Readers note: This is a long post. There are enough hot takes on this super important issue. I welcome corrections as always.

This week Apple detailed the software changes that will appear in an upcoming release of iOS to comply with the European Union Digital Markets Act (DMA).  As I read the over 60 pages of the DMA when it was passed (and in drafts before that, little of which changed in the process) my heart sank over the complexity of a regulation so poorly constructed yet so clearly aimed at specific (American) companies and products. As I read through many of the hundreds of pages of Apple documents detailing their compliance implementation my heart sank again. This time was because I so thoroughly could feel the pain and struggle product teams felt in clinging to at best or unwinding at worst the most substantial improvement in computing ever introduced—the promise behind the iPhone since its introduction. The reason the iPhone became so successful was not a fluke. Consumers and customers voted that the value proposition of the product was something they preferred, and they acted by purchasing iPhone and developers responded by building applications for iOS. The regulators have a different view of that promise, so here we are.

To be clear, DMA covers a wide range of products and services all deemed to be critical infrastructure in the digital world. It is both an incredibly broad and sometimes oddly specific regulation. As written the regulation covers at least online intermediation services [commercial internet sites/markets], online search engines, web browsers, advertising services, social network services, video sharing platforms, number-independent interpersonal communications services [messaging], operating systems, virtual assistants, and cloud computing.

If you’re well-versed in online you can map each one of those to precisely who the target might be, or sometimes targets. It is all big tech, almost exclusively US-based companies. There are no EU tech companies that meet the criteria to be covered—hardcoded revenue of EUR 7.5 billion for three years, EUR 7.5 billion market cap, or 45 million MAU—with Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft, and Samsung acknowledging the criteria apply to various units in addition to the following other “very large online platforms”: Alibaba AliExpress, Booking.com, Pinterest, Snapchat, Twitter, Wikipedia, Zalando [German fashion retailer]. Those thresholds seem strangely not round.

I am going to focus on the Apple and primarily their App Store response because I think it is the most important and time critical and because iPhone is the most unique, innovative, and singular product in market. I can easily replace search, a browser, an ad network, a social network, a video site. Even cloud computing is not so sticky, and we all use multiple messaging services. What iPhone delivers is irreplaceable. At least for many of the subset of smartphone users that chose Apple.

The thing is, as impressive as Apple has been it is not *that* successful by the measures that count for dominance. Worldwide Apple is clearly the number two smartphone to Google Android which has over 70% share. In the Europe (excluding Russia) Apple iPhone has about a 33% share (I won’t debate exact numbers, units sold v in use, revenue v. profit v. units, etc. as all those do is attempt to tell a story that isn’t obvious, which is Android is more popular). That’s hardly a monopoly share by any standard. In some European countries Apple has a higher share, some data providers would say as high as 50% or nearly 60%, which by most legal standards is still not quite at a monopoly level especially in a dynamic market. Apple has not been fined, sued, or otherwise convicted of having a dominant share let alone abusing the market position it has. No consumer harm has been demonstrated. In Epic v. Apple specifically on the store, Apple prevailed in 9 of 10 claims of damages to Epic due to the store’s costs. Of note, the same claims in Epic v. Google resulted in liability from Google and is being appealed. Many of most vocal competitors didn’t even exist before the iPhone. They have become huge companies and don’t appear to be struggling, and in fact benefit from being part of the iPhone ecosystem. Counter to the text of the DMA, innovation seems to be thriving as measured by the number of new companies and distinct new services.

Yet, the EU DMA has declared that Apple is a “gatekeeper”—an ominous term applied to Apple among the others. The reality is that regulation can come before there is a problem, harm, or litigation. In policy terms this is known as the precautionary principle and is a key part of how the EU views their role. This is the primary driver of AI regulation these days as well.

Frankly, if a company can’t be a gatekeeper of its own product, then what is a company?

This regulation is different from US which requires developing regulatory authority via legislation first. Often before that there is litigation and even a trial process to reach a conclusion that a company is a monopoly and then that it abused that monopoly position to stifle competition or expand its influence on other markets. In fact, in the US a regulator cannot just declare an entirely new regulatory paradigm like the DMA without legal authority bestowed by Congress and signed into law. To be specifically correct, the EU parliament voted on the legislation but great deference is given to the agency in general and this case. Those that think EU and US are similar in monopoly law, they are not. Even the nature of harm is generally a dividing point, though regulators in the US are anxious to be more like EU.

In other words, Apple has built an enormously successful business with by any measure extremely happy customers by not serving the bulk of market. It has built a business by providing a unique product with unique attributes that not everyone seems to value. If this sounds familiar (it does to me) that is not unlike the historic personal computer business and how it evolved. To be super clear, everything in DMA applies to all “gatekeepers” it is just that the one getting all the attention is Apple because that was clearly the target and because we have insights into how they will comply.

I am intentionally conflating regulation along with harm and dominance because I think regulation should be rooted in harm. Harm absent dominance is fixed by the market and courts soon enough and certainly covered by a myriad of health and safety regulations otherwise.

Why is the iPhone such a unique product, and target? Historically it is not. From that perspective it is a large company, a large tech company, and eventually regulators have sought to regulate every such example. I was in high school when the AT&T breakup happened, and we talked about it in AP History in the context of…anyone … anyone…the Sherman Antitrust Act. In college I ran headfirst into peak IBM post antitrust but maximally powerful as their lawyers raked me over the coals just to be a kid using an experimental IBM RT PC. At Microsoft, partnering with IBM made us all aware of the history of antitrust. Then I happened to live through the Microsoft case and was tasked with managing Office then Windows during that time.

To understand the Apple case, I think it helps to see what transpired with Microsoft first. Below is my opinion and reflection, but it is not a history or full 360° view. What I simplify below is intentional and not meant to mislead, but just to make this complex experience somewhat digestible. I also might have misremembered some specifics from 20 years ago.

Bill Gates working with partners from Intel and IBM together established a PC business by building a platform of broadly available hardware components, low-cost PCs from many vendors, and a uniform set of operating system capabilities predicated on achieving the greatest distribution by providing the most openness for developers and hardware makers along with the lowest prices for PCs and applications. That short description explains the worldwide usage of PCs in every home and on every desktop that support an incalculable variety of tasks reaching over a billion PCs in use.

Steve Jobs (and Woz) had a different view. They viewed the Apple computer similarly as a tool, a “bicycle of the mind”, but Steve also saw the computer as needing to be much simpler to use than the first ones in the 1970s or the IBM PC in 1981. He set his sights on building a PC that was much more like an “appliance” that always worked and was approachable by anyone without training, manuals, and technical support as the PC was in the 1980s. The first achievement was Macintosh, 40 years ago this week. Macintosh had a graphical operating system with its bitmap display and mouse. It also only ran on relatively expensive and choice-limited hardware from Apple. For many this was the antithesis of what empowerment and computing should be. Bill personally lobbied Steve to license Macintosh software to run on other hardware, but instead Steve got Bill to make Basic, Excel, and Word for the new Macintosh helping to cement it as a platform and Microsoft as a leading provider of applications. Creating applications for Macintosh was quite different than creating them for PCs. For a long time, only the larger companies could afford to do both though many novel and innovative smaller companies chose to focus only on Macintosh.

For years (many of those when Steve was no longer at Apple) Macintosh struggled to grow share relative to DOS then Windows PC, never achieving more than 10% share in the US even at the peak. The Windows PC had won because of the customer desire for low price, choice of hardware, and openness of the PC platform. That was so much of what the market demanded. Yet around 2000, just as Steve was getting Apple back on firm footing first with iMac and then with iPod, the limits of the PC architecture were becoming clear. The rise of viruses and malware, the role of email in scams combined with the ability to easily breach a local PC and run code, the use of browsers and subsequent privacy challenges that arose from them, and the rise of internet distribution of software in an anything goes way brought the PC to its knees. The heralded Windows XP release in August of 2001—the culmination of almost ten years of work to bring a modern 32-bit OS to the broad consumer base of PC customers—was quickly mired in a rash of security incidents and the need for a 36-month all hands project to attempt to secure the Windows platform. This became Windows XP SP2.

By virtue of Macintosh market share, there was little reason for those wishing to do bad things to go after Macintosh users. The target market was too small and required a very different investment. Macintosh continued to secure its OS also iterating on the OS substantially and each cycle removing old capabilities and further securing the platform, something the Windows commitment to compatibility made next to impossible for Windows. That led to a view that Macintosh was better than PCs but there was little market evidence to make that claim. The best product does not usually win, but whatever wins is by definition the best product. The PC had won.

It was during this time that Steve and Apple envisioned a new kind of computer—a handheld one that was a significant step-function improvement in delivering a “bicycle for the mind” along the vision of Macintosh. Only this one would take advantage of modern hardware to make the smallest and lightest computer ever, so small it could fit in your pocket. It would have the easiest to use interface ever by not even requiring a mouse (the symbol of ease of use in 1984), but by using just your finger. Eventually it would be the best platform for developers to build the most consistent, safest, reliable, and private applications ever. That would be the iPhone. In other words, the iPhone put to practice the lessons from two decades of Macintosh and Windows PCs. It would solve the problems of Macintosh that kept it from realizing the full vision of ease of use and from being reliable. Just as Steve did with Macintosh, he did not set out to make the most popular phone or even the most money. He set out to make the best phone. Apple just so happened to reinvent phones along the way.

iPhone was successful but it was not as successful as Android that came shortly after because of the constraints Steve put in place to be the best, not the highest share or the greatest number of units. Android was to smartphones just as Microsoft was to personal computers. Android sought out the highest share, greatest variety of hardware at the lowest prices, and most open platform for both phone makers and developers. By making Android open source, Google even out-Microsofted Microsoft by providing what hardware makers had always wanted—complete control. A lot more manufacturers, people, and companies appreciated that approach more than Apple’s. That’s why something like 7 out of 10 smartphones in the world run Android.

Android has the kind of success Microsoft would envy, but not Apple, primarily because with that success came most all the same issues that Microsoft sees (still) with the Windows PC. The security, privacy, abuse, fragility, and other problems of the PC show up on Android at a rate like the PC compared to Macintosh and iPhone. Only this time it is not the lack of motivation bad actors have to exploit iPhone, rather it is the foresight of the Steve Jobs vision for computing. He pushed to have a new kind of computer that further encapsulated and abstracted the computer to make it safer, more reliable, more private, and secure, great battery life, more accessible, more consistent, always easier to use, and so on. These attributes did not happen by accident. They were the process of design and architecture from the very start. These attributes are the brand promise of iPhone as much as the brand promise of Android is openness, ubiquity, low price, choice.

The lesson of the first two decades of the PC and the first almost two decades of smartphones are that these ends of a spectrum are not accidental. These choices are not mutually compatible. You don’t get both. I know this is horrible to say and everyone believes that there is somehow malicious intent to lock people into a closed environment or an unintentional incompetence that permits bad software to invade an ecosystem. Neither of those would be the case. Quite simply, there’s a choice between engineering and architecting for one or the other and once you start you can’t go back. More importantly, the market values and demands both.

That is unless you’re a regulator in Brussels. Then you sit in an amazing government building and decide that it is entirely possible to just by fiat declare that the iPhone should have all the attributes of openness. By all accounts there seemed to be little interest in the brand promise that presumably drew a third of the market to iPhone. In the over 60 pages of DMA, there’s little mention of privacy (just 7 times), security (9 times), performance (3), reliability (once), or battery life (0), or accessibility (just 3).  I would acknowledge one section about halfway through the 100 goals of one part of the DMA there is deference to these issues though note the important caveat about defaults:

(50) Furthermore, in order to ensure that third-party software applications or software application stores do not undermine end users’ security, it should be possible for the gatekeeper to implement strictly necessary and proportionate measures and settings, other than default settings, enabling end users to effectively protect security in relation to third-party software applications or software application stores if the gatekeeper demonstrates that such measures and settings are strictly necessary and justified and that there are no less-restrictive means to achieve that goal. The gatekeeper should be prevented from implementing such measures as a default setting or as pre-installation.

As anyone who has ever done any work on secure systems knows, a system is only secure if it is secure by default. Another way of saying what the DMA does is to compare it to the typical out-of-touch executive review when faced with a difficult choice between two options to solve a problem. When faced with two choices, the brave executive simply defines a third option that magically has the best attributes of each of the two choices and declares success. The team at the table sits there stunned not knowing what to say because of course if “Option 3” was a possibility, they, knowing a great deal about the problem and solutions, would have proposed said solution. As with EU regulatory discussions, there is little recourse, and the team just leaves the room in a bit of a stupor unable to figure out what to do or who will be able to convince the boss of reality. Still this paragraph is incredibly important because it acknowledges that third parties cannot undermine security and “gatekeepers” to protect users. The regulators know they do not want to be caught designing a system that is less secure. It would certainly be easy to test the outcome since we know the number of issues today and will know the number of issues post regulation. But they also don’t want this to be the default too easily. We’ll return to this. Suffice it to say, at least in part buried 50 paragraphs down is a recognition of a brand promise that was in the iPhone from the start.

That is where Apple finds itself today. It was told, essentially to create a new iPhone release that is as good as your old one for your existing customers but do all these things that run counter to every lesson and experience over decades, everything you designed and architected.  Everything you promised customers you would deliver. That truly sucks.

Be Careful What You Ask For

At this point I am sure some (of those still reading) are thinking who is the person shaking their fist at the clouds saying get off my lawn that hates choice and freedom? I’ve been there. I’ve not only lived these challenges, but I’ve also been cornered into making bad or dumb software to comply with regulations that made little sense for customers and didn’t solve the problem regulators thought they needed to solve using the solution they proposed. That sucks too.

While I had little by way of official responsibility for Windows during the US v. Microsoft case that started in 1998 and was resolved a few years later, I was there at every step. Office where I was working, faced its share of EU oversight and issues that I don’t need to go into here but for completeness the arbitrary work to create the Open XML in Office. After that I moved to Windows where from 2006, I was responsible for complying with the US oversight as well as a new EU complaint and more oversight.

If there is a moral to building “Option 3” it is that regulators (or competitors) demanding this solution from a company need to think through what they will get. Just as the executive asking for the impossible doesn’t know the outcome that will result, when you ask a product to violate all its principles while also telling them that they need to keep their principles intact the outcome is just not going to be good for anyone—the boss, customers, or team. On the one hand this could be viewed as another data point in the long history of unintended side effects of regulation, but that is too blunt an instrument. This is much more about the specifics of how regulation works in the EU system where regulations are not created through a process of legislation creating authority and a framework for regulators, enforced by the regulators themselves, or tested through courts. By and large the EU approach lives in a bubble and that contributes to the nature of the regulations and the outputs that tend to not do what was intended or worse. The book “How Innovation Works” by Matt Ridley goes into several specific examples for those interested.

As Windows Vista was winding down in 2005, an EU complaint against Microsoft was that Windows needed to separate out some functionality from Windows. Just separate out the capability and sell Windows without it. The inputs to the Commission focused on the presence of media playback in Windows and the remedy was that Windows Media Player should be removed and Windows sold to PC makers without Media Player. The development team had spent 5 years on a torturous cycle building Windows Vista (all self-inflicted) but there were a ton of advances in media playback and device support. There was a world of applications adding media playback to products and Windows included those APIs. Media Player was the application that demonstrated those APIs. There is a good deal of complexity in how we got to this point with regulators that isn’t super important to detail.

The idea of removing features from the product went against everything Windows had done previously. In fact, from the very start the idea of an OS for the open PC was to add more stuff—literally to get the OS to do more and more and keep everything from the past working as well. Why? Because getting anything to work was super difficult and if the platform vendor added the capability, then developers everywhere could use those APIs and not have to worry about doing the work themselves. It might sound absurd, but perhaps half the value of the first versions of Windows was wrapped up in printing and drawing on a bitmap display. Before that, in the ancient times, if you created a word processor it turns out you also were in the business of tracking down all the printer makers of the world and convincing them to support your word processor. You also had to decide up front which graphics cards you’d support (EGA, CGA, Hercules, etc.) If you were to look at reviews from the pre-Windows era of word processors the reviews would tally how many current printers each word processor supported. This also held for different graphics cards, mice, and even fonts. In other words, to be a word processor vendor required you to be an OS vendor.

Windows solved this problem for developers. It did so in an open way, enabling new hardware capabilities to come to market and over time those would get native support in the OS. For example, both Wi-Fi and USB were first made available by third parties and then support was added into Windows and the hardware world converged on how to support those capabilities and developers could use them without writing their own OS. This is the very definition of a reliable platform in an open market. This was the culture of the Windows development team and the brand promise of Windows. In addition, Windows promised to keep everything working each release no matter how crazy. So even if you did build your own special printer driver for MS-DOS, Windows kept that running decades after you had stopped working on it. Even if Windows added built-in support for Wi-Fi, the drivers, and tools you built for Wi-Fi kept working forever, basically.

When networking became important, Windows added networking. The most relevant example of this was when Windows added TCP/IP support to Windows in Windows for Workgroups around 1993 just as the internet was starting to gain momentum. Before that if you wanted to use a PC on a network the low-level protocol software came from whoever made the network card, cables, and routers you used and application software came from a “networking” vendor. Different vendors used different software. Microsoft created a software layer called WinSock that enabled developers to use a network without having to become network engineers or OS vendors. The first time I connected a PC to a TCP/IP network I paid $400 for a set of disks containing the protocol stack from Wallongong Software, itself based on an free academic code base.

Example after example could be provided showing all the capabilities of Windows were added to make the platform complete and to elevate the whole of computing to enable more people to use a PC and more developers to create the applications they care about. To be complete and fair, yes there were complaints from vendors when Windows added these features, but it is very difficult, especially in hindsight, to suggest that the world should have declared operating systems complete and the idea of adding more to be anti-market when it was obvious there was an inexorable rise in capabilities that made the whole better. For what it is worth, Apple over many years has been routinely accused of adding features to the OS that were provided by third parties, a meme exists for the process called Sherlocking after one addition. Every industry experiences this vertical compression. When automobiles added radios there were complaints from vendors who made after-market radios, as just one example. 

It is super important to keep in mind that because the PC was open, at every juncture Windows continued to make it trivially easy to support third parties doing their own thing, innovating in different directions, and shipping their own APIs. In fact, an example like Wi-Fi took a very long time to stabilize. For quite some time, PC makers continued to ship their own Wi-Fi connection manager software. Windows just always did the work to keep those working. Windows always had APIs for vendors to use to integrate those solutions with the rest of Windows. Don’t even get me started on how many ways to play media existed and continue to exist and thrive. Endless APIs!

That is why the idea of building Windows without Media Player seemed so crazy. Still the team took a deep breath and produced versions of Windows Vista and Windows XP (still for sale) that did not contain media player. This was Windows “N” editions. They were only sold in Europe. There were two predictable things about this. First, it was much more work than you can imagine. If you spend decades and then an entire release for years building an integrated product then must remove features there will be weird bugs—bugs in Windows, bugs in third party’s apps that relied on Windows, and bugs in setup/configuration/management that surface because everyone just assumed the code would be there and didn’t check. Much of the oddly specific detail in the DMA looks precisely to me like lessons from implementing the Microsoft remedies. On the one hand that is good, but on the other hand what a mess. It took months or more for the bugs to stop trickling in. There were also many questions for the regulators such as did we have to remove all the APIs and thus break applications or was it just about the Windows Media Player applications? Turns out that is tricky. Second, and much to the surprise of the regulators, almost no one at all was interested in a product that did less. In particular, the PC makers had no desire at all to sell a version of Windows that could potentially generate more product support calls. What one might take away from this experience is that the regulators in Europe really do not like having options to not use the regulated product in their market and so they would going forward likely craft regulations that prohibit that sort of trick. Except that puts them squarely in the position of literally designing products and making product choices, specifically something US courts avoid.

In fact, on the heels of the US v. Microsoft case about the browser this seemed even more absurd. In the US case which began in 1998, the complaint hinged on the idea of adding a web browser to Windows. I obviously do not want to re-litigate that trial here. Suffice it to say, the actual complaint in part was whether there was a market for browsers that was separate from the market for operating systems. Said another way, was there a market for operating systems without browsers. The trial went on and on and then we agreed to settlement with the DOJ. This settlement involved ongoing monitoring of our compliance with the agreement which I was responsible for starting in 2006. The settlement included specific behavior remedies regarding adding a browser to Windows (as well as the Java runtime and email) as well as specific guidelines for how Windows could be priced and discounted.

The agreement created a new user experience feature called “Set Programs and Defaults” or affectionately “SPAD.” Where did that come from? Part of the case was the idea that the “default” browser was always going to win. No one would try any other browsers and by including Microsoft’s default browser, Windows was leveraging its operating system market share to win in the separate browser market. This logic was extended to the separate markets for email programs and media players and the aforementioned Java as well as Messenger (in Korea, their DOJ equivalent brought a case about the instant messenger category and seeing the EU remedy demanded a third version of Vista/XP, “KN”, to exclude Messenger as well). Those were viewed as the hot new categories that Microsoft might have lost in had it not been for “including them for free and distributing” with Windows.

Once again, we had a development team (dozens of engineers plus testing, pm, localization, and so on) responsible for this new “defaults” experience. Once again it was a crazy fountain of bugs. In fact, I had regular monthly meetings with a compliance team ordered by the court (paid for by Microsoft) to go over bugs their test team, our test team, and third parties found where Windows might ignore the default, or accidentally set a default without asking a user, and more. There were hundreds of bugs over the years testing all sorts of boundary conditions.

Today SPAD has grown into a geometrically complex morass of inscrutable files types and handler applications only a bureaucrat could love. It serves as a battleground between adversaries trying to insert themselves into as many spots as possible in your workflow and the worst defense is immersing yourself into the UI to make changes. It is crappy software that doesn’t solve the problem it set out to solve.

The output of this was not at all what anyone was expecting. First, this whole feature rather than making life easier for developers as we did with printer drivers, TCP/IP, or USB made things more difficult. Browsers were not identical. Developers did not make web pages that worked perfectly well across all possible browsers. Browsers had wildly different features back then (such as IE’s crazy ActiveX or Google’s inclusion of graphics, audio, video formats that were difficult for Microsoft to support). Second, the notion of “default” became a battleground for software. Every download, every start-run, every browser popup turned into a “Choose this as default”. If Windows users thought the “UAC” prompt was a pain, this was awful. In fact, Google went to great lengths to try to skirt both the UAC prompt (the warning from Windows “this program was from the internet should it run”) and to be sneaky about the default prompt. I don’t know what the regulators (or Google) were hoping for but for sure no one should be proud of this all-out assault on consumers and system administrators. This is especially the case because Windows just didn’t care if you ran other browsers. It was not as if when you were using Firefox clicking on a link would launch IE. This battleground got created because we wanted it to be possible to click on links outside the browser (such as in Word or on the desktop or in a local HTML file included as README)—cases that Firefox might not even care about. Be careful what you ask for.

Fast forward just a couple of years and with the release of Chrome all of this was moot. IE had lost (another topic). It didn’t matter that IE was on the PC. In fact, most PCs came with an alternate browser installed by the computer maker who often got paid to install that browser. And new browsers were a click away. Today, just as with media playback, it is impossible to imagine a computer that does not have an integrated web browser (or email capability or printer support for that matter). Some computers you can buy don’t let you change that browser (ChromeOS, iPhone) and some do (Windows and Mac). All of this is noise because there are alternatives and consumers have more things to worry about—browsers are commodities or at least hard to distinguish. That’s because computing moves up a stack, constantly. It is no surprise but for at least one browser maker, a primary motivator for driving their browser in the market is wrapped up in other elements of the DMA, specifically search and data.

Unfortunately, at this time, the EU regulators were not happy at all with SPAD. More importantly they were unhappy with the fact that IE share did not drop fast enough; Opera, created by a European company, market share remained low; messaging products like Skype, also European, or others were not the default and so on. The regulators didn’t just want a change to the product, they wanted the change to the product to change the market. But how can you do that? You could tell Microsoft not to ship features of Windows, but you can’t just declare Microsoft is not allowed to build a product with those features or that Microsoft had to simply ship some other company product instead. They had tried that with the “N” version and that did not work. Plus, with Windows, the OEMs could also choose new products to include (that was ultimately the US settlement) and yet even if they did the market did not seem to change enough or soon enough in Europe.

There was clearly going to be an action against Microsoft. They were unhappy. Microsoft was a US monopoly but had not really been penalized, in terms of share or fines, in the US. In the EU process there is not a lawsuit like we know in the US but an action and a finding—there’s little by way of courtroom drama like we had seen earlier at Microsoft. Even the presentation of evidence is largely one-sided and goes unchallenged. And appeal? Ha.

By comparison, Apple wasn’t a monopoly. There was no action in EU or lawsuit in US. Nothing bad happened to consumers when using the product. Companies had no grounds to sue Apple for doing something they just didn’t like. Instead, there is a lot of backroom talk about a potential investigation which is really an invitation to the target to do something different—a threat. That’s because in the EU process a regulator going through these steps doesn’t alter course. Once the filings start the case is a done deal and everything that follows is just a formality. I am being overly simplistic and somewhat unfair but make no mistake, there is no trial, no litigation, no discovery, evidence, counter-factual, etc. To go through this process is to simply be threatened and then presented with a penalty. The penalty can be a fine, but it can and almost always is a change to a product as designed by the consultants hired in Brussels, informed by the EU companies that complained in the first place. The only option is to unilaterally agree to do something. Except even then the regulators do not promise they won’t act, they merely promise to look at how the market accepts the work and postpone further actions. It is a surreal experience.

During the pre-penalty stages, the regulators became enamored with the entire idea of super-SPAD. They now loved that tool. In fact, they loved it so much they wanted to SPAD everything in Windows. There appeared to be a recognition that the best solution for the market was to turn Windows into a distribution vehicle for market choices.

At one point I found myself making a list of all the places in Windows a third party could build a “competing” product and might want to sell their offering but Windows solving the problem made this impossible. Of course, this is literally all of Windows. At the most extreme, Windows supported installable file systems so should there be a SPAD setting for “use this third-party file system”? Some examples less nuts included printer drivers. Windows had created the notion of a “mini-driver” which was a driver that we built, 64-bit, signed, secured that supported many printers (or USB drives, network cards, display adapters, etc.). The problem was that the major printer makers had huge teams creating drivers and software to tap into the proprietary features of their printers (and to sell ink) and so those mini-drivers cut them out of the loop. So here we were in 2008 or so back debating the merits of an operating system having printing built in. This list got longer and longer: notepad, pbrush, task manager, clock, calculator, scanning, faxing, file explorer, photo viewing, audio playback, network protocols, modem dialing, PDF viewing, and of course video playback, email, calendar, messaging, and the browser. That’s not a complete list by any stretch. It was three columns on a PowerPoint slide formatted for printing.

The basic idea being put to us by regulators was that SPAD should be expanded to essentially cover everything in the operating system. Said another way, consumers should piece together their computer one inscrutable choice after another and that PC makers should be in the business of curating solutions and assembling a working PC by picking up bits and pieces of runtimes from vendors. Apparently.

No one was asking for any of this. There was no identifiable problem being solved. But there were two challenges. Microsoft was a big (American) company with a proven monopoly in PC operating systems that remained in this position where it could apparently add features to Windows and doing so could threaten innovation. Is that a rude view of where this discussion was going? While that can be debated, it was how it felt to me at the time.

It is important to consider at this point that this entire discussion was not about stifling innovation in reality. It was about diminishing Microsoft in two ways. First, it should not be allowed to further innovate by adding new features to Windows. Second, it should change the brand promise of Windows from “an expanding set of features and APIs that make it ever easier to write new programs that do new things such that developers can focus on their domains and consumers can buy a PC knowing that Windows programs will work.”  Instead, Windows should be frozen at some pre-internet feature level and everything new after that should be open to a vote by the user and/or PC maker.

As a quick aside, this was exactly the discussion we had with respect to Office. The Office file format was viewed as a huge barrier to entry and thus the EU wanted to freeze the Office file format and publish it as a spec for all for eternity. There was no recognition that adding features to productivity tools meant adding features to files in order to save the work. This was surreal as well.

My view of this entire line of thinking was that we were revisiting the very foundation and underpinnings of what Windows was created to do. It was asking to reevaluate the very notion of building an open platform that also created a standardized APIs for developers. In asking to revisit the Windows brand promise, the EU was willing and directionally telling they were going to make PCs far worse, more difficult to use, less reliable, less useful for developers, and less capable. If you have followed regulatory topics such as GMO foods, diesel cars, or even the Dyson vacuum cleaner (examples from Ridley’s book) or even standardizing on the micro-USB cable (yes, before USB-C there was this) or today’s cookie warnings, the pattern of a process leading to solutions that are net negatives for consumers is apparent.

What they really wanted to see was something about Windows diminish and something about a competitor expand. That would be proof that the regulatory oversight was working for EU customers since clearly whatever was done for US customers by the DOJ settlement was not enough. Windows share remained high, though in browsers Chrome was rising essentially exponentially since launch and showed no signs of slowing down at all (it never did) and IE was precipitously falling. Later regulators would claim success there. The failure of IE had nothing to do with regulation.

I will skip a lot of steps, but our litigation team was not going to let a complaint get filed so we were going to do something. What was proposed was that every new PC and every single existing PC device (and user account) running Windows would have a moment where a choice for what web browser they wanted to use would be *pushed* to them. Literally a mandatory update (equivalent to a zero-day exploit) would go out and that morning upon signing in a screen would popup advertising the browsers available in their market with links to install them. This was called the “browser ballot” and was a bet that doing a dramatic “Super SPAD” for only browsers would suffice. It was a bold solution and highly visible. Regulators like highly visible efforts. It seemed browsers mattered the most and the unworkable nature of most every other feature in Windows was apparent.

Over the course of a few weeks, I personally designed and tested this screen. I was locked in a room at home at night making screen capture movies of what this looked like…first signing on, choosing Opera, clicking “learn more” (what browser would that use and what was the URL??), ignoring the screen and logging off, changing defaults, randomizing the order of choices, providing the right icons and text descriptions and so on. I had to create a bullet proof dead simple choice screen that the regulators would approve. Because they wanted to see the code, I built the whole thing in plain HTML 3. Each iteration the lawyers would do a video conference (pre-Zoom so a big deal) and show them that night’s video demo.

By all accounts they seemed quite receptive to this. In my view it was a ridiculous feature. No one on the planet was unaware of what a browser was or that there were choices. Google was advertising Chrome on TV. CDs were falling out of magazines. Web sites were littered with ads. Government web sites told you to use Firefox in much of the world. OEMs were happily including a new default browser and getting paid for it. It was, in my view, bad software and it felt really shitty to be developing bad software. There was a basic user interface rule that you don’t pop up a dialog when booting a computer unless a user did some action, and you don’t ask users to do something when they didn’t ask. Yet here I was doing just that—I had spent 20 years designing features for software and was stuck doing this. So, as you read this entire memo, realize it is this place I am coming from.

We did get lucky. The regulators accepted this action on our part as enough to meet their needs to regulate and their constituent’s needs. Rest assured competitors hoped for more, such as a requirement that Microsoft include alternate browsers. Microsoft avoided another action so to speak (meaning a mandated solution) and we agreed to do this voluntarily. There were many steps in this entire process that started with a complaint in the early 1990s lodged in the EU by Sun. There were many twists and turns, including billions of dollars in fines, appeals that never worked (a general challenge with the EU system). It might be confusing to read about what is mandated or not or even which complaint something applied to, but that is the house or mirrors that it is being the target of the regulators in EU.

The browser ballot rolled out to hundreds of millions of EU PCs around January 2010. My little dialog box greeted people all around Europe when the booted their PC from that point forward. There was another twist down the road that resulted in a big fine because we accidentally forgot to install the ballot after a Windows 7 service pack because we had done the release as an emergency zero-day exploit patch. Those patches were always assumed to have been rolled into a service pack (as they were) but that wasn’t the case for the ballot. The code that checked the version number of the OS therefore looked for “>“ when it needed “>=“ to show the ballot. We didn’t notice the precipitous drop of page views on browserballot.eu as the legal team had stopped monitoring the numbers. Billions of more dollars in fines. It was a mess on top of a mess.

The ballot got in the way when customers were least prepared for it and asked them a question they weren’t interested in answering then, or really ever. It was mandated nagware, the worst kind of software. Perhaps it was precedent for GDPR cookie warnings?

The big problem though was that all the above was skating to where the puck was, in the words of the Great One. What is the default, what browser to run on Windows, what mail program or media player to use—this was not the battleground of the OS. This was not our competitive focus. It was not the focus of the independent developer community. Not so ironically, Chrome won the browser battle because they built a better more innovative browser. The choices Microsoft made in 2001 after XP shipped determined the fate of IE. The market worked. Microsoft made bad choices. Google decided to have no UI, better security and performance, and to push a clear web standard and that was just a better fit for the market. Microsoft missed on most of those. We were too late in reassembling the team to compete. The regulators came even later, and it was definitely after the market changed. Any chart of IE v Chrome market share easily shows this when you overlay the timeline.

In the end competitors and regulators got the things they asked for, but they never got enough. But it can never really be enough because regulation can’t just outlaw a company or literally design its products. No matter how much authority the government has unless a company is breaking laws, at least in most countries and systems, it cannot step in and redesign the product. Microsoft was a monopoly, which is different than Apple today, and within the scope of the laws governing monopoly Microsoft compliance went above and beyond what was required.

Many external to Microsoft expressed frustration with what the regulators were regulating. It was as though they never seemed to hit the target. They always wanted more or different. Yet those sorts of complaints could not lead to regulation because there are indeed limits. Nevertheless, fundamentally the regulatory oversight did cement a view that when it comes to big (US) technology companies the EU regulatory framework seems to have no problem making products less usable by consumers or altering the brand promise.

The world, however, had moved on. Competition was in an entirely different place. Microsoft was already losing in mobile phones, search, web-based services, and even servers were struggling versus Linux. Not even one of these was the target of any regulatory oversight. Every one of them was a massively well-funded effort at Microsoft. We were just pointed in the wrong direction, unfortunately.

It had been for at least 5 years before the ballot, arguably, since about 2000 that the competition was no longer about any APIs or even features in a PC operating system. Yes, there was competition about browsers, but browsers in a phone and that would be different than the PC.

And phones were going to be very different. At least that’s how Steve Jobs saw things.

The Apple Brand Promise

We at Microsoft like to think that all through this Steve Jobs was watching us. But in our hearts, we know that wasn’t the case. If you look at the grand arc of Apple computers there is an entirely consistent effort to build the very best personal computing experience, even at the expense of market share. “Think Different” was an obvious counter to the IBM motto “Think” and it was also a call to make different products and not chase the same goals every other company chased. Steve understood the failings of the mass market computers, having made the first wildly successful one. The three decades from the Apple I that included the Apple ][, Lisa, Mac, PowerBook, Newton, OS X, iMac, iPod and a hundred other products and strategies culminated in iPhone. By iPhone I do not mean simply a “smartphone” but every decision that went into it. The promise of the iPhone reached a new level on the journey to a “bicycle of the mind”, and it did so intentionally, architecturally, and what I would say was spiritually.

Looking just at the first iPhone and first iPhone OS one can see this at work. As we all know, the iPhone launched not as a “phone”, but three great devices integrated together: “a widescreen iPod with touch controls, a revolutionary mobile phone and a breakthrough internet communications device.” It was a remarkable achievement. However, if you happened to be a platform builder it was a different part of the launch that really caught your eye and was perhaps the boldest move. Steve described the phone software as:

Now, software on mobile phones is like baby software. It’s not so powerful, and today we’re going to show you a software breakthrough. Software that’s at least five years ahead of what’s on any other phone. Now how do we do this? Well, we start with a strong foundation. iPhone runs OSX.

Wow, iPhone runs OSX. I was sitting there thinking, “yikes how did they do that” when our mobile devices were running a stripped-down version of ancient 16-bit Windows that was forked at some point in the 1990s. iPhone ran a real OS. He went on to say:

Now, why would we want to run such a sophisticated operating system on a mobile device? Well, because it’s got everything we need. It’s got multi-tasking. It’s got the best networking. It already knows how to power manage. We’ve been doing this on mobile computers for years. It’s got awesome security. And the right apps. It’s got everything from Cocoa and the graphics and it’s got core animation built in and it’s got the audio and video that OSX is famous for. It’s got all the stuff we want. And it’s built right in to iPhone. And that has let us create desktop class applications and networking. Not the crippled stuff that you find on most phones. This is real, desktop-class applications.

Good grief that was brilliant. There’s just not enough praise I can direct at Scott and team and of course to Tony and team delivering a hardware platform that could handle that. Insert Wayne’s World “not worthy” meme :-)

To deliver these an endless number of decisions were made in the use of OSX, primarily around what to rewrite, what to delete, and what to save for later via #ifdef. In the above quote Steve talked about networking and while OS X had support for a huge amount of application-level networking (like VPN) all that was left out. There’s multitasking but to conserve battery life the scheduler would have been rewritten to create a new “frozen” application state such that applications don’t consume battery life when not running. Doing so defined a whole new way to write applications that only do stuff when you can see them. To make touch work the entire input stack would be rearchitected to support instant response to touch versus the millisecond delays in mice. And graphics, wow the whole of the system would end up rendering through hardware acceleration. Yet with all those constraints it also built in specific capabilities to handle inbound calls, alerts, push email, and so on. I could go on and on. Suffice it to say as an engineer, this is the most impressive work I’d seen.

This all matters because out of the gate the initial design point was to be the very best at what they set out to be, not to be OSX in a phone literally. This approach is exactly unlike what Microsoft had set out to do, which was to recreate Windows—complete with start menu—on a phone. It is also entirely different than RIM or Nokia who decidedly focused on building narrowly focused special purpose operating systems.

Putting aside those that said the phone was doomed because of touch or pricing or any other reasons, the product took off. It was a paradigm shift. I won’t even go into the way they “fixed” the carrier ecosystem in a way that regulators had failed to address.

Almost immediately developers of applications were asking how to tap into what they were told was OSX. The mobile world had some amount of development. Ironically, Windows CE had applications. PalmPilot had a relatively active developer community. RIM had enterprise applications. But all of those were purpose built for those devices, had very limited capabilities, and most of all were nearly impossible to obtain and install. Olds will recall the nightmare that was Microsoft ActiveSync and what it took to connect a Windows Mobile device to a serial cable and get a program to the phone. There was a web site, Handango, where one could try to find phone apps and get them to work.

It is obvious now, but the promise of the iPhone was going to include apps. We know there was a debate on the team about the risks of opening the phone and more. I find that fascinating. It tells you how much the concerns were. These concerns came from Steve directly.  In Walter Isaacson’s biography of Jobs he wrote, “[Jobs] didn't want outsiders to create applications for the iPhone that could mess it up, infect it with viruses, or pollute its integrity." Jobs had seen what happened to Windows. Apple famously drove home that point with “I’m a Mac” commercials so it was hardly entirely off the radar. He had decades of experience seeing even what happened on Mac. The Word macro viruses impacted Mac too and were horrible.

The potential to be an even grander bicycle for the mind prevailed. Though in an entirely new model. In a brilliant move Apple took the reluctance and concerns of having a platform and created the App Store not to simply “open up the platform” as Microsoft had done (on the PC and mobile) and as Mac had done, but to create apps that were qualitatively better than would typically happen spontaneously. The App Store was born just a little over a year after the iPhone launch.

All previous Apple products had a brand promise entirely within the control of Apple. The OS would be easy to use. The hardware would be sleek and super high quality. The peripherals from Apple would “just work” and so on. The App Store added an entire new brand promise—apps would be better. They would be vetted, tested, and approved by Apple. Apps would adhere to standards as defined by Apple.

This seemed crazy. No one had ever done this before. The iPhone was so amazing though developers dropped everything to build apps. One of the fastest growth curves our industry had ever seen was the ever-increasing number of apps. I discuss our own reaction to this at Microsoft, where we faced a decaying Win32 ecosystem, in “Hardcore Software” on Substack.

Macintosh had what was called the Human Interface Guidelines, HIG. The HIG had all the guidelines for how to build a great looking, consistent, and Mac-like app. ISVs however did not always adhere to that. Famously the largest ISVs, Adobe and Microsoft, were notorious for not doing things like a Mac as documented in the HIG. Adobe had its own ideas for how designers wanted to work. Microsoft wanted a level of consistency with Windows. My first boss who led the Excel team famously had an endless debate with Steve over having accelerators for menus so you didn’t need to use a mouse. The chaos of Mac applications no doubt infuriated Steve back then.

Windows of course embraced this chaos and saw it as innovation and progress. While we had the WADG, Windows Application Design Guide, in the 1990s the market for Windows developers had little interest in being similar. I worked on our first tools for C++ and worked tirelessly to get more developers to just use the Windows API and not make up their own UI. It was briefly successful, at least for C++ but never VB and not Office :-)

The iPhone saw this as a problem for consumers. It is easy to illustrate this with two specific examples. Many applications on Mac (and Windows) created their own ways to handle text input and editing.  Doing so might make that one app a few percent better but that comes at the expense of missing out on any advances the operating system might make in dealing with text. This was most obviously problematic on iPhone where typing and handling text were entirely new metaphors with incredibly difficult design and implementation challenges. Apps that attempted to manage their own text would have difficulties or subtle differences in everything from international to global text substitution/autocorrect to emoji and alternate keyboards. Another example would be when apps implement their own UI controls and paradigms, they make it more difficult to interact and like text if the OS enhances the native capabilities those do not show up in apps. A classic example for this would be the accessibility capabilities in an OS for low vision customers. While it is some work to make your own UI elements different, it is more and ongoing work to keep those elements visible to the accessibility tools and consumers suffer.

The iPhone introduced a rich set of frameworks to implement the capabilities for apps so developers could focus on their own domains while also making it easy to make apps that fit well within the iPhone experience. The App Store added a new brand promise to enforce that experience. Apps could also be tested for quality, resource usage, privacy, and more. Apple would provide a vast array of tools, APIs, documentation, and more to support the effort required. It was a new constraint to software. It was also a new promise to consumers.

In exchange, Apple delivered potential customers and users and an incredibly easy to use way to find apps. No serial cables. No ActiveSync. No downloading from strange web sites. It supported updates, family sharing, uniform terms and conditions, over time payments, and more.

But they went further than this. The frameworks were limited. The APIs exposed a fraction of potential capabilities, potential hooks, OS subsystems, and more. To build an app, developers had a much narrower surface area than they saw on Mac and vastly less than Windows. It was not simply that Apple was going to curate what went in the App Store, it was going to be exceedingly deliberate over what was an API.

On Mac and Windows, both companies had the idea of “documented” and “undocumented” APIs. Developers, however, could always just write code and invoke any part of the OS at any time. From the very first Mac in 1984, trapping calls to the ROM was a thing. On Windows, there was a veritable industry in finding and documenting the undocumented APIs. Where Apple got frustrated and lectured developers, Microsoft would end up documenting and testing such APIs ensuring they were properly maintained. We had whole databases of thousands of apps and an entire mechanism in the code to make sure whatever APIs an application used maintained the exact semantics between versions and if we changed something we even kept the old implementation around. This turned into a problem if the old API was also a vulnerable API. But that was Microsoft’s brand promise.

Instead, the iPhone was just limited. In lingo I find irritating it was a “walled garden” or in more appropriate terms it was a “sand box”. In the security world a sand box is an isolated part of the system that a program runs in such that it cannot interfere with other functions. On an iPhone all apps always run in a sand box. It was also an entirely new way to think of an OS. A running program had zero ability to see, interfere with, or otherwise have any knowledge of any other programs or interfere with the underlying OS. For a very long time even the files an application used could only be seen and used by itself. Why? Because one of the most common injection vectors is to try to get an app to parse a file that is the wrong format, causing a crash or buffer overrun. Not having random files was a huge security win that came at the expense of not working the way people thought a “computer” should work, especially tech enthusiasts. This was enormously frustrating because everyone knew the files were there stored in a regular OSX file system. By contrast, when Android came along it was “just” Linux and your files were there to see.

Every basic OS subsystem was considered and crafted this way. The 14-pin connector obviously provided a data connection for audio and video, but developers could not just use it as a serial port to do what they pleased. Amazingly this constraint led to the incredible use of audio for the Square card reader. Amazing how constraints lead to innovation. And that implementation was safer and more secure, reliable on net because no one ever needed to worry about what other things developers might be doing with the 14-pins on a given phone.

This promise of safety and security was a landmark and step-function improvement in computing. One of the key benefits was you could simply march through the App Store and without fear try any app instantly. You didn’t need to worry about DLL-hell, corrupting the registry, uninstall leaving garbage behind, or an app installing some nefarious capability that might monitor everything happening on your phone. By contrast on a PC or Mac without a store and without constraints of a sand box, your entire PC is at risk every time you download software from the internet. Downloading software from a random internet site after a Google search is to your PC vastly worse than cycling without a helmet or driving without seatbelts and airbags. I ran Windows and Office, and you literally won’t catch me downloading software based on a web search, ever. I even insist on using Office only downloaded via the App Store or after logging into 365. Download a utility like a PDF reader or video player is pure insanity.

It is difficult to overstate how beneficial this brand promise was for developers. The market this opened was enormous. People like to say things like “I know my parents can use the App Store” but that is an ageist way to say that normal people can just use a vast array of software without even thinking about potentially horking their PC. It was an appliance experience.

As the App Store gained traction developers naturally wanted more APIs. Some wanted things the iPhone didn’t do. Others wanted things they knew they could do on the Mac so must be available, like files or access to USB storage. A huge amount of what developers often want to do is an exercise in learning the platform and finding the “Apple way” to do something. The Share Sheet was a classic way developers had to think differently about working between apps. On a Mac or Windows developers might have built add-ins or extensions to an app or even system wide hooks on Windows to communicate between apps. On iPhone apps shared data via the Share Sheet. It was different but it afforded the cross-app connection people wanted and did so in a way that maintained the system-wide brand promise.

Then there was the browser.

Browsing continued to increase its role on for the desktop and laptop as native applications (on Mac and Windows) continued to decline. Many internet services only existed as web sites, particularly those popular ones from Google who optimized their sites for their browser. Chrome was becoming its own world adding features to the WebKit engine that Apple also used for Safari while Internet Explorer and Firefox continued to do their own thing. Many in the industry believed in the browser deeply because it was an open (if uneven) standard. Many developers still enamored though smarting from the failed write-once-run-everywhere promise of Java were adamant that the commitment should be to the browser as the sole platform of the future.

Apple and Steve did not agree with this. Apple saw the browser as a compromise. In fact, it was decidedly that on purpose. The browser was by design a least common denominator of what could run on a set of platforms, primarily various versions of Windows and Mac and some Linux clients, though also everything from a random tablet to a television to screen on a refrigerator.  Apple wanted a platform that was tuned to the iPhone device not a platform tuned to a large screen stationary PC. Everything from touch to battery life within a browser was incredibly difficult, and the implications around privacy on a device with a much higher level of commitment were significant. They could have embarked on a project to influence and redefine HTML to support all those needs, as was tried with the original mobile HTML format. Instead, they took a different approach of investing deliberately over time to improve Safari/WebKit to work well on iPhone. Apple wanted using the browser to maintain the brand promise established by using apps while also gaining access to the internet where there might not be apps.

This had the negative effect of forcing developers to create and test their web sites on Safari as well as on all those PC devices. It was annoying. At the same time, especially speaking as one responsible for a browser, the world of browsers was definitely not on the idealistic path to converge on write-once-run-everywhere HTML5 without the browser x platform matrix being deliberately tested. At the very least, Google was committed to rapidly improving Chrome to make Google stuff better, including doing things many disagree with on principle.

Apple would evangelize all the popular web sites to build apps and many sites see the benefit having a complete mobile experience possible only by building an app. They did a deal with Google to create a YouTube app for the launch of the iPhone as the most famous “win” of the early iPhone even while Google was busy literally running the entire pipeline of video so as to be excellent on Chrome. Facebook was famously committed to HTML5 because of the primacy of the web in their view. While they had a Facebook app early on at launch, it was built using HTML. The now famous pivot to mobile released rewritten apps in 2012.

Apple stuck to its brand promise when it came to browsing. Anyone who uses a browser knows the challenges of vulnerabilities, socially engineered attack vectors, and privacy/tracking issues that come with any modern desktop browser. Most are reduced because of the work in the Safari WebKit runtime, while also enhancing sites to work better with respect to touch, battery life, graphics, and more.

Still the pressure was enormous to “open up” browsing. In particular, the web in 2010 was filled with little programs called Flash using an add-in (browsers supported add-ins that inject themselves into a page) from Adobe (previously from Macromedia). Microsoft had its own version of this capability called Silverlight which was also the runtime for Windows Phone 7. Many who reviewed the initial iPhone believed Safari fell short because it lacked support for these plugins. For example, it meant that Netflix which ran fine in Chrome and IE would require an app. It also meant that the whole rich advertising ecosystem that built up around (invasive and districting) Flash content would not work at all on Safari. And many web sites and corporate applications created their web apps with Flash. Finally, Flash ads were notorious for tracking, phoning home, and other potentially nefarious practices.

Finally in April 2010 just before the All Things D conference that year, Steve answered the critics with a memo “Thoughts on Flash.” I have written many times about how much I revere this memo. You can read more here for example in the context of the time and the iPad launch. In the memo Steve detailed why Safari on iPhone would not support Flash. If you were not a developer who was empathetic with building platforms you might read the memo simply as a “rant” about a competitive product, and many received the memo just that way. I did not see that and still don’t.

Instead, I see it as a coherent and consistent declaration about building a platform with a unique consumer and developer value propositions and what Apple believed to be required to maintain those.

What we didn’t know at the time was that this memo was setting the stage for the iPad, which in particular would be touted as a device great for watching movies and video content or reading books and magazines. Those were the domain of Flash as HTML could not reliably render advanced layouts with respectable and repeatable fidelity. Steve’s answer for all of these would be to build apps. That’s how to make a promise to customers. He was right. He’s still right.

Steve makes six points in 1,700 words. It is a remarkable memo. I want to just highlight the points more relevant to the brand promise:

• Reliability and performance. Flash was the number one reason why Macs crashed. We also knew this from IE. Third parties noted that Flash had the worst security record for any single product. We also knew this from IE. Flash had repeated promised to deliver mobile implementations, particularly for Nokia and RIM, but those had not and never would materialize. In other words, there was no way to deliver Flash in a way that maintained the promises made by using iPhone.

• Battery life. Flash delivered video but it did so using its own CODEC. To run on all computers, it used the CPU. The iPhone advanced the state of the art for video by having a hardware-based playback for H.264, which was the CODEC the WebKit world was converging on. In Safari, H.264 was handled by hardware which more than halved the battery requirements. We knew this in IE and had worked impossibly hard to always use hardware support for HTML5, soundly beating Chrome at many graphics and video tests, for what that is worth, as Google remained committed to cross-platform support and would not tune Chrome by using advanced native APIs on Windows, DirectX. We had already moved all of what would become Windows 8 to render via hardware as well, so this was deeply familiar to us.

• Touch. Flash content was heavily stylized to use hovering and mouse-over gestures. Neither of these concepts even existed on a multi-touch interface iPhone. Developers would need to rewrite their Flash content for iPhone, but more than that the Flash API would need to be redone to support multi-touch. In the meantime, consumers would simply encounter inscrutable problems as they browser with Safari on an iPhone if Flash were permitted. We were deep into touch support on Windows, and this was readily apparent and our conclusion as well. IE was pretty aggressive about ending Flash support, not that anyone cared by this time.

• No runtimes. A runtime is code provided by a vendor that has its own API and is used for running applications. The runtime runs on top of an OS. In the Microsoft case runtimes were called “middleware” and Java was one of them. The cynical view of runtimes is that platform vendors dislike them because they disintermediate the platform. They do. But they also make everything worse. They are slow. They are different. They change at different times than the underlying platform. They have their own security and vulnerability problems. The irony of this is that I am sure Steve was thinking about Microsoft Word 6 for Mac which used its own runtime to emulate the Windows APIs. It became a cross-companies symbol of how much Microsoft disrespected Mac. About the Flash runtime, Steve simply said “We know from painful experience that letting a third-party layer of software come between the platform and the developer ultimately results in sub-standard apps and hinders the enhancement and progress of the platform.” He continued to elaborate. He was entirely right.

At All Things D when Walt Mossberg interviewed Steve and asked about this memo, I found myself in the front row cheering at his description of Flash as a runtime.

I wanted to point out that as we were designing and building Windows 8, we had reached the same conclusions as this memo because it emphasizes the notion that these were motivated entirely by a simple notion of quality control. These “thoughts” were deeply technical and the reality of the web. While the first points in the memo were about openness and the unique and positive role the web played, the subtext would be that to fully maintain the brand promise the platform needed to make prescriptive choices and enforce them.

It was important to go through the details of the launch of the iPhone and the App Store and the defense of web standards while not supporting Flash because taken together those form the foundation of the overall iPhone brand promise. There’s no one thing that is optional. The iPhone OS provides a set of frameworks to build applications that developers need to use without trying to build their own versions of those. Apps need to respect a set of system enforced boundaries when it comes to knowledge about the rest of the user’s phone, data, and applications. Apps must support a broad set of specific implementations when it comes to accessing data, privacy, accessibility, battery life, performance and more. The presence of the web is there to access the internet but not to be a catch all where all the previous promises go unchecked. The web on iPhone is not a free-for-all but an extension of the brand promise.

Following the release of iOS 4 (the first “iOS”) and iPad, there would be another 13 (!) yearly (!) releases of iOS (and then iPadOS) that continued to maintain and enhance the brand promise and features of the platform and in turn features for apps to take advantage of.

Just as when Microsoft added print drivers and WordPerfect believed that they had tuned their business to be a provider for that and then Windows “gave that away for free” or “took away the control” they had (or any number of other emotions) each time Apple added features to iOS it was done to expand while maintaining that brand promise.

Family sharing, Apple Pay, Apple ID, Key Chain, SharePlay, Apple’s own services, and so many more are all examples of building to a brand promise. One could go through every service and much like the “Thoughts” memo detail the direct customer problem being solved by the feature and why just “opening it up” or “providing a pluggable architecture” is not the right option. The reason I can say this so strongly is because at every junction the Windows answer to all of these was, in fact, to solve the problem with a pluggable and optional implementation.

While at every step people will take the cynical view that Apple is controlling the device when it should not be, the flip side of this is that Apple is continuing to expand the brand promise into new domains and new capabilities. It is building out a brand promise that delivers. And at each step, if you do not want the brand promise, an Android is a phone-trade in away. The market has demonstrated that more people prefer the Android brand promise. Apple is ok with that. They are fine being the number two phone because they want to have a brand promise that exceeds all others in the dimensions it is choosing.

Because of, not in spite of, Apple’s brand promise the world sees more innovation. At every juncture and every scenario there is an opportunity to see very different perspectives (or three or more if counting Samsung and China makers of Android phones investing in software.) If the Android base adds an innovation it will be open and unpredictable while Apple doing the same might “make it work” in a guardrails kind of way. There’s a long history in economics research on the positive realities of innovation in a competitive market, even, perhaps counter-intuitively, a duopoly.

When we were building Windows 8 for ARM, the highest order bit was to achieve “consumer electronics quality” in the product. That is why we did so many things counter to the Windows brand promise. One phrase we strived for was to achieve “quality over time” because we were all knee deep in how a brand-new Windows PC would just get slower and cruftier over time until one day you just said “need a new PC” assuming that the PC is not taken over by viruses and malware before the “registry is corrupt” or DLLs start conflicting. The Mac has this as well, though to a less degree.

The iPhone has achieved an almost surreal level of “consumer electronics quality” and maintains and incredible “quality over time.” Even more remarkable it achieves this from a library of over 2.2 million apps where the average American uses 30 apps per month with over 85% of time on the phone spent in apps. Your phone is almost certainly far more likely to hit end of life by age (about 5 years) or just being dropped than by getting crufty. All of this takes place with what amounts to essentially no malware, cross-application attacks and more. It also does this while handling the absolutely most personal information from photos to messages to medical information.

There is nothing at all remotely resembling the utility, ecosystem, and quality (in all dimensions) that the iPhone brand promise delivers. Nothing even close.

The DMA and The Brand Promise

Brand promise or not, the DMA and the regulators in the EU have a different view. Because Apple is not a monopoly in any traditionally measured way and because there is an extremely healthy and larger share competitor, there is no action warranted against Apple specifically it would seem.

Some would dispute that and presume that a duopoly is reason enough to regulate. While I have pretended to be a lawyer, I am not one. Suffice it to say many have studied and theorized about duopoly with respect to antitrust. Theories of duopoly competition tend to focus on natural resources or physical infrastructure—so called natural monopolies—where the two players have limited degrees of freedom to differentiate and one player has a production advantage. Even the research in this case has shown that natural price competition drives innovations in production and distribution (the other aspects of business that go beyond product). Other research has shown that a duopoly with one open source competitor is healthy, the situation with Android and iOS.

Still, the DMA does apply to Android. No one should be confused about that. It also applies to Google Search, Chrome, and YouTube. While everyone is talking about app stores, that is primarily because of the main feature that has been talked about most with respect to Apple and the complaints from big companies are the loudest. It should be clear, compliance with DMA is just getting started and whatever one’s thoughts on how Apple complied the other companies still must share their intentions.

In the case of the DMA what is abundantly clear that while there have been vocal, sometimes very vocal, complaints about the choices Apple makes in developing its products and brand promises, there is the challenge that it does not have, nor has it been shown to have a monopoly. Even with a significant share, in US law it is not illegal to achieve large share. It is illegal to maintain that share by some practices and it is illegal to leverage that share into other competitive businesses. In either of those cases, however, in the US there needs to be a legal process that first establishes a monopoly.

The EU regulators looked at this situation, apparently as I obviously have no first-hand knowledge at all and have taken a more precautionary principle approach as described at the top. Rather than build a case and regulate what appears to be a single dominant player they have chosen to develop a much broader concept of a “gatekeeper” which then can rope in any company that meets the criteria outlined in the DMA with respect to app marketplaces. Essentially the rationale for regulating is simply absolute size. For example. the threshold for MAUs is defined as 45 million, which amounts to 1 in 10 EC teens and older using a service, which doesn’t even seem that big when one considers that 75% of the US uses Facebook. As described previously, a gatekeeper is just a big company, but not that big, but big enough that all of them are US companies.

As a result, regulation took on a much broader and more aggressive and enduring approach. Instead of a specific complaint about Apple and a particular feature implementation like the rake in their App Store, the regulators cast a super wide net and defined a whole class of companies and features to be covered by the DMA. Instead of a remedy, they embarked on a massive product (re)design effort.  Thus, the loud complaints about the “30% Apple tax” or the restrictions on in-app purchase or permit alternate app stores resulted in actions by the regulators that took on far more than any narrow specifics.

It was just that everyone got a lot more than they expected. And in getting a lot more than they expected they might have not actually gotten what they wanted. In the grand spirit of how government works, sometimes the process ends up making almost no one happy. And when no one is happy it is difficult to fix because it essentially means going through the process all over again.

Apple has released a massive quantity of documents about how they intend to comply with the DMA. Many people are going to comb through it and find the specifics that jump out. People are likely to find specifics that they believe do not meet the spirit of the DMA. They might find specifics that do not directly accomplish the complaint they had.

That’s really the challenge. The DMA was not about one complaint. It was not about one specific solution like the browser ballot. It was a broad framework that in my view is attempting to achieve “Option 3”. The DMA set out to say implicitly that it doesn’t mind what Apple did—because it did not act against Apple specifically—but it wants Apple to take on more characteristics of Android or Windows or the Mac. Option 3 is when an executive sees two options to choose between and does the executive thing which is pick the elements of each option it wants even though that option doesn’t really exist.

Apple has been abundantly and crystal clear about its iPhone brand promise from the initial release of the App Store. At every step in the evolution of the product it has chosen to reinforce the brand promise for consumers rather than just step back to the Windows/Mac era of computing. Apple has chosen their supporting and expanding their brand promise over market share or unit volume.

I think the regulators realize that world has benefitted from this approach. We have two distinct offerings in the market. There has been a massive wave of innovation for the past decade that got us here. If anything, and this is where the above discussion about Windows really matters, it might just be that we are at a time when innovation has peaked. The world, whether it is AI, augmented reality, alternate devices, or even a resurgence of the browser, might be about to experience the next wave of innovation somewhere else. Just as Microsoft was battling the regulators over choosing a default browser on PCs, the real battle for the next platform was shaping up between Google and Apple on phone apps. Anyone’s guess is as good as mine, but it is not clear the next transformative innovation will be first in a phone where the digital market of the App Store will be the key leverage point.

Nevertheless, Apple must comply if it intends to do business in the EU. It is interesting to consider that China once came up with regulations that made it impossible for a company, Google, to uphold its brand promise and as a result Google chose to exit China. This decision was a founder-level gutsy choice which for a few years looked to be a significant error. We stand today probably thinking it was a good idea. It isn’t crazy to think some looked at these requirements and pondered the cost-benefit of doing business in the EU. Of course, I have absolutely no idea and am just speculating.

While there are many sections in the DMA that might pertain, I would call attention to the following key provisions (please refer to the source doc as the numbering and chapters can be confusing):

§ The gatekeeper shall not require end users to use, or business users to use, to offer, or to interoperate with, an identification service, a web browser engine or a payment service, or technical services that support the provision of payment services, such as payment systems for in-app purchases, of that gatekeeper in the context of services provided by the business users using that gatekeeper’s core platform services. [This is about using AppleID, web browsers and engines, payment services]

§ The gatekeeper shall allow and technically enable end users to easily un-install any software applications on the operating system of the gatekeeper, without prejudice to the possibility for that gatekeeper to restrict such un-installation in relation to software applications that are essential for the functioning of the operating system or of the device and which cannot technically be offered on a standalone basis by third parties.

The gatekeeper shall allow and technically enable end users to easily change default settings on the operating system, virtual assistant, and web browser of the gatekeeper that direct or steer end users to products or services provided by the gatekeeper. That includes prompting end users, at the moment of the end users’ first use of an online search engine, virtual assistant or web browser of the gatekeeper listed in the designation decision pursuant to Article 3(9), to choose, from a list of the main available service providers, the online search engine, virtual assistant or web browser to which the operating system of the gatekeeper directs or steers users by default, and the online search engine to which the virtual assistant and the web browser of the gatekeeper directs or steers users by default. [Since browsers are permitted this is SPAD.]

§ The gatekeeper shall allow and technically enable the installation and effective use of third-party software applications or software application stores using, or interoperating with, its operating system and allow those software applications or software application stores to be accessed by means other than the relevant core platform services of that gatekeeper. The gatekeeper shall, where applicable, not prevent the downloaded third-party software applications or software application stores from prompting end users to decide whether they want to set that downloaded software application or software application store as their default. The gatekeeper shall technically enable end users who decide to set that downloaded software application or software application store as their default to carry out that change easily. [This is the use of third-party stores and SPAD.]

Many have looked at these and at this point were excited to see the compliance take hold. But to look at these outside the brand promise a company makes only captures part of the picture. In fact, it only captures what a “plaintiff” or competitor might want to see happen. Much like what people wanted was for Microsoft to ship Firefox or Chrome, but instead got a browser ballot.

Why is that? The challenge is that the regulations cannot design the product for every gatekeeper. There must be room for gatekeepers to innovate. There must be the possibility that the gatekeeper will provide a unique approach to the problem at hand. As you think this through, that is literally the purpose of a company—to offer unique solutions to market problems. Regulations do not tell companies what and how to build their products. Regulations provide constraints and conditions for the resulting products.

It was clear the regulators were deeply aware of the challenges as they exist with respect to Apple. Of course, there is no doubt that all along all the targeted companies were providing feedback on drafts and almost certainly (at least based on our Windows and Office experience) having discussions and even brainstorming sessions on concerns, approaches, and so on. It was also certainly having conversations with those raising issues. In fact, my experience is that the EU is extremely tuned into the “plaintiffs” when drafting regulations or proposed remedies because this process is the substitute for the likes of Congressional hearings or litigation.  As with the US, the regulators are aware of the risks of regulatory capture and with recent cases such as the previously mentioned GMO foods or diesel cars, there would likely be heightened sensitivity. Additionally, at least when I read these the regulators are also acutely aware of the browser ballot and SPAD that were created for Windows.

As an example, it is not a secret that the Android system has supported alternate app stores nor is it a secret that there is decidedly more malware and other troubling content on the Android stores. The regulators would be very sensitive to making a platform worse in the vector of security and reliability as a direct result of regulation. It is worth noting that these top-level concerns are called out and addressed immediately after detailing the requirements for a store (repeated from top):

§ In order to ensure that third-party software applications or software application stores do not endanger the integrity of the hardware or operating system provided by the gatekeeper, it should be possible for the gatekeeper concerned to implement proportionate technical or contractual measures to achieve that goal if the gatekeeper demonstrates that such measures are necessary and justified and that there are no less-restrictive means to safeguard the integrity of the hardware or operating system. The integrity of the hardware or the operating system should include any design options that need to be implemented and maintained in order for the hardware or the operating system to be protected against unauthorised access, by ensuring that security controls specified for the hardware or the operating system concerned cannot be compromised. Furthermore, in order to ensure that third-party software applications or software application stores do not undermine end users’ security, it should be possible for the gatekeeper to implement strictly necessary and proportionate measures and settings, other than default settings, enabling end users to effectively protect security in relation to third-party software applications or software application stores if the gatekeeper demonstrates that such measures and settings are strictly necessary and justified and that there are no less-restrictive means to achieve that goal. The gatekeeper should be prevented from implementing such measures as a default setting or as pre-installation.

Wow there is a lot there. The reason for that is because the rules strictly permit the gatekeeper to develop a solution to third party stores that maintains the integrity of the operating system or hardware. It permits the gatekeeper to require “technical or contractual measures” as well as “design options that need to be implemented and maintained” to protect the system. The DMA even goes further than that and provides the right of gatekeepers to implement “strictly necessary and proportionate measures and settings, other than default settings, enabling end users to effectively protect security.” The use of “technical or contractual measures” is I believe where the charges for the use of third party app stores and in app purchases come from—the brand promise from Apple today is funded by the existing App Store revenue and going forward using alternate stores does not mean (according to the DMA) that Apple must forgo the brand promise, but rather that it can have contractual terms that enable it to maintain the promise. The other rights granted are also about maintaining the commitment to security and integrity of the system even when implementing the requirements of a gatekeeper.

Continuing through these paragraphs you can see the regulators clearly had the same view about privacy. They would not want the use of third-party stores or browsers to reduce the privacy afforded by the platform. In fact, because the EU so highly values privacy the DMA even leaves room for gatekeepers to go above and beyond the requirements and use even more transparency to “differentiate themselves better through the use of superior privacy guarantees.” This all but says that if you want to offer a better promise of privacy guarantees, then that is great just be transparent about what is being done. In other words, tell the user presumably with a popup of some kind.

The primary document Apple released—Update on apps distributed in the European Union—detailing all the changes is quite literally a march through iOS where they had to do the above work and then explain their implementation. Because the DMA provides for tools to be used to maintain the brand promise with respect to security, quality, and privacy there will be a great many changes that come from the use of third-party stores, alternate browser runtimes, and payment mechanisms. Similarly, the DMA requires the creation of the SPAD-like mechanism which in turn imposes requirements on Apple’s tools to which this applies along with third party tools. Some of these from the Apple documentation include:

• New options for distributing iOS apps on alternative app marketplaces.

• New framework and APIs for creating alternative app marketplaces on iOS.

• New frameworks and APIs for alternative browser engines.

• New APIs to enable contactless payments.

• Expanded default app controls.

• Interoperability request form [this is a request to use what are believed to be APIs that Apple uses but are not documented].

• Default web browser choice screen [A BROWSER BALLOT].

• New options for using alternative payment service providers (PSPs).

• New options for processing payments via link out to purchase.

Apple has very clearly mapped their changes to the regulations in DMA. You can see this almost one-for-one. There is a ton of detail provided on the Apple developer site. In addition, each of the items details the rationale and the changes being made to the iPhone brand promise because in many cases the brand promise cannot be maintained. For example, in detailing the use of alternate app marketplaces Apple says:

§ If not properly managed, alternative distribution poses increased privacy, safety, and security risks for users and developers. This includes risks from installing software from unknown developers that are not subject to the Apple Developer Program requirements, installing software that compromises system integrity with malware or other malicious code, the distribution of pirated software, exposure to illicit, objectionable, and harmful content due to lower content and moderation standards, and increased risks of scams, fraud, and abuse. Apple has less ability to address these risks, and to support and refund customers regarding these issues. Even with safeguards, many of these risks remain.

While we’ve built new capabilities to continue supporting iOS features that users depend on in their apps, it’s important to understand that some features may not work as expected for apps using alternative distribution. Features like Screen Time, parental controls, and Spotlight will continue to function and maintain Apple’s security, privacy, and safety standards. Features like restrictions on In-App Purchase in Screen Time and Family Purchase Sharing, universal purchase, as well as Ask to Buy are not supported because the App Store and its private and secure commerce system won’t be facilitating these purchases. Apple won’t be able to assist users with refunds, purchase history, subscription cancellations and management, violations of user data privacy, abuse, or fraud and manipulation, in addition to issues that make the user experience less intuitive. Developers, or the alternative app marketplace from which their app was installed, will be responsible for addressing such issues with customers.

Within this we can see the kinds of support that the App Store provided and with a third-party store there is no way to know what the risks will be. Similarly, because third party stores handle the transactions, Apple is going to be out of the loop on many things we take for granted today such as just going to the iCloud subscriptions tab and cancelling or changing a plan.

I would definitely encourage a reading of these initial documents before continuing to react. I have yet to see something I think is onerous or inappropriate and certainly nothing outside the bounds of the rights granted gatekeepers. I can see many things I would not like to be there and genuinely think are bad software design, such as all the popups and warnings that will result or the SPAD stuff that will be all over the place, but once you go down the path of providing for alternate components while also permitted an integrated brand promise there is no alternative.

As I continue to dive in and learn more, I remain surprised at the breadth of this approach. There’s no escaping this is a laundry list of essentially grievances against these products and companies. The only common thread is scale. The regulations read as though there is a sense these companies are permanent infrastructure. If there is one thing I learned during all the work at Microsoft, it was how fleeting all these leadership roles could be. When the regulators started their cases against Microsoft: Windows had 90% share of the only computing market; Office files were the way people exchanged information in email; Internet Explorer was going to be the only gateway to the internet; Windows Media Player, Java, and Messenger were the next battleground mega-applications. I don’t need to go through all of those to help you to conclude that none of those are the case anymore.

But, BUt, BUT…

The DMA is a huge deal. It has led to a massive, massive amount of work to comply with regulations at the gatekeeper companies. It has also generated a large amount of commentary, most of it I would say is reactionary. I admit this extensive essay is reactionary. I did at least twice read the act and relied on my already existing re-telling of the past events for “Hardcore Software”. I am certain I misunderstood or made mistakes here. My intent is not to write a definitive account or analysis, but to provide a platform to further discuss the topic.

That said, I did feel it worthwhile to express my answers to what I have seen as the most common criticisms of just the Apple plans to adhere to the DMA recognizing we have yet to see how all the other gatekeepers will respond. Many of these have been raised in blogs, articles, or in various conversations I’ve been part of across X, Threads, or various number-independent interpersonal communications services. I will paraphrase the point of feedback and provide my own brief, “tweet” sized answer.

It’s just an optional store. Obviously, DMA is far more than providing just an optional store. There are many other requirements just for iPhone and there are significant implications when using optional stores relative to Apple’s brand promise. While some players were seeking a simple alternate store, that is how Android works and the DMA provides for doing better than that in terms of privacy and security. At the same time, Apple is permitted to create contractual terms to maintain the integrity of the OS.

The “Apple tax” is rent seeking whether it is the 30% rake or requirement to use Apple Pay. This has been a common refrain for a long time already. As one can see from the above excerpts, the fees for the store provide for more than just the collection of money and rake. Significant parts of the store include the trust element, the frictionless commerce, and the safety and security. Whenever this comes up, I always ask how many people resort to using gift cards or generated single use credit card numbers to buy things online or must fight with a merchant over a refund? These are real issues and at last for iPhone users the Apple implementation is and has been a significant value over the life of the store. It isn’t a late add or a change, and if anything, the store has relaxed requirements. There’s a long history in business of new innovations being viewed as a positive and then over subsequent generations or time new users don’t assign the same value. Anyone who was an original seller on eBay using PayPal for example was forever thankful in how they built up a whole system from nothing. Then over time as new sellers entered or as older sellers got comfortable there are endless complaints about “fees”. The value is still there, but everyone got so used to the service just working they start to resent the fees. It doesn’t matter what the fee is, this seems to happen. Any small business that takes credit cards curses even the nominal card fee. I know my family’s business felt this way growing up. I simply don’t agree with companies that declare the store to have no value (or much less value) and locks in customers and costs. Not only are there alternatives there are reasonable arguments to be made about the value delivered, especially in reaching an established platform with one billion potential customers. Regardless, it is not a tax, and it isn’t rent seeking as those are bad things only governments can do.

It is my computer, and I should be able to install any software I want. To me this is the “get off my lawn” critique. The only answer to this is that model is outdated. This critique is the equivalent of “in my day we just soldered a jumper to the mother board.” The abstraction level of computers continues to increase and as such venturing “under the hood” is not an option on mobile any more than changing the battery while walking down the street might be. I’ve been around a while too. I would love the excitement of adding my own FPU, TSR, or VxD to my phone but that just isn’t how they work. That’s going to be an unsatisfying “take it or leave it” but it is progress and the benefits we have today are enormous.

Apple is a walled garden. Yes, it is though to me it is a sandbox. That’s their brand promise. On the other hand, it is not a walled garden at all. What is really being said with this critique is that Apple operates in a sandbox that has rules and compared to how computers used to work before the iPhone some of those rules are bogus to me. Just as I would assert for Windows, Apple is one of the most open and vibrant ecosystems that has ever been created. It is just that open does not mean developers can do anything they can dream up or anything they want to do is permitted. Unlike a PC where if you do something you shouldn’t you just break the PC, the iPhone just doesn’t allow things that conflict with the promises of the brand. The App Store is the final stop along the way to maintain the integrity of that promise.

Malicious compliance. I’ve heard this phrase quite a bit this week, just as I’ve heard this when referring to Windows “N” or the browser ballot. This is just a way, I think, of rudely stating that one wishes the approach used to comply with a regulation or law was done in a way that did more. There’s nothing about being regulated that is supposed to be altruistic. The gatekeepers are all giant and mature companies that have many demands and constituencies. When something new lands on them they will comply, but they are going to do what they must do not what anyone else might want them to do. I honestly do not know anyone in the same situation who would overachieve in compliance. It is not only ethical, but regulations are also designed to expect this. There are tens of pages in the DMA about oversight, reassessment, and even making sure complaints are dealt with. If you continue to believe in malicious compliance, then I only think it is fair to also believe in malicious regulation.

Apple locks out other services, advantages its own. This has forever been a complaint about operating systems. By definition an operating system is a bundle. I suspect this particular complaint is going to get a lot more treatment when Google provides more disclosure. It is obviously the case that if a business exists in certain areas and Apple has an offering there will be a view that the mere existence on a default iPhone implies an Apple advantage through distribution. That is the origin of SPAD.  I will say the basic theory of bundling is that the bundle wins often but only to a point. At some point the bundle becomes so weighted that no one knows what’s in it. It is at that point that a “point” service or API comes along and trounces the bundled platform. By any definition of advantaging first party services, Internet Explorer, Media Player, Silverlight, and about 40 other things should have won on Windows. Not even one did. Windows was already too big. I would also say the same thing about the browser versions of Word, Excel, PowerPoint, and Outlook. Those have not made a dent in the share of browser-based productivity relatively speaking yet they are there. The converse of the concern over bundling is that regulation simply draws arbitrary lines about what is in or out of a platform. This is akin to a car market where you always need to go elsewhere for a radio or roof rack. Only for a brief moment is the expectation that these are distinct purchases and after that moment it turns in a pain in the neck and less well-integrated choices.

Ultimately a choice and you can ignore it if you want, and more choice is always better. Many are saying this about the store, but it does apply to all the new optional or key technologies that now have default treatment. There are three issues. First, you won’t be able to ignore these choices because you never know when they will pop up as new potential defaults from an app you downloaded. You might also be directed to use a third-party store because your medical provider, government service, or bank decided they want to build an app with features that are not permitted in the Apple App Store. Then it won’t be optional. Second, and this is the point that means the most to me, is that choice is good, but the DMA has removed the choice in the market that was the iPhone as we knew it and replaced it with an entirely different choice with quite a few potential problems I now need to worry about. I can’t simply ignore the choice. And third, all this code is in the system now. I’m too much of a former engineer to know that all these boundary cases will absolutely lessen the robustness of a system. As I said, we spent (and I’m sure the teams continue to spend) a significant amount of energy finding, fixing, and coping with bugs. The cost of DMA is now ongoing and will certainly monotonically increase for all so-called gatekeepers and gatekeepers to be. There’s no escaping that this cost will impact our experience.

The DMA is the most significant precautionary regulation to land on the technology world, or more specifically the US technology world. It is just getting started. No regulation is ever one and done, so now there is a springboard for more. We are in a new world where the path to success is now paved with regulation that comes before you’ve done something potentially wrong. The history of this type of precautionary regulation is that it most decidedly impacts the path of innovation in unintended ways far more than intended ways. The market has been working and seems on the cusp of major structural changes just as this regulation appears.

Future companies will make different choices and consider many unexpected approaches rather than just walk straight into regulations. While the DMA pays some attention, especially with respect to data, of the advantage incumbents have, make no mistake that these regulations significantly benefit incumbents with resources to spare over new companies. A surprise success and one quickly crosses the threshold for a web of new regulations that a new company is almost certainly not going to be staffed or architected to handle.

My hope is that by sharing all these thoughts in this lengthy essay I would leave you with an appreciation for what Apple has accomplished and in many ways a recognition that they are handling this with incredible aplomb in the face of what I think of as an assault on a brand promise that single-handedly brought computing into the twenty-first century.

# # # # #