New EU rules on digital market are intended to clip wings of big tech companies. Will they work?

A new era for Big Tech is here. As of March 6th, large online platforms must comply with Europe’s Digital Markets Act (DMA), and all the obligations that come with it, or face the consequences.

Big tech has been in the European Commission’s sights for some time. From antitrust investigations to curbs on collecting and using personal data, European regulators have been gradually chipping away at what has made Big Tech, big.

But in the past few years, things have stepped up a notch. In 2020, European Commission president Ursula von der Leyen promised to “rewrite the rule book” for Europe’s digital market, first with the introduction of the Digital Services Acts (DSA), and then with the Digital Markets Act.

What is the DMA?

While there may be some cross-over at times, the two acts have distinct targets. The DSA regulates the provision of services, with an eye on safety; the DMA is intended to ensure competition in the digital market, creating a level playing field for companies of all sizes.

Chinese AI start-ups power ahead in the race to overtake ChatGPT

---

Advances in MRI may open window for treating neurodegenerative diseases

---

Say goodbye to your passwords and start using passkeys

---

And now the DMA, which officially entered into force last year, is getting its real world run-out.

Specifically targeting the tech giants, the legislation lays down the rules for how the companies with large platforms and a big reach can act.

Why now?

It has been a long time coming. The act was proposed in 2020 by the European Commission and took more than a year to get political agreement. In November 2022, the DMA officially entered into force, and became applicable from last May.

Then the EU drew up its list of services – 22 in total – that it considered “gatekeepers” from six companies – Apple, Bytedance, Google, Microsoft, Meta and Amazon – and therefore subject to the rules. Those services included Google Search, Amazon’s Marketplace, Facebook and iOS.

Then the clock began ticking: six months to comply with the obligations and prohibitions laid down in the act for each of the 22 services.

What does the DMA say?

Among those obligations are allowing outside companies access to their services under specific circumstances, giving them access to data they generate as a result of that and allowing users to do business with their customers outside the platform.

Gatekeepers cannot treat their own products and services more favourably than similar third-party services on offer on the platform, or track users outside the core platform service to target them for ads without consent.

[ Big Tech braces for roll-out of EU’s Digital Services Act ]

In other words, many of the things that companies have done in the past and that have contributed to their growth, will now go against the new rules.

Who is affected?

Under the DMA, the European Commission can deem a digital platform as a gatekeeper if it provides a crucial gateway for core platform services between businesses and consumers.

But they also have to meet certain criteria: they must have a certain level of annual turnover in the European Economic Area, and provide a core platform service in at least three EU member states. They must provide a core platform service to more than 45 million monthly active consumer and more than 10,000 yearly active business users in the EU.

That is intended to ensure the larger companies are the ones who will be picked up by the DMA, rather than the smaller, growing companies who might find themselves stifled by the rules.

The DMA will bring changes for many tech companies designated as gatekeepers, but for consumers, the most immediate and visible will likely be seen with one company: Apple.

Until now, Apple has run a fairly tight ship with the iPhone. Its system is closed, with developers who want to get their software to iPhone users going through the App Store.

Under the new rules, Apple has to open its ecosystem. That means letting alternative app stores have a run at its customers

The App Store was already a concession of sorts to users. When Apple announced the iPhone in 2007, the only software that was allowed to run on it was created by Apple itself. Open it up – the thinking from then-chief executive Steve Jobs was – and you could introduce security threats or otherwise “pollute its integrity”, as author Walter Isaacson wrote in the Apple cofounder’s biography.

The only way around that was to implement an approvals process for the App Store, where software needed to stick to certain rules and be examined by a human reviewer to make sure it did what it said, and did not bring anything else along for the ride.

But the DMA changes things. Under the new rules, Apple has to open its ecosystem. That means letting alternative app stores have a run at its customers, and facilitating other ways for customers to pay developers for their services.

For consumers, it will in theory at least mean a greater choice of software and new ways to pay through apps that may not have been open to them before.

If you are an iPhone user, strap in: things are about to get interesting.

How will it work?

The ability to sideload apps for EU users will come with the new version of the software, iOS 17.4. Then it will be a matter of waiting for the new app stores to spring up. As they do, users will be able to download them from the developer’s website to their iPhone. Apple says it is already talking to a number of developers; games company Epic has also announced plans to create an app store for iOS.

It is early days yet, but prepare to see a number of alternative app stores spring up in the coming months.

What’s the catch?

For developers, they will still have a number of hoops to jump through before Apple will allow them access to iPhone users.

And while having more flexibility on what you can do with your phone is welcome, at the very least, customers will have to think a bit more harder about their security.

While opening up closed ecosystems might be desirable from a competition point of view, it also brings with it an inherent risk of introducing a security risk to your device.

In a note on its support page, Apple has made its opinion on the DMA obligations clear.

“The DMA requires changes to this system that bring greater risks to users and developers. This includes new avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats,” it said. “These changes also compromise Apple’s ability to detect, prevent, and take action against malicious apps on iOS and to support users impacted by issues with apps downloaded outside of the App Store.”

[ Apple rivals lobby European Union over App Store dominance ]

Apple has taken some steps though. To try to keep malware off its devices, it has implemented notarization for iOS apps, an automated system that will scan software for potential threats.

It is less stringent than the current system, which requires every app to be reviewed before it is published in the App Store. Apple said it terminated more than 400,000 developer accounts in 2022 for fraud, and stopped the creation of another 100,000.

While it isn’t a foolproof system, the review process can highlight potential security threats.

Will notarization have the same effect? Unlikely, but it will weed out some of the most egregious offenders. Apple has already tested out the process with Mac and its app store, so it isn’t unknown territory.

Other safeguards the company has put in place include an authorisation for marketplace developers and disclosures on alternative payments.

“Even with these safeguards in place, many risks remain,” Apple says.

If you have issues with payments, refunds or subscription cancellations, you’ll have to go to the developer or app marketplace rather than Apple

While Apple will still keep an eye on all apps that are installed on its devices, ensuring they are genuine and not stuffed with malware, there are other things to consider, specifically how the changes will impact on parental controls that so many families rely on.

The good news is that some of these parental controls will continue to work, regardless of where the app comes from. That includes Screen Time for limiting time spent on apps.

However, that is not across the board, for example with in-app purchases. Until now, if you bought an app or made a payment through an app on your iPhone, it would go through Apple’s systems. If there was an issue with a payment, or you needed a refund, your first port of call was Apple. And if you wanted to stop your child from buying items in a game, you could lock out in-app purchases, or require your child to ask permission to buy apps and items.

Because the App Store and its payments system won’t be used for some of these sideloaded apps, Apple is warning that restrictions on in-app purchases in Screen Time and Family Purchase Sharing, universal purchase and Ask to Buy are not supported.

And if you have issues with payments, refunds or subscription cancellations, you’ll have to go to the developer or app marketplace rather than Apple.

So it is a case of buyer beware – and it is time for the rest of us to start brushing up on our mobile security knowledge.

• Sign up for push alerts and have the best news, analysis and comment delivered directly to your phone
• Find The Irish Times on WhatsApp and stay up to date
• Our In The News podcast is now published daily - Find the latest episode here