Apple and Microsoft have been involved in discussions with the European Union concerning the inclusion of iMessage and Bing in the EU’s ‘gatekeeper’ list under the Digital Markets Act (DMA). This legislation, which became effective in May 2023, aims to regulate major tech companies and their services to ensure fair competition and interoperability among platforms.
iMessage and Bing were initially included in the list of services to be regulated by the DMA. However, both Apple and Microsoft have argued that their services do not meet the criteria for inclusion in this list. Apple claimed that iMessage’s user base in Europe is too small to warrant such regulation, and Microsoft argued that Bing, with just a 3% market share among search engines, should not be subject to the same restrictions as Google Search, which holds a significantly larger market share.
The DMA imposes strict responsibilities on ‘gatekeepers’, including interoperability with rival services, linking to competitors, and data sharing. For iMessage, this would mean adding support for RCS to ensure compatibility with Google’s Android messaging app and opening its service to competitors like WhatsApp. Apple has raised concerns that such measures could compromise the security of its users.
To be designated as a gatekeeper, a company must meet certain criteria, including having a market capitalization of at least 75 billion euros or an annual turnover of 7.5 billion euros. Additionally, gatekeepers must have at least 45 million monthly end users in the EU and 10,000 annual business users. Non-compliance with DMA rules could result in fines of up to 10% of the company’s total worldwide turnover for the preceding financial year, and up to 20% for repeated infringements.
Analysts have noted that while iMessage is widely used in the U.S., its popularity in Europe is overshadowed by WhatsApp, mainly due to the different telecom and data plan structures in these regions. The question of whether iMessage meets the EU’s user threshold for gatekeepers remains uncertain.
Recently, both iMessage and Bing appear to have been temporarily removed from compliance with the DMA while the EU investigates the companies’ protests. Apple and Microsoft have six months to comply with the DMA rules, which means they need to take steps to follow the new laws by March 2024 or face penalties.
Apple has expressed concerns about the privacy and data security risks posed by the DMA. The Financial Times reports that several firms, including Apple and TikTok, and about 20 of their services, will be affected by the DMA. Each firm will be required to make their services interoperable with rivals and also link to their competitors.
The situation remains fluid, with ongoing discussions and assessments by the EU regarding which services will ultimately be affected by the DMA.
Apple recently addressed security concerns related to iMessage by releasing critical security patches in its latest updates. These updates, including iOS 16.5.1, iPadOS 16.5.1, macOS Ventura 13.4.1, and watchOS 9.5.2, were designed to fix multiple security issues that had been actively exploited.
One of the key vulnerabilities patched was related to iMessage, identified as CVE-2023-32434. This exploit allowed for arbitrary code execution with kernel privileges. It was acknowledged by Apple that this vulnerability might have been exploited in versions of iOS prior to version 15.7. Additionally, a second patch was issued for WebKit, identified as CVE-2023-32439, addressing the risk of maliciously crafted web content executing arbitrary code, which also could have been actively exploited.
Apple has urged users to install these updates promptly to address these security concerns. The company recommends that users who don’t have automatic updates enabled should manually navigate to their device settings to install the updates.
