New Legislation
The EU's Digital Markets Act (DMA) has been introduced to protect consumers against so-called "Gatekeepers". A company is considered a gatekeeper if it holds a significant economic position in the market or a substantial influence on the EU's internal market. Likewise, a company is considered a gatekeeper if it has a significant user base within the EU.
Companies that are most significantly impacted by this include Apple, Google, and Meta, all of which have products that are greatly affected. The deadline to become DMA compliant is March 6, 2024
Does our company need to be DMA compliant?
You likely already are. The major products affected have been aware of the changes needed for some time.
Changes for iOS and Apps within Apple's Ecosystem
For iOS, Apple's operating system for the iPhone, to be DMA compliant, they have had to make several big changes. Here we highlight the most important ones you need to be aware of:
1. App StoreTo prevent the App Store from having too strong a position in how apps are sold, Apple must allow other app stores in its ecosystem. This means that anyone can now apply to start an app store, where they can distribute and install apps to iPhones.
However, the requirements to start such an app store are very strict, so we will likely not see many own app stores from smaller actors.
But it's worth knowing that apps now do not just need to be distributed via Apple's App Store. If you want to turn to another app store to distribute your app, it is fully allowed as of iOS 17.4.
2. In-app PurchasesUsing Apple's in-app purchases is no longer mandatory, and users can extend subscriptions or purchase products outside Apple's ecosystem. This also affects the part that Apple previously took a fee for.
It's important to note here that you cannot combine in-app purchases with purchases outside Apple's ecosystem.
3. Access to All Parts of the Phone
According to the DMA, Apple cannot protect certain parts and act as a "gatekeeper" to benefit itself. This opens up many new functions. For example, banking and financial apps can use the NFC chip in the phone to conduct payments or, for example, receive payments via the phone. You can also request access to other functions in the phone. After such an application, Apple will review if it can be implemented without compromising the security of the phone. Then they develop an API for you that you get access to. Perhaps you want to develop a wallet app that can be used instead of Apple's wallet that appears when you double-click the side of the phone? Now you should be able to do that.
4. Safari
Safari can no longer be the default web browser on an iPhone. This means that users can choose which web browser engine they want to use the first time they open Safari after upgrading to iOS 17.4.
Previously, all web browsers have used Safari but with their own UI, but now users can also choose which web browser engine they want to use.
Keep in mind that when you develop or test websites on iPhones, it's now also important to check how they render with different web browser engines.
5. PWA Apps
Since Safari is no longer guaranteed to be the default web browser on an iPhone, Apple has stated that they can no longer guarantee the security of an iPhone if PWA, Progressive Web Apps, are allowed to be installed on the home screen. This does not affect if the app is built in an app shell and released in an app store.
This means that PWA apps that users have on their home screen will, as of iOS 17.4, no longer be able to store data locally or use push notifications. The app will instead become a bookmark that opens in the web browser one has chosen.
Update: Just days before the release of iOS 17.4 Apple announced that PWA apps will continue to work on the home screen, after a new interpretation of the DMA that allows them to use WebKit for all saved PWA apps.
Keep in mind that if you use something DMA-related within Apple's ecosystem, the app can only be distributed within the EU. That is, if you want to distribute the app worldwide, you need to have (and maintain) two apps. One for the EU and one for markets outside the EU. You cannot use APIs that fall under DMA outside the EU.