Regulating the Walled Garden: The Challenge of Taking on the Gatekeepers

As the deadline for designated gatekeepers under the European Commission’s Digital Markets Act (DMA) fast approaches (March 2024), Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft are rushing to either comply with new rules or continue to fight against their designation as a gatekeeper. The DMA is the European Commission's new law designed to make digital markets ‘fairer and more contestable.’ It identifies gatekeepers, which ‘are large digital platforms providing so-called core platform services’ and ‘establish obligations for gatekeepers, “do’s” and “don’ts” they must comply with in their daily operations.’

Recent headlines are filled with announcements of new policy changes by Apple, which has long fought to protect its vast walled garden and against the DMA. The company argues, for example, that its App Store is not a singular core platform service, but multiple App Stores, and thus should not have to follow DMA rules. However, even as it pushes back on rules that would require it to open its proprietary software and hardware to third parties, it made two recent changes in an effort to continue to operate within the EU.

The company announced it is opening its contactless payment software to third-party payment processors and, according to reporting, intends to ‘split its App Store in two, separating its EU store from the rest of the world. It will have one store in the EU where it will allow third-party app stores and third-party payments and another where it can do as it has always done regarding third parties.’

But what do these supposed changes mean in practice? And is this the outcome that lawmakers were seeking with the DMA?

The DMA’s objectives of contestability and fairness are summarized as aiming to reduce entry barriers and strike a balance between the rights and obligations of the gatekeepers and their business users. However, this article questions the extent to which Apple's recent policy changes really reduce barriers to entry in a market dependent on Apple devices, and subject to Apple’s control. Indeed, by giving companies like Apple ‘rights and obligations’ as gatekeepers, Apple and the other tech giants will inevitably limit competition as they continue to set the rules for market participation.

Whilst the goal of this article is not to diminish the importance of the DMA, it does make the case that the DMA offers little in terms of structural remedies and cements the power of gatekeepers like Apple as the judge and jury of its ecosystem.

The App Store and the Limits of the DMA

Whereas previously iOS did not allow downloading apps from outside the Apple App Store, and the only payment method available on iOS was via the Apple Wallet, the DMA was expected to usher in not only new competitors and increased customer choice but also the hope that enforcement could break down market dependencies on gatekeepers such as Apple.

However, some experts, such as Larouche and de Streel, argue that the DMA ‘has little to do with the contestability of core platform services; rather, it is about containing gatekeeper power and preventing it from adversely affecting neighboring markets in the ecosystem of the core platform service.’ Indeed, rather than tackling the issue of concentration in the market for smartphone operating systems, essentially a duopoly comprised of Android and iOS, the DMA ‘mostly serve[s] to achieve competition on and around a platform’ by obliging such operating systems to allow some form of competition within its platforms.

Gatekeepers, like Apple, can easily block third-party app stores through DMA caveats, such as allowing operating systems to block third-party app stores or limit interoperability to protect against security threats. The Electronic Frontier Foundation has pointed out the possibility that Apple may ‘arbitrarily revok[e] third party app stores’ or ‘require its competitors to pay [Apple] to vet the apps they sell’ amongst other dangers to true interoperability. Such warnings appear warranted as Apple has announced that apps offered outside of Apple’s App Store must still undergo review for ‘cybersecurity risks and obvious fraud.’ In addition, Apple is introducing a ‘core technology fee’ for any app with more than a million downloads (including software updates) per year. The fee is ‘€0.50 for each first annual install, counted by Apple user account in the EU.

At the same time, Bloomberg’s Mark Gurman reports that within the Apple ecosystem, developers making less than $1 million in the prior year now pay Apple only 10% fees, down from the 15% standard, and for those making more than $1 million the app commission is now 17% down from the standard 30%. Whether such a drop in fees encourages developers to stay within the Apple ecosystem remains to be seen. The point is that regardless of whether developers stay or migrate to a third-party option, Apple remains in control of third-party apps that wish to operate within its core technology.

These changes highlight that the DMA’s obligations may do little to challenge Apple’s vast information and ecosystem advantages. Apple’s power is accumulated through its expansion of peripheral apps and services, which are governed by Apple’s core hardware, policies, and governing structures. Aradau and Blanke describe platforms not as singular monoliths but as ‘assemblages of services.’ Specifically, they argue that the ‘largest platforms dominate the mobile ecosystem because they provide key services for everybody else. They offer monetization services that others depend on to make money from apps.’

In this analysis, Aradau and Blanke point to Facebook (Meta) as an example of a permanently on platform, distributed across the Web in the form of tracking libraries, analytics, and widgets such as ‘like’ and ‘share’ buttons as well as account management in the form of single sign-on options which allow users to sign into a variety of services using their Facebook account (see Cyphers and Gebhart’s report for an in-depth study on these technical methods). This sprawling of data sources supplies Facebook’s data troves and reinforces its platform power, as other apps and services rely on its vast advertising networks for monetization.

Similarly, Apple as a platform maintains a central core in the form of its hardware, iOS, Software Development Kits (SDKs), advertising networks, and other governing structures, as well as control over its peripheries such as apps and MFi licensed products and services. For example, Apple, in ‘leveraging their scale and ecosystem assets’ makes app developers reliant on Apple not only for development and distribution but increasingly for monetization as developers are less likely to exchange data for ad revenue and are moving towards in-app payments which, for now, is conducted through Apple Pay.

This is reinforced by Apple’s App Tracking Transparency policy (ATT), where users are able to block third-party cross-app tracking (however, this does not extend to Apple’s own first-party apps), which effectively cuts off third-party access to an iPhone’s Identifier for Advertisers (IDFA). As a result, Kesler and Kollnig et al. find that Apple’s SKAdNetwork and Apple Search Ads are increasingly relied upon by developers. It is no coincidence that Apple’s ‘advertising business has more than tripled its market share’ since the introduction of ATT.

Whilst it is within Apple’s interests to encourage innovation of its peripheries, such as third-party apps, this is done under strict governing control by Apple, which dictates the terms and conditions of app review protocols, App Store policies, and privacy policies. Apple centralizes peripheries by hoarding both first-party data via its own apps and services while collecting information on third-party apps through its app review process, transaction data obtained through in-app purchases, and app download data through the App Store (see Kollnig et al. study on data flows and the UK’s Competition and Markets Authority mobile markets study).

Thus, it remains to be seen how far the DMA splinters such information and ecosystem advantages. For instance, Apple still maintains control over what third-party app stores may become available and will likely still be able to cast its governing structures over how apps are downloaded and monetized through vetting third-party apps and control the Application Programming Interfaces (APIs), which will be the backbone of third party app stores.

Similarly, third-party payments will still be governed by Apple. Recently, in the US, third-party apps may now be able to offer alternative in-app payment methods other than Apple Pay, but with a catch. Despite app developers hoping to finally get around Apple’s 15% to 30% fees on app transactions, Apple announced that even for third-party payments made through a web link, it plans to charge up to 27% of each transaction. Apple argues this commission ‘accounts for the substantial value Apple provides developers, including in facilitating linked transactions.’

In addition to maintaining high transaction fees, Apple has ensured that the software design of following external payment links is a ‘maze.’ Austin Carr, features editor for Bloomberg Businessweek, warns that this ‘could serve as a blueprint for how Apple might open up its tap-to-pay technology to other mobile wallets in an attempt to appease European regulators.’ Certainly, there are similarities between these changes and Apple’s announcement of changes to iOS, Safari, and the App Store in the EU, such as the ‘new options for processing payments via link-out’ and ‘in-app disclosure sheets that let users know when they are no longer transacting with Apple.’

Although the DMA mandates that third-party applications or software application stores must be allowed, Article 6(4) merely states that it must be technically enabled, meaning that situations such as only allowing cumbersome web app sideloading may become a reality. Carr notes when sideloading a web app in the US, ‘the link will surface a warning from Apple about the risks of transacting with third-party websites, with “continue” or “cancel” buttons.’ On the one hand, the ‘continue’ and ‘cancel’ buttons could be deemed to ‘distort or impair a user’s free choice’ under the Digital Services Act. On the other, the DMA explicitly states such security warnings are to be allowed.

Can The DMA Still Make a Difference?

The text of the DMA states that it aims to increase fairness in markets dominated by a gatekeeper. Therefore, gatekeepers should aim not to disproportionately burden developers, particularly smaller businesses. For example, whether Apple would be able to charge 27% fees for outside transactions in the EU context is questionable, as Recital 62 in the DMA states:

(62) In particular, gatekeepers which provide access to software application stores are an important gateway for business users that seek to reach end users. In view of the imbalance in bargaining power between those gatekeepers and business users of their software application stores, those gatekeepers should not be allowed to impose general conditions, including pricing conditions, that would be unfair or lead to unjustified differentiation.

Pricing or other general access conditions should be considered unfair if they lead to an imbalance of rights and obligations imposed on business users or confer an advantage on the gatekeeper which is disproportionate to the service provided by the gatekeeper to business users or lead to a disadvantage for business users in providing the same or similar services as the gatekeeper.

Apple has already faced antitrust complaints concerning its App Store commission fees by the European Commission, so between those and the rule that gatekeepers must not unfairly price out competitors, 27% is likely to be seen as too high. That being said, it is likely that Apple will fight to impose fees that it deems fair, which have historically been regarded by many as too high.

Equally at stake here is Apple’s vast information advantages. The DMA aims to tackle this in Article 6(2):

The gatekeeper shall not use, in competition with business users, any data that is not publicly available that is generated or provided by those business users in the context of their use of the relevant core platform services or of the services provided together with, or in support of, the relevant core platform services, including data generated or provided by the customers of those business users.

Apple maintains information advantages through its vast governing structures, collecting download data, in-app purchase data, and other data flows, as well as Apple’s Developer Licence Agreement, which ‘explicitly disclaims any confidentiality obligations over information that Apple collects from developers and gives Apple permission to use this information on an unrestricted basis.’ How the European Commission will monitor compliance with Article 6(2) remains to be seen, as the DMA only states that compliance will be conducted through transparency reports submitted by Apple.

In a previous investigation by the UK’s Competition and Markets Authority into Apple’s ability to use non-public data to compete against third parties, Apple insisted that structural separation would be ‘inordinately burdensome’ as they have ‘safeguards already in place.’ However, despite such assurances, app copying has been so common it ‘even has an industry term’ called Sherlocking. On the other hand, the DMA states that the Commission may request information and conduct inspections if it is deemed proportional to investigate a suspected infringement.

Overall, the DMA introduces new obligations for Apple to open up parts of its walled garden, but leaves control of potential new industry competitors within the hands of Apple, particularly in the case of third-party app stores and payment systems. Whether it is in the form of fees, app review policies, or privacy and security policies, Apple maintains an information, ecosystem, and monetary advantage over its competitors. While the potential to investigate Apple’s information advantage over third parties can be found in Article 6(2) of the DMA, this threatens only one data flow in Apple’s vast ecosystem, not to mention that Apple is coming to rely more on first-party generated data through its huge expansion of first-party apps and services. As argued by Larouche and de Streel, the DMA focuses on specific behaviors of gatekeepers and aims to rectify such behaviors rather than offering structural remedies:

Structural remedies comprise separation, in all its forms (legal, functional, or structural), up to and including divestiture. They are alluded to in Article 16 of the proposal as a last recourse in cases of systematic non-compliance by gatekeepers, and even then, only if ‘there is no equally effective behavioral remedy or where any equally effective behavioral remedy would be more burdensome for the gatekeeper concerned than the actual remedy.

Though the DMA may reign in some of the most egregious anticompetitive behaviors, with its wider effects yet to be measured and largely dependent on effective and thorough enforcement, it will leave the structure of the gatekeeper largely unchallenged. Core platforms such as Apple will continue to set the terms for participating in the global digital marketplace.

The article was edited on Feb 7, 2024, to remove a misstatement regarding one of Apple's policy changes.