The European Commission has published its first-ever DMA non-compliance decision—and Apple is the unlucky (or lucky, depending on how you look at it) first subject. In a 68-page takedown, the Commission unpacks Apple’s creative approach to steering restrictions: multiple business terms, multiple hoops for developers to jump through, and a web of conditions that, in the end, all seem to circle back to one thing—money. Between link-outs, buy buttons, and calls to action, the decision offers some key clarifications on what the Commission considers anti-steering practices. But at its core, the case is about whether Apple can keep charging developers for customer acquisition—without crossing the DMA’s line on free steering. Here’s what you need to know.
By the SCiDA Team
When the Commission fined Apple and Meta €500 million and €200 million respectively on 23 April 2025, the writing was on the wall. Apple’s cascade of developer restrictions designed to limit steering to alternative distribution channels was squarely in the crosshairs. Art. 5(4) DMA makes it clear: gatekeepers must let business users inform customers—free of charge—about alternative offers outside the core platform service (like the App Store) and steer them to these offers. The rationale behind the provision is that terms of use, such as for Apple’s App Store, prevents developers from implementing a button in its app on the iPhone that takes you to the developers’ website in the browser where you can purchase content or upgrade your subscription. If you do such a contract within the app, developers must use the Apple gateway for payments – and pays hefty commissions to Apple. This could be avoided by steering users out of the walled garden.
For those who thought Art. 5(4) was one of the DMA’s more straightforward obligations (it’s supposed to be self-executing, after all), a closer reading of the decision may reveal some surprises. The Commission’s analysis weaves through different language versions of the law and Apple’s ever-evolving business terms, exposing the many ways Apple has made steering as difficult as possible.
Apple’s business terms: A game of shifting the goalposts?
Apple’s response to Art. 5(4) has been… let’s just say, imaginative. First, there were the Original Business Terms: a flat-out ban on developers steering users to alternative payment options. Then came the New Business Terms – a light rebrand, with some tweaks. Developers could, in theory, link out to external websites, but only under a strict set of conditions: one link per app, a warning screen before leaving the app, and a commission of up to 17% on purchases made within seven days of clicking the link. Next up: the New Music Streaming Business Terms – a bespoke set of rules for music streaming apps. Here, developers could include up to five links per app (luxury!), but the same caveats applied: warnings, commissions, and tight control over how users are “steered” out of Apple’s ecosystem (see paras. 26 et seq.).
From “allowing” steering to technically enabling it
The Commission’s decision makes an important shift towards defining what effective compliance with the DMA demands from gatekeepers: Art. 5(4) isn’t just about allowing steering in theory—it’s about technically enabling it in practice (see paras. 72-74). Apple argued that “allowing” simply means giving permission, not actively helping developers make it happen (para. 65). The Commission disagrees, and after the recent CJEU’s Android Auto ruling, this marks another notable trend towards actively requiring digital gatekeepers to facilitate business user needs. The Commission’s take? Effective compliance with Art. 5(4) DMA requires Apple to allow “in practice, including through contractual or technical means, business users to steer acquired end users” (see para. 72). But that opens a new can of worms: how far does “technically enable” go? The debate is just beginning.
Future battle ground: The value of “matchmaking”
Let’s cut to the chase—this is really about Apple’s business model. Apple’s whole game has been charging commissions on in-app purchases. With the DMA, they tried to keep the cash flowing by introducing fees on “steered” transactions under the New Business Terms. The Commission wasn’t having it. In a slightly enigmatic way, Art. 5(4) DMA and the corresponding Recital 40 determine to what extent the gatekeeper can charge in the context of steering. Art. 5(4) establishes that steering must be free of charge. Recital 40 recognises the remuneration for the initial acquisition of a customer, i.e. the matchmaking. The decision spends about a third of its pages figuring out what that means. Apple claims the Commission’s interpretation rewrites the business model entirely (para. 143) and turns Art. 5(4) into “a complex price regulation scheme” (para. 144). Ironically rich, given Apple’s own fee structure. The Commission, by contrast, keeps it simple: Apple cannot charge for steering or steered transactions but only for the value of the initial acquisition, which excludes the gatekeeper value (para. 312). The next battle? How to calculate that “initial acquisition” value. The Commission hints that pre-installation deals between app developers and OEMs might be the benchmark (para. 193, fn. 151).
Leaving the door open for objective justifications?
While Art. 5(4) doesn’t provide an explicit security exception (unlike Art. 6(4) and 6(7)), the Commission seems to leave the door slightly ajar. Security measures might in principle serve as an objective justification, but only if they are “objectively necessary and proportionate” (para. 63). The decision isn’t crystal clear on whether a proportionate security restriction—say, to protect users from specific risks—might fly under the DMA. References in paras. 79, 96, 113, 114, and 199 suggest it’s not ruled out entirely. But para. 99 adds a further twist: any restrictions must not make it “unduly difficult” for end users to access steered offers, linking back to the anti-circumvention principle in Article 13(4). And no, Apple’s self-proclaimed role as GDPR enforcer doesn’t cut it. The Commission seemed to be tired of Apple’s narrative of itself as a privacy guardian: privacy laws are enforced by regulators, not by Apple (paras. 116, 131).
What’s next?
Apple now has until 22 June to comply with the Commission’s roadmap to perfectly effective compliance with Art. 5(4) DMA (see para. 312). It has already announced (more) new business terms in August 2024—but didn’t implement them yet, so they weren’t considered by the Commission in the decision. This “announce-but-don’t-implement” strategy remains a bit of a mystery.
Interestingly, Apple’s latest business terms seem to drop most of the steering restrictions, which feels like a tacit admission of non-compliance. So why didn’t Apple implement them earlier to avoid higher fines? The Commission only factored in the novelty of the law as a mitigating element (para. 300). Reportedly, Apple plans to appeal, arguing the Commission didn’t “hold its hand” through the compliance process and didn’t provide enough feedback on its proposals.
Meanwhile, the plot thickens: Apple is now facing two separate Commission decisions on anti-steering—this DMA case and the Spotify Article 102 TFEU case. Could Apple’s New Music Streaming Business Terms satisfy 102 TFEU but still fail under Art. 5(4) DMA? What happens if Apple faces periodic penalty payments? Could it be fined twice? Or would that trigger ne bis in idem concerns?
Stay tuned—this is far from over.
If you do not want to miss any of our future blog posts, you can subscribe to the SCiDA-Newsletter here.
