Exactly, that's actually why I LIKE this decision so much. I'm not on Apple's side, but I REALLY like the idea that a company just says, "Fine, we'll comply by not even offering this product." It's a perfectly legitimate choice, and it FORCED Apple to evaluate the pros and cons.

I want more companies to not get exemptions and thus not offer law-breaking products. I LIKE that the government is saying, "fix it or don't bring it here" and Apple just has to live with it. I like that Apple also is refusing to just bend over to the EU. We need more of these types of conflicts so we can work out good regulations, and not just always bend over and take it from whatever party won.

While I like a lot of Euro regulations, some of the privacy ones go too far with the whole "we're going to enforce this on the whole world" crap. I like California's method of "to sell it here you have to have this but we're not going to sue you for selling a noncompliant product elsewhere."

I think the worst is hugely impactful laws for which exceptions are constantly carved out so nobody can truly evaluate whether the law/reg is a good one or not.

https://www.gesetze-im-internet.de/englisch_stgb/englisch_st...

Sure, there's a messaging component to this. However, any company that isn't trying to just skirt the law will aim to do this sort of thing correctly, and it's an enormous effort.

100% - just like Apple making such a grandiose show of "privacy" - "Privacy" for Apple eventually led to Apple specific and Apple-only allowed ads in first party apps and now Siri connecting to Google servers.

But Apple's position here is actually really wild: Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws? Didn't they consider that while designing the product?

This is quite the contradiction.

The one legacy in Apple that Steve Jobs left behind is their distaste for taking risks that lose them money (ChatGPT was going to be their AI core... but then they had Altman ousted, so they backed away and partnered with Google instead), and spending money. I think they're still the only company with a kitchen in the valley that still makes employees pay for their own lunch, and the reason is the most BS reason that Steve Jobs pulled out of his rear end. It's so the employees appreciate the lunch, really?

Literally anyone could whip up an AI service, get people to use it and just browse the unencrypted logs for data to sell.

Which is the issue Apple is having.

It’s not like the feature is fully finished.

If it took another year to get out the door and be compliant, do you think they would’ve wanted to wait? Or do you think they would rather launch now and then provide a compliant version later?

To follow along that line of thoughts, the requirements they are actually asking for proper DMA compliance would probably go right in that direction tbh.

I, for one, am happy Apple is taking a stance, and, as an European would really much like my government to stop asking ridiculous things that do not profit the consumer.

Is Apple incapable of designing a permissions system that allows a user to grant access to email and messages to an app of their choice?

We already download apps and grant them permissions to subsections of personal data on our devices.

I don’t believe Apple is incapable of designing a system that respects a user’s choices and granted permissions.

They already claim to care about your freedom and privacy. Now they can prove it.

The DMA mandates that Apple allows for competition, which (if you believe in capitalism) is good for the market overall. It's essential to stop big tech from abusing their market dominance. However Apple would prefer to not allow competition for their digital products on any of their hardware.

The way Apple Health exchanges data with 3rd-party trackers (Fitbit, Garmin, etc.) is very well built and a good model of how other components in iOS could allow data exchange with very granular permissions.

Apple touts the "Private Cloud Compute". If they found a way to share your personal context to process on their cloud in a private and anonymized way, there is no reason the same process couldn't be used to handoff data to a 3rd party AI provider.

No. Only if you would consider the Linux/macos/windows filesystem API a backdoor too. On your desktop any app with sufficient permissions can read all your data. Would you call that a backdoor?

So Google chose to be evil, now they have to rip all the evil out and redo it from scratch. Can't say I have any sympathy. Should have done the right thing from the start.

EU wants Apple to open 'Siri AI', with access to a personal context, open to other model/AI providers.

Apple says "We can't do this in a privacy preserving way".

The DMA isn't a privacy law. In this case, the DMA would appear to require Apple to open up all user data to any AI agent. That removes the ability to provide privacy protections.

You can argue Apple should do that, but you can't in the same breathe argue for privacy.

The only difference that I can see here is that the standards layer hasn't solidified yet.

Zero idea if its true tho.

the core technology fee is a big obstacle to alternative app stores.

openclaw is massively popular. there is a lot of diversity in "persona" agents, which are different than coding agents or the agent apple demoed. they're not all the same.

i don't know, i don't think you have any idea what you are talking about.

I know it’s not quite as simple as that but I do think it shows Apple are more interested in blaming the EU than reducing the potential issues ahead of time.

Complying with complex privacy laws is surprisingly orthogonal to making a product with good privacy.

In another regulatory area (not privacy, but something more historically regulated) we ran into strange situations where complying with the letter of the law would require us to walk back things that we had done in a better way. The laws are not simple and they're not written by engineers or even people who understand what future product needs look like.

Here's their argument in their own words: https://www.apple.com/newsroom/2026/06/due-to-dma-siri-ai-de...

At the same time, this potentially opens up the entire worldwide market (imagine EU iPhones being imported into US to use with OpenAI or Claude Cowork), and they probably made the estimation that keeping EU out is still better value (70% of the market all to themselves) than fair competition in the 100% of the market (I guess they estimate they might get less than 70% in that case).

Or they are hoping that EU customers will want Siri AI enough to campaign for a change, but I'd find that highly unlikely.

Lemma 2: you are obliged by other regulation to offer equal access to user data to third parties, so others can build equivalent functionality (DMA).

Lemma 3: malicious third parties will absolutely try to abuse the access and trick the user into sharing their data by all means possible. You will be held responsible in court of public opinion at minimum and legally at maximum if/when a malicious third party abuses said access.

This is a hard, possibly technically unsolvable problem no matter how much money you might have, because the root issue is not technical, it's the fact that you legally have to give third parties access and no way to control what they do with it - and as others have mentioned in the threads, it's exacerbated by the fact that the regulation doesn't say "this is okay and this is not", it is vague and judges things "by outcome", so you may spend all the time in the world implementing a solution you think will work, and then get hit by fines/lawsuits because the implementation is judged as not sufficient after the fact.

Have some dignity. We all deserve the right to fully own our general compute devices.

While I can appreciate the reason for the DMA, people don't have to buy Apple devices, they can buy any type of phone they want and just use the ecosystems provided by these phones.

This is true of most things that involve legal. Laws are not code, in basically any jurisdiction they are subject to interpretation, and just because you've dotted your Is and crossed your Ts, doesn't mean an enterprising enforcement agency won't still come after you

How? How do you safely handover effectively every single bit of data on someone’s phone to any third-party company and preserve privacy?

Sure you can try and demand agreements from the third parties but will the EU see that as a move to limit competition?

Ignoring all other concerns it is a rather thorny problem.

I don’t think the EU would accept, and as a user I certainly wouldn’t accept, having to agree to a pop-up every time I used any feature that used any data on my phone that might go to a third-party AI.

Apple frames this as a privacy issue when it's only a brand/control issue.

The requirements are not onerous, it is the basic preemption of monopolist behavior.

Qualifying "random apps" is something that is a true challenge, but that holds regardless of the API being offered — the problem is that Apple saves some programming API only for themselves, instead of introducing acceptable & objective market terms to be met (if deemed unsafe, they could require companies to demonstrate compliance with things like CRA to get access to these APIs).

Seriously EU folks need to come to down to earth sometime.

Apple wants to implement features that access data locally. It doesn’t want to allow competition for offering those features, but if it did, competitors may use that access to local data to exfiltrate.

So it is about both competition and, as a result of creating competition, privacy.

I’m not saying I believe that’s the real reason here. But it is broadly true. Ask any company that offers a free tier where most of the complaints and problematic customers come from.

Oh come on. Apple doesn't want to give up control. That's what this is about. The privacy thing is just to make them look good

Apple is free to do what they want. The EU can go and try and build their own iPhone (good luck with that).

One of the issues here is that there are many people with strong opinions that don't understand the thing they have strong opinions about. Which is the normal state of human affairs.

This slows down deploying the system globally. Particularly if the target is moving, it may make sense to build lightly so one can pivot, and then build in the compliance stuff after you know you have a winning configuration.

The EU has its laws. Apple has its strategy. The only thing I fault anyone on is the public bickering.

I suppose if you think these rules are reasonable, you’d be happy to not have this functionality. The rest of the world will be happy to not allow third parties access to our data.

As a small developer, the cost to support something like this would be so overwhelming I wouldn’t consider supporting the EU officially.

At what cost? This is Apple’s second bite at AI. Giannandrea fucked up the first time. I’m honestly with Cupertino on not over complicating it the second time around. If they found the right mix of features and architecture, great, then work to port it to high-bar jurisdictions.

Maybe it's more because the privacy is largely marketing and helps with continuously shutting out competitors under the guise of privacy?

If they really cared about privacy, they would end-to-end encrypt iCloud backups [1] by default and not just when ADP is enabled, which only a small subset of users do. In fact, many technical people I know don't even realize that iCloud backups are not end-to-end encrypted. At any rate, this large hole opens a lot of data (including iMesssage) open to Apple, law enforcement, etc.

https://support.apple.com/en-us/102651

[1] And iCloud Drive, and photos, and notes, and voice memos, and wallet passes, and contacts, and reminders, and...

That's not the case. it's merely software (exactly like my iPhone 16 lacking the promised AI features claimed at WWDC24).

Anyway as I'm now within the EU with phone I bought before moving to the EU, regional features (or restrictions) depends on the logged in account and device regional settings. Except physical considerations (eSIM design, actual radio transceivers). The hardware is the same thank god.

If Siri wants to be seen as anything it should first support every EU language and they can work from there.

* If you allow the user to grant those privileges to third-party applications, they can grant it to applications that abuse it, resulting in security and privacy risks. You might even be blamed for allowing them access (e.g. the famous Cambridge Analytica scandal).

* If you don't allow the user to do that, third-party tools won't be able to serve those needs, which can be considered anti-competitive preferential treatment of your own tools.

Apple themselves have claimed recent EU compliance has led to over 600 new or changed APIs in the OS.

I've spent a fair amount of time with my iPhone in both the EU and the USA, have local cell service registered in both regions. its nothing as simple as a geo-location check anymore. It's a problem that has grown more complex over the decades too, as more and more countries implement their own slightly differing legislation.

Sometimes a company's incentives are going to be aligned with their users, but a lot of the times they won't and consumer protection regulation is useful.

Sometimes a government will have the good of their citizens in mind, and a lot of the times they will seek money and power just like companies do. Lobbies, fines, overreaching regulation.

The UK (and EU's attempted Chat Control) is some fascist bullshit. But allowing you to own the device you paid for and use it as you please (including letting you install whatever software you choose to) isn't.

Compliance with DMA would have Apple hand over system-wide access to AI features to third parties, which could compromise user privacy and security.

Laws vary from country to country, state to state, and they vary tremendously. Laws are also changing all the time. There's literally no way to predict what rules will be in place at any given time.

Also, adding code to meet some government regulation takes time and effort that (form the company's perspective) could be better spent building a product and making money. No one would "choose" to implement some random compliance rule unless they're forced to.

Tax laws are also quite easy, tax lawyers are only needed if you want to NOT pay what the country you're operating in is owed.

According to GDPR, the app developer is the "data controller" and thus ultimately responsible. Only in the case where Apple knowingly participated in unlawful behavior is it likely to be held accountable, and even then, in addition to the app developer. Obviously, if we are not talking about leaks from the actual App Store system (eg. Apple account logins and user data).

So while it sounds plausible, the legal framework is exactly not what you describe here — Apple can claim to want better protection for customers by not allowing third party apps, but EU rejects that (it can similarly extend to app store itself) and pushes for competitive landscape with DMA instead.

Mistral. I’d bet my bottom dollar that the French are the reason the EU is holding firm on its position.

Apple says hey so we're going to need some time to figure out if we can do that in a way that won't completely fuck over our users.

Very different than the narrative you're pushing

The one that’s so secret it’s not in any of the treaties that the sovereign nations that comprise the EU signed up for and implemented in line with their own democratic processes

That agency

Meanwhile they struggle to put together a border patrol, but advanced pan European surveillance apparatus that isn’t run by the US. Yeah bro

I don't know about every vendor, but Apple probably doesn't want to lose 27% of their sales.

I don't think there's a clear good guy/bad guy here.

I don't think you can call the process unrelated to the mother or the baby, they're both pretty important throughout the whole thing.

"They really don't try to fuck you over if you engage with them in good faith?"

"Yes, really."

People can also appreciate things they get for free though. I'd appreciate a free lunch, most places I've worked at, actually nowhere I've ever worked, EVER has given me a free lunch. Now if its a difference of paying for a quality lunch at a reasonable price, and not paying for lunch but its mediocre, then yeah, seems like a no-brainer.

I wouldn't be surprised if Steve Jobs implemented was a way to get them back into the green.

Also, TIL:

> Jobs, who notoriously took a salary of only $1 a year, used to "scam" Apple out of free lunches by scanning his badge alongside colleagues and insisting on paying for everyone, knowing the charges would just default back to Apple.

Skipping the EU makes sense if the company doesn't want to comply with regulations aimed directly at it.

> complying with the DMA from the outset could mean having to launch a year later everywhere.

Oh no! Anyway...

Once upon a time, companies delayed launches specifically so they'd launch a better product. That seems to be gone these days and end-users have garbage products as a result.

Besides that, Google has shipped many (not all) similar features to Pixels in the EU and have been for years.

As a small developer, you wouldn't fall under the DMA.

If it were the case, Apple would just say it (with receipts).

> I suppose if you think these rules are reasonable, you’d be happy to not have this functionality.

As a European Apple user I am absolutely OK with not having these functionalities, which I am 100% sure would not even work as advertised given the company track record.

The DMA was substantially finalised by 2020, and came into force in 2023. Apple's AI thing was developed with the full knowledge that it existed. The issue isn't personal data here (that'd be the GDPR, and maybe to some extent the AI Act). The DMA is about _competition_. The EU's issue here is that Apple is giving its own AI thing a level of access unavailable to other vendors' AI things, I'd assume.

> As a small developer

You are not covered by the DMA. You'd need an EEA turnover of 7.5bn and/or a market cap of 75bn, for a start. And you'd also need to be a _platform_. The DMA only really applies to a few companies.

Is it possible to do that with absolutely any company that wants to be able to be the AI on your phone? Are most of those companies even capable of handling something like that?

That’s thorny.

If you want to you could still use Apple or another provider you decide to trust - or even one that does everything locally. The competition would still have to follow GDPR after all.

Do you really? The only two types of operating systems for phones that you could reasonably use are iOS and Android. So it's either Apple or Google.

Imagine a world, in which you could only consume Apple or Google services on those phones. No more Netflix or Disney+ on iPhones - only Apple TV Plus because the streaming video API is not available to third party apps. I think there are plenty of other examples to demonstrate the point.

A free market doesn't work if you have a duopoly. A free market requires the freedom to choose between different services, which Apple is trying to limit by only allowing Siri AI to access specific OS interfaces.

Not sure why some people on hackernews support more locked down operating system.

It looks like Apple is framing this as a privacy issue as a marketing tactic so that consumers will blame the EU when Apple COULD implement it without endangering privacy.

I totally agree with you in principle here, but Apple have a pretty large vested interest in not supporting interoperability here (and in the other cases, like Mac mirroring) so I honestly don't see that happening at all.

This is purely a lobbying move against the EU to get EU citizens/politicians to complain about the laws and get an exemption.

And to be fair, Apple's business model is currently structurally incompatible with a lot of the DMA (which I personally think is a good thing), so they kinda have to fight it for a while.

It would be good for US companies to know that EU laws are not "guidelines", just as US enforces their laws on companies from outside.

This looks to me like yet another bet from Apple: "they'll buy iPhones anyway, let them wait".

Bad comparison. Launching with GDPR compliance isn’t particularly taxing if you’re already complying with California’s CCPA. (You need your twenty-eight EU law firms on retainer, but the big firms package that conveniently.)

Copyright theft in AI, on the other hand, is a global phenomenon.

DMA is most akin to the U.S. system of designating financial institutions SIFIs and then putting a bunch of extra requirements on them. Almost intentionally onerous. Hence ringfenced to select large companies.

Someone has to understand the codes and how they might be applied to a specific project, and direct a project such that the outcome will comply.

Codes dont provide a blueprint for a house or a bridge. They stipulate features and properties that it must have. Design resides with the firm.

Privacy isn’t complex, compliance is.

> Tax laws are also quite easy

Yet audits are still a pain.

> tax lawyers are only needed if you want to NOT pay

This is nonsense. Tax lawyers are sometimes used to skirt the law. They’re much more often there to help prove you followed it.

Legally, maybe not, practically it becomes their problem.

They’re not going to over a single unproven feature.

This one does not appear to be Apple being a dick, like they have been on the App Store and a number of other things.

There's entire industries of experts who work on these tasks, and they don't just work for people trying to skirt the rules. I've hired people for both tasks and the reason was specifically to comply.

The smartphone is probably the most sensitive device most people own. It knows your location always. It has your banking apps. Your password manager. Your instant messages, and social media chats, it knows whether you’re walking, or driving, or talking on the phone, and to whom.

Once Apple allows any other vendor to vacuum all of that intensively private information out of an iPhone, Apple becomes indirectly responsible for potentially massive privacy breaches.

Couldn’t someone argue that they “knowingly participated“? Do you think they want that risk?

Never underestimate the power of a really, really, really irritated counterparty.

access to all of your messages, photos, what's on your screen, browsing history, etc. Apple says hey so we're going to need some time to figure out if we can do that in a way that won't completely fuck over our users.

The point is that if Apple's model gets all that access, they should give others access to those APIs as well, otherwise they are giving themselves benefits over the competition. A company can do that, but not once they are considered a gatekeeper in the EU. It's up to the user to choose an LLM provider that has good privacy rules (or stick with Apple if there is no other provider). That's fair competition, a user can weigh pricing, privacy, etc. and make their own choice. Now they are stuck with Apple and have to get an iCloud+ subscription to fully use the AI features. The 18 month delay is not to figure this out, it's to entrench themselves as much as possible first.

Following your line of reasoning, if Apple had this behavior in 2010-2015, instant messaging applications outside iMessage wouldn't have the option to ask access to your contacts (privacy), no possibility to share a location in a chat (privacy), no means to show notifications (probably privacy too), etc.

It's surprising how much people are willing to do the bidding of tech oligarchs. Remember, this is the company that has spent years doing malicious compliance around the DMA and DSA, why should they be trusted this time?

Will the EU enforce the same for 3rd party integrations?

Apple came out of nowhere and invented the smartphone because the existing system was controlled by the telcos and horrible phone technology. The same thing can easily happen again.

It makes no sense to limit Netflix on phones and people would probably stop buying iPhones.

If the EU wants an "open" phone ecosystem, they should foster real innovation in their space and build it themselves.

Furthermore, if we lived in a world where the two main OS's were locked down to an insane degree, we would also have plenty of alternative operating systems. The reason we don't today is because we don't really have a need for it, in the same way linux has a monopoly on servers and nobody really cares.

EU can’t and won’t enforce the same rigour for 3rd party cloud AI. Which is the problem for Apple.

If said 3rd party service leaks private data, guess which company is going to be in the BIG HEADLINE and which one will hardly be mentioned in the news?

You have more safeguards if it’s running on your own metal. It’s reasonable to want to understand that better, perhaps with your own red team, before opening up customer data to actual potential hostiles.

Just imagine a European bank publishing a press release about how onerous the US credit card consumer protection laws are, or a Japanese car maker publicly whining about European car safety testing protocols delaying the market release of some of their models. Apple really is behaving in a very unusual way here.

And even though I don't like the implication of this (the law should not disadvantage anyone purely for being critical of it), I can't help but wonder how many fewer pages the DMA would be if Apple had engaged with its predecessors in good faith instead.

It's not that we particularly like the EU government here in the EU. But we do like when they make pro-consumer laws.

It can be more than one thing. It’s a lobbying move, to be sure. But it’s also almost certainly a time-to-market and potentially cost-mitigation play, too.

DMA was designed to be a comprehensive regulatory suite. Lawmakers knew it would be onerous; that’s why it only applies to large companies.

Also, the DMA’s interoperability requirement creates external partners. Let’s face it, Apple’s track record with Siri sucks. If they launch a system and it is crap again, they may not now want an entire ecosystem of folks who will cry foul if they dump the API and start over.

> Do what you have to do to comply with the law and release, as always

Just follow the law. If that means not releasing in a jurisdiction, do that and then don’t tweet snotty things about it. (Siri AI isn’t launching in China, either. I don’t see PMs complaining about that in public.)

Yeah that needs to stop. This is kinda why the DMA was created in the first place...

NIST, MS, and the security community all recommend against forcing people to change their passwords on fixed intervals. They should only be changed when there is an indication they have been compromised.

PCI requirements demand mandatory 30 day rotation intervals on user passwords for users with administrative privileges, IORC. Something like that.

They haven’t kept up. So until they change the rules you can either be PCI compliant or implement the current best practice. Not both.

Nothing holds them from having designed this as an API that others can use where the user has permission toggles of what data they want to share with the LLM provider.

However they are also a 100,000 pound gorilla. If you fight with Apple over $ISSUE, even if they’re right in that case, you get headlines and possibly PR points. Lots of people here are quite happy to be mad at Apple. And other companies take notice that you’re serious.

If you argue with a tiny company from Spain, most of the world doesn’t care and you get no headlines.

Apple is complying with EU law by not releasing a feature that is not compliant with EU law. And the EU appears to be trying to make hay over that fact.

Yes. They SHOULD. So how did they do that without throwing away their privacy promise or running afoul of the privacy laws?

I could almost feel sympathy if it were something to do with some contract that Apple signed with their AI provider. Who's that, Google?

Ahh, a "competitor"? Yeah... cry me a river.

Why should they? If the user decides to trust a third party, Apple shouldn't retain veto power for the customer's choice.

This is how macOS treats apps like OpenClaw. It can absolutely work for iOS too.

https://security.apple.com/blog/expanding-pcc/

Those make up 0% of the market [1], which classifies Apple and Google as gatekeepers.

[1] https://gs.statcounter.com/os-market-share/mobile/europe/

Many Europeans are upset that Apple blames Europe that they cannot implement this because it would sacrifice privacy. (Which is kind of ironic, because the EU has nearly the best privacy protection worldwide.)

Apple doesn't care about privacy. By default (without ADP), your (i)Messages, Drive files, contacts, calendars, backups of data from third-party apps are not end-to-end encrypted [1]. US law enforcement can request it. EU citizens are not protected because the US can use the CLOUD Act to demand the data. If Apple really cared about privacy, they would have closed that hole long ago.

[1] https://support.apple.com/en-us/102651

If you have a market with a handful of companies producing good products, and a handful of companies producing shit products nobody wants or buys, you cannot claim that the companies producing the good products are "gatekeeping", and that's the reason why nobody buys the shit products.

Everyone constantly does!

Besides that, the law is the law and the DMA/DSA has been around for years. Why should they get an exception is one part of a duopoly?

If Apple extended that philosophy to other vendors then yeah, it would be deliberately unfair and anticompetitive.

It doesn't matter how they became gatekeepers.

In the aggregate, I agree, but in tech things are pretty loose outside of California.

Even if you could make all the other possible vendors run private cloud compute style stuff that would be a lot to manage.

And I can’t imagine the EU would like, and as a user I would certainly hate, the “OK you can use Grok but you lose all privacy too bad“ dialogue box they could make.

Most sysadmins know that hash matching only mitigates a small subset of rare upstream attacks. Apple could still be MITMing the whole thing (SSL added and removed here :)) and no auditor would get the chance to check. The offered audit is so weak that I would not trust any FAANG business to administrate it.

Apple is once again demanding arbitrary centralization to give them an undeserved veto power. None of this is for security.