How the EU is contributing to the Google/Apple Duopoly

In recent years the EU has been wading deep into digital regulation. Let's talk about a couple of somewhat-recent developments, and how they're legally mandating the use of monopolistic products and services.

The Revised Payment Services Directive (PSD2)

This regulation mandates Strong Customer Authentication (SCA) for online payments and account access. SCA requires at least two of the following factors:

• Something the user knows (e.g., PIN)
• Something the user has (e.g., mobile device)
• Something the user is (e.g., biometrics)

These are fairly standard security practices. However the way its been implemented by banks and other financial accounts has been fairly consistent, and very problematic. These banks don't want to code apps and integrations for every type of device and operating system in existence, so they code for the ones that most people have on them at all times: phones. Specifically Android and Apple devices, and nothing else. Meaning if you want to access your bank account, you need to have one of these.

Now for Apple, it's pretty straightforward to explain why this is a problem. Don't have an iPhone? Can't access your account. Apple does not allow installation of any third party apps or operating systems.

But, just for a moment, let's suspend disbelief and pretend that you are someone who actually cares about freedom, privacy, and competition, and you look to Google's Android OS for that. After all, it's FOSS, and there are many different operating systems you can run on an Android device! Well, things obviously get a little more complicated.

Except, you can't, because Google very much does not want you to be able to do that, and probably regrets ever giving you that option. That's why they introduced the Play Integrity API, which is a way for Google to verify that installed apps are "legitimate", AKA, not installed from outside of their proprietary Play Store, which is the only place you can find "legitimate" apps, according to Google. Anything else is "unsafe".

The problem, you will find, is that virtually every banking app in existence has implemented this API, meaning you can only download apps from the actual Play Store app, meaning you need to be logged into the Play Store, meaning you need to be logged into a Google account at a device level. At an operating system level. Meaning you have to install "Google Play Services" on your device, which is essentially spyware that monitors all of your activities on the device.

Now GrapheneOS offers their own hardware attestation API but good luck convincing any banks to adopt this. The org has had a fairly small amount of success with this.

The Digital Services Act, EU Digital Identity Wallet and Play Integrity API

In October 2025 the EU updated the Digital Services Act (DSA), mandating online age verification for users entering websites hosting adult material. Now, for the purposes of this conversation, we're going to table discussions about the enormous privacy and security violations that have and will continue to come about as a result of this legislation, and instead focus on it's dependency on American monopolies.

Now unlike the US states that have enacted similar legislation without any suggestions of how it should actually be implemented, the EU formed and shared an Age Verification Blueprint. The blueprint specifies the use of the EU Digital Identity Wallet (EUDI) which, by the way, does not exist at the time of writing, several months after the regulations were enacted, but I digress (again), let's focus on the monopolies. On the bright side, this app is open source, and can be forked and adopted by other nations, and users can know exactly what the app is doing. On the other hand, would you believe it, this app, the one that the EU is mandating virtually everyone in the EU to use, also requires the use of either Apple devices or Google's Play Integrity API.

An "issue" was opened on Github on July 16th, asking the developers to remove this requirement. The issue received several thousand thumbs up reactions and several hundred replies in agreement. The commenters in that "issue" highlight that these requirement violates the EU's own principles on interoperability and availability. Still the issue has not been remediated.

Conclusion

You cannot exist in the EU without owning and using an Apple or Google device running proprietary software. It is mandated by the local government.