Did Apple jump, or was it pushed?
That is the question Brussels would rather not answer after Apple announced that its new Siri AI features will not ship on iPhones and iPads in the European Union. The European Commission says Apple made a free choice. Apple’s actual choice was between opening the iPhone in ways that could break the privacy-and-security model its customers buy, shipping a product that would invite enforcement, or not shipping at all.
Call it innovation by ultimatum.
At Tuesday’s midday press briefing, European Commission spokesperson Thomas Regnier offered Brussels’ official explanation:
The decision not to allow Siri AI in the EU is Apple’s and Apple’s only… Absolutely nothing in the DMA prohibits Apple from introducing new products in the EU… What Apple is, however, not allowed to do is to close the market. It’s not for them to choose which AI tools our EU citizens get to use or not… EU law is non-negotiable.
Regnier capped the intervention with an analogy: the Commission grants no exemptions, just as a police officer does not exempt a driver from the speed limit.
The problem is that nearly every clause of his statement gets the economics backward.
The Commission’s framing is that Apple faced a free choice and chose spite. The reality is closer to a catch-22. Under the Commission’s interpretation of the Digital Markets Act (DMA), Apple could open its operating system in ways that compromise the security architecture its customers pay for—and that European Union privacy law itself demands—or it could preserve that architecture and ship nothing.
Apple chose the only option that was both lawful and commercially rational: it withheld the product. When a regulatory regime is structured so that the only safe harbor is nonparticipation, the claim that “nothing prohibits you from introducing new products” is technically true but substantively empty.
To see why, it helps to recall what actually happened. It also requires asking a question the Commission has studiously avoided: If the open, deeply interoperable, agent-accessible operating system Brussels demands is both commercially viable and consistent with the rest of EU law, why has no one—on any platform, anywhere in the world—ever built one?
The Architecture of a Catch-22
Apple unveiled Siri AI on June 8 at the Worldwide Developers Conference (WWDC): a rebuilt assistant, powered by Apple Intelligence, capable of carrying out multi-step conversations and acting autonomously across a user’s device. It can search messages and email, complete bookings, make payments, and edit files. In the same announcement, Apple said the feature would not ship on iOS 27 or iPadOS 27 in the European Union, and offered no timeline for its arrival.
The same assistant will reach European users on Mac and Apple Vision—platforms the DMA does not designate as gatekeepers. That detail alone answers one question: the binding constraint is the regulation, not the technology.
The sticking point is the DMA’s interoperability obligations. Under what Apple calls an “extreme interpretation” of those rules—but one the Commission appears to have embraced—shipping Siri AI in the EU would require giving rival AI agents equivalent access to the device. Those agents would be able to read messages, control apps, make purchases, and edit files autonomously, without Apple’s intermediating safeguards.
Apple says it spent 18 months proposing alternatives. Those included a “Trusted System Agent” architecture that would have extended similar capabilities to third-party assistants through a mediated layer, as well as a phased rollout. The Commission rejected those proposals, insisting on openness without the accompanying safeguards.
Now consider how Thomas Regnier described that history. Apple, he said, was “simply unable to develop interoperability solutions that meet essential EU privacy and security standards” and therefore requested an exemption instead.
That sentence is worth reading twice, because it may be the most revealing thing any European Union official has said about this dispute.
The Commission’s own spokesperson is effectively telling us that opening the iPhone to third-party AI agents in the manner the DMA requires could not be done—at least not by the company with arguably the greatest engineering resources and the strongest commercial incentive on Earth to do so—without violating the EU’s own privacy and security standards.
Regnier presents that conclusion as an indictment of Apple’s diligence. It reads instead as a confession about the legal architecture.
How to Ban a Product Without Banning It
The decision not to allow Siri AI in the EU is Apple’s and Apple’s only… Absolutely nothing in the DMA prohibits Apple from introducing new products in the EU…
Both halves of that statement are technically true. Together, they describe a menu of options that effectively left Apple with no meaningful choice and no viable path to introducing the product.
Option 1: Violate the GDPR
Hand autonomous, system-level agents from any third party the keys to users’ messages, payments, photos, and files.
Quite apart from the commercial damage—Apple’s entire competitive strategy rests on being the privacy-and-security platform, a distinction that even its courtroom adversaries have acknowledged as genuine—this option collides head-on with the European Union’s other flagship digital statute.
The General Data Protection Regulation (GDPR) requires data protection by design and by default, security measures appropriate to the risk, and data minimization. A platform that grants external agents unmediated authority to read and act on the most sensitive personal data on a device is, at minimum, in serious tension with all three principles.
Apple would almost certainly bear liability when an agent goes rogue, leaks data, or is compromised. Users, meanwhile, would bear the actual harm.
Regnier’s briefing effectively concedes that this path is foreclosed. In his own words, the solutions that satisfy the DMA’s openness requirements do not meet “essential EU privacy and security standards.”
Option 2: Violate the DMA
Launch Siri AI in the EU while denying rival agents equivalent access.
This option runs directly into Article 6(7), the DMA’s interoperability mandate, which requires a gatekeeper to grant competing services free and effective access to the same operating-system and virtual-assistant features available to its own services. The Commission is currently pursuing a closely analogous case against Alphabet and its Android mobile ecosystem.
A system-level Siri AI available to Apple’s users but unavailable to rival agents would be a textbook violation, at least under the Commission’s current interpretation of the provision.
The consequences are not trivial. The DMA authorizes fines of up to 10% of worldwide turnover, rising to 20% for repeat infringements. For Apple, that would likely mean penalties measured in the tens of billions of dollars per finding.
Option 3: Don’t Ship
This is the only square on the board where Apple violates neither the DMA, nor the GDPR, nor its customers’ trust.
It is also exactly what happened on June 8.
So when Regnier says the decision was “Apple’s and Apple’s only,” he is correct in much the same sense that a person offered a choice among a fine, a lawsuit, and walking away has “chosen” to walk away. The law did not prohibit the product by name. It constructed a set of options in which not introducing the product became the only rational—and indeed the only fully lawful—remaining move.
Economists do not find this distinction mysterious. A tariff does not “prohibit” imports, either. It makes them uneconomic, and we correctly attribute the resulting absence of goods to the tariff.
The situation here is admittedly less self-referential than the catch-22 described above. It is more a regulatory pincer, with two bodies of law and basic commercial logic squeezing the feasible option set down to “exit.” The lived experience is the same. Every door that appears open closes the moment you walk toward it.
This is also where Regnier’s speed-limit analogy collapses. A speed limit imposes a single, coherent constraint: drive slower than X. What the Commission has built is the equivalent of two officers standing at the same checkpoint, one ordering the driver to speed up and the other to slow down, while a spokesperson explains that nothing prevents the driver from continuing his journey.
The DMA demands radical openness. The GDPR demands rigorous protection of personal data. The Commission rejected the intermediary architectures—Apple’s Trusted System Agent and a phased rollout—that might have reconciled the two.
“EU law is non-negotiable” is an odd boast when EU law points in opposite directions. Non-negotiable in both directions at once simply means impossible.
If It’s So Easy, Where Is It?
Suppose, though, that the Commission is right and Apple is bluffing. Suppose a commercially viable operating system that gives third-party AI agents deep, autonomous, system-wide access while remaining compliant with European privacy and security law is perfectly feasible, and Apple simply prefers not to build it.
That hypothesis generates a testable prediction. Somewhere in the world, on some platform, someone should have built it.
Operating systems are a fiercely contested, multi-trillion-dollar market spanning mobile devices, desktops, servers, automobiles, and wearables. If radically open agent access were a design consumers wanted at a price firms could profitably supply, its absence everywhere would be a striking anomaly.
Unfortunately for the Commission, that design is nowhere to be found.
In a recent paper with my colleague Geoffrey Manne, we document what we call the “empty quadrant”: across operating systems, marketplaces, search engines, and technical standards, the radically open platforms with weak control over access and use that regulators often idealize have repeatedly failed to attract users.
But set that broader pattern aside. The AI-agent version of the question is even more revealing.
Survey the industry’s leading platforms—including the most open platforms and the AI labs themselves—and a striking regularity emerges. Everyone is converging on precisely the kind of mediated, gated, safeguard-wrapped architecture the Commission rejected when Apple proposed it.
Google Keeps the Keys, Too
Start with Android, the open mobile operating system.
Google allows users to designate a third-party assistant as the system default. You can replace Gemini with ChatGPT on an Android phone today. But look closely at what that designation actually provides. It gives a rival assistant a voice interface, not the keys to the device.
A third-party assistant on Android cannot adjust system settings, control smart-home devices, or act across applications the way Gemini can. It cannot even claim the wake word. The deepest forms of agentic access—reading texts and WhatsApp messages, accessing call logs, analyzing on-screen content, and acting within other apps—remain reserved for Google’s own first-party assistant.
Android, the platform regulators routinely invoke as the open alternative, ultimately draws much the same first-party/third-party distinction the Commission insists Apple cannot draw.
Microsoft Built the Thing Apple Proposed
Microsoft offers another useful example.
Among major operating-system vendors, Microsoft is arguably the firm most aggressively pursuing third-party AI agents. It is explicitly rebuilding Windows as what it calls an “agentic operating system.” Yet the architecture Microsoft is deploying looks remarkably familiar.
Agents run under dedicated low-privilege accounts inside a contained “Agent Workspace” separated from the user’s primary session. Their access is limited to designated folders, and anything more requires explicit authorization.
In other words, the company building perhaps the most open agent platform in the world built it around a trusted intermediary layer. Functionally, that is the same basic approach Apple proposed through its Trusted System Agent architecture.
The punchline almost writes itself: Microsoft is rolling out this cautious, contained, safeguard-heavy system worldwide—except in the European Economic Area.
Even the AI Labs Use Guardrails
The AI labs behave much the same way.
OpenAI and Anthropic have more to gain than almost anyone from unfettered access to other companies’ operating systems. Yet their computer-use agents operate in sandboxed cloud browsers and virtual machines, not with unrestricted native privileges on users’ devices.
Likewise, the interoperability standard the industry is increasingly converging on—the Model Context Protocol—is built around permissioned connections. Applications deliberately expose specific, declared, and revocable capabilities to AI agents. Agents do not simply help themselves to whatever system resources they want.
The Market Chose Guardrails
In short, mediated access is not an Apple idiosyncrasy. It is the industry’s revealed answer to the question of how AI agents and operating systems should interact.
Companies with radically different business models, incentives, and competitive positions have independently converged on the same basic architecture.
This is exactly what our paper‘s evolutionary framework predicts.
The empty quadrant is not empty because every platform developer in history independently arrived at the same anticompetitive scheme. It is empty because the alternative repeatedly fails market tests.
On the supply side, a platform that cannot govern what runs on it cannot credibly sell safety and security, and therefore cannot monetize the trust those features create. On the demand side, consumers genuinely value curation. Gatekeeping—in the literal and often beneficial sense—helps exclude bad actors and contain the harms that one malicious agent can impose on everyone else.
Just as importantly, today’s relatively closed platforms defeated more open rivals before they became dominant. Market power cannot explain the outcome. Market selection can.
The AI-agent context sharpens these tradeoffs rather than softening them.
An assistant that can read your email and move your money may be the highest-stakes software ever deployed on a consumer device. The access that makes such systems useful is exactly the access that makes them dangerous in the wrong hands.
If there were ever a moment when a platform’s judgment about which agents to trust—and through which mediated channels—is doing its most valuable work, it is now.
The DMA, as currently interpreted, does not engage that judgment. It overrides it. The GDPR then punishes whoever complies.
Somebody Gets to Choose
Which brings us to the briefing’s most quotable line. According to Thomas Regnier, it is not for Apple to choose which AI tools Europeans get to use.
Two observations.
First, choosing is what a platform does. Curation—deciding what runs, under what rules, and with what level of access—is the product Apple sells. It is also what hundreds of millions of consumers, including many Europeans, affirmatively choose when they buy an iPhone instead of the more open Android device sitting next to it on the shelf.
The most important competitive choice consumers make is often between platforms. A curated platform is itself one of the options on that menu. The DMA is methodically narrowing that choice.
Second, look at the actual outcome. After the Commission’s intervention, which AI tools do Europeans get to use on their iPhones?
Not Siri AI. Not, in any deeply integrated form, the rival agents the interoperability mandate was supposed to usher in. They do not materialize simply because the incumbent’s product was blocked, any more than Windows XP N—of which just 1,787 copies were sold—produced a browser renaissance.
In a market where OpenAI, Anthropic, and Google are racing ahead, the DMA’s concrete achievement this week was to remove a significant new competitor from the European field, albeit one powered in part by Google’s models.
So somebody did end up choosing which AI tools Europeans get to use. It was not Apple. It was not Europeans.
Fewer firms competing for European users is not more contestability. It is less.
Nor is this an isolated incident. Google’s Gemini, Meta’s Threads, and Google’s AI Overviews all arrived late in Europe or launched in degraded form for similar reasons.
The GDPR’s track record points in the same direction. Empirical research finds that it reduced app-market usage and consumer surplus by roughly one-third, while chilling investment in European data-driven ventures.
Each of these laws imposes costs on its own. The Siri dispute shows what happens when they squeeze from both sides at once.
When Compliance Means Exit
In our paper, Geoffrey Manne and I close with a deliberately modest set of heuristics for regulating fast-evolving platform ecosystems: first, do no harm; prefer case-specific scrutiny to one-size-fits-all design mandates; preserve firms’ ability to monetize and experiment; and build feedback loops—sunsets, sandboxes, and review clauses—that allow a regime to recognize when it is failing.
The DMA inverts each of those principles. Its first self-review, published just six weeks before WWDC, nonetheless declared the regime “fit for purpose“—a feedback mechanism apparently incapable of registering the growing pile of products left sitting outside Europe’s door.
“EU law is non-negotiable” is meant to evoke the rule of law. But the rule of law also requires legal obligations that can actually be satisfied.
When one EU statute mandates a degree of openness that another EU statute—by the Commission’s own account—renders unlawful, and regulators reject every mediating architecture the regulated firm proposes, inflexibility ceases to be a virtue. It becomes the policy failure.
The police officer in Regnier’s analogy enforces a limit any driver can obey by easing off the accelerator. The Commission is enforcing a limit that can only be obeyed by leaving the road altogether.
On June 8, Apple left the road. Per the warnings in Mario Draghi’s report about the costs of Europe’s regulatory thicket, European users are the ones left walking.
“The decision was Apple’s and Apple’s only,” the Commission says. In the narrowest possible sense, that is true. Apple chose from the options available to it.
The more important question is who created those options in the first place. The option set was Brussels’ and Brussels’ only. That is the part of the story the midday briefing left out.
The post Brussels’ AI Catch-22: Siri, Define ‘Choice’ appeared first on Truth on the Market.
