Apple Calls Out EU for Contradictory App Store Rules Under DSA and DMA

Utsanjan Maity
November 08, 2025

Apple to EU: Your New Rules Are Contradictory and Put Users at Risk

In a recent and sharply worded letter, Apple has pushed back against the European Commission (EC), highlighting what it calls a major contradiction in the European Union's new digital regulations. The tech giant is currently under investigation by the EC to ensure its App Store complies with the Digital Services Act (DSA), a sweeping law designed to protect users online. However, Apple argues that these safety demands are being made at the same time another EU law, the Digital Markets Act (DMA), is forcing the company to dismantle the very security measures that provide that protection.

This clash between two landmark pieces of legislation has put Apple in a difficult position. The company's response to the EU is not just a standard corporate reply; it's a direct challenge to the EU's regulatory strategy, accusing the Commission of creating a "paradoxical situation" that could ultimately leave millions of iPhone and iPad users vulnerable to scams, fraud, and other online harms.

Apple App Store logo facing off against the European Union flag

What Is the EU Asking Apple?

The current situation began with a formal inquiry from the European Commission. As part of its duty to enforce the Digital Services Act, the EC sent Apple a request for detailed information. The DSA is a comprehensive set of rules aimed at making the digital world safer for everyone. It requires large online platforms like the App Store to be more transparent and accountable for the content they host.

Specifically, the Commission wanted to know more about Apple's internal processes for safeguarding its users. The key questions revolved around:

  • Fighting Fraud: How does Apple actively identify and remove fraudulent content and apps from the App Store?
  • Preventing Scams: What specific measures are in place to reduce the risk of users falling victim to financial scams?
  • Verifying Businesses: How does Apple confirm the identity and legitimacy of the developers and businesses that publish apps?
  • Protecting Minors: In a separate request, the EU asked for details on Apple's policies and technologies designed to protect children from harmful or inappropriate content.

On the surface, these are straightforward questions. The EU is tasked with ensuring that major digital platforms are doing their part to create a secure online environment. However, the context in which these questions are being asked is what prompted Apple's forceful response.

Apple's Fiery Response: A Tale of Two Conflicting Laws

Apple's reply, written by Kyle Andeer, the company's Vice President of Legal, did provide the information the EC requested. But it went much further. Andeer's letter laid out a clear and powerful argument: the EU's regulatory approach is fundamentally flawed because the DSA and the DMA are working at cross-purposes.

Andeer stated that it is "difficult to square" the EU's investigation into App Store safety with its "aggressive" enforcement of the DMA. He went on to say that the probe into Apple's safeguards "defies all logic" when considered alongside the new DMA requirements. In essence, Apple is arguing that the EU cannot demand a fortress-like App Store while simultaneously forcing Apple to build backdoors into that fortress.

The letter urged the European Commission to view and enforce the DSA and DMA as a cohesive whole rather than as two separate, conflicting policies. Without a consistent approach, Apple warns, the primary goal of protecting consumers will fail.

The Heart of the Conflict: Understanding the DSA vs. the DMA

To fully grasp Apple's argument, it's essential to understand the two laws at the center of this debate. While both are designed to improve the digital landscape in Europe, they have very different objectives that, in this case, appear to be colliding.

The Digital Services Act (DSA): The "Safety" Law

Think of the DSA as the EU's rulebook for online safety. Its primary mission is to protect users from illegal and harmful content. It places significant responsibilities on large platforms to police their own services. Key goals of the DSA include:

  • Combating Illegal Content: Platforms must have effective systems for users to report illegal content (like hate speech or terrorist material) and must act on those reports quickly.
  • Increasing Transparency: Companies must be clear about why they recommend certain content and give users more control over those recommendations. They also have to be transparent about their content moderation decisions.
  • Protecting Minors: The law includes special, stricter provisions to protect children from targeted advertising and exposure to inappropriate content.
  • Fighting Disinformation: It aims to curb the spread of fake news and manipulation, especially around major events like elections.
  • Stopping Scams and Fraud: It requires platforms to take measures to prevent fraudulent actors from using their services to scam users.

In short, the DSA is all about creating a safer, more trustworthy internet. It encourages platforms like Apple to be vigilant gatekeepers of their ecosystems.

The Digital Markets Act (DMA): The "Competition" Law

The DMA, on the other hand, has a different goal: to foster competition and fairness in the digital market. The EU believes that a few large tech companies, dubbed "gatekeepers," have become too powerful, stifling innovation and limiting consumer choice. The DMA is designed to break open these closed ecosystems.

For a company like Apple, the DMA imposes several major requirements:

  • Allowing Alternative App Stores: Apple must allow users in the EU to install third-party app marketplaces on their iPhones and iPads.
  • Permitting Sideloading: Users must be able to download and install apps directly from websites, bypassing the App Store entirely.
  • Supporting Third-Party Payments: Developers must be allowed to use alternative payment systems within their apps and "link out" to their websites for purchases, avoiding Apple's in-app payment system and commission.
  • Ensuring Interoperability: Apple must make its services, like iMessage, work with competing services if requested.

The DMA is fundamentally about opening doors and giving users and developers more freedom. However, Apple has consistently argued that these new doors also serve as new entry points for security and privacy risks.

Apple's Core Argument: "You Can't Weaken the Walls and Then Complain About Security"

This brings us back to the central "paradox" described in Apple's letter. The company argues that the EU is creating an impossible situation. The DMA forces Apple to allow sideloading and third-party app stores, which operate outside of Apple's comprehensive App Review process. This process is Apple's primary tool for catching fraudulent apps, malware, privacy-violating code, and content that is unsafe for children.

Andeer's letter eloquently breaks down this contradiction:

It does not make sense for the Commission to press Apple to protect users, including minors, from fraud within the App Store while at the same time requiring Apple to create functionalities like link-outs and web views that increase the risk of fraud without necessary safeguards.

The Commission cannot both prohibit Apple from taking the steps it has found essential in mitigating the risk of scams and fraud on the App Store while simultaneously scrutinizing Apple for not providing even more measures to mitigate these risks on the App Store.

In simpler terms, Apple is saying the EU is holding it to two conflicting standards. On one hand, the DSA demands Apple maintain the highest level of security. On the other, the DMA forces Apple to cede control over app distribution, effectively preventing it from applying those same security standards everywhere on its platform. Apple warns that this "reckless and even dangerous" approach leaves a significant gap where users are exposed to the very harms the DSA is meant to prevent.

Apple believes that once a user leaves the curated App Store environment to download an app from an alternative source, they are exposed to unvetted software that could contain malware, spyware, or financial scams. The company argues that it is being asked to solve a problem that the EU's own regulations are creating.

A Plea for a Consistent and Unified Approach

Apple's letter is more than just a complaint; it's a call for a change in perspective. The company is urging the European Commission to stop treating the DSA and DMA as separate policies and instead enforce them as a unified strategy where consumer protection is the consistent, overarching priority.

The letter suggests that if the EU does not prioritize protecting consumers from online harms in all contexts—including under the DMA—then the goals of the DSA will never be fully achieved. The responsibility for user safety cannot be confined only to Apple's App Store if users are being encouraged to venture outside of it.

Apple's Track Record: The Numbers Behind App Store Security

To reinforce its point about the importance of its centralized review process, Apple included some compelling statistics in its communication. These figures are meant to illustrate the sheer volume of threats that its App Review team handles, threats that could proliferate in an ecosystem with less stringent controls. In 2024 alone, Apple reported that its safety teams:

  • Removed 37,000 apps for fraudulent activity.
  • Rejected 115,000 apps for providing unsafe user experiences.
  • Rejected 320,000 app submissions that were found to be spam, blatant copies of other apps, or designed to mislead users.
  • Blocked 139,000 fraudulent developer enrollments before they could submit a single app.
  • Terminated 146,000 developer accounts due to fraud and abuse.

These numbers paint a clear picture of a constant battle against bad actors. Apple's argument is that this level of protection is only possible because of the integrated, single-store model that the DMA is now forcing it to abandon in Europe. Without this centralized defense, many of these threats could reach users through alternative channels.

What Happens Next?

Apple's bold letter has put the ball back in the European Commission's court. While Apple has complied with the request for information, it has also publicly challenged the coherence of the EU's entire digital regulatory framework. This standoff is about more than just a single investigation; it's a fundamental debate over how to balance competition, innovation, and user safety in the digital age.

The European Commission will now have to consider Apple's argument. Will it acknowledge the potential conflicts between the DSA and DMA and work toward a more integrated enforcement strategy? Or will it continue to pursue them as separate objectives, leaving tech companies and users to navigate the complex and potentially risky consequences? The outcome of this high-stakes confrontation will shape the future of app security and digital regulation in Europe and beyond.

Tags: App Store, European Commission, European Union

This article, "Apple Calls Out EU for Contradictory App Store Rules Under DSA and DMA" first appeared on MacRumors.com

Discuss this article in our forums



from MacRumors
-via DynaSage