Update on apps distributed in the European Union
Apple is sharing changes to iOS, Safari, and the App Store, impacting developers’ apps in the European Union (EU) to comply with the Digital Markets Act (DMA). These changes create new options for developers, including how they can distribute apps on iOS, process payments, use web browser engines in iOS apps, request interoperability with iPhone and iOS hardware and software features, access data and analytics about their apps, and transfer App Store user data.
The changes are available for developers who distribute apps in any of the 27 EU member countries and only apply to apps available and distributed to users in the EU. For existing developers who want nothing to change for them — from how the App Store works currently and in the rest of the world — no action is needed, and they can continue to distribute their apps only on the App Store and use its private and secure In-App Purchase system.
iOS, Safari, and the App Store are part of an integrated, end-to-end system that Apple has designed to help protect the safety, security, and privacy of our users, and provide a simple and intuitive user experience. We strive to earn users’ trust by promptly resolving issues with apps, purchases, or web browsing through App Review, AppleCare customer support, and more.
The DMA requires changes to this system that bring greater risks to users and developers. This includes new avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats. These changes also compromise Apple’s ability to detect, prevent, and take action against malicious apps on iOS and to support users impacted by issues with apps downloaded outside of the App Store.
That’s why Apple is introducing protections — including Notarization for iOS apps, an authorization for marketplace developers, and disclosures on alternative payments — to reduce risks and deliver the best, most secure experience possible for users in the EU. Even with these safeguards in place, many risks remain.
The user safeguards and developer tools and technologies we’ve built reflect our commitment to iPhone and iOS remaining the safest mobile platform users can choose, and the app ecosystem that offers all developers the greatest opportunity.
Developers can get started with these options in the beta release of Xcode 15.3 and iOS 17.4 starting today. The changes will become available to users in the 27 EU member countries beginning in March 2024.
New business terms available for apps in the EU — to reflect the DMA’s requirements for alternative distribution and payment processing, Apple is also sharing new business terms for apps in the EU. Developers have a choice to remain on Apple’s existing terms or adopt new terms that reflect the new capabilities.
Alternative distribution on iOS in the EU
To reflect the DMA’s changes, users in the EU can install apps from alternative app marketplaces in iOS 17.4 and later. Users will be able to download an alternative marketplace app from the marketplace developer’s website. Developers can access these distribution options in App Store Connect after agreeing to relevant business terms for apps in the EU via developer.apple.com.
If not properly managed, alternative distribution poses increased privacy, safety, and security risks for users and developers. This includes risks from installing software from unknown developers that are not subject to the Apple Developer Program requirements, installing software that compromises system integrity with malware or other malicious code, the distribution of pirated software, exposure to illicit, objectionable, and harmful content due to lower content and moderation standards, and increased risks of scams, fraud, and abuse. Apple has less ability to address these risks, and to support and refund customers regarding these issues. Even with safeguards, many of these risks remain.
While we’ve built new capabilities to continue supporting iOS features that users depend on in their apps, it’s important to understand that some features may not work as expected for apps using alternative distribution. Features like Screen Time, parental controls, and Spotlight will continue to function and maintain Apple’s security, privacy, and safety standards. Features like restrictions on In-App Purchase in Screen Time and Family Purchase Sharing, universal purchase, as well as Ask to Buy are not supported because the App Store and its private and secure commerce system won’t be facilitating these purchases. Apple won’t be able to assist users with refunds, purchase history, subscription cancellations and management, violations of user data privacy, abuse, or fraud and manipulation, in addition to issues that make the user experience less intuitive. Developers, or the alternative app marketplace from which their app was installed, will be responsible for addressing such issues with customers.
Distributing on an alternative app marketplace
When considering distribution on an alternative app marketplace, developers should evaluate the marketplace’s offering and terms and conditions — including any financial obligations, approval processes and policies, and legal protections — before setting up alternative distribution in App Store Connect. Marketplace apps may only be installed from the marketplace developer’s website.
To authorize an app marketplace to distribute your app, you’ll need to contact the marketplace developer to receive a security token required for alternative distribution. You’ll be able to add and remove marketplaces and select which apps you intend to distribute on each marketplace in App Store Connect.
Using new App Store Connect distribution tools, you’ll be able to easily download your signed binary assets to transfer them directly to a marketplace for distribution. You can also take advantage of new support in the App Store Connect API to let a marketplace retrieve assets from Apple for your apps.
Operating an alternative app marketplace
Alternative app marketplaces can install and support software on iOS devices, access data across a catalog of apps, manage users’ purchases and subscriptions, and more. They are responsible for meeting Notarization requirements, like all iOS apps. Marketplace apps may only be installed from the marketplace developer’s website.
Operating an alternative app marketplace requires significant responsibility and oversight of the user experience, including content rules and moderation processes, anti-fraud measures to prevent scams, transparent data collection policies, and the ability to manage payment disputes and refunds.
Developers of alternative app marketplaces will be responsible for meeting ongoing requirements that help protect users and developers. Apple will provide authorized marketplace developers access to new app marketplace frameworks and APIs that let them receive and retrieve notarized apps from Apple Developer Program members securely, let users download and install marketplace apps from their website with authorized browsers, integrate with system functionality, back up and restore users’ apps, and more. Using new App Store Connect distribution tools, developers can choose to notify you of any app updates, so you can offer users important functionality like automatic app updates.
Notarization for iOS apps
Notarization for iOS apps is a baseline review that applies to all apps, regardless of their distribution channel, focused on platform policies for security and privacy and to maintain device integrity. Through a combination of automated checks and human review, Notarization will help ensure apps are free of known malware, viruses, or other security threats, function as promised, and don’t expose users to egregious fraud.
Information from the Notarization process is also used for app installation sheets, which provide at-a-glance descriptions of apps and their functionality before users download, including the developer, screenshots, and other essential information. Apps distributed on the App Store will continue to be responsible for meeting Apple’s high standards for user safety, security, and privacy and undergo the standard App Review process, including Notarization and enforcement of content and commerce policies.
Developers can submit a single binary and will be able to choose alternative distribution options in App Store Connect. Notarization for iOS apps will check for:
- Accuracy — Apps must accurately represent the developer, capabilities, and costs to users.
- Functionality — Binaries must be reviewable, free of serious bugs or crashes, and compatible with the current version of iOS. They cannot manipulate software or hardware in ways that negatively impact the user experience.
- Safety — Apps cannot promote physical harm of the user or public.
- Security — Apps cannot enable distribution of malware or of suspicious or unwanted software. They cannot download executable code, read outside of the container, or direct users to lower the security on their system or device. Also, apps must provide transparency and allow user consent to enable any party to access the system or device, or reconfigure the system or other software.
- Privacy — Apps cannot collect or transmit private, sensitive data without a user’s knowledge or in a manner contrary to the stated purpose of the software.
Apple will encrypt and sign all iOS apps intended for alternative distribution to help protect developers’ intellectual property and ensure that users get apps from known parties.
Notarized apps will also undergo a series of checks during installation to ensure that they haven’t been tampered with and that the installation was initiated through an authorized web browser.
If Apple determines that an iOS app contains known malware after it’s been installed, it will be prevented from launching and new installations will be revoked.
Alternative distribution user experience
iOS 17.4 will support a new experience for app installation to help users authorize the installation of apps and alternative app marketplaces and understand more about apps before they download.
Users can install marketplace apps from a website owned by the marketplace developer after approving them with the Allow Marketplace from Developer control in Settings.
Before an app or marketplace app is installed, a new system sheet will display information developers have submitted to Apple for review, like the app name, developer name, app description, screenshots, and system age rating.
Users can manage their list of allowed marketplace developers and their marketplace apps in Settings and remove them at any time. Removing an allowed marketplace developer prevents new apps and updates from the developer’s website from being installed. Deleting a marketplace app deletes all related data from the device and stops updates for apps from that marketplace, which may affect features and functionality for the apps installed from the marketplace.
Users can manage their default marketplace through a new default setting. Certain platform features for finding and using apps like Spotlight are integrated with a user’s default marketplace. App installation sheets are automatically turned off for installations from a user’s default marketplace.
Browser apps and alternative web browser engines in the EU
Default web browser choice
To reflect the DMA’s changes, Apple will introduce a new choice screen that provides users additional ways to choose a default web browser from a list of options.
When users in the EU first open Safari on iOS 17.4, they’ll be prompted to choose their default browser and presented with a list of the main web browsers available in their market to select as their default browser.
Use of alternative browser engines
To reflect the DMA’s changes, developers will be able to use alternative browser engines — other than WebKit — for dedicated browser apps and apps providing in-app browsing experiences in the EU.
As browser engines are constantly exposed to untrusted and potentially malicious content and have visibility into sensitive user data, they’re one of the most common attack vectors for malicious actors. To help keep users safe online, Apple will only authorize developers to implement alternative browser engines after meeting specific criteria and committing to a number of ongoing privacy and security requirements, including timely security updates to address emerging threats and vulnerabilities. Apple will provide authorized developers of dedicated browser apps access to security mitigations and capabilities to enable them to build secure browser engines, and access features like passkeys for secure user login, multiprocess system capabilities to improve security and stability, web content sandboxes that combat evolving security threats, and more.
Contactless payment transactions in banking or wallet apps in the EEA
In the EEA, iOS 17.4 will introduce new, DMA-compliant APIs for developers to support contactless payment transactions from within their banking or wallet apps, while protecting user security and privacy.
Users will be able to initiate payment transactions from a third-party banking or wallet app at compatible NFC terminals, including mobile devices. Users can manage their preferred default contactless payment app through a new setting for contactless payments and launch the default contactless payment app by double-clicking the side button or when iPhone detects an NFC field at compatible terminals.
Because wallet and banking app developers are responsible for certain industry and regulatory requirements — such as being licensed to offer payment services in the EEA, conforming to industry security standards (for example, PCI DSS and EMVCo), having valid agreements with an authorized payment service provider, and any network certifications in apps they integrate with these capabilities — developers may request an entitlement and commit to ongoing security and privacy standards to access and use these capabilities.
Expanded default app controls for users in the EU
To reflect the DMA’s changes, Apple will introduce new default controls for users in Settings for:
- App marketplace apps — Users will be able to manage their preferred default app marketplace through a new default setting for app marketplace apps. Platform features for finding and using apps like Spotlight are integrated with a user’s default app marketplace.
- Contactless payment apps — Users will be able to manage their preferred default contactless payments app through a new default setting, and select any eligible app adopting the HCE Payments Entitlement as the default.
Users will also have additional ways to manage their default browser setting. When iOS users in the EU first open Safari on iOS 17.4 or later, they’ll be prompted to choose their default browser, and presented with a list of the main web browsers available in their market that can be selected as their default browser.
Interoperability requests in the EU
Apple’s interoperability efforts across software development kits and developer services, encompassing more than 250,000 APIs, enable developers to leverage many of the core technologies built into iOS and iPhone (like HealthKit, Bluetooth, the camera, and the microphone) so users can access them right from developers’ apps. Today, developers can ask questions or share feedback or suggestions to Apple in a variety of ways — such as developer support, the Apple Developer Forums, and Feedback Assistant. To reflect the DMA’s changes, Apple has created an additional dedicated process for developers to request additional interoperability with iOS and iPhone features.
Apple will introduce a new request form for developers to request additional interoperability with hardware and software features built into iPhone and iOS. Apple will evaluate requests on a case-by-case basis and design a solution if one can be supported, and let the developer know if one cannot. New forms of access will require Apple to engineer new APIs that will be delivered in a future update to Apple’s operating systems. Developers can continue to use existing developer channels to ask questions and share feedback or suggestions about Apple’s developer tools and services.
Alternative payments on the App Store in the EU
To reflect the DMA’s changes, alternative payment service providers and link out to purchase will be available to developers for their apps distributed on the App Store in the EU. For their EU apps available on the App Store across Apple’s operating systems, including iOS, iPadOS, macOS, tvOS, and watchOS, developers have additional payment options to offer digital goods and services:
Payment Service Providers (PSPs) — where developers use an alternative payment processor that lets users complete transactions within their app.
Linking out to purchase — where developers direct users to complete a transaction for digital goods and services on their external webpage. The presentation of the link out to purchase may communicate information for EU users about promotions, discounts, and other deals.
To use these new payment options in an app, developers will need to use the StoreKit External Purchase Entitlement, the StoreKit External Purchase Link Entitlement, or both. Developers are not required to submit a separate binary to use alternative payment processing.
Due to the App Store’s tight integration with In-App Purchase, and to reduce confusion for users, developers may not offer both In-App Purchase and alternative PSPs and/or link out to purchase to users in their App Store app on the same storefront. Developers who want to continue using the App Store’s In-App Purchase system may do so, and no further action is needed.
Using alternative PSPs and link out to purchase can create new threats to user security and privacy and may compromise the user experience. It’s important for developers considering use of alternative PSPs and link out to understand that some OS or App Store features may not work as users expect. Helpful App Store features — like Report a Problem, Family Sharing, and Ask to Buy — will also not reflect these transactions. Users may have to share their payment information with additional parties, creating more opportunities for bad actors to steal sensitive financial information. And on the App Store, users’ purchase history and subscription management will only reflect transactions made using the App Store’s In-App Purchase system. Apple will have less ability to support or refund customers encountering issues, scams, or fraud. Developers who use alternative payments are also responsible for managing payment or billing issues, taxes, and other features currently supported by the App Store’s system.
User experience for alternative payment service providers and link out to purchase
To help users understand whether an app contains an alternative payment option, the App Store will display an informational banner on the app’s product page to identify the developer’s enablement of this entitlement. When downloading an app, users will also be informed if an app uses PSPs or links out on the purchase confirmation sheet. Apps that contain an alternative payment option are required to present users with a disclosure prior to each transaction or link out to purchase to help them understand that the purchase isn’t backed by Apple.
Commission and sales reporting
Developers who support PSPs and/or link out to purchase will be responsible for paying a commission to Apple on the sale of digital goods and services on the App Store. Developers are required to report transactions to Apple for invoicing purposes using new APIs Apple will provide.
For apps on iPadOS, macOS, tvOS, and watchOS, developers who use alternative payment processing will get a 3% discount on the commission they owe to Apple.
Expanded developer app analytics and user data portability
Expanded app analytics reports for the App Store and iOS
To reflect the DMA’s changes, Apple will expand the analytics available for developers’ apps both in the EU and around the world to help developers get even more insight into their businesses and their apps’ performance. Over 50 new reports will be available through the App Store Connect API to help developers analyze their app performance and find opportunities for improvement with more metrics in areas like:
- Engagement — with additional information on the number of users on the App Store interacting with a developer’s app or sharing it with others;
- Commerce — with additional information on downloads, sales and proceeds, pre-orders, and transactions made with the App Store’s secure In-App Purchase system;
- App usage — with additional information on crashes, active devices, installs, app deletions, and more.
- Frameworks usage — with additional information on an app’s interaction with OS capabilities such as PhotoPicker, Widgets, and CarPlay.
Apple is introducing a new App Store Connect API called the Analytics Reports API to provide access to reports that include data from the App Store and iOS. Developers will also have the ability to provide third-party access to their reports using the new API.
To protect the privacy of Apple users, Apple is applying privacy measures to help ensure that users are not identifiable at an individual level.
Additional information about report details and access will be available in March.
User data portability tools for App Store account data
Apple is committed to giving users transparency and control over the data Apple collects and uses, and offers users tools for understanding and managing their personal data, including Apple’s Data & Privacy page, where they can get or transfer a copy of their data, delete their Apple account, and more. To reflect the DMA’s changes, Apple’s Data & Privacy site will be enhanced to provide users with additional App Store data categories and provide users the ability to consent to exporting this data to authorized alternative app marketplace developers. To help ensure that the intended uses of this sensitive user data meet user expectations, marketplace developers are responsible for meeting minimum eligibility requirements before they may access the Account Data Transfer API for requesting this data within their interfaces. Additional information about the API entitlement request form will be available in March.
Terms for alternative distribution and payments in the EU
Worldwide, the App Store’s single commission on digital goods and services fairly reflects Apple’s ongoing investments in a wide range of tools and technologies and services that enable developers to build high-quality apps, reach Apple users globally, and seamlessly sell their goods and services. To help developers build the best apps for our users, teams across Apple are always working to create and share new tools and resources, including programming languages and development tools that make it easy to build apps for Apple’s ecosystem, specialized software development kits with over 250,000 APIs, testing services and feedback programs, distribution and discovery, a world-class payments and commerce system, and so much more. This simple fee structure relies on tight integration between iOS, the App Store, and its commerce system, including In-App Purchase.
Apple is sharing new business terms available for developers’ apps in the EU. Developers can choose to adopt these new business terms or stay on Apple’s existing terms. Developers must adopt the new business terms for EU apps to use the new capabilities for alternative distribution or payment processing.
The new business terms for apps in the EU are necessary to support the DMA’s requirements for alternative distribution and payment processing. That includes a fee structure that reflects the many ways Apple creates value for developers’ businesses — including App Store distribution and discovery, the App Store’s secure payment processing and related commerce services, Apple’s trusted and secure mobile platform, and all the tools and technology to build and share innovative apps with users around the world.
Developers operating under the alternative business terms for iOS apps in the EU will have the option to distribute their iOS apps from the App Store and/or alternative app marketplaces. These developers can also choose alternative payment processors in their apps on the App Store in the EU across Apple’s operating systems.
The alternative business terms for iOS apps in the EU have three primary elements:
- Reduced commission — iOS apps on the App Store will pay a reduced commission of either 10% (for the vast majority of developers, and for subscriptions after their first year) or 17% on transactions for digital goods and services, regardless of payment processing system selected;
- Payment processing fee — iOS apps on the App Store can use the App Store’s payment processing for an additional 3% fee. Developers can use a Payment Service Provider within their app or link users to a website to process payments for no additional fee from Apple;
- Core Technology Fee (CTF) — For very high volume iOS apps distributed from the App Store and/or an alternative app marketplace, developers will pay €0.50 for each first annual install per year over a 1 million threshold. Under the new business terms for EU apps, Apple estimates that less than 1% of developers would pay a Core Technology Fee on their EU apps.
Developers registered as an educational institution, government agency, or nonprofit on the alternative terms will not pay the CTF, subject to the Apple Developer Program’s existing rules.
For developers on the alternative terms in the EU in the App Store Small Business Program and for subscriptions after their first year, Apple will offer a further reduced commission of 10%.
Developers of alternative app marketplaces will pay the CTF for every first annual install of the app, including installs that occur before the 1 million threshold is met.
Developers operating under these terms for iOS apps in the EU can choose to access the new capabilities to distribute their iOS apps using alternative app distribution options and to offer alternative payment processing on the App Store across all supported platforms. Developers of iPadOS, macOS, tvOS, and watchOS apps on the App Store that use alternative PSPs and/or link out to purchase will get a discounted commission of 3% based on the App Store’s standard worldwide commission rate. Developers who prefer the existing terms can choose to stay on the App Store’s current business terms, and no further action is needed.
Developers may review the alternative business terms for the EU starting today on developer.apple.com. The terms for iOS apps in the EU will go into effect in March for developers that have already agreed to them. For developers that choose to agree to the alternative terms after March, they will apply to their iOS apps in the EU from the date they have agreed onwards. Apple will begin applying the App Store’s reduced commission and optional payment processing fee, and counting installs towards calculating the CTF when the terms are in effect for a developer’s iOS apps in the EU.
To help developers understand the impact of the alternative business terms on their app businesses, Apple is also sharing a fee calculator tool and new reports to help developers estimate the potential of the new business terms on their app businesses. Under the new business terms for EU apps, Apple estimates that more than 99% of developers would reduce or maintain the fees they owe to Apple.
Providing a great business opportunity for all developers
We strive for iOS to remain the best app ecosystem and a great business opportunity for developers worldwide, and are committed to terms that remain fair to all developers and give them choices. The changes in the EU are being made with these goals in mind — whether a developer chooses to adopt the alternative terms for iOS apps in the EU, chooses to continue only distributing on the App Store, or chooses to use the App Storeʼs In-App Purchase system.
Like today, Apple will continue to support the vast majority of developers with no or low fees and commissions. Today, 88% of developers on the App Store in the EU pay Apple no commission at all. The commission will continue to only apply to sales of digital goods and services in apps on the App Store, including under the alternative terms. Developers who choose the new terms and distribute on the App Store will pay a reduced commission of either 10% (for the vast majority of developers, and for subscriptions after their first year) or 17% on transactions for digital goods and services. Developers distributing on the App Store can choose to use the App Store’s payment processing for an additional 3% fee.
We also designed the changes so that all developers participating in the App Store Small Business Program and developers offering subscriptions will continue to benefit from reduced commissions to invest back in their businesses, no matter which terms they choose. Today, 75% of developers with apps in the EU pay a reduced commission through programs like the App Store Small Business Program. For developers on the alternative terms in the EU, Apple will offer a further reduced commission of 10% for qualifying developers in the App Store Small Business and for subscriptions after their first year.
To fairly compensate Apple for the ongoing investments it makes in developer tools and technologies and align with developers’ choices under the DMA, Apple designed the Core Technology Fee to only impact a small fraction of developers that are on the alternative terms. Under the new business terms for EU apps, Apple estimates that less than 1% of developers would pay a Core Technology Fee on their EU apps. Only developers that have reached exceptional scale on iOS will be subject to the CTF.
As before, developers who are registered as an educational institution, government agency, or nonprofit on the alternative terms and have been approved for fee waiver won’t pay a membership fee for the Apple Developer Program or the CTF, subject to the Apple Developer Program’s rules.
No matter which terms developers choose in the EU, both reflect the many ways Apple creates value for developers’ businesses — including distribution and discovery on the App Store, the App Store’s secure payment processing, Apple’s trusted and secure mobile platform, and all the tools and technology to build and share innovative apps with users around the world.
To adopt these new terms, the Account Holder of a membership in the Apple Developer Program will need to agree to the Alternative Terms Addendum for apps in the EU.
Developer Q&A: Changes for apps in the EU
Apple is sharing a number of changes to comply with the Digital Markets Act’s (DMA) requirements for iOS, Safari, and the App Store in the European Union. Those include new tools and capabilities for developers’ apps in the EU, and protections that help reduce — but don’t eliminate — the new complexity and emerging risks the DMA creates for our EU users.
We’re limiting these changes to the European Union because we’re concerned about their impacts on the privacy and security of our users’ experience — which remains our North Star. These changes comply with the DMA, and in the weeks and months ahead, we’ll continue to engage with the European Commission, the developer community, and our EU users about their impacts.
For their apps in the EU and around the world, developers can continue to use the App Store, its secure In-App Purchase system, and all the tools and resources they’re familiar with today.
On this page, developers can find questions and answers about the changes Apple is sharing to comply with the DMA, affecting apps in the European Union. Developers can find additional information on support pages throughout the developer site.
What goals guided Apple’s implementation of the DMA?
Apple’s approach to the Digital Markets Act was guided by two simple goals: complying with the law and reducing the inevitable, increased risks the DMA creates for our EU users.
First, that meant studying the Digital Markets Act to figure out how iOS, Safari, and the App Store could best meet its requirements. Teams at Apple spent months in conversation with the European Commission — and in little more than a year, created more than 600 new APIs and a wide range of developer tools. Those changes reflect the work of hundreds of Apple team members who spent tens of thousands of hours creating the new capabilities necessary to comply with the DMA.
For every change, teams at Apple continued to put our users at the center of everything we do. That meant creating safeguards to protect EU users to the greatest extent possible and to respond to new threats, including new vectors for malware and viruses, opportunities for scams and fraud, and challenges to ensuring apps are functional on Apple’s platforms. Still, these protections don’t eliminate new threats the DMA creates.
In sum, these protections will help Apple users in the EU:
- Understand what an app does before they download it, even outside of the App Store.
- Get protection from malware, viruses, and other security threats
- Make informed decisions about the data they share and with whom
- Know who they’re transacting with when they process payments outside of the App Store’s secure In-App Purchase system
Apple’s focus remains on creating the most secure system possible within the DMA’s requirements. But even with these safeguards in place, many risks remain — and in the EU, the DMA’s changes will result in a less secure system.
Apple also carefully designed the new developer tools, APIs, resources, and analytics with developers in mind, so they can understand the options available for their EU apps and make informed decisions. That includes tools like our fee calculator, and developer documentation that explains — in detail — how developers can integrate new capabilities for their EU apps.
Why isn’t Apple sharing these changes to iOS and the App Store outside of the EU?
Apple is not offering these changes outside of the EU because this is not the safest system for our users. We’ve been very clear about new threats the DMA introduces — including increased risks for malware, fraud and scams, illicit and objectionable content, and reduced ability for Apple to respond to and remove malicious apps. The changes required by the DMA also involve new technologies and processes that are untested and may require further development.
At Apple, we’ve always built every innovation on a crucial foundation: the trust of our users. And we’ve never taken that trust for granted. That’s why — from our operating systems to the App Store — we build in privacy and security protections from the ground up. We review apps and app updates to help make sure they’re transparent about the data they collect, to identify malware and fraud, and to uphold standards for quality and performance that meet our users’ expectations.
In the EU, the Digital Markets Act requires us to make changes to a formula that has served users and developers exceptionally well — changes that introduce new options, but also new risks. The changes we’re sharing represent Apple’s work to comply with the law and to help reduce new privacy and security risks the DMA creates for our users.
What are some of the new risks Apple expects these changes to create for users in the EU?
The Digital Markets Act’s requirements create a number of risks that — left unchecked — would seriously compromise the privacy and security of our EU users’ experience on their devices. Those risks include:
- Software that includes malware, viruses, and other security threats
- Increased risks of scams, fraud, and abuse
- Distribution of illicit, objectionable, and harmful content
- Apps that misrepresent their functionality
- Apps that unnecessarily access, or even steal, sensitive user data
- Distribution of pirated software
- Reduced ability for Apple to prevent or remove harmful apps, and to support customers encountering issues outside of the App Store
The new protections Apple is sharing — including Notarization for iOS apps, and authorization for marketplace developers — help reduce some of the privacy and security risks to iOS users in the EU. That includes threats like malware or malicious code, and risks from installing apps that misrepresent their functionality or the responsible developer. Still, even with these safeguards in place, Apple will have less ability to address new risks and protect EU users.
The DMA’s changes will also create a more complex, and potentially less intuitive user experience. That includes more difficulty finding apps, varying policies across alternative app marketplaces, and complexities created by new payment method options.
In the EU and around the world, the App Store will continue to set its high bar for privacy and security, offering useful features to protect the safety and quality of our users’ experience. That includes features like parental controls, Family Purchase Sharing, Ask to Buy, subscription management, and more. Apps on the App Store will continue to be reviewed according to the App Store Review Guidelines, upholding Apple’s standards for privacy, security, and quality.
Changes to iOS
What steps is Apple taking to review iOS apps distributed outside of the App Store and protect EU users?
The Digital Markets Act makes clear that companies can take steps to protect the integrity of their platforms, and within the confines of the DMA, we’re committed to protecting the privacy and security of our EU users. That means taking steps that reduce — but don’t eliminate — new risks. Those include:
- Notarization for iOS apps — a baseline review that applies to all apps, regardless of their distribution channel, focused on platform integrity and protecting users. The Notarization process involves a combination of automated checks and human review to help ensure apps are from credible parties, free of malicious content like malware, function as promised, and don’t expose users to egregious privacy and security risks or fraud.
- App installation sheets — that use information from the Notarization process to provide at-a-glance information about apps and their functionality before download, including the developer, screenshots, and other essential information.
- Authorization for marketplace developers — a review process to help ensure developers who create alternative app marketplaces meet specific criteria and commit to ongoing requirements that help protect users and developers.
- Allow Marketplace from Developer — a new permission in Settings that lets EU users identify the developers they allow alternative app marketplaces to be installed from.
- Additional malware protections — if Apple determines an iOS app contains malware after it has been installed, iOS will prevent the app from launching.
These changes are focused on protecting the privacy and security of iOS users in the EU — which remains our North Star — while complying with this new regulation. They’re also consistent with Article 6(4) of the DMA, which explains that companies may take “necessary” steps so that the “integrity” of their platform is not “endanger[ed]” by alternative distribution.
Apple can’t eliminate every new risk the DMA creates. But within the confines of the regulation, we’re committed to protecting our EU users and to helping them make informed decisions. Notarization is a central part of that work, and Apple will continue to prioritize safety, security, and privacy measures that promote the best experience possible for EU users under this new regulation.
Why is Apple notarizing apps outside of its own App Store?
Notarization for iOS apps helps to protect our users and to certify apps distributed on iOS. That means checking some basic facts about each app — including who it’s from and what it does. It also includes a basic security check to identify serious threats like malware. After the app is notarized, that information is shared in an install sheet that surfaces when users download an app.
Notarization on iOS is more limited than the App Review process for apps on the App Store — and uses a combination of automated checks and a basic human review. While the Notarization process does not set the same high bar for privacy and security as the App Store, it includes basic protections designed to reduce some of the new risks created by alternative app distribution.
Do these changes mean that Apple is allowing sideloading in the EU?
Yes. Typically, sideloading refers to downloading iOS apps outside of an official app marketplace — and in the EU, users will have the option to download alternative marketplaces that offer apps for download.
Teams at Apple have worked to make that process as secure and intuitive as possible for users and developers. That includes Notarization for iOS apps, which scans apps for malware and privacy and security threats, protects the integrity of users’ devices, and helps confirm the accuracy of basic information about the app’s functionality. Apple also has a review process in place to help ensure marketplace developers provide ongoing support for both customers and developers, and have clear and consistent rules for the apps on their marketplaces.
Sideloading is one of many reasons why in the EU, the DMA’s changes will result in a system that’s less secure than the model we have in place in the rest of the world. Teams at Apple have worked hard to minimize the risks associated with sideloading — but real risks remain.
If developers can distribute their apps from multiple sources, does that mean users can get different versions of the same app on their iPhone?
We want the app experience to remain as intuitive as possible, for both users and developers. That’s why developers will submit a single binary of their app for distribution across channels — including the App Store or an alternative app marketplace. An app may only be installed from one distribution channel at a time. To download a previously installed app from a new distribution channel, the user must delete the app and reinstall it from a new marketplace.
Apps downloaded from different sources may have some differences, including the content they make available, the payment processors they use, the risks they pose to users, and more.
What is Apple doing to comply with the DMA’s interoperability requirements for developers’ apps in the EU?
Apple has long supported interoperability, enabling developers to leverage powerful hardware and software technologies in the apps they offer to our users. That includes more than 250,000 application programming interfaces (APIs) that allow developers to use iOS and iPhone technologies to build incredibly innovative apps. Apple also operates a “Made for iPhone” licensing program (“MFi”), which enables third parties to develop hardware accessories using Apple technologies.
In the European Union, Apple is expanding that work by enabling developers of dedicated browser apps and apps that provide in-app browsing experiences to use alternative browser engines. Apple is also sharing a new form for developers to submit DMA-related requests for effective interoperability. And in the European Economic Area, Apple is sharing DMA-compliant changes that enable developers to use NFC technology in their wallet and banking apps.
These changes build on the many ways Apple supports interoperability today.
Why don’t users in the EU have access to Home Screen web apps?
To comply with the Digital Markets Act, Apple has done an enormous amount of engineering work to add new functionality and capabilities for developers and users in the European Union — including more than 600 new APIs and a wide range of developer tools.
The iOS system has traditionally provided support for Home Screen web apps by building directly on WebKit and its security architecture. That integration means Home Screen web apps are managed to align with the security and privacy model for native apps on iOS, including isolation of storage and enforcement of system prompts to access privacy impacting capabilities on a per-site basis.
Without this type of isolation and enforcement, malicious web apps could read data from other web apps and recapture their permissions to gain access to a user’s camera, microphone or location without a user’s consent. Browsers also could install web apps on the system without a user’s awareness and consent. Addressing the complex security and privacy concerns associated with web apps using alternative browser engines would require building an entirely new integration architecture that does not currently exist in iOS and was not practical to undertake given the other demands of the DMA and the very low user adoption of Home Screen web apps. And so, to comply with the DMA’s requirements, we had to remove the Home Screen web apps feature in the EU.
EU users will be able to continue accessing websites directly from their Home Screen through a bookmark with minimal impact to their functionality. We expect this change to affect a small number of users. Still, we regret any impact this change — that was made as part of the work to comply with the DMA — may have on developers of Home Screen web apps and our users.
Changes to the App Store
What additional insights can developers get into the performance of their apps?
Already today, Apple provides a wide range of metrics in App Store Connect to help developers understand their apps’ performance. Apple is building on that work with more than 50 new reports, available for apps around the world — giving developers even more insight. These reports will be enabled by the App Store Connect API and will share metrics in areas like:
- Engagement — with information on the number of users on the App Store interacting with a developer’s app or sharing it with others;
- Commerce — with information on downloads, sales and proceeds, preorders, and transactions made with the App Store’s secure In-App Purchase commerce system;
- App usage — with information on crashes, active devices, installs, app deletions, and more;
- Frameworks usage — with additional information on an app’s interaction with OS processes such as PhotoPicker, Widgets, and CarPlay.
Developers will be able to access regular reports, share data with alternative app marketplace developers or other authorized third parties, and export the full history of their app’s commerce, engagement, and usage. More information about new app analytics will be available in March.
What new options do developers have for processing payments in their EU apps?
The App Store’s secure In-App Purchase (IAP) — along with its world-class commerce system — makes it easy for developers to sell digital goods and services, and creates a seamless, trusted experience to help users make transactions.
With the DMA coming into effect, developers operating under Apple’s new business terms for apps in the EU have the option to use payment service providers (PSPs) to process payments within their app, as an alternative to the App Store’s secure payment processing.
Developers also have the option to link users out to the web to complete a transaction. App Store payment processing will only be available for apps distributed in the App Store.
Developers will not be able to use both IAP and alternative payment processors in their App Store apps on the same storefront. That said, developers who start using an alternative payment processor can decide to switch back to the App Store’s secure payment processing at any time.
If I switch to an alternative payment processor, will my users be charged twice for their subscriptions or other recurring purchases?
To avoid double-charging users, developers using PSPs, linking out, and/or alternative distribution should take steps to ensure existing users do not make redundant purchases. In general, users will be billed with the payment processor where they first transacted with a developer.
What commerce features — outside of payment processing — come with IAP?
The App Store’s secure In-App Purchase system helps users make secure, seamless payments, and helps developers sell digital goods and services right from their app. And, along with the App Store, IAP does much more than just payment processing.
With IAP, Apple users in the EU can:
- Make transactions in multiple currencies with the payment information connected to their Apple ID;
- Pay with credit or debit cards, carrier billing, digital wallets, Apple Gift Card, or App Store and iTunes Gift Card, depending on their region;
- Access their purchased content on all the devices a developer’s app supports, and restore purchases on new devices;
- Use Report a Problem to get help directly from Apple about content they’ve purchased or to request a refund;
- Share eligible purchases through Family Sharing and review their kids’ downloads and purchases with Ask to Buy;
- View their purchase history across their Apple devices;
- Manage all of their subscriptions in one place.
With IAP and the App Store, developers also benefit from a range of important commerce services for their businesses — including fraud prevention, tax management, and more. We think the App Store and IAP are the best and most trusted commerce system available — and developers can continue to use IAP for their apps distributed from the App Store in the EU.
New business terms for EU apps
How did Apple come up with its new business terms for developers’ iOS apps in the EU?
Apple’s traditional business model has reflected the value of all the technologies, tools, and resources that make it possible for developers to build and share apps with Apple users. That includes distribution, discovery, and promotion on the App Store; its secure payment processing and In-App Purchase commerce system; a range of developer tools, including our more than 250,000 APIs; the value of Apple’s operating systems and intellectual property; and much more.
The new business terms for apps in the EU are necessary to support the DMA’s requirements, which separate out the many ways Apple creates value for developers. That includes a reduced commission for apps on the App Store, a fee for payment processing, and a Core Technology Fee that reflects the value of Apple’s proprietary tools and technologies, protected by intellectual property. These business terms reflect the DMA’s changes to app distribution and payment processing — so Apple is only sharing these business terms in the 27 EU countries where the DMA is in effect. Developers can choose to adopt these business terms for their EU apps, or stay on Apple’s existing business terms.
How would the new business terms affect my apps?
Under the new business terms for EU apps, Apple estimates that:
- More than 99% of developers would reduce or maintain the fees they owe to Apple.
- Less than 1% of developers would pay a Core Technology Fee on their EU apps.
Developers who don’t want anything to change can stay on the exact same business terms available today — continuing to share their apps on the App Store alone, and to use the App Store’s secure payment processing. Under these terms, developers only pay Apple a commission on the sale of digital goods and services. That means most developers don’t pay any commission at all, and the vast majority of those who do pay a reduced rate.
By maintaining a choice of business terms, every developer has the opportunity to maintain or reduce the costs they owe to Apple. In addition, both sets of business terms — Apple’s existing terms, and the new terms for EU apps — support developers with low or non-existent fees and commissions. Apple only ever charges a commission on the sale of digital goods and services for apps on the App Store, and offers reduced rates for subscriptions after their first year and members of the Small Business Program, News Partner Program, and Video Partner Program.
Why isn’t Apple sharing its new business terms for EU apps around the world?
To support the DMA’s requirements, we’re sharing business terms that reflect the new options for alternative distribution and payment processing — and the many ways Apple creates value for developers. Apple is not offering these capabilities outside of the EU because they introduce new complexity and significant risks to the privacy and security of the user experience. Therefore, the associated business terms are only relevant to apps in countries impacted by the DMA.
If they prefer, developers can choose to remain on the App Store’s existing business model for their EU apps. And we think it’s a really great model. In fact, over the past 15 years, it’s helped the app economy become one of the most thriving, innovative markets in the world — with a model that is incredibly simple. Developers pay an annual fee to join the Apple Developer Program, and developers who sell digital goods and services pay Apple a commission.
Over time, that business model has become an even better deal. We’ve offered developers more tools, more reach, and more value — and we’ve only lowered our commissions over time. That’s helped developers around the world build thriving businesses. In 2022 alone, the App Store facilitated $1.1 trillion in developer billings and sales — building on a track record of strong, consistent growth.
A commission-based model has helped the app economy become one of the most competitive, innovative markets in the world. And it continues to give every developer, large or small, the opportunity to share their apps with Apple users, and to build a successful business in the process.
Which new options will be available to developers operating under the new business terms? Which will be available to all developers?
Developers operating under the new business terms for apps in the EU will have the option to:
- Distribute iOS apps from alternative app marketplaces;
- Process payments using alternatives to the App Store’s secure payment processing.
All other DMA-related changes — including the new capabilities for interoperability, expanded app analytics, and more — will be available for developers’ EU apps, regardless of the business terms they operate under. Apple will continue to work closely with developers as they evaluate these options and test new capabilities.
Why is Apple giving developers two options for business terms in the EU?
We want developers to have the flexibility to choose the business terms that make the most sense for them.
Importantly, developers who prefer Apple’s existing business terms — including the 88% of developers on the App Store in the EU who pay Apple no commission at all — can choose to remain on the same business terms in place today.
For developers who prefer the new business terms for EU apps, or would like to try capabilities for alternative app distribution and alternative payment processing, we’ve created new business terms that reflect the DMA’s changes. Under the new business terms for EU apps, Apple estimates that more than 99% of developers would reduce or maintain the fees they owe to Apple.
Developers who adopt the new business terms at any time will not be able to switch back to Apple’s existing business terms for their EU apps. Apple will continue to give developers advance notice of changes to our terms, so they can make informed choices about their businesses moving forward.
What is the Core Technology Fee?
The Core Technology Fee (CTF) reflects Apple’s investment in the tools, technology, and services that enable developers to build and share their apps with Apple users. That includes more than 250,000 APIs, TestFlight, Xcode, and so much more. These tools create a lot of value for developers, whether or not they share their apps on the App Store.
The CTF only applies to developers who adopt the new terms for alternative distribution and payment processing — and whose apps reach exceptional scale. With membership in the Apple Developer Program, eligible developers on the new business terms get a free one million first annual installs per year for each of their apps in the EU. See terms for more details. Under the new business terms for EU apps, Apple estimates that less than 1% of developers would pay a Core Technology Fee.
What is a first annual install, and why is Apple using it as a metric to calculate the Core Technology Fee?
A first annual install is the first time in a 12-month period that an app is downloaded, redownloaded, or updated by an Apple account. A first annual install can occur on any iOS app distribution channel — including the App Store and/or an alternative app marketplace.
The first annual install metric has a few advantages:
- It avoids charging developers for multiple downloads of the same app across a single accountholder’s iOS devices;
- It avoids charging developers multiple times if an accountholder deletes and redownloads an app in a short period;
- Developers can continue to update their apps without incurring a Core Technology Fee every time an update is installed.
Only very high volume apps in the EU — that exceed 1 million first annual installs per year (over the past 12 months) — will be responsible for paying Apple the Core Technology Fee. That reflects the increasing value a developer gets from Apple’s core tools and technologies as their app scales to millions of devices. Under the new business terms for EU apps, Apple estimates that less than 1% of developers would pay a Core Technology Fee.
Developers can find more information about first annual installs and the Core Technology Fee on the Developer Support page. Developers can also access a new report in App Store Connect to understand how many first annual installs their apps have in the European Union.
What is Apple doing to prevent ‘install bombing’ — efforts from bad actors to increase install numbers to increase the Core Technology Fees developers owe to Apple?
Already, Apple takes a number of steps to prevent fraud and scams and protect developers’ intellectual property. Apple is implementing additional measures to monitor, detect, and prevent install abuse, including:
- An install verification mechanism to ensure all installs come from real Apple devices
- Limits on the number of first annual installs that can come from a single device
- Investigating, and potentially terminating, user or developer accounts that engage in suspicious behavior
Will Apple charge a Core Technology Fee for nonprofit and government apps?
Developers who meet all of the following criteria will not pay a Core Technology Fee, even if they surpass the first annual install threshold:
- Registered with the Apple Developer Program as a nonprofit organization, accredited educational institution, or government entity
- Only distribute free apps on the App Store without the use of In-App Purchase
- Do not otherwise sell digital goods and services