The relationship between the European Union and large technology companies is going through a period of growing tensions, fueled by intense debates on competition, digital security, data governance, and platform responsibility. In this highly complex environment, the Digital Markets Act (DMA) emerges as the most ambitious regulatory framework designed by the bloc to rebalance forces in digital markets marked by strong network effects, ecosystem economies, and structural barriers to entry.
It is in this context that Apple recently notified the European Commission that Apple Ads and Apple Maps now meet the size and impact thresholds set out in the DMA. Although formally procedural, this move symbolizes another chapter in the practical implementation of the regulation and reactivates discussions about the degree of state intervention necessary to ensure contestability and transparency in digitally concentrated markets.
The requirements imposed by the Commission—such as opening up the iOS system, allowing alternative app stores, and expanding the interoperability of Apple Pay—are presented as measures aimed at correcting historical power asymmetries. Apple, for its part, argues that such obligations amplify fraud risks, compromise operational security, and threaten the technical integrity of its integrated ecosystem.
In a scenario of growing socioeconomic dependence on digital platforms — each built on its own technological incentives, commercial strategies, and control architectures — the debate transcends the Apple case and reveals a broader regulatory dilemma: how to promote competition and openness without destabilizing ecosystems whose efficiency derives precisely from integration and standardization?
The DMA establishes a specific regime for digital platforms that hold a systemic position in the European market. Although European competition law does not consider large size alone to be a competition problem, the European Commission has come to recognize that a small number of large-scale platforms increasingly act as gateways—or gatekeepers—between user companies and end users, enjoying an entrenched and lasting position, often consolidated by the formation of conglomerate ecosystems around central services, which reinforces existing barriers to entry.
Once designated as gatekeepers, these companies are subject to ex ante structural obligations designed to: (i) prevent self-preferencing practices; (ii) ensure interoperability and data portability; (iii) ensure a level playing field for companies using their platforms; and (iv) promote greater contestability in highly concentrated markets.
For designation purposes, the DMA establishes objective thresholds based on annual revenue, number of users, and presence in the domestic market. Once these thresholds are exceeded, the company must formally notify the Commission, which then assesses the classification as a gatekeeper and, if applicable, imposes specific obligations proportional to the systemic impact of the service.
Unlike traditional antitrust law, which acts predominantly on conduct and usually requires proof of abuse of a dominant position, the DMA was designed as an instrument aimed at neutralizing structural effects derived from size, gatekeeping power, and the strong network effects that characterize digital markets. Its goal is to reduce barriers to entry and level competitive conditions, especially in consolidated segments such as operating systems, messaging platforms, marketplaces, and digital advertising.
Despite its innovative nature and broad support from sectors that see big tech companies as having excessively concentrated power, the DMA also faces substantial criticism. For some analysts, its intervention comes too late in already consolidated markets, where competitive diversity has become difficult to reestablish. This is a point recognized even by the regulation's own drafters, who identify significant challenges in reversing deeply entrenched market structures.
Under the logic that inspires the DMA, requiring interoperability, opening operating systems, and allowing alternative app stores would be a way to increase contestability and decentralize the European mobile device market. However, many of these obligations directly affect the technical architecture of platforms such as iOS, bringing regulation closer to a kind of normative systems engineering — and it is precisely at this point that more delicate frictions between security, innovation, and competition emerge.
Apple's criticism focuses on the claim that forcing iOS to open up would significantly increase the attack surface by allowing installations outside the App Store — an environment subject to continuous security audits — and by reducing the sandboxing, cryptographic verification, and proprietary screening controls that have historically structured the system's defensive architecture.
The company further argues that the requirements for interoperability and sharing of sensitive technologies with third parties, whose protection standards may not be equivalent, create additional risks of vulnerabilities and undermine the integrated ecosystem experience, an element it considers central to its value proposition.
According to Apple, the DMA also imposes an undesirable reversal in its development and innovation cycle by requiring certain operating system features to operate from the outset in non-Apple environments and applications, even before they are released in the final interface to consumers. This move, the company argues, creates a kind of regulatory dependency, subjecting the technological evolution of iOS to external constraints that go beyond competitive logic.
On the legal front, Apple argues regulatory overreach, claiming that the European Commission's actions go beyond the legitimate goal of promoting competition and strike at the heart of its technological governance, posing structural risks to its business model, operational security, and ecosystem integrity. It is, therefore, a criticism that combines technical, strategic, and regulatory elements, seeking to demonstrate that regulatory intervention would have potentially adverse effects on innovation and the resilience of the system itself.
This episode reveals a structural dilemma in contemporary European digital policy, present in both the DMA and the Digital Services Act (DSA): the search for a simultaneous balance between security, competition, and innovation in markets characterized by strong technical asymmetry and high operational complexity. In this process, questions arise that challenge the limits of regulatory design:
In the absence of a robust cost-benefit analysis—one that considers general equilibrium effects, impacts on the attack surface, and security externalities—structural regulations can unintentionally redesign incentives, producing systemic inefficiencies or shifting risks without eliminating them. This is not to deny the relevance of public intervention in highly concentrated sectors: regulation is essential to correct market failures, avoid lock-in, ensure interoperability, and stimulate innovation.
The risk arises when regulation exceeds proportionality limits, excessively interfering with the technical architecture of products, imposing obligations disconnected from risk analysis, or assuming technological premises that do not hold true in practice. At this point, the norm ceases to correct dysfunctions and begins to produce new asymmetries, altering the operating logic of ecosystems that support millions of users and developers—with consequences that can reverberate far beyond the original intentions of the legislator.
The dispute between Apple and the European Commission highlights a broader problem of global digital governance: the regulation of technologically complex markets requires a delicate balance between openness, security, and technical feasibility.
The DMA represents a significant step forward in addressing the structural power of dominant platforms, but its effectiveness will depend on the ability to integrate rigorous technical assessments, ongoing risk analysis, and gradual implementation mechanisms capable of adjusting obligations to the operational reality of the systems it regulates.
Without this fine calibration, regulatory enforcement risks compromising precisely what it seeks to safeguard: the integrity of digital ecosystems, the resilience of technological infrastructures, and, above all, user confidence, a central element for the sustainable functioning of interconnected digital markets.
Frequently asked questions about this article.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
