Apple said "hey, can we not comply with the law", the EU said no, so it didn't launch. Seems pretty straightforward to me.
I can see why Apple might want to request an 18 month exemption, there's clearly extra work required to comply with EU regulations. But on the other hand it also feels like a straightforward play for consumer sympathy: let them get used to using it every day for 18 months, then pressure the EU to let it continue or you rip the feature away and anger users (who you then point to the EU as the problem)
It's not as if Apple doesn't have the money to dedicate a team to matching the EU's requirements on a deadline. They just choose not to.
> It's not as if Apple doesn't have the money to dedicate a team to matching the EU's requirements on a deadline. They just choose not to.
Exactly, that's actually why I LIKE this decision so much. I'm not on Apple's side, but I REALLY like the idea that a company just says, "Fine, we'll comply by not even offering this product." It's a perfectly legitimate choice, and it FORCED Apple to evaluate the pros and cons.
I want more companies to not get exemptions and thus not offer law-breaking products. I LIKE that the government is saying, "fix it or don't bring it here" and Apple just has to live with it. I like that Apple also is refusing to just bend over to the EU. We need more of these types of conflicts so we can work out good regulations, and not just always bend over and take it from whatever party won.
While I like a lot of Euro regulations, some of the privacy ones go too far with the whole "we're going to enforce this on the whole world" crap. I like California's method of "to sell it here you have to have this but we're not going to sue you for selling a noncompliant product elsewhere."
Yes, exactly! Also forced EU voters to consider how much they value these services, and whether the regulations are worth it not to have them, or to have watered down versions of them. I say this without judgment - I see it as a legitimate area of consideration.
I think the worst is hugely impactful laws for which exceptions are constantly carved out so nobody can truly evaluate whether the law/reg is a good one or not.
> Also forced EU voters to consider how much they value these services
It's been a while since I left Europe, and I'm rusty on that particular layer of civics. Do EU voters actually have a say in this kind of regulation? Or is it all decided on the executive side which is only accountable to member states and not to individual citizens?
They do have a say. They can elect representatives who could change the legal framework and the incentives for the bureaucrats, or even remove the ability of the bureaucrats to regulate certain things. Then these regulations would not get passed and that would be that.
We have a say at a 4th level of derived decision, which is 2 levels more than what people call a democracy. Also, the other political party will do it too.
= We don’t have a say. We voted NO to the new EU treaties in 2008 and the new president decided that electing him meant that we approved the same treaties.
You have anything to back up that claim, or is it just knee-jerk drivel with no evidence based on your feelings and distrust of scary government bureaucrats?
I think you mean DMA, not DMCA. DMCA mostly protects copyright holders. DMA is about protecting users and competitors from platform lock-in. Bending for Apple would just make that lock-in harder to challenge.
DMCA provides some rather important protection for service providers (including small-scale services like web forums, not just ISPs and web hosts) - it makes them not liable for copyright violations by their users, so long as they take down infringing content upon receipt of a DMCA notice.
Yes. If a company in another country elects not to deliver a product or feature because of local regulations, consumers should take that up with their local legislators. That company has no obligation to sell something just because local consumers want it. And if those consumers want to bypass local regulations in some manner, that's their business.
You should remember that according to a court testimony the whole European area (which goes beyond EU) gives Apple 7% of their revenue, whereas breaking DMCA may incur penalties of ups to 10% of global turnover.
Those numbers make withholding "risky" products a no-brainer strategy. Also, those numbers put a hard limit of how much Apple will want reevaluate their general strategy of tightly integrated first-party software.
Google eng mgr here. I've worked on a few projects related to compliance with various government policies. This isn't "assign a two-pizza team to it, will be done in a quarter"; these types of compliance efforts can mean completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc. These efforts can involve hundreds to thousands of people for multiple years.
Sure, there's a messaging component to this. However, any company that isn't trying to just skirt the law will aim to do this sort of thing correctly, and it's an enormous effort.
To me that reads as an even greater reason not to delay it. If you knew the restrictions day one you’d be able to engineer the system to accommodate them. Waiting until post launch now means a massive amount of re-engineering.
I know it’s not quite as simple as that but I do think it shows Apple are more interested in blaming the EU than reducing the potential issues ahead of time.
> If you knew the restrictions day one you’d be able to engineer the system to accommodate them
This slows down deploying the system globally. Particularly if the target is moving, it may make sense to build lightly so one can pivot, and then build in the compliance stuff after you know you have a winning configuration.
The EU has its laws. Apple has its strategy. The only thing I fault anyone on is the public bickering.
If Apple is so pro-privacy like they claim, then they'd look for the most strict international privacy laws and abide by them. Then they could feel safe in knowing they could release the product anywhere. The fact they want to make the product available under the "rules" of the least privacy protecting countries first says a lot to me
How does that reflect poorly (or positively) on their privacy chops? The dispute is about a competition law, a law Apple is complying with by withholding this feature.
> If Apple is so pro-privacy like they claim, then they'd look for the most strict international privacy laws and abide by them. Then they could feel safe in knowing they could release the product anywhere.
Those are not equivalent statements. You're assuming that privacy is a one-dimensional quantity, so that anything that complies with "the strictest international privacy laws" automatically also complies with any other privacy laws. But this is not actually true. It can easily be the case that every national law allows some set of behavior (different sets for different legal systems), at the same time that the intersection of all those sets is empty.
Apple's concern is at the intersection of DMA and privacy. Apple is worried that other parties having the same level of data access that Apple has today would create privacy issues. This is because Apple's current privacy posture is "Trust Apple with your data" rather than "Trust no one with your data - including Apple", but that would be less profitable, but would have prevented the request for an exception because Apple would be on an equal footing with everyone else, if all they could see was client-encrypted data indistinguishable from random bytes.
> This slows down deploying the system globally. Particularly if the target is moving, it may make sense to build lightly so one can pivot, and then build in the compliance stuff after you know you have a winning configuration
This kind of approach is how startups justify everything, however for established companies this would be backward.
I get a feeling that Apple never wanted to do it. They already knew the compliance requirements existed and if they would have wanted to test things then the narrative could have that they are rolling out in other markets first and would roll out with compliance in EU later. Asking for exemption was a bet they tried to play here, they lost and now spinning the narrative.
Nothing usually gets fixed by making belligerent appeals to emotion in the court of public opinion (which, in the EU, isn't nearly rooting for Apple as much as they might imagine, fwiw). If you want to launch something in a market you know to be heavily regulated, you figure it out or you don't launch. Sure, drop a hint here and there when asked in interviews about your product strategy, but you generally don't pick a public fight with the regulator or legislator in question.
Just imagine a European bank publishing a press release about how onerous the US credit card consumer protection laws are, or a Japanese car maker publicly whining about European car safety testing protocols delaying the market release of some of their models. Apple really is behaving in a very unusual way here.
And even though I don't like the implication of this (the law should not disadvantage anyone purely for being critical of it), I can't help but wonder how many fewer pages the DMA would be if Apple had engaged with its predecessors in good faith instead.
> imagine a European bank publishing a press release about how onerous the US credit card consumer protection laws are, or a Japanese car maker publicly whining about European car safety testing protocols
Both of these happen. European banks complain about American securities law. And all manner of car makers delay releasing vehicles in America and the EU.
Yet. But they are probably working with Chinese partners (including the government) on releasing something (maybe with Alibaba models instead of Google models, on a Chinese-local cloud rather than google cloud).
A quick check showed it is estimated that Apple gets about 18% of it's profits from China but only maybe 7% from EU countries (ignore Apple's definition of Europe!).
Maybe China is easier to work with - perhaps their rules are made clearer?
China has 1.4 billion people and they are rapidly increasing their wealth. The only surprising factor is that Chinese cell phone providers haven't eaten up their marketshare yet.
I imagine complying with all kinds of laws and regulations slows releases in some way or another and having none of them would allow people to ship faster, so what makes these EU regulations so distinct? Do what you have to do to comply with the law and release, as always.
> complying with all kinds of laws delays release in some way or another and having none of them would allow people to ship faster, so what makes these EU regulations so distinct?
DMA was designed to be a comprehensive regulatory suite. Lawmakers knew it would be onerous; that’s why it only applies to large companies.
Also, the DMA’s interoperability requirement creates external partners. Let’s face it, Apple’s track record with Siri sucks. If they launch a system and it is crap again, they may not now want an entire ecosystem of folks who will cry foul if they dump the API and start over.
> Do what you have to do to comply with the law and release, as always
Just follow the law. If that means not releasing in a jurisdiction, do that and then don’t tweet snotty things about it. (Siri AI isn’t launching in China, either. I don’t see PMs complaining about that in public.)
No one complains (out loud) about US regulations either. Ultimately it’s about the weight you can throw as well as PR. Probably easier for Apple to make the EU look bad and drag their feet on it. I imagine they’re still not thrilled about the Lightening->USB-C change
Okay? I don’t see the problem, these requirements are known from the beginning so if complying wasn’t planned and requires re-architecturing the software to make it happens that’s on the engineering org not on the EU regulator. Unless I’m missing something?
These are relatively recent and may have come into force after development began, definitely after Siri development an initial integration into personal data.
I suppose if you think these rules are reasonable, you’d be happy to not have this functionality. The rest of the world will be happy to not allow third parties access to our data.
As a small developer, the cost to support something like this would be so overwhelming I wouldn’t consider supporting the EU officially.
> These are relatively recent and may have come into force after development began,
If it were the case, Apple would just say it (with receipts).
> I suppose if you think these rules are reasonable, you’d be happy to not have this functionality.
As a European Apple user I am absolutely OK with not having these functionalities, which I am 100% sure would not even work as advertised given the company track record.
> These are relatively recent and may have come into force after development began, definitely after Siri development an initial integration into personal data.
The DMA was substantially finalised by 2020, and came into force in 2023. Apple's AI thing was developed with the full knowledge that it existed. The issue isn't personal data here (that'd be the GDPR, and maybe to some extent the AI Act). The DMA is about _competition_. The EU's issue here is that Apple is giving its own AI thing a level of access unavailable to other vendors' AI things, I'd assume.
> As a small developer
You are not covered by the DMA. You'd need an EEA turnover of 7.5bn and/or a market cap of 75bn, for a start. And you'd also need to be a _platform_. The DMA only really applies to a few companies.
The point is complying with the DMA from the outset could mean having to launch a year later everywhere. Skipping the EU makes sense in a fast-moving market (if you’re designated as a gatekeeper).
> Skipping the EU makes sense in a fast-moving market (if you’re designated as a gatekeeper).
Skipping the EU makes sense if the company doesn't want to comply with regulations aimed directly at it.
> complying with the DMA from the outset could mean having to launch a year later everywhere.
Oh no! Anyway...
Once upon a time, companies delayed launches specifically so they'd launch a better product. That seems to be gone these days and end-users have garbage products as a result.
> Skipping the EU makes sense if the company doesn't want to comply with regulations aimed directly at it
It makes sense if you’re prioritizing time to market and agility. Once you’ve nailed down your product, you can make it compliant for more-onerous jurisdictions. You see this in finance all the time, where the U.S. tends to have the tightest rules around e.g. betting and crypto.
> Once upon a time, companies delayed launches specifically so they'd launch a better product
Because software shipped in a box. Also, compliance is orthogonal to how good a product is. Siri AI might be crap. It might be great. It might be almost perfect and then made great on second release. Everything slows down if the entire development process has to deal with open APIs and lawyers at every turn.
It’s perfectly legitimate to say we’ll develop this in other markets and ship it to the EU when it’s fully baked.
Whatever Apple is cooking and however long its taken them, the DMA is not a surprise and they could well have been taking it into account from the very beginning.
> these types of compliance efforts can mean completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc.
Maybe the phrasing is unfortunate, but if compliance to the law requires a “redoing”, launching in that market was never a priority in the first place. That’s a completely legitimate choice, but usually companies whining about regulations are making a financial decision rather than an ethical one.
The point isn’t that it’s easy or straightforward to do. The point is that one of the world’s wealthiest companies can spare the resources needed to comply with the regulations of one of the world’s largest markets.
> one of the world’s wealthiest companies can spare the resources needed to comply with the regulations of one of the world’s largest markets
At what cost? This is Apple’s second bite at AI. Giannandrea fucked up the first time. I’m honestly with Cupertino on not over complicating it the second time around. If they found the right mix of features and architecture, great, then work to port it to high-bar jurisdictions.
> At what cost? This is Apple’s second bite at AI. Giannandrea fucked up the first time. I’m honestly with Cupertino on not over complicating it the second time around. If they found the right mix of features and architecture, great, then work to port it to high-bar jurisdictions.
I totally agree with you in principle here, but Apple have a pretty large vested interest in not supporting interoperability here (and in the other cases, like Mac mirroring) so I honestly don't see that happening at all.
This is purely a lobbying move against the EU to get EU citizens/politicians to complain about the laws and get an exemption.
And to be fair, Apple's business model is currently structurally incompatible with a lot of the DMA (which I personally think is a good thing), so they kinda have to fight it for a while.
It doesn't _have_ to stop - the features just can't ship in the EU while these requirements are in place, which is exactly what is happening here. The law is working as intended, just not in the way the proponents thought it would.
It can be more than one thing. It’s a lobbying move, to be sure. But it’s also almost certainly a time-to-market and potentially cost-mitigation play, too.
Having worked at Apple and similarly giant companies, the idea that "they have enough money to do it" is incredibly naive. Rewriting all the basic software primitives of the iPhone, or the Mac, or iCloud, or CloudKit, or choose whatever massive surface area this legislation impacts, is not a matter of simply spending enough. Doing so requires the time and attention of the very few subject matter experts who are able to competently do it. The true cost is to your strategy, your business plan, and your product roadmap.
So it becomes a purely business decision: Do we risk a 10% global revenue penalty to release this globally, do we release this everywhere the DMA does not apply, or do we simply not build it? And make no mistake, even if Apple moved heaven and earth to try to comply with DMA they are STILL RISKING the full 10% penalty if the EU decides against them.
Didn’t write “money”, wrote “resources”, but sure.
Yes, there’s a risk to releasing a product whenever you can be held accountable for that product. I understand that Apple seeks to be as unaccountable as possible.
So we ultimately agree with one another: Apple can do it, but doesn’t want to, for various reasons.
There wouldn't need to be a redo if the products had been built with compliance in mind. This law isn't something new; it's been around for years now. Not taking it into account from the beginning with the intention of operating in the jurisdiction means there's definitely intention to skirt. Particularly given the previous issues in the same department.
No one implements compliance goals for fun. If they didn't think they were going to have to comply, they wouldn't do it. If they thought the law would be overturned they wouldn't do it. Same if they thought they would successfully fight the law in court, if they thought consumers would revolt, if they thought that they were a Special Squirrel who would get exemption, or whatever.
Does this put them stupidly behind schedule? Yes, and bummer for them, but I highly doubt that a company as politically savvy, legally savvy, and wealthy as Apple would do this "by mistake".
It’s not an enormous effort if you plan for it. They clearly knew about this, and could’ve afforded to plan for it. Their whole shtick is locking users in, and DMA is their nemesis.
Yes, but also its much cheaper to build it in at the very start.
When we built pervert glasses research platform, if we'd just ignored the data privacy laws we could have built it much quicker. But, the only reason it took extra time is because
1) we had no idea what we were doing and
2) the lawyers had even less idea, so we had to do a bunch of reading and make a best guess.
Turns out the guesses were right, but it was painful getting the lawyers to understand.
I assume you're asking this in good faith, so I'll answer in good faith.
Laws vary from country to country, state to state, and they vary tremendously. Laws are also changing all the time. There's literally no way to predict what rules will be in place at any given time.
Also, adding code to meet some government regulation takes time and effort that (form the company's perspective) could be better spent building a product and making money. No one would "choose" to implement some random compliance rule unless they're forced to.
But EU has a pretty uniform laws, so this comes to just one issue: time.
Did Apple start working on this feature before EU implemented the law? This might be the case, but even if it was after, they could start working on implementing that sooner.
It would be good for US companies to know that EU laws are not "guidelines", just as US enforces their laws on companies from outside.
Sure but we're talking about the unified law of almost an entire wealthy continent here. It's EU ffs. Not some small island country in the middle of the ocean.
This looks to me like yet another bet from Apple: "they'll buy iPhones anyway, let them wait".
Because of move fast and break things mentality. Let's say if ChatGPT was launched respecting GDPR, or respecting copyrights, they would have reached nowhere.
> Let's say if ChatGPT was launched respecting GDPR, or respecting copyrights
Bad comparison. Launching with GDPR compliance isn’t particularly taxing if you’re already complying with California’s CCPA. (You need your twenty-eight EU law firms on retainer, but the big firms package that conveniently.)
Copyright theft in AI, on the other hand, is a global phenomenon.
DMA is most akin to the U.S. system of designating financial institutions SIFIs and then putting a bunch of extra requirements on them. Almost intentionally onerous. Hence ringfenced to select large companies.
> these types of compliance efforts can mean completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc. These efforts can involve hundreds to thousands of people for multiple years.
What if I tell you that there's a surprisingly simple, straightforward and above all very cheap solution: don't implement privacy-invading or anti-competitive features in the first place ;)
Sure let me wave a magic wand and have a data center that can meet all these regulations materialize before us. Yes I'm sure every American tech company is tripping over themselves rushing to build data centers that are subject to European taxes and regulations for the exact same compute.
> completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc
So Google chose to be evil, now they have to rip all the evil out and redo it from scratch. Can't say I have any sympathy. Should have done the right thing from the start.
The DMA has nothing to do with Privacy - it's an anti-competition scheme. Apple is saying that privacy is baked in to their approach, and they can't ensure that if they allow every other AI provider the same level of access.
So? It's also more effort to work everyday to earn a living than simply stealing what you need from your neighbors at gunpoint. But the law's the law.
As a European I'm conflicted because I think this particular set of privacy laws are overreaching bordering on stupid; but "exemptions" for one of the richest corporations on earth would be beyond absurd and infinitely worse.
> these types of compliance efforts can mean completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc. These efforts can involve hundreds to thousands of people for multiple years.
Then you should have done it right the first time.
Agreed, unless you specifically know how a regulator will interpret a broad requirement on a edge case it’s a lot of effort to even figure out what the plan is, much less implement it.
Privacy by design isn‘t enormous effort, as every European engineering manager will tell you. It‘s just another reasonable and straightforward set of requirements. Of course, if you want to have privacy-less features in jurisdictions permitting it, that‘s a different story and that‘s a choice.
The truth is very often that it is long and hard not to do the work to comply but how to not comply or do complicated things to abuse of loophole despite being able to pass the law on the letter of it.
Especially in the case of apple or Google.
Look at the app store situation. It is very straightforward to do the work for the whole thing to be open to any competitor. But it is hard to try to design and implement a solution to try to not break any regulations but still manage to keep users captive the maximum without having competitor entering our walled garden.
Yet Gemini had no issues to comply with EU's DMA and release on all phones?
Let's call it how it is: Android phones allow every competitor to run their chatbot in place of Gemini. Want Perplexity instead of Gemini? You can have it. Samsung launches with Perplexity as of late.
Apple? As always, went into "ay mate, too integrated, can't give the same APIs to competitors" lame excuse.
Appples architecture prevents them from seeing customers data (see Private Cloud Compute documentation). Data that Gemini Assistant (not referring to the distilled version Apple uses) see goes straight to Google. Big difference here.
Weird to say it but the only assistant with any guarantee for privacy by design is Siri at the moment.
That's not how the deal was announced. You don't pay Bs / year for a licence to gemini to send them your data. You pay that to run it on your own hardware, in your own garden, so the data stays put.
I know the internet is always anti big companies, but this is likely a "not worth it for now, we'll eventually do it" effort from Apple. The EU AI act is a mess, and the effort to simply know what they have to do to comply with it is likely going to take armies of people (not devs) and a lot of time, as the OOP said.
And the saddest part about it, is that Apple has the money and resources to sink into this. Think about all the small players that don't. This is yet again a miss for the commission, with the end result being an insidious form of regulatory capture. It sucks for those of us running small companies. Oh well.
I was referring to Google Gemini AI (their branding is horrible) - Google can see ALL of your interactions with their services - that's not what Apple gets to see
If the options are "launch in the rest of the world quickly and get to the EU later" or "launch everywhere at once years after the competition" PMs and execs are going to choose the latter every time.
Apple is just being the usual Apple being both an hardware vendor and giving it's own software advantages that competitors don't have and using the security bogus argument as always.
And yet, people believe that crap and jump into defending Apple as if being an Apple user is their identity, sad.
But read the article, the EU wants even tighter integration for third parties, so it’s not exactly like Google is out of the woods regarding the DMA and this.
Some features don't land in Europe because US companies can't handle the amount of languages. For them it is English and maybe Spanish or Chinese because they don't care how heybmake money.
No, this is unrelated from privacy. The issue is that the EU won’t allow the new Siri because Apple isn’t willing to open up the system enough for 3rd party AI agents to get the same functionality.
Because Siri is the brand and other competitors will dilute the brand with their inferior products, is the line of reasoning, I'm sure. I'm unclear on why apple is branding the AI launcher or whatever if it's just going to be a wrapper for a third party product, however.
> It could instead require third parties to improve theirs.
Apple made it sound like their proposal for that was rejected by the EU. And it would be consistent with previous regulatory decisions by the EU for them to not want Apple to be setting the rules for how third-party interoperability partners/competitors ensure privacy.
It seems to me that the EU has a preference for protecting privacy with legal mechanisms, and generally doesn't approve of Apple's attempts to protect privacy with technical mechanisms because that inevitably limits interoperability with systems that aren't designed around the same restrictions and assumptions.
For example, with Copilot, you get a contractual pinky promise that they cannot access your data.
Can engineers really not access ? Can the police really not access ?
It's like AirTag for example. Apple cannot access it because it's scientifically "impossible" by design, but if they sign-in to your account, well it's over.
Once Apple fills the right audit / certification / paperwork they will be able to enable that feature. It could also be a negotiation lever.
EU privacy laws are not there to protect your privacy, its there because the law makers don't know how modern privacy works and wants their name on the law so it seems they did something.
Uhm no, EU privacy laws are actually pretty simple: do not collect data you don't need without asking consent from a user first.
Which should IMO be the basic principle worldwide. But unfortunately in many countries, companies are more powerful than governments/regulators, so they get to grab everything they can get their hands on.
Do you think this is a problem with the EU? I don't. I think it's a problem in the way that Big Tech operates: by function of theft and laundering of data, and by screwing end-users and consumers in favor of profits.
As I follow the situation, it seems that regulatory uncertainty is a major issue though- the EU’s requirements are framed in terms of outcomes sought, rather than in terms that can be quantitatively shown as met or broken. So it’s not a matter of dedicating a team to meet a list of requirements, but instead navigating the worst case scenario of enforcement if post-launch the EU determines that the proscribed outcomes aren’t being met.
In this case it looks much simpler: Apple strictly does not want to open up the iOS platform to other competing agents, as they lose the monopolistic moat if they do. While making a true developer platform with good documentation is often hard and expensive, with the market access they'd get, companies would gladly jump on it even if it was badly documented as long as they have guarantees of continued legal access.
At the same time, this potentially opens up the entire worldwide market (imagine EU iPhones being imported into US to use with OpenAI or Claude Cowork), and they probably made the estimation that keeping EU out is still better value (70% of the market all to themselves) than fair competition in the 100% of the market (I guess they estimate they might get less than 70% in that case).
Or they are hoping that EU customers will want Siri AI enough to campaign for a change, but I'd find that highly unlikely.
> imagine EU iPhones being imported into US to use with OpenAI or Claude Cowork
That's not the case. it's merely software (exactly like my iPhone 16 lacking the promised AI features claimed at WWDC24).
Anyway as I'm now within the EU with phone I bought before moving to the EU, regional features (or restrictions) depends on the logged in account and device regional settings. Except physical considerations (eSIM design, actual radio transceivers). The hardware is the same thank god.
Those requirements are explicitly on the outcomes because companies like Apple used to abuse loopholes in previous, non-outcome defined laws. They, as always, have no one to blame but themselves.
A lot of regulation is legally defined in terms of outcomes. That in itself isn't unusual. Checklists of technical requirements are almowt always a derivative and a suggestion about a safe path to meet the regulated outcome. This is how "blessed" standards for e.g. medical devices work. This shields the laws themselves from overly technical discussions.
The only difference that I can see here is that the standards layer hasn't solidified yet.
> but instead navigating the worst case scenario of enforcement if post-launch the EU determines that the proscribed outcomes aren’t being met
This is true of most things that involve legal. Laws are not code, in basically any jurisdiction they are subject to interpretation, and just because you've dotted your Is and crossed your Ts, doesn't mean an enterprising enforcement agency won't still come after you
The intent matters, not the letter of the law. No loopholes, no bad faith interpretation. Just do what the law wants from you, if you make a mistake in good faith, you'll be given leeway to fix it.
> When interpreting EU law, the CJEU pays particular attention to the aim and purpose of EU law (teleological interpretation), rather than focusing exclusively on the wording of the provisions (linguistic interpretation). This is explained by numerous factors, in particular the open-ended and policy-oriented rules of the EU Treaties, as well as by EU legal multilingualism. Under the latter principle, all EU law is equally authentic in all language versions. Hence, the Court cannot rely on the wording of a single version, as a national court can, in order to give an interpretation of the legal provision under consideration. Therefore, in order to decode the meaning of a legal rule, the Court analyses it especially in the light of its purpose (teleological interpretation) as well as its context (systemic interpretation).
The criticism reads like people who don't understand a high trust society - which I don't think is actually the case here, more like assuming that the foreign guys are bad guys.
"They really don't try to fuck you over if you engage with them in good faith?"
Throwing infinite money at engineering problems doesn't move deadlines arbitrarily.
But Apple's position here is actually really wild: Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws? Didn't they consider that while designing the product?
> Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws? Didn't they consider that while designing the product?
Complying with complex privacy laws is surprisingly orthogonal to making a product with good privacy.
In another regulatory area (not privacy, but something more historically regulated) we ran into strange situations where complying with the letter of the law would require us to walk back things that we had done in a better way. The laws are not simple and they're not written by engineers or even people who understand what future product needs look like.
Complying with complex privacy laws is surprisingly orthogonal to making a product with good privacy.
Maybe it's more because the privacy is largely marketing and helps with continuously shutting out competitors under the guise of privacy?
If they really cared about privacy, they would end-to-end encrypt iCloud backups [1] by default and not just when ADP is enabled, which only a small subset of users do. In fact, many technical people I know don't even realize that iCloud backups are not end-to-end encrypted. At any rate, this large hole opens a lot of data (including iMesssage) open to Apple, law enforcement, etc.
It's incredible how people are acutely aware how technically inept regulators are (laws affecting their personal use of technology) and how quickly they side with regulators when a law affects how corporations use/create technology.
If regulators suck at understanding tech, they are making poorly thought out laws for corporations just as much as they are for you.
Respectfully, it sounds like you just haven't dealt with any significant tax or regulatory tasks.
There's entire industries of experts who work on these tasks, and they don't just work for people trying to skirt the rules. I've hired people for both tasks and the reason was specifically to comply.
NIST, MS, and the security community all recommend against forcing people to change their passwords on fixed intervals. They should only be changed when there is an indication they have been compromised.
PCI requirements demand mandatory 30 day rotation intervals on user passwords for users with administrative privileges, IORC. Something like that.
They haven’t kept up. So until they change the rules you can either be PCI compliant or implement the current best practice. Not both.
The exemption Apple wanted was not from a privacy law, but from the DMA. They never claimed to have an issue meeting their privacy laws when using their own product, it was other people's products that they said they couldn't guarantee the privacy of.
That's even worse, then. They are not responsible for other companies' products. So this is just another piece of anti-DMA propaganda then. They have been fighting it loudly and with toddler-level arguments since they became subject to it.
A huge part of Apple’s marketing, whether you believe them or not, is that they try to protect your privacy.
The smartphone is probably the most sensitive device most people own. It knows your location always. It has your banking apps. Your password manager. Your instant messages, and social media chats, it knows whether you’re walking, or driving, or talking on the phone, and to whom.
Once Apple allows any other vendor to vacuum all of that intensively private information out of an iPhone, Apple becomes indirectly responsible for potentially massive privacy breaches.
All of that happens only if the user chooses to do it though. Anybody is free to stay in the caged Apple garden. The EU just wants them to leave the door unlocked.
A door with a lock is different from a wall with no door. Same argument that gets made with government-keyed or government-breakable encryption schemes: it's better for everyone to not have the backdoor at all.
>But Apple's position here is actually really wild: Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws? Didn't they consider that while designing the product?
The DMA isn't a privacy law. In this case, the DMA would appear to require Apple to open up all user data to any AI agent. That removes the ability to provide privacy protections.
You can argue Apple should do that, but you can't in the same breathe argue for privacy.
EU wants Apple to open 'Siri AI', with access to a personal context, open to other model/AI providers.
Apple says "We can't do this in a privacy preserving way".
You can definitely question what their true motivations are, but it seems pretty plausible that there is a moral case for this system to not be opened up to other providers who may do a worse job at privacy than Apple (especially when you are Apple and you trust yourself).
I think there is a place in these sorts of ecosystems for privileged players. If you buy an iPhone you implicitly must trust Apple to some degree.
> EU wants Apple to open 'Siri AI', with access to a personal context, open to other model/AI providers.
Not sure this is the case. My understanding is what the EU wants is that users can use Siri AI or a third party AI service from, say, Anthropic or OpenAI, at the same level of capabilities, just as you can switch default browsers. It's not about the underlying LLM (that would be the huge privacy concern), it's about the product built on top. Of course how a third party AI gets its data from the device would need to be approved by the user and that third party AI provider would have to justify what it's doing with that personal data to the EU watchdogs, just as Apple would need to do.
As has been pointed out elsewhere, DMA isn't a privacy regulation. It is simply about competition. You can be in 100% compliance with DMA and poor privacy protections. This is the crux of the problem. How do you preserve the privacy of your customers while complying with regulations where the simplest path is to compromise your customer's privacy?
The issue here isn't EU privacy laws (which Apple has been historically quite good at complying with, by big tech standards); it's EU _competition_ laws.
Lemma 1: you want to protect your users privacy, and are also beholden to regulation enforcing that commitment (GDPR).
Lemma 2: you are obliged by other regulation to offer equal access to user data to third parties, so others can build equivalent functionality (DMA).
Lemma 3: malicious third parties will absolutely try to abuse the access and trick the user into sharing their data by all means possible. You will be held responsible in court of public opinion at minimum and legally at maximum if/when a malicious third party abuses said access.
This is a hard, possibly technically unsolvable problem no matter how much money you might have, because the root issue is not technical, it's the fact that you legally have to give third parties access and no way to control what they do with it - and as others have mentioned in the threads, it's exacerbated by the fact that the regulation doesn't say "this is okay and this is not", it is vague and judges things "by outcome", so you may spend all the time in the world implementing a solution you think will work, and then get hit by fines/lawsuits because the implementation is judged as not sufficient after the fact.
I am not sure this is as much of a tension as you make it sound: where is the obligation that a marketplace administrator will be blamed for any and all breaches of data privacy trust from a participating (likely malicious) third party?
According to GDPR, the app developer is the "data controller" and thus ultimately responsible. Only in the case where Apple knowingly participated in unlawful behavior is it likely to be held accountable, and even then, in addition to the app developer. Obviously, if we are not talking about leaks from the actual App Store system (eg. Apple account logins and user data).
So while it sounds plausible, the legal framework is exactly not what you describe here — Apple can claim to want better protection for customers by not allowing third party apps, but EU rejects that (it can similarly extend to app store itself) and pushes for competitive landscape with DMA instead.
Like they now hand over all your contacts, your location, calendar entries, microphone access, camera access. If you choose to do so.
Nothing holds them from having designed this as an API that others can use where the user has permission toggles of what data they want to share with the LLM provider.
> Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws?
The DMA and the GDPR are laws that at their core make each other more difficult. the stated outcome of the DMA - allowing any vendor/user full access to your device - is not easily supported when solving for privacy.
Protecting user privacy and reducing surface area for litigation against the business can happen simultaneously. Not that it is, but just saying, politics and difficult to define thresholds muddy the waters.
> But on the other hand it also feels like a straightforward play for consumer sympathy
100% - just like Apple making such a grandiose show of "privacy". "Privacy" for Apple eventually led to Apple specific and Apple-only allowed ads in first party apps and now Siri connecting to Google servers.
Indeed. If they really cared about privacy, they would end-to-end encrypt iPhone backups by default. But since they don't, US law enforcement can request my iMessage chats because the people I talk to (probably) do not have ADP enabled (which enables end-to-end encryption for backups).
> let them get used to using it every day for 18 months, then pressure the EU to let it continue or you rip the feature away and anger users (who you then point to the EU as the problem)
And you’re saying that consumers would be incorrect in thinking that?
Personally, I wouldn't want Apple to comply with this EU law and I hope that more companies refuse to release features with onerous requirements. Opening up all access to control the phone to some random app the consumer installed seems super dangerous.
Letting a US company (under jurisdiction of, say, US Cloud Act, but also unknown administration orders that might come) strictly control the phone for a privacy focused EU citizen (or more broadly, non-US citizen) seems super dangerous.
The requirements are not onerous, it is the basic preemption of monopolist behavior.
Qualifying "random apps" is something that is a true challenge, but that holds regardless of the API being offered — the problem is that Apple saves some programming API only for themselves, instead of introducing acceptable & objective market terms to be met (if deemed unsafe, they could require companies to demonstrate compliance with things like CRA to get access to these APIs).
I am perfectly ok with EU having different rules of their own but they also can't be upset when features aren't offered there. That is the trade-off they have chosen and I am ok with it.
Nobody in the EU would have been upset if they said: we cannot offer this in the EU because we want to shut out competitors from providing alternative LLMs and this is not allowed in Europe. Fine. I don't care.
Many Europeans are upset that Apple blames Europe that they cannot implement this because it would sacrifice privacy. (Which is kind of ironic, because the EU has nearly the best privacy protection worldwide.)
Apple doesn't care about privacy. By default (without ADP), your (i)Messages, Drive files, contacts, calendars, backups of data from third-party apps are not end-to-end encrypted [1]. US law enforcement can request it. EU citizens are not protected because the US can use the CLOUD Act to demand the data. If Apple really cared about privacy, they would have closed that hole long ago.
Don’t install the app then. Consumer protection at some level means the consumer needs to be informed. I’d rather have a choice than just chow down on whatever the gatekeepers call food.
I think there's a reasonable question of whether the Siri stuff is even a feature that customers want. Additionally, money can not solve all problems, 9 people can't make a baby in a month, and if these sorts of regulations are serious at all like they are for medical regulation then you really do need to do the work of assessing risks, etc., and there's a chain of waterfall development to all that.
Apple has a third of the EU market to itself. It would be just insane for the EU to give an exemption that means the law doesn't apply a third of the time.
The market regulators don't give a fuck if companies screw over their customers privacy wise, as long as it's to the advantage of European companies and European customers.
This can lead to absolute insanity as companies try to satisfy both privacy and market conditions. It's not simple. How many years did google waste with Sandbox?
> It's not as if Apple doesn't have the money to dedicate a team to matching the EU's requirements on a deadline. They just choose not to.
The one legacy in Apple that Steve Jobs left behind is their distaste for taking risks that lose them money (ChatGPT was going to be their AI core... but then they had Altman ousted, so they backed away and partnered with Google instead), and spending money. I think they're still the only company with a kitchen in the valley that still makes employees pay for their own lunch, and the reason is the most BS reason that Steve Jobs pulled out of his rear end. It's so the employees appreciate the lunch, really?
Well, whatever the real reason is, people do appreciate things they have to work for more than things given for free.
I’m not saying I believe that’s the real reason here. But it is broadly true. Ask any company that offers a free tier where most of the complaints and problematic customers come from.
> Well, whatever the real reason is, people do appreciate things they have to work for more than things given for free.
People can also appreciate things they get for free though. I'd appreciate a free lunch, most places I've worked at, actually nowhere I've ever worked, EVER has given me a free lunch. Now if its a difference of paying for a quality lunch at a reasonable price, and not paying for lunch but its mediocre, then yeah, seems like a no-brainer.
I wouldn't be surprised if Steve Jobs implemented was a way to get them back into the green.
Also, TIL:
> Jobs, who notoriously took a salary of only $1 a year, used to "scam" Apple out of free lunches by scanning his badge alongside colleagues and insisting on paying for everyone, knowing the charges would just default back to Apple.
> It's not as if Apple doesn't have the money to dedicate a team to matching the EU's requirements on a deadline. They just choose not to.
That's disingenuous. It's not about money, it's literally about engineering velocity. The amount of planning and engineering required for an entire interoperability layer that also ensures security and privacy is absolutely going to be something like a year-long engineering effort minimum. You can't speed that up by adding more money.
So it's either try to get an exemption to deliver this feature to Europeans while that work gets done, or wait 12-18 months for the work to be done -- work that isn't required to launch in the rest of the world.
Apple just wants consumers to be happy and be able to use their features. But the EU is requiring a ton of additional interop engineering, so consumers will just have to keep waiting and get features 1 or 2 years after the rest of the world, or never.
Nice, a die hard Trump and ICE supporter - law is law.
You cannot accept the concept of consequences. You are entitled to Siri AI? I highly doubt it.
You sound like a totalitarian: a state can come up with any law and everyone has to comply.
I think you should be reminded of the fact that you can go your own way with something state sponsored like the EU Chip Act, AI, Cloud. Let’s add “Siri” to the list.
I love the fact, that EU is getting a lesson, even though people obviously don’t get it.
Do the f*n work to make it compliant! Its not like they're some bootstrapped company running out of a van. I can't say I'm always in favor or how compliance works but its a valid requirement.
It sounds like the work on the privacy layer was significant and to give "equal" access to other competing AI systems, they would need to include that "for free" as part of the platform. Or they could try to keep that as the moat for Siri AI, and only offer privacy "entry points" that other agents can tie into, but vendors would have to implement privacy preserving functions themselves.
This is the bit that's likely hard, because generally keeping safety and privacy guarantees as data flows through the system is extremely hard, and Apple would not be able to guarantee it for other products without large review investment.
But ultimately, they probably just do not want to do it until Siri AI gets a decent marketshare first, so competing agents would have to both build new solutions for the platform once open, but also deal with an incumbent dominant player already on people's phones.
It's totally fine that Apple doesn't release this feature for EU customers. If they think they can still sell enough phones it's also fine I guess.
What's not fine, is to blame the EU for the missing feature. It's damaging their brand and damaging their reputation. Just think about if Porsche would make a press release and calling the US tariffs "un-American". Wouldn't be perceived well either.
Such political statements never damage the brand for every citizen, but for some.
Tesla is a good example. Elon Musk became political and anti-EU, which resulted in an irreparable damage of the Tesla brand in Europe. Not for everyone, but a big group of people would never again consider buying a Tesla. As a result Tesla lost market share in Europe.
I can't find the problematic statement. Off course the tariffs are a threat to the financial success of German car manufacturers, and they need to keep their investors updated.
The DMA is also threatening Apple's high profit margins. That's the whole point of the DMA.
I understand Apple's position on this one. This is essentially a backdoor into all of your data. It is also a very useful feature. The EU regulators are disallowing guardrails without which this backdoor will be used to strip-mine people's personal data. The privacy implications are not legible to most people.
If I was more cynical I would suggest that this is being used as an end-run around encryption, since the encryption doesn't have backdoors for the government but this gives you access to all the same data.
When this backdoor is inevitably exploited in some very public fashion, it won't be the EU regulators that required the backdoor to exist who will be blamed.
It would only be a backdoor if it's implemented as a backdoor.
The way Apple Health exchanges data with 3rd-party trackers (Fitbit, Garmin, etc.) is very well built and a good model of how other components in iOS could allow data exchange with very granular permissions.
Apple touts the "Private Cloud Compute". If they found a way to share your personal context to process on their cloud in a private and anonymized way, there is no reason the same process couldn't be used to handoff data to a 3rd party AI provider.
The technical problem is nothing like exchanging data with fitness trackers.
One of the issues here is that there are many people with strong opinions that don't understand the thing they have strong opinions about. Which is the normal state of human affairs.
Indeed but you ignore my second paragraph: they have developed (and 3rd-party audited) a way to handoff all the data (parts of your Personal Context, etc.) to their cloud servers in a privacy preserving way on-device. Why couldn't the same process could be used to handoff the data to a 3rd-party AI provider? (genuine why, if you have an understanding of the thing you have a strong opinion about I'd genuinely appreciate the answer)
It looks like Apple is framing this as a privacy issue as a marketing tactic so that consumers will blame the EU when Apple COULD implement it without endangering privacy.
Apple PCC is using completely mad and paranoid amounts of security down to hardware and firmware level making sure nobody at any point of the supply chain can access the data.
EU can’t and won’t enforce the same rigour for 3rd party cloud AI. Which is the problem for Apple.
If said 3rd party service leaks private data, guess which company is going to be in the BIG HEADLINE and which one will hardly be mentioned in the news?
Of course Google has the capacity to run PCC. This isn't about whitelabel PCC being run by FAANG.
This is about Super Private Benoau AI being available for any user to install. How can they know whether it respects their privacy or not? The home page says that they're the best and mostest private ever of course, has animations generated by Claude and everything.
But actually it runs on servers bought from Hetzner's server auction and stores all logs in plain text in open S3 buckets and the owner actively sells the user data to the highest bidder.
This is what Apple is worried about and EU either doesn't care or doesn't understand the issue.
Ah, I see. I overestimated the amount of stripping / anonymization that was being done on device. Thought the server-side could be quite generic. Thanks!
If you want it to, for example, summarise your HRV or menstrual cycle you can't anonymise it or you don't have any data to analyse. It'd be just "wink wink nudge nudge" with zero context.
And that went on for a long while before it was noticed.
Now imagine the same situation but an infinite whack-a-mole of alternative AI providers and just regular folk who will install mobile games from a frozen baby ad...
> Why couldn't the same process could be used to handoff the data to a 3rd-party AI provider?
You have more safeguards if it’s running on your own metal. It’s reasonable to want to understand that better, perhaps with your own red team, before opening up customer data to actual potential hostiles.
Yeah I overestimated the amount of stripping / anonymization that was being done on device and didn't realize how much plumbing was required server-side too to have good enough privacy guarantees
Well then explain me this: There are absolutely no restriction on MacOS where I can give Claude free access to everything. If you are a Mac and iPhone user that essentially gives it access to the exact same data. Why is the data only protect worthy when accessed on the phone directly?
The hypocrisy is easily explained by the overall attack on ownership... you dont own your own data. you dont own your car, your phone, your pc. Everyone wants to own all your stuff...
iPhones have pretty good privacy controls. I don’t see how they can’t extend those to cover AI apps. I imagine the settings menu will get bonkers though. User education about apps slurping up all your data is needed regardless. People just trust apple with their talk of private cloud computing.
> This is essentially a backdoor into all of your data.
No. Only if you would consider the Linux/macos/windows filesystem API a backdoor too. On your desktop any app with sufficient permissions can read all your data. Would you call that a backdoor?
I find it interesting that Apple prefers to fall behind in Europe rather than opening their platform a tiny bit.
It gives us European some opportunities. I have a side project at work that was heavily threatened by Siri’s new features. Now I feel more relaxed as Siri isn’t coming there anytime soon.
Handing full access to the data on a user's device over to a company with the scruples of somebody like Facebook is a privacy nightmare, not "opening their platform a tiny bit".
Yeah, but you get to choose who gets to rip off your data. Joking aside, perhaps there would be some privacy focused alternatives and most importantly for Europeans, they would be hosted in the EU.
Apple could make settings for controlling exactly what is shared with the various assistants installed including Siri itself. No need for defaulting to full access.
Apple is not abiding, because they want to use time to really ensure they have the best assistant, before they allow competitors to build assistants for iPhone that can replace Siri (in the EU only probably)
Who knows? There has been a lot more attention to alternatives as of recently and there is more pushback against lock-in using remote attestation, Google/Apple Pay, etc.
It seems things start to get rolling in a way that they haven't since the start of the Google/Apple duopoly.
> It gives us European some opportunities...Now I feel more relaxed as Siri isn’t coming anytime soon.
We've had endless opportunities to compete during Apple's entire 50 year existence.
As someone living in Europe I feel ashamed to read you openly admitting this. This sentiment would feel at home in the USSR.
Instead of trying to create things the world finds useful by building something better/cheaper/more innovative, we're choosing protectionism so we can screw our customers with inferior products they're forced to buy...and relax.
I think we've done enough relaxing in Europe.
We were the birthplace of the industrial revolution...the technologies of which went on to bring the entire world out of poverty last century.
Do we seriously have nothing valuable to contribute to the world during the entirety of the digital revolution? If not, I think our decline and collapsing social welfare systems are deserved.
It is entirely possible that Apple soon may loose EU market entirely once the Trump gets a relief in Iran and once again tries to invade Greenland.
Apple's services revenue is showing a strong growth and it is entirely dependent on keeping the ecosystem closed so that it can take its commission and sell its services.
Once things get moving they would prefer still having control on the on the US market rather than making slightly more money(if any. No one wants this AI stuff as you can tell by the strong sales Apple keeps having despite or thanks to not having AI integrated) when the EU market is still open to them.
In a circle of irony, reuters.com is denying my request to read the article about Apple deciding to deny rolling out Siri in EU due to being denied their request for an exemption to law
Access Denied
Our apologies, the content you requested cannot be accessed.
You mean DMCA. It is not an antitrust framework. Europe has pretty robust anti-trust framework. DMCA is an attempt to regulate companies that cannot be legally considered monopolies, and that do not run afoul of any pre-existing EU regulation.
Just for that case a new category of business classification was invented: the gatekeepers, and coincidentally almost all of those gatekeepers are American companies. Unlike antitrust regulation and other EU regulation that wan't based on clearly observed harm to the consumers, as otherwise that would have been covered by existing laws. It was solely designed to prevent businesses to have a potential ability to do something anti-consumer.
DMCA is the Digital Millennium Copyright Act, a US law. DMA is the Digital Markets Act, a EU law.
It is in fact an antitrust law. It basically argues (correctly in my opinion) that Apple and other companies have created new markets inside of their products. And in those markets they exert total control, including charging developers extortionate fees, forcing them to use their subpar and expensive payment systems or restricting what users can run on the devices they own & a lot of paid money for.
Depends on the news you read I guess, to me the word "slammed" is pretty commonplace in politics news-reporting and has been for a while (read: well before the modern take-down content that's so common to social media platforms).
I agree it’s a bit sensationalist. Here’s the EU Commission spokesperson’s criticism:
>“The decision not to roll out Siri AI in the EU is Apple’s and Apple’s only,” spokesperson Thomas Regnier told reporters in Brussels, saying there was nothing in the Digital Markets Act to stop the company from introducing new products in the EU.
>“Apple was simply unable to develop interoperability solutions that meet essential EU privacy and security standards,” Regnier said.
Obviously he's going to champion the EU's position, but his framing is internally inconsistent.
1. he claims the DMA doesn’t prevent Apple from launching products in the EU
2. the DMA sets certain requirements which determines whether features can ship in the EU
It's fair to say “the DMA doesn’t ban Siri AI,” but that's not the real issue. The regulation sets conditions, and Apple is arguing those conditions make rollout infeasible. The Commission claims its a compliance problem, not a regulatory block, but the reality is less binary. At a certain point the regulation is self-defeating. What is that point? This is the discussion that the EU lawmakers cannot acknowledge.
You are likening the DMA to China's protectionist laws. China requires 51% Chinese ownership of domestic operations, adherence to CCP censorships laws, etc That benefits domestic companies nothing and foreign companies a lot. It's protectionism.
Whereas the EU laws apply to foreign and domestic companies alike, and the goal is consumer protection. The compliance difficulty does not vary between foreign/local.
This is a common sentiment of EU tech regulation proponents. You may want protectionism but that's not really what these laws are about. Why not simply adopt the CCP's policy towards technology?
Good for the total of eight users that will then use an alternative agent once it landed. Similar to the twelve people that use alternative app stores.
The whole point is to try and avoid ending up in situations like this, where apple were able to extort 30% of app store revenue because they dictate how people are allowed to use their devices.
> Prior to Apple's update, around 65% of users attempting to install the Epic Games Store on iOS were thwarted by Apple's deceptive design. After the update, the drop-off rate has gone from 65% down to around 25%, and continues on a downward trend as users upgrade to the new version of iOS.
the core technology fee is a big obstacle to alternative app stores.
openclaw is massively popular. there is a lot of diversity in "persona" agents, which are different than coding agents or the agent apple demoed. they're not all the same.
i don't know, i don't think you have any idea what you are talking about.
EU doesn't come out looking good here. Clearly the onerous regulation is stifling innovation. It was always hard to argue otherwise, but the hits keep coming.
The beauty of it is that in their exemption request, Apple claimed they have plans to introduce an intermediary system for other AIs within 18 months. So they can no longer claim that it's impossible for security reasons.
Apple have enough legal experience with the EU and technically competence to have baked EU AI, privacy and anti-monopoly compliance into their product from the start.
In fact any U.S. company could base their products on EU legislation, since it provides wide safeguards for consumer privacy.
Apple deliberately chose not to and are now being deliberately obtuse and misleading.
Anyone would think they didn’t have lawyers.
Either they are incompetent or it’s a deliberate choice to play this card. I don’t think it’s incompetence.
I believe that the issue was that the EU wanted Apple to open up their new AI agent interface (the ability to control every app on your phone so Siri can call you an Uber or whatever), and Apple thought that it was too risky of a capability to give to any random AI app right out of the gate.
The DMA mandates that Apple allows for competition, which (if you believe in capitalism) is good for the market overall. It's essential to stop big tech from abusing their market dominance. However Apple would prefer to not allow competition for their digital products on any of their hardware.
Apple wants to implement features that access data locally. It doesn’t want to allow competition for offering those features, but if it did, competitors may use that access to local data to exfiltrate.
So it is about both competition and, as a result of creating competition, privacy.
Thats what Apple wants you to think. In reality it has nothing to do with privacy. Apple could let 3rd parties tap into these APIs but only after the user clicks away a big scary message telling the user they are leaving the comfort of the apple curated garden.
This allows competition, but also allows privacy for those who want it. See? Simple really, but Apple being Apple dont want to let 3rd parties use its AI APIs and so we have this standoff.
Apple is using Cloud compute as well to enable Siri AI.
If you want to you could still use Apple or another provider you decide to trust - or even one that does everything locally. The competition would still have to follow GDPR after all.
If Apple had e.g. required competitors to undergo similar independent audits that would probably be allowed as it is quite similar to how Apple solved the third party app store issue.
It sounds like they are whitelisting the hashes of all the Google software and OSes and stuff to ensure nothing is changed out from under them without them knowing.
Even if you could make all the other possible vendors run private cloud compute style stuff that would be a lot to manage.
And I can’t imagine the EU would like, and as a user I would certainly hate, the “OK you can use Grok but you lose all privacy too bad“ dialogue box they could make.
I don't even think it offers a meaningful degree of security. It's a form of theater, you have to be hand-selected to perform the audit that Apple promised.
Most sysadmins know that hash matching only mitigates a small subset of rare upstream attacks. Apple could still be MITMing the whole thing (SSL added and removed here :)) and no auditor would get the chance to check. The offered audit is so weak that I would not trust any FAANG business to administrate it.
Apple is once again demanding arbitrary centralization to give them an undeserved veto power. None of this is for security.
This is mostly wrong. The DMA has a process to determine if a service provider acts a gatekeeper to the market, and let's be honest if Apple is not one, then I don't know who else besides Google..
So there is no privacy argument in there except Apple didn't want to design a interface that complies and is safe.
Siri AI has the capability to read your screen and access a lot of personal stuff. I don't blame Apple for not wanting to open this up to allow any model to access it. It seems Apple proposed a number of solutions which were denied.
While I can appreciate the reason for the DMA, people don't have to buy Apple devices, they can buy any type of phone they want and just use the ecosystems provided by these phones.
We already have choice - people can buy many different types of phones. Nothing about this is about choice or the free market. They want special treatment.
Apple is free to do what they want. The EU can go and try and build their own iPhone (good luck with that).
> We already have choice - people can buy many different types of phones.
Do you really? The only two types of operating systems for phones that you could reasonably use are iOS and Android. So it's either Apple or Google.
Imagine a world, in which you could only consume Apple or Google services on those phones. No more Netflix or Disney+ on iPhones - only Apple TV Plus because the streaming video API is not available to third party apps. I think there are plenty of other examples to demonstrate the point.
A free market doesn't work if you have a duopoly. A free market requires the freedom to choose between different services, which Apple is trying to limit by only allowing Siri AI to access specific OS interfaces.
Not sure why some people on hackernews support more locked down operating system.
There are hundreds of phone models. A smartphone is a just one type.
Apple came out of nowhere and invented the smartphone because the existing system was controlled by the telcos and horrible phone technology. The same thing can easily happen again.
It makes no sense to limit Netflix on phones and people would probably stop buying iPhones.
If the EU wants an "open" phone ecosystem, they should foster real innovation in their space and build it themselves.
There are phones running alternative versions of Android with no google dependency, and there are phones running linux.
Furthermore, if we lived in a world where the two main OS's were locked down to an insane degree, we would also have plenty of alternative operating systems. The reason we don't today is because we don't really have a need for it, in the same way linux has a monopoly on servers and nobody really cares.
No, they would be gatekeepers if it wasn't possible to get a phone which didn't run their operating systems. You can, it's just that they suck and nobody wants it. You have cause and effect backwards.
If you have a market with a handful of companies producing good products, and a handful of companies producing shit products nobody wants or buys, you cannot claim that the companies producing the good products are "gatekeeping", and that's the reason why nobody buys the shit products.
Them making the only phones anyone uses makes them the gatekeepers on what people do on their phones -> Apple and Google are gatekeepers under the DMA.
EU does not want privacy. They actually want to get rid of privacy every so often (adding backdoors in encrypted conversations). So far it has not worked out, but I’m afraid they will succeed at one point.
To follow along that line of thoughts, the requirements they are actually asking for proper DMA compliance would probably go right in that direction tbh.
I, for one, am happy Apple is taking a stance, and, as an European would really much like my government to stop asking ridiculous things that do not profit the consumer.
First they are not complying in China. Second it is sheer arrogance if not outright racist crap that China's demands are unreasonable but EU's reasonable.
Seriously EU folks need to come to down to earth sometime.
I would venture that Apple is going to go with something fairly different in China with Chinese partners. This is different from 3rd party access because they aren't opening up their phones, it will just be a fixed 2nd party solution (like they do with Google, except Google -> Alibaba, Google Cloud -> Shanghai Water corporation or something like that).
Does not address Apple’s specific allegation, that the EU demanded that competing AIs have direct systemwide access to all apps and data, while Apple wanted to add an intermediation layer which Siri or competitors would plug into, and which would force the same level of user visibility (a popup at the top) over any AI’s behavior.
I don’t know why the EU allowed Apple to intermediate other browser engines with BrowserEngineKit, which is unacceptable, while blocking it here where it is reasonable.
it's more Apple's attempt to prevent users to choose their own models. Apple could build it in a way that other model providers could safely and securely interface with the Spotlight index. They could implement a big warning that shows "if you proceed with this request, Spotlight will send this and that to the model provider." But Apple chose not to do that.
> Apple could build it in a way that other model providers could safely and securely interface with the Spotlight index
How? How do you safely handover effectively every single bit of data on someone’s phone to any third-party company and preserve privacy?
Sure you can try and demand agreements from the third parties but will the EU see that as a move to limit competition?
Ignoring all other concerns it is a rather thorny problem.
I don’t think the EU would accept, and as a user I certainly wouldn’t accept, having to agree to a pop-up every time I used any feature that used any data on my phone that might go to a third-party AI.
What is the countdown to Germans outraged when someone from outside the EU is walking down the street and catches a fleeting audio clip of them which is processed by Apple's AI?
Does this mean the service will not be available to EU accounts, or will they geoblock access from within the EU altogether?
For context, under German law recording spoken words without consent is illegal. There is some nuances when speaking in public loud enough for strangers around to hear though
There is a 2-week delay too, if you arrive in the EU you will still have access to the features for two weeks. When you leave the EU, it will take two weeks outside to gain access to the features. At least that's been my experience having a EU account and living mostly in the EU. Might be different with foreign accounts.
So does this mean if in the eu we get only the default dumb siri and wont get the new upgraded siri? Apple will need to keep old siri working? I never use siri because it it completely useless. It doesn’t understand a word I say.
They’re already two years behind on this. And they’re only launching with one language anyway.
It’s not like the feature is fully finished.
If it took another year to get out the door and be compliant, do you think they would’ve wanted to wait? Or do you think they would rather launch now and then provide a compliant version later?
It would be nice if Europe had companies innovating at this level but it’s not happening. If you make a list of tentative companies that would integrate their stuff to the OS like Siri it’s very likely all those are major US companies, so I don’t even know at this point what the EU is trying to defend here.
All I know is we are buying the same devices designed by the US but keep increasing the list of features we can’t enjoy.
> so I don’t even know at this point what the EU is trying to defend here.
Says it right there:
"Apple was simply unable to develop interoperability solutions that meet essential EU privacy and security standards," Regnier said.
"Instead of trying to find a suitable compliance solution, Apple simply made a request to the European Commission to be exempted from their interoperability obligations under the DMA - and this for at least 18 months. That's not an option."
Mistral is against these EU regulations. I bought a printed version of the AI act, it's 600 pages of absolute nonsense, with 5 mandatory committees on national, eu, company level; 12 steps 6 months processes to release a new features; daily reporting obligations to yet another committee. It's just not possible to release software with the regulations as they are written.
Honestly, it's probably more that Apple have been arguing about basically every single thing they are being made to do under DMA, amd the respective Directorate has basically no patience left for them at this point.
Never underestimate the power of a really, really, really irritated counterparty.
In other things Apple has absolutely been a complete jackass and deserves a very large amount of the smack down they’ve been getting. I’m sure that’s a part of this.
However they are also a 100,000 pound gorilla. If you fight with Apple over $ISSUE, even if they’re right in that case, you get headlines and possibly PR points. Lots of people here are quite happy to be mad at Apple. And other companies take notice that you’re serious.
If you argue with a tiny company from Spain, most of the world doesn’t care and you get no headlines.
Apple is complying with EU law by not releasing a feature that is not compliant with EU law. And the EU appears to be trying to make hay over that fact.
What could Apple/Siri be asking for an exemption from that Google/Gemini has already complied with? Accessing iCloud photos to edit them? Parsing email etc?
Probably not, but it's still available. The DMA most likely would require the ability for users to be able to benefit from to the AI regardless of which email/photo/messaging provider they prefer to use.
From personal, separate experience with Europe. It's quite common that the market watchdog and the privacy watchdogs are at odds with each other and make it impossible to achieve a solution that satisfies both of them.
Another example here is Google Chrome - which still allows third party cookies because even thought the privacy regulator wanted them gone, the market regulator required them to architect a solution that was unworkable to not take advantage of their gatekeeper advantages when others didn't have the same rights as them. Google finally said fuck it, and walked away from the privacy features in order to satisfy the anti-trust regulators.
Not shipping this feature in Europe is a common way to deal with satisfying the balkanized regulators there.
Reading the EU commenters' opinions is strange to me.
>Good! I'm glad I can't have new and improved!
In the US, we basically see this as a shakedown by foreign governments against our successful companies. It really is a matter of "build your own iPhone" you guys. You had Nokia, so don't tell me you can't compete globally. I'm pretty fed up with Google and Apple personally, so please do deliver me a nice EU phone with sd card, removable battery, unlocked sims, usb-c, and all the other nice things your regulators demand.
If you are, like me, one of the EU customers that are again disappointed by Apple's behavior, please take 5 minutes to send Apple feedback about that: https://www.apple.com/feedback/iphone/
There is a way to implement this functionality in an interoperable way that complies with the DMA. Apple just chose not to. Not because it's impossible to implement it in a privacy-respecting way, it just wants to lock people into their ecosystem, the exact thing DMA is protecting users against.
Apple realized its standard malicious compliance playbook won't fly this time, so now they're trying to sway public opinion by not rolling out this feature in the EU. It won't work. They're just going to lose market share and will have to backtrack when they do. Tech regulation doing its job.
Have you considered that the EU's privacy laws may simply be onerous and burdensome, and the fact that a web of red tape has caught another fly may not actually reflect on the privacy claims of "groundbreaking Private Cloud Compute"?
Europeans support that by and large. So either agree or have no ability to sell. This idea that companies know better about their users’ needs including privacy and choice is ridiculous. Apple is not a small company which is bullied as well.
I think OP didn't question the privacy of their Private Cloud Compute, just Apple's bad faith: they claim they can't handoff data in a privacy-preserving way to 3rd-parties when they tout that they absolutely CAN handoff data in a privacy-preserving way to their servers.
Apple frames this as a privacy issue when it's only a brand/control issue.
That’s right, they can hand it over to their servers. And they’ve got special agreements with Google to do the same exact thing. That preserves privacy.
Is it possible to do that with absolutely any company that wants to be able to be the AI on your phone? Are most of those companies even capable of handling something like that?
PCC is supposed to work only on Apple silicon. You are supposed to trust that the input will be decrypted within the enclave which is next to inference engine on the same box. This way you know the input does not leave the server. If they offload to another server (eg google) then the privacy boundary is broken, once it leaves the enclave. Microsoft does it differently, where inference is confidential so more guarantees if that could be replicated.
Yeah I overestimated the PID stripping that was being done on-device before being handed off to a server. After other comments I realize there needs to be a lot of plumbing on the server-side too.
That's fine, good actually. I wish these companies would go further tbh.
Like when the UK banned encryption I wish Apple would have just disabled iMessage entirely there. Show a message saying that due to UK law, they cannot operate an encrypted messaging service there any longer. The backlash would get that law changed pretty quick.
Instead they disabled encryption for the UK, making all of us less secure.
There is a saying "American trust companies more than their government, Europeans trust their governments more than companies" when nobody should trust either.
Sometimes a company's incentives are going to be aligned with their users, but a lot of the times they won't and consumer protection regulation is useful.
Sometimes a government will have the good of their citizens in mind, and a lot of the times they will seek money and power just like companies do. Lobbies, fines, overreaching regulation.
The UK (and EU's attempted Chat Control) is some fascist bullshit. But allowing you to own the device you paid for and use it as you please (including letting you install whatever software you choose to) isn't.
The APIs in iOS that turn feature flags on/off as you travel now have gotten insanely complex. Some are on time triggers, some change instantly, some depend on where your iCloud account was setup, AFAIK there isn't a black and white answer as to what happens when you move a non-EU iPhone through Europe anymore, "it depends". It's similarly vague in the other direction.
Apple themselves have claimed recent EU compliance has led to over 600 new or changed APIs in the OS.
I've spent a fair amount of time with my iPhone in both the EU and the USA, have local cell service registered in both regions. its nothing as simple as a geo-location check anymore. It's a problem that has grown more complex over the decades too, as more and more countries implement their own slightly differing legislation.
From past experience, it is when you are physically in the EU, but this implementation could obviously differ from how they've gated features in the past.
I have the complete opposite experience. Originally had a Canadian bought iPhone in Spain, had all the features a Canadian has and a European doesn’t (or vice versa). Upgraded to a Spanish bought iPhone and I am still a “Canadian”. I’ve been here for nearly 5 years but my Apple account is still fully Canadian (Canadian address, Canadian credit card on file). I think it’s Apple account location, maybe with some sort of system to allow people to switch countries but not allowing that to bypass restrictions? Or: that’s why a EU citizen can’t just switch their account location to unlock features?
I have a European account, when I lived in Japan I could use all the features (iPhone Mirroring, etc.) that are blocked in the EU. When back in the EU I can still use them for about 2 weeks before they get blocked again.
These concepts are so outdated it's not even funny. Let's say I have several citizenships, live mostly in the EU, but currently stay in Japan, do I get the features or not?
Like app store regional gating and DVD regions, these restrictions are dinosaurs of the past.
I mean, borders still exist, and laws apply within borders. I don't believe that national (or supra-national in the EU's case) sovereignty is yet a dinosaur of the past.
There is a widespread expectation here in the EU that every vendor in the world wants to access the common market and thus will accept any regulations and limitations that come with it.
Given that our share of global GDP has dropped from 25 to 17 per cent in twenty years, with a steady downward trend, I am not convinced that this principle will hold for much longer, and this case of Siri may be one of the canaries in the coalmine.
If/when we drop to single digits, many vendors won't likely care anymore.
The EU is only interested in interoperability and centralization of data so they can put their citizens under surveillance. I hope Apple continues to exit this market on the edges.
Ah yes the well known EU equivalent of the CIA, NSA
The one that’s so secret it’s not in any of the treaties that the sovereign nations that comprise the EU signed up for and implemented in line with their own democratic processes
That agency
Meanwhile they struggle to put together a border patrol, but advanced pan European surveillance apparatus that isn’t run by the US. Yeah bro
I don't think they were necessarily thinking of one EU-wide agency, but the recent attacks on encryption including Chat Control which almost passed, a lot of EU countries voting for far-right governments. I do believe we still have it better than in the US wrt privacy (e.g. we don't have Flock cameras), but we need to be careful considering what EU governments have been doing.
It's all bullshit anyway. Apple could design a privacy framework around a fully integrated AI subsystem, "Do you want to allow ChatGPT access to Mail? (Developer message:) ChatGPT can read your emails to help summarize your inbox, or compose new mail."
This privilege system already exists. This is just marketing.
Because this is not related to the GDPR at all, but the Digital Markets Act (DMA). It's purpose is to enable competition and not allow big tech to abuse their market dominance (e.g. in this case Apple not wanting to grant any competition the same access to MacOS so that they don't have to face competition for Siri AI).
Good. I wish the US had some privacy regulations as well. I can't believe how much credit folks are still giving Apple after all the BS they pulled (I mean direct Ad revenue is a $9 billion (and growing) business for Apple, and that's just the stuff they make public, not including search share revenue and other such deals).
Apparently their "Verifiable Transparency" claim just means Apple invited unnamed outside security experts and independent researchers to inspect and verify the integrity of (what they claim to be) its Private Cloud Compute code... LOL :)
I'll believe it when I can run the "private cloud compute" on my own hardware that I can firewall in my rack and monitor its network outputs.
yeah, we are talking about giving random apps gain full control over your whole damn phone and every file in the filesystem.
If I were apple i'd want to give people enormous amounts to tools to control that access. Specific popups whenever it tries to access data (for the first time) from any given app. OpenAI would like access to all of your text messages, yes/no. I'd also want audit logs etc.
The nightmare is facebook (or the like) releasing an ai model into the current facebook app and forcing people to decide between looking at their grandkids pictures or allowing facebook to read your whole damn life into a database. So perhaps these apps need to be mandated as a connector for Apple Intelligence and nothing more.
I mean if you decide you want to give access to Google to everything on your phone, go for it. So far I trust apple, they haven't let me down yet. Placing these models on hardware is a great trust-building feature.
Apple stock is down more than 4% right now. That is a big dump for such a blue chip stock. IDK if it is due to this EU ban or Apple choice of going with Gemini (instead of making their own models).
Apple stock rises leading up to WWDC and then drops following the keynote every single year. People keep betting that this is the year that they're going to announce the next iPhone and the stock is going to 10x.
This is about the Digital Markets Act, its not the EU saying it isn't secure enough, they are saying users should be able to choose to use the same functionality but with different AI providers.
Compliance with DMA would have Apple hand over system-wide access to AI features to third parties, which could compromise user privacy and security.
Right, wanting operability, alternative default apps, equal access to APIs is "wanting to live in the stone age". POSIX is the stone age model, and Microsoft is the future.
This is imperialism mentality, there are much divide in US politics and society but they seem to agree on trying to dominate and berate the UE in particular. I see it displayed even among progressive commentators it doesn't surprise me it is also reflected among progressive companies. But as soon as it comes to Trump or to China then it is not the same rethoric, stance, rashness at all. This selected stances and courages don't impress me at all. I also don't have much sympathy for Europe here, i guess Europe got what it deserves when you accept and do nothing to escape the fate to be a vassal you are rightfully treated like a vassal, nothing more.
Apple tries to market its product as privacy-focused, yet the privacy of their new AI features is so bad they don't meet EU standards? Is that the message here?
It's the inverse problem. EU wants anyone to be able to install a different AI agent onto their phone with the same access as Siri. Apple says "no- we need time to figure out how that would work, we want other agents to meet the same privacy standards of PCC/on-device that Siri uses". Which EU said no.
I don't think there's a clear good guy/bad guy here.
This conflict applies to many tools that require high privileges:
* If you allow the user to grant those privileges to third-party applications, they can grant it to applications that abuse it, resulting in security and privacy risks. You might even be blamed for allowing them access (e.g. the famous Cambridge Analytica scandal).
* If you don't allow the user to do that, third-party tools won't be able to serve those needs, which can be considered anti-competitive preferential treatment of your own tools.
So, first they have to be regulated because Apple and Android form a duopoly. Then they want to get an exception that the other duopoly player does not get.
Of course, as usual they use their PR machine to blame the EU, whereas they really just want to abuse their platform's position to shut out competitors.
I have been a decades long Apple user, but their anti-competitive behavior, pushing ads into the OS and apps, and their treatment of developers (who made the iPhone big) is just gross.
EU wants people to be able to plug any model into the new Siri system that will have unlimited access to all of your messages, photos, what's on your screen, browsing history, etc.
Apple says hey so we're going to need some time to figure out if we can do that in a way that won't completely fuck over our users.
Apple Intelligence was announced at WWDC two years ago, they had plenty of time to work on interoperability. Besides that:
access to all of your messages, photos, what's on your screen, browsing history, etc. Apple says hey so we're going to need some time to figure out if we can do that in a way that won't completely fuck over our users.
The point is that if Apple's model gets all that access, they should give others access to those APIs as well, otherwise they are giving themselves benefits over the competition. A company can do that, but not once they are considered a gatekeeper in the EU. It's up to the user to choose an LLM provider that has good privacy rules (or stick with Apple if there is no other provider). That's fair competition, a user can weigh pricing, privacy, etc. and make their own choice. Now they are stuck with Apple and have to get an iCloud+ subscription to fully use the AI features. The 18 month delay is not to figure this out, it's to entrench themselves as much as possible first.
Following your line of reasoning, if Apple had this behavior in 2010-2015, instant messaging applications outside iMessage wouldn't have the option to ask access to your contacts (privacy), no possibility to share a location in a chat (privacy), no means to show notifications (probably privacy too), etc.
It's surprising how much people are willing to do the bidding of tech oligarchs. Remember, this is the company that has spent years doing malicious compliance around the DMA and DSA, why should they be trusted this time?
> The point is that if Apple's model gets all that access, they should give others access to those APIs as well, otherwise they are giving themselves benefits over the competition
Yes. They SHOULD. So how did they do that without throwing away their privacy promise or running afoul of the privacy laws?
First, LLM providers providing their services to European customers are bound to European privacy laws (GDPR) as well. If third-party providers violate the GDPR, it is not Apple's problem. Just like it's not the problem of Debian if you run Claude Code and Claude Code decides to upload your whole life (even though the OS provides the APIs to read the files).
Second, they could provide users with permission toggles of what users want to share and what not. Same as iOS/Android do now for contacts, location access, etc.
While I can sympathize with the desire for interoperability (I too pine for the days of Adium/Pidgin), the EU’s approach to all of this feels needlessly and potentially harmfully heavy-handed.
They basically make it an existential risk to build your success on anything nicely and neatly tightly vertically integrated. Everything must be dragged down to mediocrity by the unavoidable slippage between mandated abstraction layers and avoidance of features that can’t be easily or safely generalized.
It’s conflicting. Is Apple abusing its role in some cases, such as the App Store, and in need of some reigning in? Sure, but some of this goes too far and essentially requires them to strip their products of a portion of their appeal.
Even more frustrating is that nobody seems to be willing to discuss the issue with any level of nuance. It’s nearly all binary EU good/Apple bad or the reverse.
These laws only apply to megacorps. It's not an existential risk to them, as Apple is clearly proving now.
Who is saying that enforcing companies to open their systems to competition is making them mediocre? Maybe if that's the end result, they should put more time into designing systems that wouldn't become mediocre just by allowing third parties to do things with those said systems? We need to stop defending corporates for abusing their monopolies.
Megacorps weren't always giants and it's not unusual for small companies to eventually become giants through excellent vertically-integrated products, and such companies would become subject to these regulations.
Interoperability is not free. One of the trades it brings is a notably lowered ceiling in terms of tightness and capabilities, and this persists no matter how many man-hours are poured into engineering the systems that enable it.
The Linux desktop is a great example of this at play. While it's technically worked for decades at this point, it's been a constant struggle to make it a high quality, thoroughly polished experience end to end and that's partly thanks to the unavoidable friction and gaps between layers that comes with interoperability and tens of involved parties.
Apple's philosophy is that new APIs need some time to stabilize before they can be baked-in as a commitment to third-party developers.
So new APIs are almost always first-party only. Apple designs the API and becomes the first consumer of it. This experience of dogfooding their own APIs lets them iterate and learn without breaking compatibility with third-party developers consuming the API.
Only after an API has been hardened in this way does it become eligible for third-party consumption, where Apple can promise to document and support those APIs publicly.
It makes sense then, that if the DMA mandates equal access to new APIs for third-parties, then Apple will just disable new first-party APIs in the region until they've gotten their bake-in period elsewhere in the world. Sorry, EU!
I can see why Apple might want to request an 18 month exemption, there's clearly extra work required to comply with EU regulations. But on the other hand it also feels like a straightforward play for consumer sympathy: let them get used to using it every day for 18 months, then pressure the EU to let it continue or you rip the feature away and anger users (who you then point to the EU as the problem)
It's not as if Apple doesn't have the money to dedicate a team to matching the EU's requirements on a deadline. They just choose not to.
Exactly, that's actually why I LIKE this decision so much. I'm not on Apple's side, but I REALLY like the idea that a company just says, "Fine, we'll comply by not even offering this product." It's a perfectly legitimate choice, and it FORCED Apple to evaluate the pros and cons.
I want more companies to not get exemptions and thus not offer law-breaking products. I LIKE that the government is saying, "fix it or don't bring it here" and Apple just has to live with it. I like that Apple also is refusing to just bend over to the EU. We need more of these types of conflicts so we can work out good regulations, and not just always bend over and take it from whatever party won.
While I like a lot of Euro regulations, some of the privacy ones go too far with the whole "we're going to enforce this on the whole world" crap. I like California's method of "to sell it here you have to have this but we're not going to sue you for selling a noncompliant product elsewhere."
I think the worst is hugely impactful laws for which exceptions are constantly carved out so nobody can truly evaluate whether the law/reg is a good one or not.
It's been a while since I left Europe, and I'm rusty on that particular layer of civics. Do EU voters actually have a say in this kind of regulation? Or is it all decided on the executive side which is only accountable to member states and not to individual citizens?
= We don’t have a say. We voted NO to the new EU treaties in 2008 and the new president decided that electing him meant that we approved the same treaties.
They only let us vote when we agree, anyway.
If it werent for the EU, the companies would get away with all sorts of shit.
Is as if people forget companies are evil by nature and will fuck you any chance they get.
But I agree, that's probably not what OP meant.
If the law makes sense, that I cannot judge in this case.
Those numbers make withholding "risky" products a no-brainer strategy. Also, those numbers put a hard limit of how much Apple will want reevaluate their general strategy of tightly integrated first-party software.
> The Digital Millennium Copyright Act is a 1998 United States copyright law
The DMCA is a law in the United States, it's not related in any way to Apple's decision to not roll out Siri in the EU.
Edit: 26% of their net sales comes from Europe for Q1: https://www.apple.com/newsroom/pdfs/fy2026-q1/FY26_Q1_Consol...
The 7% probably comes from a Daring Fireball article, based on misunderstanding some Apple communications, and which Gruber later had to backtrack
https://medium.com/luminasticity/when-smart-people-cant-reas...
Sure, there's a messaging component to this. However, any company that isn't trying to just skirt the law will aim to do this sort of thing correctly, and it's an enormous effort.
I know it’s not quite as simple as that but I do think it shows Apple are more interested in blaming the EU than reducing the potential issues ahead of time.
This slows down deploying the system globally. Particularly if the target is moving, it may make sense to build lightly so one can pivot, and then build in the compliance stuff after you know you have a winning configuration.
The EU has its laws. Apple has its strategy. The only thing I fault anyone on is the public bickering.
Those are not equivalent statements. You're assuming that privacy is a one-dimensional quantity, so that anything that complies with "the strictest international privacy laws" automatically also complies with any other privacy laws. But this is not actually true. It can easily be the case that every national law allows some set of behavior (different sets for different legal systems), at the same time that the intersection of all those sets is empty.
I think that's uncharitable. Apple prefers not to have the data either, hence the preference for on-device processing.
But this is solvable. The problem is the work it takes to solve it isn’t worth the hit to time to market. (And possibly even the cost.)
I could almost feel sympathy if it were something to do with some contract that Apple signed with their AI provider. Who's that, Google?
Ahh, a "competitor"? Yeah... cry me a river.
This kind of approach is how startups justify everything, however for established companies this would be backward.
I get a feeling that Apple never wanted to do it. They already knew the compliance requirements existed and if they would have wanted to test things then the narrative could have that they are rolling out in other markets first and would roll out with compliance in EU later. Asking for exemption was a bet they tried to play here, they lost and now spinning the narrative.
Just imagine a European bank publishing a press release about how onerous the US credit card consumer protection laws are, or a Japanese car maker publicly whining about European car safety testing protocols delaying the market release of some of their models. Apple really is behaving in a very unusual way here.
And even though I don't like the implication of this (the law should not disadvantage anyone purely for being critical of it), I can't help but wonder how many fewer pages the DMA would be if Apple had engaged with its predecessors in good faith instead.
Both of these happen. European banks complain about American securities law. And all manner of car makers delay releasing vehicles in America and the EU.
Maybe China is easier to work with - perhaps their rules are made clearer?
Good. Pretty much everything should roll out way slower.
DMA was designed to be a comprehensive regulatory suite. Lawmakers knew it would be onerous; that’s why it only applies to large companies.
Also, the DMA’s interoperability requirement creates external partners. Let’s face it, Apple’s track record with Siri sucks. If they launch a system and it is crap again, they may not now want an entire ecosystem of folks who will cry foul if they dump the API and start over.
> Do what you have to do to comply with the law and release, as always
Just follow the law. If that means not releasing in a jurisdiction, do that and then don’t tweet snotty things about it. (Siri AI isn’t launching in China, either. I don’t see PMs complaining about that in public.)
Everyone constantly does!
In the aggregate, I agree, but in tech things are pretty loose outside of California.
The only reason for this is to take a swipe at the EU and try to push some bad opinion on to them from their customers.
I suppose if you think these rules are reasonable, you’d be happy to not have this functionality. The rest of the world will be happy to not allow third parties access to our data.
As a small developer, the cost to support something like this would be so overwhelming I wouldn’t consider supporting the EU officially.
As a small developer, you wouldn't fall under the DMA.
If it were the case, Apple would just say it (with receipts).
> I suppose if you think these rules are reasonable, you’d be happy to not have this functionality.
As a European Apple user I am absolutely OK with not having these functionalities, which I am 100% sure would not even work as advertised given the company track record.
The DMA was substantially finalised by 2020, and came into force in 2023. Apple's AI thing was developed with the full knowledge that it existed. The issue isn't personal data here (that'd be the GDPR, and maybe to some extent the AI Act). The DMA is about _competition_. The EU's issue here is that Apple is giving its own AI thing a level of access unavailable to other vendors' AI things, I'd assume.
> As a small developer
You are not covered by the DMA. You'd need an EEA turnover of 7.5bn and/or a market cap of 75bn, for a start. And you'd also need to be a _platform_. The DMA only really applies to a few companies.
Skipping the EU makes sense if the company doesn't want to comply with regulations aimed directly at it.
> complying with the DMA from the outset could mean having to launch a year later everywhere.
Oh no! Anyway...
Once upon a time, companies delayed launches specifically so they'd launch a better product. That seems to be gone these days and end-users have garbage products as a result.
It makes sense if you’re prioritizing time to market and agility. Once you’ve nailed down your product, you can make it compliant for more-onerous jurisdictions. You see this in finance all the time, where the U.S. tends to have the tightest rules around e.g. betting and crypto.
> Once upon a time, companies delayed launches specifically so they'd launch a better product
Because software shipped in a box. Also, compliance is orthogonal to how good a product is. Siri AI might be crap. It might be great. It might be almost perfect and then made great on second release. Everything slows down if the entire development process has to deal with open APIs and lawyers at every turn.
It’s perfectly legitimate to say we’ll develop this in other markets and ship it to the EU when it’s fully baked.
Besides that, Google has shipped many (not all) similar features to Pixels in the EU and have been for years.
Whatever Apple is cooking and however long its taken them, the DMA is not a surprise and they could well have been taking it into account from the very beginning.
Maybe the phrasing is unfortunate, but if compliance to the law requires a “redoing”, launching in that market was never a priority in the first place. That’s a completely legitimate choice, but usually companies whining about regulations are making a financial decision rather than an ethical one.
At what cost? This is Apple’s second bite at AI. Giannandrea fucked up the first time. I’m honestly with Cupertino on not over complicating it the second time around. If they found the right mix of features and architecture, great, then work to port it to high-bar jurisdictions.
I totally agree with you in principle here, but Apple have a pretty large vested interest in not supporting interoperability here (and in the other cases, like Mac mirroring) so I honestly don't see that happening at all.
This is purely a lobbying move against the EU to get EU citizens/politicians to complain about the laws and get an exemption.
And to be fair, Apple's business model is currently structurally incompatible with a lot of the DMA (which I personally think is a good thing), so they kinda have to fight it for a while.
It's not that we particularly like the EU government here in the EU. But we do like when they make pro-consumer laws.
Yeah that needs to stop. This is kinda why the DMA was created in the first place...
Yes, they can. Apple wields its duopoly power to try and bend governments to its will.
It can be more than one thing. It’s a lobbying move, to be sure. But it’s also almost certainly a time-to-market and potentially cost-mitigation play, too.
So it becomes a purely business decision: Do we risk a 10% global revenue penalty to release this globally, do we release this everywhere the DMA does not apply, or do we simply not build it? And make no mistake, even if Apple moved heaven and earth to try to comply with DMA they are STILL RISKING the full 10% penalty if the EU decides against them.
Yes, there’s a risk to releasing a product whenever you can be held accountable for that product. I understand that Apple seeks to be as unaccountable as possible.
So we ultimately agree with one another: Apple can do it, but doesn’t want to, for various reasons.
Does this put them stupidly behind schedule? Yes, and bummer for them, but I highly doubt that a company as politically savvy, legally savvy, and wealthy as Apple would do this "by mistake".
Yes, but also its much cheaper to build it in at the very start.
When we built pervert glasses research platform, if we'd just ignored the data privacy laws we could have built it much quicker. But, the only reason it took extra time is because
1) we had no idea what we were doing and
2) the lawyers had even less idea, so we had to do a bunch of reading and make a best guess.
Turns out the guesses were right, but it was painful getting the lawyers to understand.
Laws vary from country to country, state to state, and they vary tremendously. Laws are also changing all the time. There's literally no way to predict what rules will be in place at any given time.
Also, adding code to meet some government regulation takes time and effort that (form the company's perspective) could be better spent building a product and making money. No one would "choose" to implement some random compliance rule unless they're forced to.
It would be good for US companies to know that EU laws are not "guidelines", just as US enforces their laws on companies from outside.
This looks to me like yet another bet from Apple: "they'll buy iPhones anyway, let them wait".
Bad comparison. Launching with GDPR compliance isn’t particularly taxing if you’re already complying with California’s CCPA. (You need your twenty-eight EU law firms on retainer, but the big firms package that conveniently.)
Copyright theft in AI, on the other hand, is a global phenomenon.
DMA is most akin to the U.S. system of designating financial institutions SIFIs and then putting a bunch of extra requirements on them. Almost intentionally onerous. Hence ringfenced to select large companies.
What if I tell you that there's a surprisingly simple, straightforward and above all very cheap solution: don't implement privacy-invading or anti-competitive features in the first place ;)
So Google chose to be evil, now they have to rip all the evil out and redo it from scratch. Can't say I have any sympathy. Should have done the right thing from the start.
As a European I'm conflicted because I think this particular set of privacy laws are overreaching bordering on stupid; but "exemptions" for one of the richest corporations on earth would be beyond absurd and infinitely worse.
Then you should have done it right the first time.
Especially in the case of apple or Google. Look at the app store situation. It is very straightforward to do the work for the whole thing to be open to any competitor. But it is hard to try to design and implement a solution to try to not break any regulations but still manage to keep users captive the maximum without having competitor entering our walled garden.
Let's call it how it is: Android phones allow every competitor to run their chatbot in place of Gemini. Want Perplexity instead of Gemini? You can have it. Samsung launches with Perplexity as of late.
Apple? As always, went into "ay mate, too integrated, can't give the same APIs to competitors" lame excuse.
Weird to say it but the only assistant with any guarantee for privacy by design is Siri at the moment.
The code is open source: https://github.com/apple/security-pcc
That's not how the deal was announced. You don't pay Bs / year for a licence to gemini to send them your data. You pay that to run it on your own hardware, in your own garden, so the data stays put.
I know the internet is always anti big companies, but this is likely a "not worth it for now, we'll eventually do it" effort from Apple. The EU AI act is a mess, and the effort to simply know what they have to do to comply with it is likely going to take armies of people (not devs) and a lot of time, as the OOP said.
And the saddest part about it, is that Apple has the money and resources to sink into this. Think about all the small players that don't. This is yet again a miss for the commission, with the end result being an insidious form of regulatory capture. It sucks for those of us running small companies. Oh well.
https://security.apple.com/blog/private-cloud-compute/
https://www.business-standard.com/technology/tech-news/googl...
I run Perplexity in place of Gemini, but I can also run Claude and others.
[1] https://i.imgur.com/BgvxqQQ.png
Apple is just being the usual Apple being both an hardware vendor and giving it's own software advantages that competitors don't have and using the security bogus argument as always.
And yet, people believe that crap and jump into defending Apple as if being an Apple user is their identity, sad.
Or never. Like the majority of Pixel 10 on device AI features (image editing, magic cue).
I have not been able to switch language in Sheets since 2018, and I've changed any possible setting (even account language).
All guides are in English and I'm stuck with Sheets in Italian.
And yet Apple had no major issues complying to the draconical demands of the CCP to sell and operate there. Weird.
Also, it's not like Apple can't afford the manpower for this. They're not a hole in the wall mon & pop shop.
They can only do so much at once. And Apple is not a “hire an extra 30,000 people“ kind of company.
Apple usually rolls stuff out in stages. This is just an extremely high profile example.
I’m sure Apple doesn’t want to cave and give OpenAI free access to the spotlight semantic db, the ability see what’s on your screen at all times, etc.
No. Interoperability doesn't require Apple relax their privacy and security postures. It could instead require third parties to improve theirs.
Apple made it sound like their proposal for that was rejected by the EU. And it would be consistent with previous regulatory decisions by the EU for them to not want Apple to be setting the rules for how third-party interoperability partners/competitors ensure privacy.
It seems to me that the EU has a preference for protecting privacy with legal mechanisms, and generally doesn't approve of Apple's attempts to protect privacy with technical mechanisms because that inevitably limits interoperability with systems that aren't designed around the same restrictions and assumptions.
</s>
For example, with Copilot, you get a contractual pinky promise that they cannot access your data.
Can engineers really not access ? Can the police really not access ?
It's like AirTag for example. Apple cannot access it because it's scientifically "impossible" by design, but if they sign-in to your account, well it's over.
Once Apple fills the right audit / certification / paperwork they will be able to enable that feature. It could also be a negotiation lever.
Isn’t this less about privacy than competition?
Which should IMO be the basic principle worldwide. But unfortunately in many countries, companies are more powerful than governments/regulators, so they get to grab everything they can get their hands on.
At the same time, this potentially opens up the entire worldwide market (imagine EU iPhones being imported into US to use with OpenAI or Claude Cowork), and they probably made the estimation that keeping EU out is still better value (70% of the market all to themselves) than fair competition in the 100% of the market (I guess they estimate they might get less than 70% in that case).
Or they are hoping that EU customers will want Siri AI enough to campaign for a change, but I'd find that highly unlikely.
That's not the case. it's merely software (exactly like my iPhone 16 lacking the promised AI features claimed at WWDC24).
Anyway as I'm now within the EU with phone I bought before moving to the EU, regional features (or restrictions) depends on the logged in account and device regional settings. Except physical considerations (eSIM design, actual radio transceivers). The hardware is the same thank god.
If Siri wants to be seen as anything it should first support every EU language and they can work from there.
The only difference that I can see here is that the standards layer hasn't solidified yet.
This is true of most things that involve legal. Laws are not code, in basically any jurisdiction they are subject to interpretation, and just because you've dotted your Is and crossed your Ts, doesn't mean an enterprising enforcement agency won't still come after you
The intent matters, not the letter of the law. No loopholes, no bad faith interpretation. Just do what the law wants from you, if you make a mistake in good faith, you'll be given leeway to fix it.
> When interpreting EU law, the CJEU pays particular attention to the aim and purpose of EU law (teleological interpretation), rather than focusing exclusively on the wording of the provisions (linguistic interpretation). This is explained by numerous factors, in particular the open-ended and policy-oriented rules of the EU Treaties, as well as by EU legal multilingualism. Under the latter principle, all EU law is equally authentic in all language versions. Hence, the Court cannot rely on the wording of a single version, as a national court can, in order to give an interpretation of the legal provision under consideration. Therefore, in order to decode the meaning of a legal rule, the Court analyses it especially in the light of its purpose (teleological interpretation) as well as its context (systemic interpretation).
https://www.europarl.europa.eu/RegData/etudes/BRIE/2017/5993...
"They really don't try to fuck you over if you engage with them in good faith?"
"Yes, really."
But Apple's position here is actually really wild: Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws? Didn't they consider that while designing the product?
This is quite the contradiction.
Complying with complex privacy laws is surprisingly orthogonal to making a product with good privacy.
In another regulatory area (not privacy, but something more historically regulated) we ran into strange situations where complying with the letter of the law would require us to walk back things that we had done in a better way. The laws are not simple and they're not written by engineers or even people who understand what future product needs look like.
Maybe it's more because the privacy is largely marketing and helps with continuously shutting out competitors under the guise of privacy?
If they really cared about privacy, they would end-to-end encrypt iCloud backups [1] by default and not just when ADP is enabled, which only a small subset of users do. In fact, many technical people I know don't even realize that iCloud backups are not end-to-end encrypted. At any rate, this large hole opens a lot of data (including iMesssage) open to Apple, law enforcement, etc.
https://support.apple.com/en-us/102651
[1] And iCloud Drive, and photos, and notes, and voice memos, and wallet passes, and contacts, and reminders, and...
If regulators suck at understanding tech, they are making poorly thought out laws for corporations just as much as they are for you.
Tax laws are also quite easy, tax lawyers are only needed if you want to NOT pay what the country you're operating in is owed.
There's entire industries of experts who work on these tasks, and they don't just work for people trying to skirt the rules. I've hired people for both tasks and the reason was specifically to comply.
NIST, MS, and the security community all recommend against forcing people to change their passwords on fixed intervals. They should only be changed when there is an indication they have been compromised.
PCI requirements demand mandatory 30 day rotation intervals on user passwords for users with administrative privileges, IORC. Something like that.
They haven’t kept up. So until they change the rules you can either be PCI compliant or implement the current best practice. Not both.
Someone has to understand the codes and how they might be applied to a specific project, and direct a project such that the outcome will comply.
Codes dont provide a blueprint for a house or a bridge. They stipulate features and properties that it must have. Design resides with the firm.
Privacy isn’t complex, compliance is.
> Tax laws are also quite easy
Yet audits are still a pain.
> tax lawyers are only needed if you want to NOT pay
This is nonsense. Tax lawyers are sometimes used to skirt the law. They’re much more often there to help prove you followed it.
Here's their argument in their own words: https://www.apple.com/newsroom/2026/06/due-to-dma-siri-ai-de...
Besides that, the law is the law and the DMA/DSA has been around for years. Why should they get an exception is one part of a duopoly?
The smartphone is probably the most sensitive device most people own. It knows your location always. It has your banking apps. Your password manager. Your instant messages, and social media chats, it knows whether you’re walking, or driving, or talking on the phone, and to whom.
Once Apple allows any other vendor to vacuum all of that intensively private information out of an iPhone, Apple becomes indirectly responsible for potentially massive privacy breaches.
Legally, maybe not, practically it becomes their problem.
The DMA isn't a privacy law. In this case, the DMA would appear to require Apple to open up all user data to any AI agent. That removes the ability to provide privacy protections.
You can argue Apple should do that, but you can't in the same breathe argue for privacy.
EU wants Apple to open 'Siri AI', with access to a personal context, open to other model/AI providers.
Apple says "We can't do this in a privacy preserving way".
You can definitely question what their true motivations are, but it seems pretty plausible that there is a moral case for this system to not be opened up to other providers who may do a worse job at privacy than Apple (especially when you are Apple and you trust yourself).
I think there is a place in these sorts of ecosystems for privileged players. If you buy an iPhone you implicitly must trust Apple to some degree.
Not sure this is the case. My understanding is what the EU wants is that users can use Siri AI or a third party AI service from, say, Anthropic or OpenAI, at the same level of capabilities, just as you can switch default browsers. It's not about the underlying LLM (that would be the huge privacy concern), it's about the product built on top. Of course how a third party AI gets its data from the device would need to be approved by the user and that third party AI provider would have to justify what it's doing with that personal data to the EU watchdogs, just as Apple would need to do.
Lemma 2: you are obliged by other regulation to offer equal access to user data to third parties, so others can build equivalent functionality (DMA).
Lemma 3: malicious third parties will absolutely try to abuse the access and trick the user into sharing their data by all means possible. You will be held responsible in court of public opinion at minimum and legally at maximum if/when a malicious third party abuses said access.
This is a hard, possibly technically unsolvable problem no matter how much money you might have, because the root issue is not technical, it's the fact that you legally have to give third parties access and no way to control what they do with it - and as others have mentioned in the threads, it's exacerbated by the fact that the regulation doesn't say "this is okay and this is not", it is vague and judges things "by outcome", so you may spend all the time in the world implementing a solution you think will work, and then get hit by fines/lawsuits because the implementation is judged as not sufficient after the fact.
According to GDPR, the app developer is the "data controller" and thus ultimately responsible. Only in the case where Apple knowingly participated in unlawful behavior is it likely to be held accountable, and even then, in addition to the app developer. Obviously, if we are not talking about leaks from the actual App Store system (eg. Apple account logins and user data).
So while it sounds plausible, the legal framework is exactly not what you describe here — Apple can claim to want better protection for customers by not allowing third party apps, but EU rejects that (it can similarly extend to app store itself) and pushes for competitive landscape with DMA instead.
Couldn’t someone argue that they “knowingly participated“? Do you think they want that risk?
Nothing holds them from having designed this as an API that others can use where the user has permission toggles of what data they want to share with the LLM provider.
The DMA and the GDPR are laws that at their core make each other more difficult. the stated outcome of the DMA - allowing any vendor/user full access to your device - is not easily supported when solving for privacy.
100% - just like Apple making such a grandiose show of "privacy". "Privacy" for Apple eventually led to Apple specific and Apple-only allowed ads in first party apps and now Siri connecting to Google servers.
And you’re saying that consumers would be incorrect in thinking that?
The requirements are not onerous, it is the basic preemption of monopolist behavior.
Qualifying "random apps" is something that is a true challenge, but that holds regardless of the API being offered — the problem is that Apple saves some programming API only for themselves, instead of introducing acceptable & objective market terms to be met (if deemed unsafe, they could require companies to demonstrate compliance with things like CRA to get access to these APIs).
Many Europeans are upset that Apple blames Europe that they cannot implement this because it would sacrifice privacy. (Which is kind of ironic, because the EU has nearly the best privacy protection worldwide.)
Apple doesn't care about privacy. By default (without ADP), your (i)Messages, Drive files, contacts, calendars, backups of data from third-party apps are not end-to-end encrypted [1]. US law enforcement can request it. EU citizens are not protected because the US can use the CLOUD Act to demand the data. If Apple really cared about privacy, they would have closed that hole long ago.
[1] https://support.apple.com/en-us/102651
Do you never install software on your desktop computer?
I don't think you can call the process unrelated to the mother or the baby, they're both pretty important throughout the whole thing.
This can lead to absolute insanity as companies try to satisfy both privacy and market conditions. It's not simple. How many years did google waste with Sandbox?
The one legacy in Apple that Steve Jobs left behind is their distaste for taking risks that lose them money (ChatGPT was going to be their AI core... but then they had Altman ousted, so they backed away and partnered with Google instead), and spending money. I think they're still the only company with a kitchen in the valley that still makes employees pay for their own lunch, and the reason is the most BS reason that Steve Jobs pulled out of his rear end. It's so the employees appreciate the lunch, really?
I’m not saying I believe that’s the real reason here. But it is broadly true. Ask any company that offers a free tier where most of the complaints and problematic customers come from.
People can also appreciate things they get for free though. I'd appreciate a free lunch, most places I've worked at, actually nowhere I've ever worked, EVER has given me a free lunch. Now if its a difference of paying for a quality lunch at a reasonable price, and not paying for lunch but its mediocre, then yeah, seems like a no-brainer.
I wouldn't be surprised if Steve Jobs implemented was a way to get them back into the green.
Also, TIL:
> Jobs, who notoriously took a salary of only $1 a year, used to "scam" Apple out of free lunches by scanning his badge alongside colleagues and insisting on paying for everyone, knowing the charges would just default back to Apple.
That's disingenuous. It's not about money, it's literally about engineering velocity. The amount of planning and engineering required for an entire interoperability layer that also ensures security and privacy is absolutely going to be something like a year-long engineering effort minimum. You can't speed that up by adding more money.
So it's either try to get an exemption to deliver this feature to Europeans while that work gets done, or wait 12-18 months for the work to be done -- work that isn't required to launch in the rest of the world.
Apple just wants consumers to be happy and be able to use their features. But the EU is requiring a ton of additional interop engineering, so consumers will just have to keep waiting and get features 1 or 2 years after the rest of the world, or never.
You cannot accept the concept of consequences. You are entitled to Siri AI? I highly doubt it.
You sound like a totalitarian: a state can come up with any law and everyone has to comply.
I think you should be reminded of the fact that you can go your own way with something state sponsored like the EU Chip Act, AI, Cloud. Let’s add “Siri” to the list.
I love the fact, that EU is getting a lesson, even though people obviously don’t get it.
seems a bit simplistic.
This is the bit that's likely hard, because generally keeping safety and privacy guarantees as data flows through the system is extremely hard, and Apple would not be able to guarantee it for other products without large review investment.
But ultimately, they probably just do not want to do it until Siri AI gets a decent marketshare first, so competing agents would have to both build new solutions for the platform once open, but also deal with an incumbent dominant player already on people's phones.
What's not fine, is to blame the EU for the missing feature. It's damaging their brand and damaging their reputation. Just think about if Porsche would make a press release and calling the US tariffs "un-American". Wouldn't be perceived well either.
Fancois Normal installing a 3rd party AI service which turns out to have zero security and actively just harvesting private data.
Tell me which company in your opinion would be in the LOUD headlines, Apple or the random 3rd party?
Tesla is a good example. Elon Musk became political and anti-EU, which resulted in an irreparable damage of the Tesla brand in Europe. Not for everyone, but a big group of people would never again consider buying a Tesla. As a result Tesla lost market share in Europe.
Apple seems to be on the same path now.
edit: here are some stats https://eu-evs.com/marketShare/ALL/Groups/Bar
Like this? https://www.thestreet.com/automotive/bmw-ceo-has-blunt-new-m...
The DMA is also threatening Apple's high profit margins. That's the whole point of the DMA.
If I was more cynical I would suggest that this is being used as an end-run around encryption, since the encryption doesn't have backdoors for the government but this gives you access to all the same data.
When this backdoor is inevitably exploited in some very public fashion, it won't be the EU regulators that required the backdoor to exist who will be blamed.
The way Apple Health exchanges data with 3rd-party trackers (Fitbit, Garmin, etc.) is very well built and a good model of how other components in iOS could allow data exchange with very granular permissions.
Apple touts the "Private Cloud Compute". If they found a way to share your personal context to process on their cloud in a private and anonymized way, there is no reason the same process couldn't be used to handoff data to a 3rd party AI provider.
One of the issues here is that there are many people with strong opinions that don't understand the thing they have strong opinions about. Which is the normal state of human affairs.
It looks like Apple is framing this as a privacy issue as a marketing tactic so that consumers will blame the EU when Apple COULD implement it without endangering privacy.
EU can’t and won’t enforce the same rigour for 3rd party cloud AI. Which is the problem for Apple.
If said 3rd party service leaks private data, guess which company is going to be in the BIG HEADLINE and which one will hardly be mentioned in the news?
https://security.apple.com/blog/expanding-pcc/
This is about Super Private Benoau AI being available for any user to install. How can they know whether it respects their privacy or not? The home page says that they're the best and mostest private ever of course, has animations generated by Claude and everything.
But actually it runs on servers bought from Hetzner's server auction and stores all logs in plain text in open S3 buckets and the owner actively sells the user data to the highest bidder.
This is what Apple is worried about and EU either doesn't care or doesn't understand the issue.
If you want it to, for example, summarise your HRV or menstrual cycle you can't anonymise it or you don't have any data to analyse. It'd be just "wink wink nudge nudge" with zero context.
Why should they? If the user decides to trust a third party, Apple shouldn't retain veto power for the customer's choice.
This is how macOS treats apps like OpenClaw. It can absolutely work for iOS too.
Let's remember that a tiny company called Meta had a "VPN" they provided for users that just happened to spy on them: https://news.ycombinator.com/item?id=39881962
And that went on for a long while before it was noticed.
Now imagine the same situation but an infinite whack-a-mole of alternative AI providers and just regular folk who will install mobile games from a frozen baby ad...
You have more safeguards if it’s running on your own metal. It’s reasonable to want to understand that better, perhaps with your own red team, before opening up customer data to actual potential hostiles.
Well then explain me this: There are absolutely no restriction on MacOS where I can give Claude free access to everything. If you are a Mac and iPhone user that essentially gives it access to the exact same data. Why is the data only protect worthy when accessed on the phone directly?
This is the rhetoric used against right to repair. "What if enemies get access to our citizens' data if we allow anyone but us to repair your car?"
No. Only if you would consider the Linux/macos/windows filesystem API a backdoor too. On your desktop any app with sufficient permissions can read all your data. Would you call that a backdoor?
Is Apple incapable of designing a permissions system that allows a user to grant access to email and messages to an app of their choice?
We already download apps and grant them permissions to subsections of personal data on our devices.
I don’t believe Apple is incapable of designing a system that respects a user’s choices and granted permissions.
It gives us European some opportunities. I have a side project at work that was heavily threatened by Siri’s new features. Now I feel more relaxed as Siri isn’t coming there anytime soon.
But overall I doubt we will replace Apple.
Handing full access to the data on a user's device over to a company with the scruples of somebody like Facebook is a privacy nightmare, not "opening their platform a tiny bit".
Apple is not abiding, because they want to use time to really ensure they have the best assistant, before they allow competitors to build assistants for iPhone that can replace Siri (in the EU only probably)
It seems things start to get rolling in a way that they haven't since the start of the Google/Apple duopoly.
We've had endless opportunities to compete during Apple's entire 50 year existence.
As someone living in Europe I feel ashamed to read you openly admitting this. This sentiment would feel at home in the USSR.
Instead of trying to create things the world finds useful by building something better/cheaper/more innovative, we're choosing protectionism so we can screw our customers with inferior products they're forced to buy...and relax.
I think we've done enough relaxing in Europe.
We were the birthplace of the industrial revolution...the technologies of which went on to bring the entire world out of poverty last century.
Do we seriously have nothing valuable to contribute to the world during the entirety of the digital revolution? If not, I think our decline and collapsing social welfare systems are deserved.
From Apple's strategy board point of view, no.
Apple's services revenue is showing a strong growth and it is entirely dependent on keeping the ecosystem closed so that it can take its commission and sell its services.
Once things get moving they would prefer still having control on the on the US market rather than making slightly more money(if any. No one wants this AI stuff as you can tell by the strong sales Apple keeps having despite or thanks to not having AI integrated) when the EU market is still open to them.
Just for that case a new category of business classification was invented: the gatekeepers, and coincidentally almost all of those gatekeepers are American companies. Unlike antitrust regulation and other EU regulation that wan't based on clearly observed harm to the consumers, as otherwise that would have been covered by existing laws. It was solely designed to prevent businesses to have a potential ability to do something anti-consumer.
It is in fact an antitrust law. It basically argues (correctly in my opinion) that Apple and other companies have created new markets inside of their products. And in those markets they exert total control, including charging developers extortionate fees, forcing them to use their subpar and expensive payment systems or restricting what users can run on the devices they own & a lot of paid money for.
This reads more like a tabloid headline than the first sentence of a Reuters article.
>“The decision not to roll out Siri AI in the EU is Apple’s and Apple’s only,” spokesperson Thomas Regnier told reporters in Brussels, saying there was nothing in the Digital Markets Act to stop the company from introducing new products in the EU.
>“Apple was simply unable to develop interoperability solutions that meet essential EU privacy and security standards,” Regnier said.
Obviously he's going to champion the EU's position, but his framing is internally inconsistent.
1. he claims the DMA doesn’t prevent Apple from launching products in the EU
2. the DMA sets certain requirements which determines whether features can ship in the EU
It's fair to say “the DMA doesn’t ban Siri AI,” but that's not the real issue. The regulation sets conditions, and Apple is arguing those conditions make rollout infeasible. The Commission claims its a compliance problem, not a regulatory block, but the reality is less binary. At a certain point the regulation is self-defeating. What is that point? This is the discussion that the EU lawmakers cannot acknowledge.
They can ship any feature they want, as long as they give users the option to choose alternative implementation of the feature.
"Compliance" isn't a thing without regulation.
Because it's not self-defeating, what would that even be FAANG packing up and abandoning Europe? Worked out splendid for China.
Whereas the EU laws apply to foreign and domestic companies alike, and the goal is consumer protection. The compliance difficulty does not vary between foreign/local.
This is a common sentiment of EU tech regulation proponents. You may want protectionism but that's not really what these laws are about. Why not simply adopt the CCP's policy towards technology?
Have some dignity. We all deserve the right to fully own our general compute devices.
> Prior to Apple's update, around 65% of users attempting to install the Epic Games Store on iOS were thwarted by Apple's deceptive design. After the update, the drop-off rate has gone from 65% down to around 25%, and continues on a downward trend as users upgrade to the new version of iOS.
Zero idea if its true tho.
the core technology fee is a big obstacle to alternative app stores.
openclaw is massively popular. there is a lot of diversity in "persona" agents, which are different than coding agents or the agent apple demoed. they're not all the same.
i don't know, i don't think you have any idea what you are talking about.
The beauty of it is that in their exemption request, Apple claimed they have plans to introduce an intermediary system for other AIs within 18 months. So they can no longer claim that it's impossible for security reasons.
Moreover this claim stinks.
Apple have enough legal experience with the EU and technically competence to have baked EU AI, privacy and anti-monopoly compliance into their product from the start.
In fact any U.S. company could base their products on EU legislation, since it provides wide safeguards for consumer privacy.
Apple deliberately chose not to and are now being deliberately obtuse and misleading.
Anyone would think they didn’t have lawyers.
Either they are incompetent or it’s a deliberate choice to play this card. I don’t think it’s incompetence.
EU has the right to privacy.
Apple also has the right to not conduct business in EU.
If EU doesn’t like it, they can build their own sovereign software.
Oh come on. Apple doesn't want to give up control. That's what this is about. The privacy thing is just to make them look good
The DMA mandates that Apple allows for competition, which (if you believe in capitalism) is good for the market overall. It's essential to stop big tech from abusing their market dominance. However Apple would prefer to not allow competition for their digital products on any of their hardware.
Apple wants to implement features that access data locally. It doesn’t want to allow competition for offering those features, but if it did, competitors may use that access to local data to exfiltrate.
So it is about both competition and, as a result of creating competition, privacy.
This allows competition, but also allows privacy for those who want it. See? Simple really, but Apple being Apple dont want to let 3rd parties use its AI APIs and so we have this standoff.
If you want to you could still use Apple or another provider you decide to trust - or even one that does everything locally. The competition would still have to follow GDPR after all.
Will the EU enforce the same for 3rd party integrations?
If Apple extended that philosophy to other vendors then yeah, it would be deliberately unfair and anticompetitive.
Even if you could make all the other possible vendors run private cloud compute style stuff that would be a lot to manage.
And I can’t imagine the EU would like, and as a user I would certainly hate, the “OK you can use Grok but you lose all privacy too bad“ dialogue box they could make.
Most sysadmins know that hash matching only mitigates a small subset of rare upstream attacks. Apple could still be MITMing the whole thing (SSL added and removed here :)) and no auditor would get the chance to check. The offered audit is so weak that I would not trust any FAANG business to administrate it.
Apple is once again demanding arbitrary centralization to give them an undeserved veto power. None of this is for security.
Just have an open house for anyone interested to come poke the hardware and software?
While I can appreciate the reason for the DMA, people don't have to buy Apple devices, they can buy any type of phone they want and just use the ecosystems provided by these phones.
Apple is free to do what they want. The EU can go and try and build their own iPhone (good luck with that).
Do you really? The only two types of operating systems for phones that you could reasonably use are iOS and Android. So it's either Apple or Google.
Imagine a world, in which you could only consume Apple or Google services on those phones. No more Netflix or Disney+ on iPhones - only Apple TV Plus because the streaming video API is not available to third party apps. I think there are plenty of other examples to demonstrate the point.
A free market doesn't work if you have a duopoly. A free market requires the freedom to choose between different services, which Apple is trying to limit by only allowing Siri AI to access specific OS interfaces.
Not sure why some people on hackernews support more locked down operating system.
Apple came out of nowhere and invented the smartphone because the existing system was controlled by the telcos and horrible phone technology. The same thing can easily happen again.
It makes no sense to limit Netflix on phones and people would probably stop buying iPhones.
If the EU wants an "open" phone ecosystem, they should foster real innovation in their space and build it themselves.
Furthermore, if we lived in a world where the two main OS's were locked down to an insane degree, we would also have plenty of alternative operating systems. The reason we don't today is because we don't really have a need for it, in the same way linux has a monopoly on servers and nobody really cares.
Those make up 0% of the market [1], which classifies Apple and Google as gatekeepers.
[1] https://gs.statcounter.com/os-market-share/mobile/europe/
If you have a market with a handful of companies producing good products, and a handful of companies producing shit products nobody wants or buys, you cannot claim that the companies producing the good products are "gatekeeping", and that's the reason why nobody buys the shit products.
It doesn't matter how they became gatekeepers.
Sure - the DMA has nothing to do with privacy though, so that's a straw man. or is it a red herring? I always get those confused.
To follow along that line of thoughts, the requirements they are actually asking for proper DMA compliance would probably go right in that direction tbh.
I, for one, am happy Apple is taking a stance, and, as an European would really much like my government to stop asking ridiculous things that do not profit the consumer.
They already claim to care about your freedom and privacy. Now they can prove it.
Seriously EU folks need to come to down to earth sometime.
https://apnews.com/article/apple-iphone-siri-artificial-inte...
I don’t know why the EU allowed Apple to intermediate other browser engines with BrowserEngineKit, which is unacceptable, while blocking it here where it is reasonable.
How? How do you safely handover effectively every single bit of data on someone’s phone to any third-party company and preserve privacy?
Sure you can try and demand agreements from the third parties but will the EU see that as a move to limit competition?
Ignoring all other concerns it is a rather thorny problem.
I don’t think the EU would accept, and as a user I certainly wouldn’t accept, having to agree to a pop-up every time I used any feature that used any data on my phone that might go to a third-party AI.
Does this mean the service will not be available to EU accounts, or will they geoblock access from within the EU altogether?
https://www.gesetze-im-internet.de/englisch_stgb/englisch_st...
If the price for some sort of functioning Siri is my privacy, I’m happy with the current dumb Siri
Apple must know that they have customers in EU countries..?
It’s not like the feature is fully finished.
If it took another year to get out the door and be compliant, do you think they would’ve wanted to wait? Or do you think they would rather launch now and then provide a compliant version later?
All I know is we are buying the same devices designed by the US but keep increasing the list of features we can’t enjoy.
Says it right there: "Apple was simply unable to develop interoperability solutions that meet essential EU privacy and security standards," Regnier said. "Instead of trying to find a suitable compliance solution, Apple simply made a request to the European Commission to be exempted from their interoperability obligations under the DMA - and this for at least 18 months. That's not an option."
At what level? Improve Siri which is lagging behind, then add llms?
Mistral. I’d bet my bottom dollar that the French are the reason the EU is holding firm on its position.
Never underestimate the power of a really, really, really irritated counterparty.
However they are also a 100,000 pound gorilla. If you fight with Apple over $ISSUE, even if they’re right in that case, you get headlines and possibly PR points. Lots of people here are quite happy to be mad at Apple. And other companies take notice that you’re serious.
If you argue with a tiny company from Spain, most of the world doesn’t care and you get no headlines.
Apple is complying with EU law by not releasing a feature that is not compliant with EU law. And the EU appears to be trying to make hay over that fact.
Another example here is Google Chrome - which still allows third party cookies because even thought the privacy regulator wanted them gone, the market regulator required them to architect a solution that was unworkable to not take advantage of their gatekeeper advantages when others didn't have the same rights as them. Google finally said fuck it, and walked away from the privacy features in order to satisfy the anti-trust regulators.
Not shipping this feature in Europe is a common way to deal with satisfying the balkanized regulators there.
>Good! I'm glad I can't have new and improved!
In the US, we basically see this as a shakedown by foreign governments against our successful companies. It really is a matter of "build your own iPhone" you guys. You had Nokia, so don't tell me you can't compete globally. I'm pretty fed up with Google and Apple personally, so please do deliver me a nice EU phone with sd card, removable battery, unlocked sims, usb-c, and all the other nice things your regulators demand.
Damn, good luck next time. Maybe use some of the $416 billion 2025 revenue to invest into that project?
Apple realized its standard malicious compliance playbook won't fly this time, so now they're trying to sway public opinion by not rolling out this feature in the EU. It won't work. They're just going to lose market share and will have to backtrack when they do. Tech regulation doing its job.
Apple frames this as a privacy issue when it's only a brand/control issue.
Is it possible to do that with absolutely any company that wants to be able to be the AI on your phone? Are most of those companies even capable of handling something like that?
That’s thorny.
Literally anyone could whip up an AI service, get people to use it and just browse the unencrypted logs for data to sell.
Which is the issue Apple is having.
Like when the UK banned encryption I wish Apple would have just disabled iMessage entirely there. Show a message saying that due to UK law, they cannot operate an encrypted messaging service there any longer. The backlash would get that law changed pretty quick.
Instead they disabled encryption for the UK, making all of us less secure.
Sometimes a company's incentives are going to be aligned with their users, but a lot of the times they won't and consumer protection regulation is useful.
Sometimes a government will have the good of their citizens in mind, and a lot of the times they will seek money and power just like companies do. Lobbies, fines, overreaching regulation.
The UK (and EU's attempted Chat Control) is some fascist bullshit. But allowing you to own the device you paid for and use it as you please (including letting you install whatever software you choose to) isn't.
Apple themselves have claimed recent EU compliance has led to over 600 new or changed APIs in the OS.
I've spent a fair amount of time with my iPhone in both the EU and the USA, have local cell service registered in both regions. its nothing as simple as a geo-location check anymore. It's a problem that has grown more complex over the decades too, as more and more countries implement their own slightly differing legislation.
These concepts are so outdated it's not even funny. Let's say I have several citizenships, live mostly in the EU, but currently stay in Japan, do I get the features or not?
Like app store regional gating and DVD regions, these restrictions are dinosaurs of the past.
Given that our share of global GDP has dropped from 25 to 17 per cent in twenty years, with a steady downward trend, I am not convinced that this principle will hold for much longer, and this case of Siri may be one of the canaries in the coalmine.
If/when we drop to single digits, many vendors won't likely care anymore.
I don't know about every vendor, but Apple probably doesn't want to lose 27% of their sales.
They’re not going to over a single unproven feature.
The one that’s so secret it’s not in any of the treaties that the sovereign nations that comprise the EU signed up for and implemented in line with their own democratic processes
That agency
Meanwhile they struggle to put together a border patrol, but advanced pan European surveillance apparatus that isn’t run by the US. Yeah bro
This privilege system already exists. This is just marketing.
Apparently their "Verifiable Transparency" claim just means Apple invited unnamed outside security experts and independent researchers to inspect and verify the integrity of (what they claim to be) its Private Cloud Compute code... LOL :)
I'll believe it when I can run the "private cloud compute" on my own hardware that I can firewall in my rack and monitor its network outputs.
If I were apple i'd want to give people enormous amounts to tools to control that access. Specific popups whenever it tries to access data (for the first time) from any given app. OpenAI would like access to all of your text messages, yes/no. I'd also want audit logs etc.
The nightmare is facebook (or the like) releasing an ai model into the current facebook app and forcing people to decide between looking at their grandkids pictures or allowing facebook to read your whole damn life into a database. So perhaps these apps need to be mandated as a connector for Apple Intelligence and nothing more.
I mean if you decide you want to give access to Google to everything on your phone, go for it. So far I trust apple, they haven't let me down yet. Placing these models on hardware is a great trust-building feature.
This is why the EU is destined to lose and run itself to zero.
Compliance with DMA would have Apple hand over system-wide access to AI features to third parties, which could compromise user privacy and security.
I don't think there's a clear good guy/bad guy here.
This one does not appear to be Apple being a dick, like they have been on the App Store and a number of other things.
* If you allow the user to grant those privileges to third-party applications, they can grant it to applications that abuse it, resulting in security and privacy risks. You might even be blamed for allowing them access (e.g. the famous Cambridge Analytica scandal).
* If you don't allow the user to do that, third-party tools won't be able to serve those needs, which can be considered anti-competitive preferential treatment of your own tools.
Of course, as usual they use their PR machine to blame the EU, whereas they really just want to abuse their platform's position to shut out competitors.
I have been a decades long Apple user, but their anti-competitive behavior, pushing ads into the OS and apps, and their treatment of developers (who made the iPhone big) is just gross.
Apple says hey so we're going to need some time to figure out if we can do that in a way that won't completely fuck over our users.
Very different than the narrative you're pushing
access to all of your messages, photos, what's on your screen, browsing history, etc. Apple says hey so we're going to need some time to figure out if we can do that in a way that won't completely fuck over our users.
The point is that if Apple's model gets all that access, they should give others access to those APIs as well, otherwise they are giving themselves benefits over the competition. A company can do that, but not once they are considered a gatekeeper in the EU. It's up to the user to choose an LLM provider that has good privacy rules (or stick with Apple if there is no other provider). That's fair competition, a user can weigh pricing, privacy, etc. and make their own choice. Now they are stuck with Apple and have to get an iCloud+ subscription to fully use the AI features. The 18 month delay is not to figure this out, it's to entrench themselves as much as possible first.
Following your line of reasoning, if Apple had this behavior in 2010-2015, instant messaging applications outside iMessage wouldn't have the option to ask access to your contacts (privacy), no possibility to share a location in a chat (privacy), no means to show notifications (probably privacy too), etc.
It's surprising how much people are willing to do the bidding of tech oligarchs. Remember, this is the company that has spent years doing malicious compliance around the DMA and DSA, why should they be trusted this time?
Yes. They SHOULD. So how did they do that without throwing away their privacy promise or running afoul of the privacy laws?
Second, they could provide users with permission toggles of what users want to share and what not. Same as iOS/Android do now for contacts, location access, etc.
They basically make it an existential risk to build your success on anything nicely and neatly tightly vertically integrated. Everything must be dragged down to mediocrity by the unavoidable slippage between mandated abstraction layers and avoidance of features that can’t be easily or safely generalized.
It’s conflicting. Is Apple abusing its role in some cases, such as the App Store, and in need of some reigning in? Sure, but some of this goes too far and essentially requires them to strip their products of a portion of their appeal.
Even more frustrating is that nobody seems to be willing to discuss the issue with any level of nuance. It’s nearly all binary EU good/Apple bad or the reverse.
Who is saying that enforcing companies to open their systems to competition is making them mediocre? Maybe if that's the end result, they should put more time into designing systems that wouldn't become mediocre just by allowing third parties to do things with those said systems? We need to stop defending corporates for abusing their monopolies.
Interoperability is not free. One of the trades it brings is a notably lowered ceiling in terms of tightness and capabilities, and this persists no matter how many man-hours are poured into engineering the systems that enable it.
The Linux desktop is a great example of this at play. While it's technically worked for decades at this point, it's been a constant struggle to make it a high quality, thoroughly polished experience end to end and that's partly thanks to the unavoidable friction and gaps between layers that comes with interoperability and tens of involved parties.
Apple's philosophy is that new APIs need some time to stabilize before they can be baked-in as a commitment to third-party developers.
So new APIs are almost always first-party only. Apple designs the API and becomes the first consumer of it. This experience of dogfooding their own APIs lets them iterate and learn without breaking compatibility with third-party developers consuming the API.
Only after an API has been hardened in this way does it become eligible for third-party consumption, where Apple can promise to document and support those APIs publicly.
It makes sense then, that if the DMA mandates equal access to new APIs for third-parties, then Apple will just disable new first-party APIs in the region until they've gotten their bake-in period elsewhere in the world. Sorry, EU!