Yes, exactly! Also forced EU voters to consider how much they value these services, and whether the regulations are worth it not to have them, or to have watered down versions of them. I say this without judgment - I see it as a legitimate area of consideration.

I think the worst is hugely impactful laws for which exceptions are constantly carved out so nobody can truly evaluate whether the law/reg is a good one or not.

[dead]

To me that reads as an even greater reason not to delay it. If you knew the restrictions day one you’d be able to engineer the system to accommodate them. Waiting until post launch now means a massive amount of re-engineering.

I know it’s not quite as simple as that but I do think it shows Apple are more interested in blaming the EU than reducing the potential issues ahead of time.

Okay? I don’t see the problem, these requirements are known from the beginning so if complying wasn’t planned and requires re-architecturing the software to make it happens that’s on the engineering org not on the EU regulator. Unless I’m missing something?

> these types of compliance efforts can mean completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc.

Maybe the phrasing is unfortunate, but if compliance to the law requires a “redoing”, launching in that market was never a priority in the first place. That’s a completely legitimate choice, but usually companies whining about regulations are making a financial decision rather than an ethical one.

> completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc

So Google chose to be evil, now they have to rip all the evil out and redo it from scratch. Can't say I have any sympathy. Should have done the right thing from the start.

The point isn’t that it’s easy or straightforward to do. The point is that one of the world’s wealthiest companies can spare the resources needed to comply with the regulations of one of the world’s largest markets.

There wouldn't need to be a redo if the products had been built with compliance in mind. This law isn't something new; it's been around for years now. Not taking it into account from the beginning with the intention of operating in the jurisdiction means there's definitely intention to skirt. Particularly given the previous issues in the same department.

It’s not an enormous effort if you plan for it. They clearly knew about this, and could’ve afforded to plan for it. Their whole shtick is locking users in, and DMA is their nemesis.

Why does systems are not designed take into account that compliance work?

You're essentially saying that privacy violations are baked into the cores of these systems.

So? It's also more effort to work everyday to earn a living than simply stealing what you need from your neighbors at gunpoint. But the law's the law.

As a European I'm conflicted because I think this particular set of privacy laws are overreaching bordering on stupid; but "exemptions" for one of the richest corporations on earth would be beyond absurd and infinitely worse.

It's also not a "two-pizza team" market.

So, what are the chances they'd completely redo multiple core systems in the 18 months they asked for?

Agreed, unless you specifically know how a regulator will interpret a broad requirement on a edge case it’s a lot of effort to even figure out what the plan is, much less implement it.

Yet Gemini had no issues to comply with EU's DMA and release on all phones?

Let's call it how it is: Android phones allow every competitor to run their chatbot in place of Gemini. Want Perplexity instead of Gemini? You can have it. Samsung launches with Perplexity as of late.

Apple? As always, went into "ay mate, too integrated, can't give the same APIs to competitors" lame excuse.

I have a crazy idea: design the product with compliance in mind already!

The truth is very often that it is long and hard not to do the work to comply but how to not comply or do complicated things to abuse of loophole despite being able to pass the law on the letter of it.

Especially in the case of apple or Google. Look at the app store situation. It is very straightforward to do the work for the whole thing to be open to any competitor. But it is hard to try to design and implement a solution to try to not break any regulations but still manage to keep users captive the maximum without having competitor entering our walled garden.

Privacy by design isn‘t enormous effort, as every European engineering manager will tell you. It‘s just another reasonable and straightforward set of requirements. Of course, if you want to have privacy-less features in jurisdictions permitting it, that‘s a different story and that‘s a choice.

Wow, Google must be a poster child for privacy then.

>These efforts can involve hundreds to thousands of people for multiple years.

And yet Apple had no major issues complying to the draconical demands of the CCP to sell and operate there. Weird.

Also, it's not like Apple can't afford the manpower for this. They're not a hole in the wall mon & pop shop.

It goes to show that privacy is not a priority. And it should be.

Also it does not matter what you do in the end. If you are Big Tech the EU will sue regardless and always finds an excuse.

In this case it looks much simpler: Apple strictly does not want to open up the iOS platform to other competing agents, as they lose the monopolistic moat if they do. While making a true developer platform with good documentation is often hard and expensive, with the market access they'd get, companies would gladly jump on it even if it was badly documented as long as they have guarantees of continued legal access.

At the same time, this potentially opens up the entire worldwide market (imagine EU iPhones being imported into US to use with OpenAI or Claude Cowork), and they probably made the estimation that keeping EU out is still better value (70% of the market all to themselves) than fair competition in the 100% of the market (I guess they estimate they might get less than 70% in that case).

Or they are hoping that EU customers will want Siri AI enough to campaign for a change, but I'd find that highly unlikely.

Those requirements are explicitly on the outcomes because companies like Apple used to abuse loopholes in previous, non-outcome defined laws. They, as always, have no one to blame but themselves.

A lot of regulation is legally defined in terms of outcomes. That in itself isn't unusual. Checklists of technical requirements are almowt always a derivative and a suggestion about a safe path to meet the regulated outcome. This is how "blessed" standards for e.g. medical devices work. This shields the laws themselves from overly technical discussions.

The only difference that I can see here is that the standards layer hasn't solidified yet.

> but instead navigating the worst case scenario of enforcement if post-launch the EU determines that the proscribed outcomes aren’t being met

This is true of most things that involve legal. Laws are not code, in basically any jurisdiction they are subject to interpretation, and just because you've dotted your Is and crossed your Ts, doesn't mean an enterprising enforcement agency won't still come after you

EU laws are written like this to give companies maximum freedom in how they implement their solutions, not to lay traps for them to fall into.

As has been pointed out elsewhere, DMA isn't a privacy regulation. It is simply about competition. You can be in 100% compliance with DMA and poor privacy protections. This is the crux of the problem. How do you preserve the privacy of your customers while complying with regulations where the simplest path is to compromise your customer's privacy?

> Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws? Didn't they consider that while designing the product?

Complying with complex privacy laws is surprisingly orthogonal to making a product with good privacy.

In another regulatory area (not privacy, but something more historically regulated) we ran into strange situations where complying with the letter of the law would require us to walk back things that we had done in a better way. The laws are not simple and they're not written by engineers or even people who understand what future product needs look like.

The exemption Apple wanted was not from a privacy law, but from the DMA. They never claimed to have an issue meeting their privacy laws when using their own product, it was other people's products that they said they couldn't guarantee the privacy of.

Here's their argument in their own words: https://www.apple.com/newsroom/2026/06/due-to-dma-siri-ai-de...

>But Apple's position here is actually really wild: Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws? Didn't they consider that while designing the product?

The DMA isn't a privacy law. In this case, the DMA would appear to require Apple to open up all user data to any AI agent. That removes the ability to provide privacy protections.

You can argue Apple should do that, but you can't in the same breathe argue for privacy.

No, this isn't the claim.

EU wants Apple to open 'Siri AI', with access to a personal context, open to other model/AI providers.

Apple says "We can't do this in a privacy preserving way".

You can definitely question what their true motivations are, but it seems pretty plausible that there is a moral case for this system to not be opened up to other providers who may do a worse job at privacy than Apple (especially when you are Apple and you trust yourself).

I think there is a place in these sorts of ecosystems for privileged players. If you buy an iPhone you implicitly must trust Apple to some degree.

The issue here isn't EU privacy laws (which Apple has been historically quite good at complying with, by big tech standards); it's EU _competition_ laws.

> Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws?

The DMA and the GDPR are laws that at their core make each other more difficult. the stated outcome of the DMA - allowing any vendor/user full access to your device - is not easily supported when solving for privacy.

Lemma 1: you want to protect your users privacy, and are also beholden to regulation enforcing that commitment (GDPR).

Lemma 2: you are obliged by other regulation to offer equal access to user data to third parties, so others can build equivalent functionality (DMA).

Lemma 3: malicious third parties will absolutely try to abuse the access and trick the user into sharing their data by all means possible. You will be held responsible in court of public opinion at minimum and legally at maximum if/when a malicious third party abuses said access.

This is a hard, possibly technically unsolvable problem no matter how much money you might have, because the root issue is not technical, it's the fact that you legally have to give third parties access and no way to control what they do with it - and as others have mentioned in the threads, it's exacerbated by the fact that the regulation doesn't say "this is okay and this is not", it is vague and judges things "by outcome", so you may spend all the time in the world implementing a solution you think will work, and then get hit by fines/lawsuits because the implementation is judged as not sufficient after the fact.

There’s a difference from being able to protect privacy, and doing so in a way that complies with EU law

Apple is providing a level of privacy far beyond what the laws require. It would be easy if they only wanted to comply with GDPR and DMA.

Protecting user privacy and reducing surface area for litigation against the business can happen simultaneously. Not that it is, but just saying, politics and difficult to define thresholds muddy the waters.

Indeed. If they really cared about privacy, they would end-to-end encrypt iPhone backups by default. But since they don't, US law enforcement can request my iMessage chats because the people I talk to (probably) do not have ADP enabled (which enables end-to-end encryption for backups).

Letting a US company (under jurisdiction of, say, US Cloud Act, but also unknown administration orders that might come) strictly control the phone for a privacy focused EU citizen (or more broadly, non-US citizen) seems super dangerous.

The requirements are not onerous, it is the basic preemption of monopolist behavior.

Qualifying "random apps" is something that is a true challenge, but that holds regardless of the API being offered — the problem is that Apple saves some programming API only for themselves, instead of introducing acceptable & objective market terms to be met (if deemed unsafe, they could require companies to demonstrate compliance with things like CRA to get access to these APIs).

Don’t install the app then. Consumer protection at some level means the consumer needs to be informed. I’d rather have a choice than just chow down on whatever the gatekeepers call food.

No amount of people can make any amount babies, it's an unrelated chemical process, never cared for that analogy.

Well, whatever the real reason is, people do appreciate things they have to work for more than things given for free.

I’m not saying I believe that’s the real reason here. But it is broadly true. Ask any company that offers a free tier where most of the complaints and problematic customers come from.

It sounds like the work on the privacy layer was significant and to give "equal" access to other competing AI systems, they would need to include that "for free" as part of the platform. Or they could try to keep that as the moat for Siri AI, and only offer privacy "entry points" that other agents can tie into, but vendors would have to implement privacy preserving functions themselves.

This is the bit that's likely hard, because generally keeping safety and privacy guarantees as data flows through the system is extremely hard, and Apple would not be able to guarantee it for other products without large review investment.

But ultimately, they probably just do not want to do it until Siri AI gets a decent marketshare first, so competing agents would have to both build new solutions for the platform once open, but also deal with an incumbent dominant player already on people's phones.