Apps that connect to a service over the Internet (maps, music iMessage) could stop working if Apple changes the APIs that those apps use. This is even more likely to happen to third party apps.

You won't get updates to the trusted root CAs, which means you won't be able to visit sites with certificates signed by CAs created or renewed after support is dropped. And your browser will continue trusting CAs that have had their trust revoked.

And as web standards evolve there will be websites that use features and APIs that your browser doesn't support and may break in subtle, or not so subtle ways. And there is no way for you to install a more up to date browser.

And then of course, you won't fixes for any new security vulnerabilities that are found.

So yeah, it's not as bad as getting bricked, but it as also worse than continuing to work as it always has, but with no new features.

The original post was about Apple not giving proper support to after-EOL phones.

Saying "could stop working" and "won't get updates to the trusted root CAs" is all future issues.

How long should Apple be required to provide updates, both security/vulnerability and future API support?

Currently, iPhone 6S, released in 2014, can run iOS 15, which received its latest update in 2025. The iOS 15 apps work with Apple's services, some with reduced functionality because it was never in iOS 15.

So that's a 10 year old phone.