Recently, EU regulators finalized the text of their Digital Markets Act (DMA), and took a bite out of Apple. The DMA is a behemoth of document, spelling out rules and regs designed to make digital companies more competitive. In the process, it strips away power from incumbents.
Exhibit A: Apple.
One of the rules relates to app stores. Specifically, it requires “gatekeepers” (Apple in this case) to give users choices about where to get apps. That could be from Apple’s AppStore, another app store (ex. Google Play), or directly from a 3rd party website. Apple calls anything that’s not from their store “sideloading”, and they do not like it… not one bit.
Here’s some history on the DMA according to the European Council:
The DMA was proposed by the European Commission in December 2020 and agreed by the European Parliament and the Council in record-time, in March 2022. It now moves into a six-month implementation phase and will start to apply on May 2, 2023. After that, within two months and at the latest by July 3, 2023, potential gatekeepers will have to inform the Commission of their core platform services if they meet the thresholds established…
In the last few years, Apple has gone out of its way to emphasize the importance of user privacy and security. Remember commercials like these from last year?
This was around the time they launched “app tracking transparency”, kneecapping Meta and others who depend on detailed tracking for ad revenue. To me, it seems they were also lobbying – in the court of public opinion – against DMA-styled regulation.
Apple even released a lengthy rebuttal paper in 2021, pointing out the risks of adopting this DMA rule. This is the real, no-BS cover page they put on the paper:
Those cyber-pirate beetles are omnious. Here are the paper’s key points (full doc here):
This is bad for users. Downloads are riskier, and malware will spread more easily.
This is bad for institutions. Those that sideload are more exposed to cyber attacks.
This is bad for developers and advertisers. Fearful users engage and spend less.
I don’t agree with all of this, but I can certainly imagine how this might make the user experience worse. And even if you don’t fall for malware traps, there is something to be said about having Apple as a custodian of your data, helping prevent companies from abusing or over-sharing it, that I find comforting.
What they don’t say, but which is incredibly important, is that this is a major business risk to Apple. It could crush their EU revenue.
Imagine you make apps. Before, 30% of all your revenue went to Apple. Now, under DMA, you could sell to iPhone users in another app store (if they’ll agree to below a 30% cut). Or, you could send customers to your website for direct downloads, and you avoid giving anybody a cut. You could even define different prices for each of those three channels.
The DMA does give gatekeepers some authority to do security reviews for sideloaded apps, so it doesn’t fully remove Apple’s power. But it definitely weakens it.
So the natural question: what about in the US?
Well, Congress had a bill mirroring most of the DMA. It was co-sponsored by Republican Chuck Grassley and Democrat Amy Klobuchar. They worked on it for few years, and at one point in 2022 had close to the 60 votes needed for a filibuster-proof passage in the Senate. But it fell apart when tech companies spent ~$100M lobbying against the measure (more on that here, from Bloomberg).
Given that this is definitely happening in Europe, it seems like just a matter of time before it happens elsewhere. I’m not surprised to see Apple fighting for the status quo in the meantime.
What else can they do?
If Apple can’t charge app makers the 30% (ostensibly for security) – maybe they could charge users instead. Offering premium security features and services could help replace this revenue. It’s like their AppleCare or iCloud business models, but for security.
In case you forgot, the cybersecurity industry is absolutely exploding. In the latest McKinsey report, they project at least 10x growth to a total addressable market of $2 trillion (link). For a big tech incumbent searching for the fountain of youth, jumping into security – and capitalizing on a major inflection point – is a natural next step.
Apple is run by smart folks, so I’m sure they’re considering all available options. We’ll have to wait and see how they innovate and fight back.