Sure, there's a messaging component to this. However, any company that isn't trying to just skirt the law will aim to do this sort of thing correctly, and it's an enormous effort.
I know it’s not quite as simple as that but I do think it shows Apple are more interested in blaming the EU than reducing the potential issues ahead of time.
This slows down deploying the system globally. Particularly if the target is moving, it may make sense to build lightly so one can pivot, and then build in the compliance stuff after you know you have a winning configuration.
The EU has its laws. Apple has its strategy. The only thing I fault anyone on is the public bickering.
The EU has rules that are expensive to implement correctly, so if you want early feedback from users, you release elsewhere first. It's a very rational way to approach it.
Those are not equivalent statements. You're assuming that privacy is a one-dimensional quantity, so that anything that complies with "the strictest international privacy laws" automatically also complies with any other privacy laws. But this is not actually true. It can easily be the case that every national law allows some set of behavior (different sets for different legal systems), at the same time that the intersection of all those sets is empty.
But this is solvable. The problem is the work it takes to solve it isn’t worth the hit to time to market. (And possibly even the cost.)
That's the crux of my point; Apple could have solved this on day zero if they had a consumer-centered threat-model and/or considered user data to be a liability rather than a hook for service subscriptions.
> The problem is the work it takes to solve it isn’t worth the hit to time to market. (And possibly even the cost.)
I don't consider this to be a problem, but the DMA working as intended and preventing gatekeepers from competing unfairly.
Consumer-centered threat model is perfectly well served with on-device models and Private Cloud. What isn’t is interoperability.
> the DMA working as intended and preventing gatekeepers from competing unfairly
I agree. And at the end of the day, Apple is following the law. I am sympathetic to their position, however, that this isn’t something worth building and optimizing for at launch. If we wanted to be rose tinted, EU consumers will get a fully-baked product. (EU developers get somewhat screwed, but I suppose their offshore offices could start.)
I think that's uncharitable. Apple prefers not to have the data either, hence the preference for on-device processing.
I could almost feel sympathy if it were something to do with some contract that Apple signed with their AI provider. Who's that, Google?
Ahh, a "competitor"? Yeah... cry me a river.
This kind of approach is how startups justify everything, however for established companies this would be backward.
I get a feeling that Apple never wanted to do it. They already knew the compliance requirements existed and if they would have wanted to test things then the narrative could have that they are rolling out in other markets first and would roll out with compliance in EU later. Asking for exemption was a bet they tried to play here, they lost and now spinning the narrative.
Just imagine a European bank publishing a press release about how onerous the US credit card consumer protection laws are, or a Japanese car maker publicly whining about European car safety testing protocols delaying the market release of some of their models. Apple really is behaving in a very unusual way here.
And even though I don't like the implication of this (the law should not disadvantage anyone purely for being critical of it), I can't help but wonder how many fewer pages the DMA would be if Apple had engaged with its predecessors in good faith instead.
Both of these happen. European banks complain about American securities law. And all manner of car makers delay releasing vehicles in America and the EU.
Maybe China is easier to work with - perhaps their rules are made clearer?
DMA was designed to be a comprehensive regulatory suite. Lawmakers knew it would be onerous; that’s why it only applies to large companies.
Also, the DMA’s interoperability requirement creates external partners. Let’s face it, Apple’s track record with Siri sucks. If they launch a system and it is crap again, they may not now want an entire ecosystem of folks who will cry foul if they dump the API and start over.
> Do what you have to do to comply with the law and release, as always
Just follow the law. If that means not releasing in a jurisdiction, do that and then don’t tweet snotty things about it. (Siri AI isn’t launching in China, either. I don’t see PMs complaining about that in public.)
If anything, I would wager they were happy about it. They were going to have to do it anyway, and it would inevitably cause friction for users who were already invested in Lightning cables and third-party devices. The EU forcing this just meant they could shift the blame for any negative sentiment onto the EU.
Skipping the EU makes sense if the company doesn't want to comply with regulations aimed directly at it.
> complying with the DMA from the outset could mean having to launch a year later everywhere.
Oh no! Anyway...
Once upon a time, companies delayed launches specifically so they'd launch a better product. That seems to be gone these days and end-users have garbage products as a result.
It makes sense if you’re prioritizing time to market and agility. Once you’ve nailed down your product, you can make it compliant for more-onerous jurisdictions. You see this in finance all the time, where the U.S. tends to have the tightest rules around e.g. betting and crypto.
> Once upon a time, companies delayed launches specifically so they'd launch a better product
Because software shipped in a box. Also, compliance is orthogonal to how good a product is. Siri AI might be crap. It might be great. It might be almost perfect and then made great on second release. Everything slows down if the entire development process has to deal with open APIs and lawyers at every turn.
It’s perfectly legitimate to say we’ll develop this in other markets and ship it to the EU when it’s fully baked.
It's also perfectly legitimate to legally require business to slow the fuck down and consider how the thing will be used or abused, to make the product not crash for even just basic usages, and to put real safeguards in place against problematic scenarios.
But no, move fast and break things wins the day every day in the US.
Besides that, Google has shipped many (not all) similar features to Pixels in the EU and have been for years.
Whatever Apple is cooking and however long its taken them, the DMA is not a surprise and they could well have been taking it into account from the very beginning.
I suppose if you think these rules are reasonable, you’d be happy to not have this functionality. The rest of the world will be happy to not allow third parties access to our data.
As a small developer, the cost to support something like this would be so overwhelming I wouldn’t consider supporting the EU officially.
As a small developer, you wouldn't fall under the DMA.
If it were the case, Apple would just say it (with receipts).
> I suppose if you think these rules are reasonable, you’d be happy to not have this functionality.
As a European Apple user I am absolutely OK with not having these functionalities, which I am 100% sure would not even work as advertised given the company track record.
The DMA was substantially finalised by 2020, and came into force in 2023. Apple's AI thing was developed with the full knowledge that it existed. The issue isn't personal data here (that'd be the GDPR, and maybe to some extent the AI Act). The DMA is about _competition_. The EU's issue here is that Apple is giving its own AI thing a level of access unavailable to other vendors' AI things, I'd assume.
> As a small developer
You are not covered by the DMA. You'd need an EEA turnover of 7.5bn and/or a market cap of 75bn, for a start. And you'd also need to be a _platform_. The DMA only really applies to a few companies.
Would you consider supporting US laws?
At what cost? This is Apple’s second bite at AI. Giannandrea fucked up the first time. I’m honestly with Cupertino on not over complicating it the second time around. If they found the right mix of features and architecture, great, then work to port it to high-bar jurisdictions.
I totally agree with you in principle here, but Apple have a pretty large vested interest in not supporting interoperability here (and in the other cases, like Mac mirroring) so I honestly don't see that happening at all.
This is purely a lobbying move against the EU to get EU citizens/politicians to complain about the laws and get an exemption.
And to be fair, Apple's business model is currently structurally incompatible with a lot of the DMA (which I personally think is a good thing), so they kinda have to fight it for a while.
Yeah that needs to stop. This is kinda why the DMA was created in the first place...
It can be more than one thing. It’s a lobbying move, to be sure. But it’s also almost certainly a time-to-market and potentially cost-mitigation play, too.
So it becomes a purely business decision: Do we risk a 10% global revenue penalty to release this globally, do we release this everywhere the DMA does not apply, or do we simply not build it? And make no mistake, even if Apple moved heaven and earth to try to comply with DMA they are STILL RISKING the full 10% penalty if the EU decides against them.
Yes, there’s a risk to releasing a product whenever you can be held accountable for that product. I understand that Apple seeks to be as unaccountable as possible.
So we ultimately agree with one another: Apple can do it, but doesn’t want to, for various reasons.
Maybe the phrasing is unfortunate, but if compliance to the law requires a “redoing”, launching in that market was never a priority in the first place. That’s a completely legitimate choice, but usually companies whining about regulations are making a financial decision rather than an ethical one.
Does this put them stupidly behind schedule? Yes, and bummer for them, but I highly doubt that a company as politically savvy, legally savvy, and wealthy as Apple would do this "by mistake".
Laws vary from country to country, state to state, and they vary tremendously. Laws are also changing all the time. There's literally no way to predict what rules will be in place at any given time.
Also, adding code to meet some government regulation takes time and effort that (form the company's perspective) could be better spent building a product and making money. No one would "choose" to implement some random compliance rule unless they're forced to.
It would be good for US companies to know that EU laws are not "guidelines", just as US enforces their laws on companies from outside.
This looks to me like yet another bet from Apple: "they'll buy iPhones anyway, let them wait".
Bad comparison. Launching with GDPR compliance isn’t particularly taxing if you’re already complying with California’s CCPA. (You need your twenty-eight EU law firms on retainer, but the big firms package that conveniently.)
Copyright theft in AI, on the other hand, is a global phenomenon.
DMA is most akin to the U.S. system of designating financial institutions SIFIs and then putting a bunch of extra requirements on them. Almost intentionally onerous. Hence ringfenced to select large companies.
So Google chose to be evil, now they have to rip all the evil out and redo it from scratch. Can't say I have any sympathy. Should have done the right thing from the start.
Yes, but also its much cheaper to build it in at the very start.
When we built pervert glasses research platform, if we'd just ignored the data privacy laws we could have built it much quicker. But, the only reason it took extra time is because
1) we had no idea what we were doing and
2) the lawyers had even less idea, so we had to do a bunch of reading and make a best guess.
Turns out the guesses were right, but it was painful getting the lawyers to understand.
What if I tell you that there's a surprisingly simple, straightforward and above all very cheap solution: don't implement privacy-invading or anti-competitive features in the first place ;)
Let's call it how it is: Android phones allow every competitor to run their chatbot in place of Gemini. Want Perplexity instead of Gemini? You can have it. Samsung launches with Perplexity as of late.
Apple? As always, went into "ay mate, too integrated, can't give the same APIs to competitors" lame excuse.
Weird to say it but the only assistant with any guarantee for privacy by design is Siri at the moment.
The code is open source: https://github.com/apple/security-pcc
That's not how the deal was announced. You don't pay Bs / year for a licence to gemini to send them your data. You pay that to run it on your own hardware, in your own garden, so the data stays put.
I know the internet is always anti big companies, but this is likely a "not worth it for now, we'll eventually do it" effort from Apple. The EU AI act is a mess, and the effort to simply know what they have to do to comply with it is likely going to take armies of people (not devs) and a lot of time, as the OOP said.
And the saddest part about it, is that Apple has the money and resources to sink into this. Think about all the small players that don't. This is yet again a miss for the commission, with the end result being an insidious form of regulatory capture. It sucks for those of us running small companies. Oh well.
https://www.business-standard.com/technology/tech-news/googl...
I run Perplexity in place of Gemini, but I can also run Claude and others.
[1] https://i.imgur.com/BgvxqQQ.png
Apple is just being the usual Apple being both an hardware vendor and giving it's own software advantages that competitors don't have and using the security bogus argument as always.
And yet, people believe that crap and jump into defending Apple as if being an Apple user is their identity, sad.
Or never. Like the majority of Pixel 10 on device AI features (image editing, magic cue).
I have not been able to switch language in Sheets since 2018, and I've changed any possible setting (even account language).
All guides are in English and I'm stuck with Sheets in Italian.
As a European I'm conflicted because I think this particular set of privacy laws are overreaching bordering on stupid; but "exemptions" for one of the richest corporations on earth would be beyond absurd and infinitely worse.
Then you should have done it right the first time.
Especially in the case of apple or Google. Look at the app store situation. It is very straightforward to do the work for the whole thing to be open to any competitor. But it is hard to try to design and implement a solution to try to not break any regulations but still manage to keep users captive the maximum without having competitor entering our walled garden.
And yet Apple had no major issues complying to the draconical demands of the CCP to sell and operate there. Weird.
Also, it's not like Apple can't afford the manpower for this. They're not a hole in the wall mon & pop shop.
They can only do so much at once. And Apple is not a “hire an extra 30,000 people“ kind of company.
Apple usually rolls stuff out in stages. This is just an extremely high profile example.
I’m sure Apple doesn’t want to cave and give OpenAI free access to the spotlight semantic db, the ability see what’s on your screen at all times, etc.
No. Interoperability doesn't require Apple relax their privacy and security postures. It could instead require third parties to improve theirs.
Apple made it sound like their proposal for that was rejected by the EU. And it would be consistent with previous regulatory decisions by the EU for them to not want Apple to be setting the rules for how third-party interoperability partners/competitors ensure privacy.
It seems to me that the EU has a preference for protecting privacy with legal mechanisms, and generally doesn't approve of Apple's attempts to protect privacy with technical mechanisms because that inevitably limits interoperability with systems that aren't designed around the same restrictions and assumptions.
Apple is building a system that is more private than EU law requires. If they tell say Facebook that Facebook can integrate in but first must meet the same more than is legally required standard Apple is aiming for wouldn't that be anti-competitive?
</s>
For example, with Copilot, you get a contractual pinky promise that they cannot access your data.
Can engineers really not access ? Can the police really not access ?
It's like AirTag for example. Apple cannot access it because it's scientifically "impossible" by design, but if they sign-in to your account, well it's over.
Once Apple fills the right audit / certification / paperwork they will be able to enable that feature. It could also be a negotiation lever.
Isn’t this less about privacy than competition?
Which should IMO be the basic principle worldwide. But unfortunately in many countries, companies are more powerful than governments/regulators, so they get to grab everything they can get their hands on.