My evidence to the European Parliament on the DMA’s third-party app/app store provisions

This morning, I’ve been giving evidence to the European Parliament’s Internal Market and Consumer Protection Committee on the Digital Markets Act (which the committee led on). Alongside Epic Games, we discussed the provisions requiring “gatekeeper” tech firms (currently, Apple, Google and Microsoft) to enable users to install apps from outside the gatekeeper’s own app stores. These were my speaking notes:

  1. The success of the DMA third-party app/app store provision (§6.4) critical to the whole DMA project regarding mobile phones, which are main means of Internet access for many Europeans and globally. 90% of EU Internet users access the Internet via a mobile device, compared to 31% using a desktop PC [1]
    • Not just due to the high rates of commission currently charged, but also as means for gatekeepers to impose terms on app developers, so far as they are not explicitly prohibited by the DMA, and censor content (like Jon Stewart’s squashed podcast with US FTC chair Lina Khan). US Department of Justice: “Rather than respond to competitive threats by offering lower smartphone prices to consumers or better monetization for developers, Apple would meet competitive threats by imposing a series of shapeshifting rules and restrictions in its App Store guidelines and developer agreements that would allow Apple to extract higher fees, thwart innovation, offer a less secure or degraded user experience, and throttle competitive alternatives.” [2, p.3]
    • Obviously is upstream of other DMA provisions, such as §6.7 on access to OS/virtual assistant hardware/software features (which should be provided “free of charge”).
    • Android already allows 3rd-party app stores, side loading, automatic updates of stores and side loaded apps, and progressive web apps (PWAs), so this is a provision which will require more behaviour change from Apple. However, UK CMA found Alphabet still had 90%+ of UK downloads from app stores in 2021 [3, p.92]. CMA: “alternatives face material barriers such as indirect network effects and Google’s agreements which lead to the pre-installation and prominent placement of the Play Store” [3, p.119].
  2. Good to see these provisions prioritised by the European Commission (EC) (including by Executive Vice President Margrethe Vestager in her meeting with Apple’s CEO.) EC investigating whether Alphabet/Apple still obstructing app developers from steering customers to offers outside app stores, and Apple not providing meaningful choice on defaults and preferences.
  3. Was extremely worrying Apple initially announced it would not enable genuine side-loading [4].
    • Question about English vs German-language version of the obligation: ands vs unds…[4].
    • Good to see Apple is changing its position on this (was “pressed to do so” according to VP Apple Legal Kyle Andeer at compliance workshop (Christoph Schmon reported on LinkedIn)). 
    • But requirement for developers to be enrolled in Apple Developer Program for two+ years and have an app with 1m+ first annual installs in the EU in the previous year [5] do not seem proportionate.
  4. Scare screens [3, p. 113] and limits on automatic updates when outside the EU more than 30 days [6].
    • Importance of EC attention to user experience details. (The Verge commented on Apple’s current process for users to install new app stores: “It’s not a tricky procedure to follow, but there are enough steps and scary language to make it irritating and act as a deterrent — especially when Apple’s App Store only requires a single click to get going. It’s hard to view this as anything other than the company’s attempt to sap people’s energy and dissuade them from carrying on, especially given Apple’s historical prowess at designing user experiences.” [7])
    • For protection of overall digital environment, gatekeepers absolutely should not be allowed to cut off security updates in order to shore up their market power.
  5. Alongside §6.4 is importance of §§5.7+6.6+6.7 for use of web apps. Again, Apple has been pushed back from initially disabling PWAs within EU. But concerning there doesn’t (yet) seem to be a plan/timetable to enable PWAs to be run on alternative web browsers/engines. CMA: “Development and usage of web apps is substantially lower than native apps and this is reinforced by restrictions on the functionality of web apps within Apple’s ecosystem, which also undermine the availability of web apps on Android.” [3, p.120]
  6. Apple’s requirement for “notarisation” might well be justified from security/privacy perspective, but in the medium term EC should look for options to enable cross-stakeholder consensus on what those checks should contain, and who can do them. See eg UK code of practice [8] (NB no. 4: Keep apps updated to protect users.)
    • Why no competition for app security/privacy validation to a consensual standard, and/or user choice over who they should trust on this? Recall macOS lets users override even minimal check for app signature. 
    • Allows Apple to impose its own organizational restrictions and potentially exposes a competitor’s trade secrets to Apple. It also (as we see with Spotify) allows them to keep the approval process in limbo. Maybe EC should compare approval KPIs to ensure fairness.
IMCO – Exchange of views on the implementation of the Digital Markets Act: compliance, with a focus on self-preferencing and app stores

I agree with Alba Ribera Martínez: “some of the solutions proposed by Apple may meet the threshold of not being blatantly contrary to the DMA’s goals of contestability and fairness but there are still many tenets of the gatekeeper’s technical implementation of the regulation that remain elusive and conflictful.” [5]. And while Alphabet has been (much) more open to date than Apple with third-party apps and app stores, we will see how the broad range of relevant DMA rules affects the market share of apps downloaded through its Play store on Android.

The DMA app store and related provisions take forward the important work of the EU with its 2015 Open Internet regulation, and will be equally important in ensuring contestable and fair markets in the growing range of industry sectors where apps play an important role [9].

Many thanks to colleagues who gave helpful feedback on earlier drafts of this statement.

UPDATE: I enjoyed this meme:


  1. Eurostat, Digital economy and society statistics – households and individuals, December 2023
  2. USA et al. vs Apple Inc., Case 2:24-cv-04055, US District Court for the District of New Jersey, 31 March 2024
  3. UK Competition & Markets Authority, Mobile ecosystems market study final report, 10 June 2022
  4. Ian Brown, Does the DMA require direct app downloads? Data protection and digital competition blog, 5 March 2024
  5. Alba Ribera Martínez, Apple’s DMA Compliance Workshop – The Power of No: Breaking Apart the Bundle? Kluwer Competition Law Blog, 19 March 2024
  6. Apple, About alternative app marketplaces in the European Union, n.d.
  7. Callum Booth, A first look at Europe’s alternative iPhone app stores, The Verge, 3 April 2024
  8. UK government Department for Science, Innovation & Technology, Code of practice for app store operators and app developers (updated), 24 October 2023
  9. Christopher T. Marsden and Ian Brown, App stores, antitrust and their links to net neutrality: A review of the European policy and academic debate leading to the EU Digital Markets Act, Internet Policy Review 12(1), January 2023