing is unfortunate, but if compliance to the law requires a “redoing”, launching in that market was never a priority in the first place. That’s a completely legitimate choice, but usually companies whining about regulations are making a financial decision rather than an ethical one.
There wouldn't need to be a redo if the products had been built with compliance in mind. This law isn't something new; it's been around for years now. Not taking it into account from the beginning with the intention of operating in the jurisdiction means there's definitely intention to skirt. Particularly given the previous issues in the same department.
No one implements compliance goals for fun. If they didn't think they were going to have to comply, they wouldn't do it. If they thought the law would be overturned they wouldn't do it. Same if they thought they would successfully fight the law in court, if they thought consumers would revolt, if they thought that they were a Special Squirrel who would get exemption, or whatever.
Does this put them stupidly behind schedule? Yes, and bummer for them, but I highly doubt that a company as politically savvy, legally savvy, and wealthy as Apple would do this "by mistake".
I wouldn’t want to try and develop a sandbox for an AI that could protect the user and yet still be useful. Having an AI act on your private data but only in the way you want is hard enough when it’s a model that you control on hardware you own. Having third parties running AI on your private data requires a level of trust that I wouldn’t want in the hands of random developers in the app store.
It’s not an enormous effort if you plan for it. They clearly knew about this, and could’ve afforded to plan for it. Their whole shtick is locking users in, and DMA is their nemesis.
> completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc
So Google chose to be evil, now they have to rip all the evil out and redo it from scratch. Can't say I have any sympathy. Should have done the right thing from the start.
Yet Gemini had no issues to comply with EU's DMA and release on all phones?
Let's call it how it is: Android phones allow every competitor to run their chatbot in place of Gemini. Want Perplexity instead of Gemini? You can have it. Samsung launches with Perplexity as of late.
Apple? As always, went into "ay mate, too integrated, can't give the same APIs to competitors" lame excuse.
Appples architecture prevents them from seeing customers data (see Private Cloud Compute documentation). Data that Gemini Assistant (not referring to the distilled version Apple uses) see goes straight to Google. Big difference here.
Weird to say it but the only assistant with any guarantee for privacy by design is Siri at the moment.
That's not how the deal was announced. You don't pay Bs / year for a licence to gemini to send them your data. You pay that to run it on your own hardware, in your own garden, so the data stays put.
I know the internet is always anti big companies, but this is likely a "not worth it for now, we'll eventually do it" effort from Apple. The EU AI act is a mess, and the effort to simply know what they have to do to comply with it is likely going to take armies of people (not devs) and a lot of time, as the OOP said.
And the saddest part about it, is that Apple has the money and resources to sink into this. Think about all the small players that don't. This is yet again a miss for the commission, with the end result being an insidious form of regulatory capture. It sucks for those of us running small companies. Oh well.
I was referring to Google Gemini AI (their branding is horrible) - Google can see ALL of your interactions with their services - that's not what Apple gets to see
If the options are "launch in the rest of the world quickly and get to the EU later" or "launch everywhere at once years after the competition" PMs and execs are going to choose the latter every time.
I figured, just wanted to verify, because while the former seems like the obvious answer, it could be argued with a straight face that Apple's strategy is in fact the latter. Or something like it.
The third option is: launch in a way that is compliant with EU rules everywhere. Except they don't want that as they want to retain their outsized market power.
Apple is just being the usual Apple being both an hardware vendor and giving it's own software advantages that competitors don't have and using the security bogus argument as always.
And yet, people believe that crap and jump into defending Apple as if being an Apple user is their identity, sad.
But read the article, the EU wants even tighter integration for third parties, so it’s not exactly like Google is out of the woods regarding the DMA and this.
Some features don't land in Europe because US companies can't handle the amount of languages. For them it is English and maybe Spanish or Chinese because they don't care how heybmake money.
I assume you're asking this in good faith, so I'll answer in good faith.
Laws vary from country to country, state to state, and they vary tremendously. Laws are also changing all the time. There's literally no way to predict what rules will be in place at any given time.
Also, adding code to meet some government regulation takes time and effort that (form the company's perspective) could be better spent building a product and making money. No one would "choose" to implement some random compliance rule unless they're forced to.
But EU has a pretty uniform laws, so this comes to just one issue: time.
Did Apple start working on this feature before EU implemented the law? This might be the case, but even if it was after, they could start working on implementing that sooner.
It would be good for US companies to know that EU laws are not "guidelines", just as US enforces their laws on companies from outside.
Sure but we're talking about the unified law of almost an entire wealthy continent here. It's EU ffs. Not some small island country in the middle of the ocean.
This looks to me like yet another bet from Apple: "they'll buy iPhones anyway, let them wait".
Because of move fast and break things mentality. Let's say if ChatGPT was launched respecting GDPR, or respecting copyrights, they would have reached nowhere.
> Let's say if ChatGPT was launched respecting GDPR, or respecting copyrights
Bad comparison. Launching with GDPR compliance isn’t particularly taxing if you’re already complying with California’s CCPA. (You need your twenty-eight EU law firms on retainer, but the big firms package that conveniently.)
Copyright theft in AI, on the other hand, is a global phenomenon.
DMA is most akin to the U.S. system of designating financial institutions SIFIs and then putting a bunch of extra requirements on them. Almost intentionally onerous. Hence ringfenced to select large companies.
The DMA has nothing to do with Privacy - it's an anti-competition scheme. Apple is saying that privacy is baked in to their approach, and they can't ensure that if they allow every other AI provider the same level of access.
Core not, but here it is. Apple designed the system in a way that the operator can invade your privacy. So if only Apple is the operator it is "OK", but if they allow other operators it is not.
The truth is very often that it is long and hard not to do the work to comply but how to not comply or do complicated things to abuse of loophole despite being able to pass the law on the letter of it.
Especially in the case of apple or Google.
Look at the app store situation. It is very straightforward to do the work for the whole thing to be open to any competitor. But it is hard to try to design and implement a solution to try to not break any regulations but still manage to keep users captive the maximum without having competitor entering our walled garden.
Yes, but also its much cheaper to build it in at the very start.
When we built pervert glasses research platform, if we'd just ignored the data privacy laws we could have built it much quicker. But, the only reason it took extra time is because
1) we had no idea what we were doing and
2) the lawyers had even less idea, so we had to do a bunch of reading and make a best guess.
Turns out the guesses were right, but it was painful getting the lawyers to understand.
> these types of compliance efforts can mean completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc. These efforts can involve hundreds to thousands of people for multiple years.
Then you should have done it right the first time.
Exactly, and the prupose of these legislation was supposed to be exactly that : force companies to integrate privacy in the core of their products, not to create a list of items to tick.
Agreed, unless you specifically know how a regulator will interpret a broad requirement on a edge case it’s a lot of effort to even figure out what the plan is, much less implement it.
> these types of compliance efforts can mean completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc. These efforts can involve hundreds to thousands of people for multiple years.
What if I tell you that there's a surprisingly simple, straightforward and above all very cheap solution: don't implement privacy-invading or anti-competitive features in the first place ;)
Sure let me wave a magic wand and have a data center that can meet all these regulations materialize before us. Yes I'm sure every American tech company is tripping over themselves rushing to build data centers that are subject to European taxes and regulations for the exact same compute.
Well if your product wasn't already basically spyware, it wouldn't be so much work to abide by privacy regulation frameworks, now would it? I have no sympathy for how hard it is for surveillance companies to adapt their exploitative business model to the EU.
So? It's also more effort to work everyday to earn a living than simply stealing what you need from your neighbors at gunpoint. But the law's the law.
As a European I'm conflicted because I think this particular set of privacy laws are overreaching bordering on stupid; but "exemptions" for one of the richest corporations on earth would be beyond absurd and infinitely worse.
Privacy by design isn‘t enormous effort, as every European engineering manager will tell you. It‘s just another reasonable and straightforward set of requirements. Of course, if you want to have privacy-less features in jurisdictions permitting it, that‘s a different story and that‘s a choice.
DMA is about competition not privacy. Apple has privacy concerns with complying related to 3rd party access to customer data.
Another aspect here is that even if Apple tries theirto best to comply, the EU could decide they didn’t do a good enough job and fine them 10% of global revenue. Honestly Apple just might not want to take that risk.
> DMA is about competition not privacy. Apple has privacy concerns with complying related to 3rd party access to customer data.
DMA is reasonable. It‘s not their job to be concerned so much as to block that access completely. Alternative approaches do exist. For example, they may require independent audit of submitted apps if they do not trust regulators and collect small fees to cover operational costs of dealing with audit ecosystem.
Not quite.
It is up to Apple to design a system in which operators (even Apple) can't see your data. Apparently they designed it in a way that operator can see it (so it is cool if it is Apple, but not cool if it is someone else).
And Apple Intelligence supports just a fraction of languages: English, Danish, Dutch, French, German, Italian, Norwegian, Portuguese, Spanish, Swedish, Turkish, Vietnamese, Chinese (simplified), Chinese (traditional), Japanese, and Korean.
Danish, Dutch, Norwegian and Swedish have quite small populations compared Poland, while I don't see Polish there (37M). I also don't see Romanian, it is slightly bigger amount of people than Netherlands, and the rest from that list are ~< 10M.
Oh, well, at least I don't see Russian in that list.
With ChatGPT, or Claude.ai (or Deepseek, or local models) I can speak with languages that are outside of (traditionally) limited set of Apple. Because it all depends on what is on the web and web has magnitude larger set of languages compared to what Apple provides.
No, this is unrelated from privacy. The issue is that the EU won’t allow the new Siri because Apple isn’t willing to open up the system enough for 3rd party AI agents to get the same functionality.
Because Siri is the brand and other competitors will dilute the brand with their inferior products, is the line of reasoning, I'm sure. I'm unclear on why apple is branding the AI launcher or whatever if it's just going to be a wrapper for a third party product, however.
> It could instead require third parties to improve theirs.
Apple made it sound like their proposal for that was rejected by the EU. And it would be consistent with previous regulatory decisions by the EU for them to not want Apple to be setting the rules for how third-party interoperability partners/competitors ensure privacy.
It seems to me that the EU has a preference for protecting privacy with legal mechanisms, and generally doesn't approve of Apple's attempts to protect privacy with technical mechanisms because that inevitably limits interoperability with systems that aren't designed around the same restrictions and assumptions.
I’m sure they love it when Apple says, “Well… they COULD give us their models to put in private compute, but we’re not paying them for that and they’re not getting any more data than we get, ourselves. Which is exactly none.”
Apple is building a system that is more private than EU law requires. If they tell say Facebook that Facebook can integrate in but first must meet the same more than is legally required standard Apple is aiming for wouldn't that be anti-competitive?
For example, with Copilot, you get a contractual pinky promise that they cannot access your data.
Can engineers really not access ? Can the police really not access ?
It's like AirTag for example. Apple cannot access it because it's scientifically "impossible" by design, but if they sign-in to your account, well it's over.
Once Apple fills the right audit / certification / paperwork they will be able to enable that feature. It could also be a negotiation lever.
EU privacy laws are not there to protect your privacy, its there because the law makers don't know how modern privacy works and wants their name on the law so it seems they did something.
Uhm no, EU privacy laws are actually pretty simple: do not collect data you don't need without asking consent from a user first.
Which should IMO be the basic principle worldwide. But unfortunately in many countries, companies are more powerful than governments/regulators, so they get to grab everything they can get their hands on.
Do you think this is a problem with the EU? I don't. I think it's a problem in the way that Big Tech operates: by function of theft and laundering of data, and by screwing end-users and consumers in favor of profits.
It may be a problem with EU regulations. It’s hard to see how Apple could be certain they had complied with the EU DMA law, given its based on vague outcomes rather than clear requirements with extremely large penalties. The fact the EU was only willing to require the DMA regulations be met by large foreign companies doesn’t inspire confidence.
And it’s not like there is a thriving tech ecosystem of successful EU tech companies showing how it’s done. So there is a lot of ambiguity on how companies can reasonably comply without huge risk of 10% global revenue.
As I follow the situation, it seems that regulatory uncertainty is a major issue though- the EU’s requirements are framed in terms of outcomes sought, rather than in terms that can be quantitatively shown as met or broken. So it’s not a matter of dedicating a team to meet a list of requirements, but instead navigating the worst case scenario of enforcement if post-launch the EU determines that the proscribed outcomes aren’t being met.
In this case it looks much simpler: Apple strictly does not want to open up the iOS platform to other competing agents, as they lose the monopolistic moat if they do. While making a true developer platform with good documentation is often hard and expensive, with the market access they'd get, companies would gladly jump on it even if it was badly documented as long as they have guarantees of continued legal access.
At the same time, this potentially opens up the entire worldwide market (imagine EU iPhones being imported into US to use with OpenAI or Claude Cowork), and they probably made the estimation that keeping EU out is still better value (70% of the market all to themselves) than fair competition in the 100% of the market (I guess they estimate they might get less than 70% in that case).
Or they are hoping that EU customers will want Siri AI enough to campaign for a change, but I'd find that highly unlikely.
> imagine EU iPhones being imported into US to use with OpenAI or Claude Cowork
That's not the case. it's merely software (exactly like my iPhone 16 lacking the promised AI features claimed at WWDC24).
Anyway as I'm now within the EU with phone I bought before moving to the EU, regional features (or restrictions) depends on the logged in account and device regional settings. Except physical considerations (eSIM design, actual radio transceivers). The hardware is the same thank god.
Those requirements are explicitly on the outcomes because companies like Apple used to abuse loopholes in previous, non-outcome defined laws. They, as always, have no one to blame but themselves.
It sounds like what you’re saying is that because the legislature can’t anticipate how companies will abuse loopholes, they sidestep that by outlining the outcomes instead.
The issue I have with that approach is that I don’t agree with that approach to governance. I believe it’s incumbent on the regulator to define what is acceptable vs. disallowed in unambiguous terms.
This is a spirit of the law vs letter of the law debate. Europe in general (i know its not that easy) tends to go more towards Spirit of the Law. While the US usualy tends more to letter of the law.
A lot of regulation is legally defined in terms of outcomes. That in itself isn't unusual. Checklists of technical requirements are almowt always a derivative and a suggestion about a safe path to meet the regulated outcome. This is how "blessed" standards for e.g. medical devices work. This shields the laws themselves from overly technical discussions.
The only difference that I can see here is that the standards layer hasn't solidified yet.
That’s a good point. So maybe another point of divergence here is that the outcomes of the DMA are rooted in inherently unpredictable market interactions, whereas a medical device standard depends on the device performance and characteristics.
I don’t think it makes sense to create an accountability framework for a company that requires the cooperation of the market, because I think companies should be in a position to either comply or be held accountable on their own merits
The intent matters, not the letter of the law. No loopholes, no bad faith interpretation. Just do what the law wants from you, if you make a mistake in good faith, you'll be given leeway to fix it.
> When interpreting EU law, the CJEU pays particular attention to the aim and purpose of EU law (teleological interpretation), rather than focusing exclusively on the wording of the provisions (linguistic interpretation). This is explained by numerous factors, in particular the open-ended and policy-oriented rules of the EU Treaties, as well as by EU legal multilingualism. Under the latter principle, all EU law is equally authentic in all language versions. Hence, the Court cannot rely on the wording of a single version, as a national court can, in order to give an interpretation of the legal provision under consideration. Therefore, in order to decode the meaning of a legal rule, the Court analyses it especially in the light of its purpose (teleological interpretation) as well as its context (systemic interpretation).
> but instead navigating the worst case scenario of enforcement if post-launch the EU determines that the proscribed outcomes aren’t being met
This is true of most things that involve legal. Laws are not code, in basically any jurisdiction they are subject to interpretation, and just because you've dotted your Is and crossed your Ts, doesn't mean an enterprising enforcement agency won't still come after you
The criticism reads like people who don't understand a high trust society - which I don't think is actually the case here, more like assuming that the foreign guys are bad guys.
"They really don't try to fuck you over if you engage with them in good faith?"
Apple might not want to risk 10% of their global revenue on whether EU regulators like the outcome of their compliance efforts. And there isn’t any real risk of an EU based startup competing in this space like there would be in China.
Throwing infinite money at engineering problems doesn't move deadlines arbitrarily.
But Apple's position here is actually really wild: Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws? Didn't they consider that while designing the product?
> Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws? Didn't they consider that while designing the product?
Complying with complex privacy laws is surprisingly orthogonal to making a product with good privacy.
In another regulatory area (not privacy, but something more historically regulated) we ran into strange situations where complying with the letter of the law would require us to walk back things that we had done in a better way. The laws are not simple and they're not written by engineers or even people who understand what future product needs look like.
Complying with complex privacy laws is surprisingly orthogonal to making a product with good privacy.
Maybe it's more because the privacy is largely marketing and helps with continuously shutting out competitors under the guise of privacy?
If they really cared about privacy, they would end-to-end encrypt iCloud backups [1] by default and not just when ADP is enabled, which only a small subset of users do. In fact, many technical people I know don't even realize that iCloud backups are not end-to-end encrypted. At any rate, this large hole opens a lot of data (including iMesssage) open to Apple, law enforcement, etc.
Apple is one of the few tech companies that puts user privacy first, and any claims otherwise are deeply misguided. They pioneered things like iCloud Private Relay and privacy protecting cloud backups for devices.
Ironically the gaps you point to are things they have had to do to appease the European Union.
> They pioneered things like iCloud Private Relay and privacy protecting cloud backups for devices.
They didn't pioneered it, they just brought it to the masses. Tor was here before the Private Relay, and most open source backup applications offer E2EE out-of-the-box.
It's incredible how people are acutely aware how technically inept regulators are (laws affecting their personal use of technology) and how quickly they side with regulators when a law affects how corporations use/create technology.
If regulators suck at understanding tech, they are making poorly thought out laws for corporations just as much as they are for you.
Respectfully, it sounds like you just haven't dealt with any significant tax or regulatory tasks.
There's entire industries of experts who work on these tasks, and they don't just work for people trying to skirt the rules. I've hired people for both tasks and the reason was specifically to comply.
NIST, MS, and the security community all recommend against forcing people to change their passwords on fixed intervals. They should only be changed when there is an indication they have been compromised.
PCI requirements demand mandatory 30 day rotation intervals on user passwords for users with administrative privileges, IORC. Something like that.
They haven’t kept up. So until they change the rules you can either be PCI compliant or implement the current best practice. Not both.
Your example completely ignores the temporal dimension.
The best practice was to rotate your passwords, but we discovered that this led users to picking less secure and easier to remember passwords and patterns.
Once technology offered up solutions to problems like password managers and breach notifications, that recommendation changed.
PCI used to mandate password changes for in-scope accounts (meaning they have access to credit card flows). Now that MFA is widely deployed that requirement only remains for accounts that do not have a second factor for authentication.
If you were ahead of the curve and implemented strong password policies that did not conform the the PCI baseline, all you had to do was explain to the auditor why. Assuming what you were doing genuinely increased your security posture it would be approved.
Other standards all used to recommend password rotation. Most have amended it to deprecate or even prohibit password rotation.
> Once technology offered up solutions to problems like password managers and breach notifications, that recommendation changed
It wasn’t just that.
The original recommendation for password expiration failed to take into account the human practices that resulted.
Everyone has worked in an office with passwords on post-it notes, or seen passwords numbered with sequentially incremented integers at the end. Password rotation isn’t merely a baseline level of assurance, it has a negative impact on security because of the effect it has on password hygiene. In practice, passwords that expire can be easily guessed by appending something to the end of the prior password. And they are more likely to be written down in plaintext.
Permanent, non-expiring passwords without MFA are stronger in practice than expiring passwords.
The exemption Apple wanted was not from a privacy law, but from the DMA. They never claimed to have an issue meeting their privacy laws when using their own product, it was other people's products that they said they couldn't guarantee the privacy of.
That's even worse, then. They are not responsible for other companies' products. So this is just another piece of anti-DMA propaganda then. They have been fighting it loudly and with toddler-level arguments since they became subject to it.
A huge part of Apple’s marketing, whether you believe them or not, is that they try to protect your privacy.
The smartphone is probably the most sensitive device most people own. It knows your location always. It has your banking apps. Your password manager. Your instant messages, and social media chats, it knows whether you’re walking, or driving, or talking on the phone, and to whom.
Once Apple allows any other vendor to vacuum all of that intensively private information out of an iPhone, Apple becomes indirectly responsible for potentially massive privacy breaches.
All of that happens only if the user chooses to do it though. Anybody is free to stay in the caged Apple garden. The EU just wants them to leave the door unlocked.
A door with a lock is different from a wall with no door. Same argument that gets made with government-keyed or government-breakable encryption schemes: it's better for everyone to not have the backdoor at all.
That's flatly not true. imessage interop means not just the person who installs the other app, but the data of everyone with whom they message loses the security/privacy guarantees created by imessage and Apple as a corp. Including massive resources pointed at securing the app itself.
That doesn't necessarily mean it's a bad idea from a competition point of view, but good ideas can be discussed w/ an honest view of the quite real downsides.
Apple could have worked with other companies to make RCS secure by default instead of building their own little thing that openly and intentionally discriminates non-members of their club.
EU wants Apple to open 'Siri AI', with access to a personal context, open to other model/AI providers.
Apple says "We can't do this in a privacy preserving way".
You can definitely question what their true motivations are, but it seems pretty plausible that there is a moral case for this system to not be opened up to other providers who may do a worse job at privacy than Apple (especially when you are Apple and you trust yourself).
I think there is a place in these sorts of ecosystems for privileged players. If you buy an iPhone you implicitly must trust Apple to some degree.
> EU wants Apple to open 'Siri AI', with access to a personal context, open to other model/AI providers.
Not sure this is the case. My understanding is what the EU wants is that users can use Siri AI or a third party AI service from, say, Anthropic or OpenAI, at the same level of capabilities, just as you can switch default browsers. It's not about the underlying LLM (that would be the huge privacy concern), it's about the product built on top. Of course how a third party AI gets its data from the device would need to be approved by the user and that third party AI provider would have to justify what it's doing with that personal data to the EU watchdogs, just as Apple would need to do.
>But Apple's position here is actually really wild: Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws? Didn't they consider that while designing the product?
The DMA isn't a privacy law. In this case, the DMA would appear to require Apple to open up all user data to any AI agent. That removes the ability to provide privacy protections.
You can argue Apple should do that, but you can't in the same breathe argue for privacy.
Lemma 1: you want to protect your users privacy, and are also beholden to regulation enforcing that commitment (GDPR).
Lemma 2: you are obliged by other regulation to offer equal access to user data to third parties, so others can build equivalent functionality (DMA).
Lemma 3: malicious third parties will absolutely try to abuse the access and trick the user into sharing their data by all means possible. You will be held responsible in court of public opinion at minimum and legally at maximum if/when a malicious third party abuses said access.
This is a hard, possibly technically unsolvable problem no matter how much money you might have, because the root issue is not technical, it's the fact that you legally have to give third parties access and no way to control what they do with it - and as others have mentioned in the threads, it's exacerbated by the fact that the regulation doesn't say "this is okay and this is not", it is vague and judges things "by outcome", so you may spend all the time in the world implementing a solution you think will work, and then get hit by fines/lawsuits because the implementation is judged as not sufficient after the fact.
I am not sure this is as much of a tension as you make it sound: where is the obligation that a marketplace administrator will be blamed for any and all breaches of data privacy trust from a participating (likely malicious) third party?
According to GDPR, the app developer is the "data controller" and thus ultimately responsible. Only in the case where Apple knowingly participated in unlawful behavior is it likely to be held accountable, and even then, in addition to the app developer. Obviously, if we are not talking about leaks from the actual App Store system (eg. Apple account logins and user data).
So while it sounds plausible, the legal framework is exactly not what you describe here — Apple can claim to want better protection for customers by not allowing third party apps, but EU rejects that (it can similarly extend to app store itself) and pushes for competitive landscape with DMA instead.
Like they now hand over all your contacts, your location, calendar entries, microphone access, camera access. If you choose to do so.
Nothing holds them from having designed this as an API that others can use where the user has permission toggles of what data they want to share with the LLM provider.
This is clearly very different from usual permissions and access.
This would be unprecedented access to user data, enabling the most complete user profiling ever.
Ad companies, like Meta and Google, are going to spend huge amounts of money getting agents ready, because there will be a ridiculous amount of money behind all the data they're going slurp up, and the profiles they'll build for you.
Unless, Apple can figure out how to keep the leaches, that have consistently proven to be so, with court cases for receipts, at bay.
Interestingly, they claim to have done this and offer it as an API layer (Trusted System Agent) for other agents to use.
There is just this minor point that their own agent simply doesn't use it and goes directly to lower level interfaces nobody else gets access to: exactly the thing DMA was designed to stop.
1: If you want to protect user's privacy, you collect no personal information, so GDPR doesn't apply.
2: You do that.
3: Since your platform collects no private information, they get nothing from you. If they collect private information on their own, it's their job to comply with GDPR.
What you should do in case (3) is ask the user for permission to allow the 3rd party access to private data on their device. It's their choice (not yours) to allow it or not.
As has been pointed out elsewhere, DMA isn't a privacy regulation. It is simply about competition. You can be in 100% compliance with DMA and poor privacy protections. This is the crux of the problem. How do you preserve the privacy of your customers while complying with regulations where the simplest path is to compromise your customer's privacy?
The issue here isn't EU privacy laws (which Apple has been historically quite good at complying with, by big tech standards); it's EU _competition_ laws.
> Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws?
The DMA and the GDPR are laws that at their core make each other more difficult. the stated outcome of the DMA - allowing any vendor/user full access to your device - is not easily supported when solving for privacy.
And then most users soon have given permissions to a ton of apps with sketchy records of protecting user data, so what was the point of even trying to protect privacy?
Protecting user privacy and reducing surface area for litigation against the business can happen simultaneously. Not that it is, but just saying, politics and difficult to define thresholds muddy the waters.
Personally, I wouldn't want Apple to comply with this EU law and I hope that more companies refuse to release features with onerous requirements. Opening up all access to control the phone to some random app the consumer installed seems super dangerous.
Letting a US company (under jurisdiction of, say, US Cloud Act, but also unknown administration orders that might come) strictly control the phone for a privacy focused EU citizen (or more broadly, non-US citizen) seems super dangerous.
The requirements are not onerous, it is the basic preemption of monopolist behavior.
Qualifying "random apps" is something that is a true challenge, but that holds regardless of the API being offered — the problem is that Apple saves some programming API only for themselves, instead of introducing acceptable & objective market terms to be met (if deemed unsafe, they could require companies to demonstrate compliance with things like CRA to get access to these APIs).
I am perfectly ok with EU having different rules of their own but they also can't be upset when features aren't offered there. That is the trade-off they have chosen and I am ok with it.
Nobody in the EU would have been upset if they said: we cannot offer this in the EU because we want to shut out competitors from providing alternative LLMs and this is not allowed in Europe. Fine. I don't care.
Many Europeans are upset that Apple blames Europe that they cannot implement this because it would sacrifice privacy. (Which is kind of ironic, because the EU has nearly the best privacy protection worldwide.)
Apple doesn't care about privacy. By default (without ADP), your (i)Messages, Drive files, contacts, calendars, backups of data from third-party apps are not end-to-end encrypted [1]. US law enforcement can request it. EU citizens are not protected because the US can use the CLOUD Act to demand the data. If Apple really cared about privacy, they would have closed that hole long ago.
Don’t install the app then. Consumer protection at some level means the consumer needs to be informed. I’d rather have a choice than just chow down on whatever the gatekeepers call food.
> But on the other hand it also feels like a straightforward play for consumer sympathy
100% - just like Apple making such a grandiose show of "privacy". "Privacy" for Apple eventually led to Apple specific and Apple-only allowed ads in first party apps and now Siri connecting to Google servers.
Indeed. If they really cared about privacy, they would end-to-end encrypt iPhone backups by default. But since they don't, US law enforcement can request my iMessage chats because the people I talk to (probably) do not have ADP enabled (which enables end-to-end encryption for backups).
I think there's a reasonable question of whether the Siri stuff is even a feature that customers want. Additionally, money can not solve all problems, 9 people can't make a baby in a month, and if these sorts of regulations are serious at all like they are for medical regulation then you really do need to do the work of assessing risks, etc., and there's a chain of waterfall development to all that.
> It's not as if Apple doesn't have the money to dedicate a team to matching the EU's requirements on a deadline. They just choose not to.
The one legacy in Apple that Steve Jobs left behind is their distaste for taking risks that lose them money (ChatGPT was going to be their AI core... but then they had Altman ousted, so they backed away and partnered with Google instead), and spending money. I think they're still the only company with a kitchen in the valley that still makes employees pay for their own lunch, and the reason is the most BS reason that Steve Jobs pulled out of his rear end. It's so the employees appreciate the lunch, really?
Well, whatever the real reason is, people do appreciate things they have to work for more than things given for free.
I’m not saying I believe that’s the real reason here. But it is broadly true. Ask any company that offers a free tier where most of the complaints and problematic customers come from.
> Well, whatever the real reason is, people do appreciate things they have to work for more than things given for free.
People can also appreciate things they get for free though. I'd appreciate a free lunch, most places I've worked at, actually nowhere I've ever worked, EVER has given me a free lunch. Now if its a difference of paying for a quality lunch at a reasonable price, and not paying for lunch but its mediocre, then yeah, seems like a no-brainer.
I wouldn't be surprised if Steve Jobs implemented was a way to get them back into the green.
Also, TIL:
> Jobs, who notoriously took a salary of only $1 a year, used to "scam" Apple out of free lunches by scanning his badge alongside colleagues and insisting on paying for everyone, knowing the charges would just default back to Apple.
Apple has a third of the EU market to itself. It would be just insane for the EU to give an exemption that means the law doesn't apply a third of the time.
> let them get used to using it every day for 18 months, then pressure the EU to let it continue or you rip the feature away and anger users (who you then point to the EU as the problem)
And you’re saying that consumers would be incorrect in thinking that?
The market regulators don't give a fuck if companies screw over their customers privacy wise, as long as it's to the advantage of European companies and European customers.
This can lead to absolute insanity as companies try to satisfy both privacy and market conditions. It's not simple. How many years did google waste with Sandbox?
I’m glad this is at the top of the comment chain. I’m also angry with myself that I kept reading other comments. As you say, the current situation makes sense. Apple made something they way they want, the EU says it doesn’t pass muster with their laws and so Apple doesn’t release it in the EU.
Siri AI is just one of many AI products that aren’t released in the EU. If people are mostly happy with that then I guess things will continue as is. I do find it a little odd that so many people are championing the DMA as a beacon of consumer choice when it seems to be limiting what consumers have access to.
> It's not as if Apple doesn't have the money to dedicate a team to matching the EU's requirements on a deadline. They just choose not to.
That's disingenuous. It's not about money, it's literally about engineering velocity. The amount of planning and engineering required for an entire interoperability layer that also ensures security and privacy is absolutely going to be something like a year-long engineering effort minimum. You can't speed that up by adding more money.
So it's either try to get an exemption to deliver this feature to Europeans while that work gets done, or wait 12-18 months for the work to be done -- work that isn't required to launch in the rest of the world.
Apple just wants consumers to be happy and be able to use their features. But the EU is requiring a ton of additional interop engineering, so consumers will just have to keep waiting and get features 1 or 2 years after the rest of the world, or never.
It sounds like the work on the privacy layer was significant and to give "equal" access to other competing AI systems, they would need to include that "for free" as part of the platform. Or they could try to keep that as the moat for Siri AI, and only offer privacy "entry points" that other agents can tie into, but vendors would have to implement privacy preserving functions themselves.
This is the bit that's likely hard, because generally keeping safety and privacy guarantees as data flows through the system is extremely hard, and Apple would not be able to guarantee it for other products without large review investment.
But ultimately, they probably just do not want to do it until Siri AI gets a decent marketshare first, so competing agents would have to both build new solutions for the platform once open, but also deal with an incumbent dominant player already on people's phones.
Nice, a die hard Trump and ICE supporter - law is law.
You cannot accept the concept of consequences. You are entitled to Siri AI? I highly doubt it.
You sound like a totalitarian: a state can come up with any law and everyone has to comply.
I think you should be reminded of the fact that you can go your own way with something state sponsored like the EU Chip Act, AI, Cloud. Let’s add “Siri” to the list.
I love the fact, that EU is getting a lesson, even though people obviously don’t get it.
I can see why Apple might want to request an 18 month exemption, there's clearly extra work required to comply with EU regulations. But on the other hand it also feels like a straightforward play for consumer sympathy: let them get used to using it every day for 18 months, then pressure the EU to let it continue or you rip the feature away and anger users (who you then point to the EU as the problem)
It's not as if Apple doesn't have the money to dedicate a team to matching the EU's requirements on a deadline. They just choose not to.