Apple says EU regulators forced its hand by refusing every proposal to bring Siri AI to iPhone and iPad. Look closer, and a familiar pattern emerges: a recurring standoff where security framing, market leverage, and genuine technical risk all blur together, and where neither side comes away looking purely principled.
Apple's June 8 newsroom post lands with a tone that has become recognizable to anyone who has watched the company's relationship with Brussels over the past three years. Siri AI, the rebuilt assistant powered by Apple Intelligence and announced at WWDC26, will not ship in the European Union when iOS 27 and iPadOS 27 arrive later this year. The blame, per Apple, sits squarely with the Digital Markets Act and what the company calls regulators' "extreme interpretation" of it.
The immediate developer and tech-community reaction split along lines that should surprise no one who has followed this saga. One camp reads the announcement as Apple finally being honest about an impossible security mandate. The other reads it as the latest move in a pressure campaign, where EU users become bargaining chips and "privacy" is the reliably sympathetic shield Apple raises whenever a regulation threatens its control over the platform. Both readings have evidence behind them, which is exactly why this story is worth slowing down on.
What Apple is actually claiming
Strip away the framing and the technical claim is specific. Apple says that under the European Commission's reading of the DMA's interoperability provisions, making Siri AI available in the EU would obligate Apple to grant any third-party virtual assistant the same depth of access Siri itself has. That means the ability to read and send messages, make purchases, access files, and execute actions across any installed app, and to do so autonomously.
This is the part that deserves genuine technical attention rather than reflexive cynicism. An AI agent with permission to act across applications on a device is a meaningfully different security object than a chatbot that answers questions. The attack surface Apple is gesturing at is real and well documented. Prompt injection, where malicious instructions hidden in content a model processes cause it to take unintended actions, has moved from academic curiosity to demonstrated exploit. Researchers have shown agents being steered into exfiltrating data or modifying settings without the user noticing. The OWASP project now tracks prompt injection as the top risk for LLM applications. So when Apple says "security researchers have already shown that AI systems can be hijacked," that sentence is not marketing. It is accurate.
Apple's proposed answer was something it calls the Trusted System Agent, described as an intermediary layer that would let third-party assistants reach the same capabilities as Siri AI but through a controlled broker rather than direct, unmediated access. The company says it also offered an 18-month phased rollout. The Commission, by Apple's account, rejected all of it.
Where the framing gets slippery
Here is the friction. Apple has used the privacy-and-security argument before, in contexts where the security stakes were considerably thinner and the commercial stakes were not. The fight over alternative app stores, sideloading, and the Core Technology Fee all carried similar language about protecting users, and in several of those cases the Commission and independent observers concluded the protective framing mostly protected Apple's revenue and gatekeeping position.
That history matters because it changes how a claim should be weighed. The DMA's entire premise is that a handful of gatekeepers control access to users and that interoperability is the remedy. An assistant that can act across apps is precisely the kind of high-leverage chokepoint the law was written to pry open. From the Commission's seat, a rule that let Apple ship its own cross-app agent while indefinitely blocking competitors from equivalent access would hollow out the regulation entirely. The EU's position, which it has not detailed publicly in response to this post, is presumably that Apple's "safety" architecture conveniently leaves Apple as the sole arbiter of what counts as safe.
Notice also the selective geography. Siri AI ships in the EU on macOS 27 and visionOS 27, just not on iOS, iPadOS, or watchOS. Apple's stated reason is that the DMA's gatekeeper designations bite hardest on the platforms with the largest installed base and the most contested ecosystems. A more cynical reading is that the phones and tablets are where Apple's market power and App Store economics are most exposed, so those are the platforms it is most willing to weaponize a feature withdrawal over. Both can be true at once.
The counter-argument that does not get made enough
Lost in the binary of "Apple is protecting you" versus "Apple is punishing you" is a third possibility that a fair observer should hold open: the DMA may genuinely be a blunt instrument for agentic AI, and the Commission may genuinely be underweighting the security model, while Apple is simultaneously exploiting that blunt-ness for leverage. Regulatory frameworks written before autonomous agents were a consumer reality were not designed with prompt injection in mind. The interoperability mandate that makes obvious sense for, say, messaging or default browsers carries different risk when the interoperable thing is a system with write access to your files and your bank.
The people most worth listening to here are not the partisans on either side but the security engineers who have to build these brokered-access systems. The hard question is not political. It is whether a Trusted System Agent style intermediary can actually enforce meaningful boundaries on a third-party model without either neutering the assistant or leaving the same injection vulnerabilities intact one layer up. That is an unsolved problem, and it is unsolved for Apple's own Siri AI too, not just for hypothetical competitors. Which raises an uncomfortable question Apple's post does not answer: if cross-app agentic access is this dangerous, what exactly makes it safe when the agent is Apple's?
What changes for developers and users
Concretely, EU-based developers cannot test or build against the new Siri AI APIs on iOS, iPadOS, or watchOS. That is the detail with the longest tail. A developer ecosystem that cannot touch a platform's flagship AI surface for an indefinite period starts to fragment, and "indefinite" is the operative word, because Apple explicitly declined to give a timeline. EU users keep the existing Siri, lose the rebuilt assistant, the conversation-history app, the expanded Visual Intelligence, and the Camera integration shown at WWDC26.
Whether this resolves in months or drags on depends on a negotiation neither party is describing honestly in public. Apple frames it as the Commission refusing to engage. The Commission will almost certainly frame it as Apple refusing to comply. The truth that developers should plan around is simpler and less satisfying: there is no agreement, there is no date, and a feature that defines Apple's next OS cycle is now a hostage in a dispute where both captors believe they are the rescuer.
The pattern this fits is the one that has defined platform regulation since the DMA took force. Each new feature becomes a test case, each test case becomes a standoff, and each standoff gets narrated by both sides as a defense of the user. The users, meanwhile, mostly just wanted the assistant to work. That gap, between the principles invoked and the people affected, is the part of this story most worth watching as iOS 27 approaches.
Comments
Please log in or register to join the discussion