Dispute Over EU AI Directives: Google Gets Help from Apple

Summary

Apple has submitted a 38-page statement to the ongoing DMA proceeding by the EU Commission against Google. Although not formally a party to the proceedings, the iPhone company warns against interoperability measures that Brussels transmitted to Google at the end of April. In January 2026, the EU Commission had set Google a six-month deadline to grant competitors deeper access to Android core functions – particularly for AI assistants. Apple characterizes the planned measures as a serious threat to privacy, security, and device stability for European users.

People

• Kyle Andeer (Apple's regulatory chief)

Topics

• Digital Markets Act (DMA)
• AI Security
• Data Protection
• Android Interoperability

Clarus Lead

Apple's intervention reveals a fundamental disagreement over the priority of security versus competition in European regulation. The company criticizes not only Google-specific measures but accuses the EU Commission of systematically ignoring data protection and security concerns – while other Commission departments are simultaneously working on AI security initiatives. This incongruence questions the regulatory coherence of Brussels and could encourage other corporations to raise similar security arguments against DMA measures.

Detailed Summary

Apple identifies four specific security problems with the planned interoperability measures:

Voice Activation and Continuous Recording: The regulations would allow arbitrary third-party apps to register their own wake words and determine when audio recording ends. This opens the door to unintended or manipulated continuous recording – a significant abuse potential.

Data Access and User Profiling: Third-party applications would gain unlimited access to highly sensitive data (notifications, SMS, contacts, screen contents, installed apps). Apple warns that this combination of data would be sufficient to create detailed user profiles that reveal health status, religion, sexual orientation, and financial situation. This would enable discriminatory pricing, such as based on signs of addiction or financial hardship.

Overlay Attacks: The measures would require that apps be able to place content over running applications – a technique that has been abused for banking trojans for years. iOS deliberately blocks such overlays for security reasons using API restrictions.

Resource Conflicts: The required simultaneous activation of multiple wake-word models from third parties on the digital signal processor is technically problematic. Apple points out that Amazon Echo consumes approximately 50 percent of CPU power with a single recognition implementation – multiple parallel versions without central coordination would lead to system slowdowns, thermal issues, and significantly reduced battery life.

Regulatory Chief Kyle Andeer had previously made public that neither the European Data Protection Board (EDPB) nor the EU cybersecurity authority ENISA were included in the proceedings – despite repeated requests.

Key Points

• Apple criticizes EU interoperability measures against Google as a "large-scale security experiment" on European users
• Four specific technical risks identified: continuous recording, data access, overlay attacks, resource conflicts
• Criticizes systematic disregard of data protection and security concerns by responsible Commission department
• Apple uses statement to publicly present an alternative AI security model for the first time

Critical Questions

1. Source Validity: Are Apple's technical scenarios (e.g., 50 percent CPU load for wake-word recognition on Amazon Echo) based on documented benchmarks or estimates? How representative are Amazon hardware specifications for Android implementations?

2. Conflict of Interest: To what extent could Apple's security criticism be driven by self-interest, since stronger Android AI integration weakens Apple services as a default alternative? Has Apple raised similar security concerns regarding EU measures on iOS?

3. Causality and Alternatives: Does Apple provide technical solution proposals that would enable interoperability with reduced security risks? Or is only rejection recommended without sketching a middle ground?

4. Data Protection Board Involvement: Why were EDPB and ENISA actually not involved – is this a standard regulatory process or a peculiarity of the Google proceedings?

5. Feasibility of Measures: Does the EU Commission or independent security experts confirm Apple's resource scenarios (battery life, system stability), or do empirical tests contradict its predictions?

6. Proportionality: Can the identified risks be mitigated through technical safeguards (e.g., permission system, logging, sandboxing) without undermining the interoperability objectives?

Sources

Primary Source: Dispute Over EU AI Directives: Google Gets Help from Apple – https://www.heise.de/news/Streit-ueber-KI-Anordnungen-der-EU-Google-erhaelt-Hilfe-von-Apple-11293280.html

Verification Status: ✓ May 2026

This text was created with the support of an AI model. Editorial Responsibility: clarus.news | Fact-Checking: May 2026