Apple is withholding its new Siri AI from the EU due to antitrust regulations. The move exposes a massive clash between European market competition laws and user privacy protection, while shifting the global AI landscape.
Apple made several announcements last week at its Worldwide Developers Conference, with the headline being the next generation of Apple Intelligence and a new Siri AI. Yet, alongside it sat the revelation that Siri AI will not appear in the EU when iOS 27 is released because of the Digital Markets Act (DMA). The two announcements sit next to each other awkwardly. One pushes AI deeper into how people see, write and search, while the other holds back the most privacy-protective version of that AI from the region whose privacy values are most often invoked in the global debate.
The regulatory component cannot be read fairly without acknowledging an unusual position Apple holds among large technology companies. Of all the major firms, Apple has consistently set the highest bar for data protection, with end-to-end encrypted messaging and its on-device processing keeps a large share of AI workload off cloud servers. Private Cloud Compute is the most substantial attempt by any major platform to extend on-device privacy guarantees into the cloud, with independent verification of the software running on the servers. The child safety announcements alongside Siri AI continue a long pattern of investment in user protection.
This is not a defence of Apple, which is far from beyond legitimate criticism. However, on data protection, user safety and the design decisions that determine how much of a user's information a system can see, Apple has voluntarily moved closer to the values the European Union expresses in its own legislation than almost any other major technology firm. The irony is that this is the company being held back in Europe.
What Apple is Defending
Apple's case for resistance starts with privacy. The design of Siri AI limits what any system can see across the device. The European Commission's interpretation of the DMA would, in Apple's view, require dismantling those limits to grant equivalent access to competing virtual assistants, which would not be subject to the same protections. Apple says it proposed a phased rollout with a Trusted System Agent intermediary that would have addressed some of these concerns, but this approach was not approved.
There is also an operational dimension. Rewriting an operating system to make these system-level features available to third-party AI assistants is a substantial engineering exercise. It also introduces security risks. When a platform owner gives up control of their interface, it also gives up control of the outputs that interface produces. With testing by AI security company Mindgard identifying that ChatGPT can be prompted to generate graphic images using surprisingly simple wording, brand risk becomes a key consideration in facilitating external providers to reach your customers.
Where Two EU Laws Collide
The decision affecting Apple is not isolated. In early June, the European Commission ordered Meta to open WhatsApp to rival AI chatbots for free within five working days. Whatever the merits of the specific case, a clear pattern has emerged where the EU is consistently applying the DMA to AI integration on dominant platforms. The resulting reshaping of the AI landscape inside Europe is now an active policy outcome.
The AI Act and the General Data Protection Regulation (GDPR) exist to protect citizens and their data, with the DMA designed to open markets and prevent gatekeepers from locking out competitors. Each is defensible on its own terms. Yet, applied at the same time, they propose different directions. The likely effect of forced openness is a weaker privacy floor for European users.
Similarly, the European Green Deal commits the EU to reducing emissions and improving energy efficiency across the continent. Training a frontier AI model and the inference required to run data centres are highly energy-intensive. Research suggests that data centres are warming their surrounding location by an average of two degrees, above the 1.5-degree target outlined in the Paris Agreement that the EU is committed to enforcing. This opens the question of whether more AI competition is good for the environment, with each new entrant needing its own model and data centres.
If different pieces of legislation pursue contradictory objectives, the question of which one takes precedence is not currently settled in Brussels. As a matter of law, this is not technically a contradiction. Other EU instruments have produced similar conflicts before, with the Right to Be Forgotten sitting in tension with press freedom. The DMA does not override the AI Act, GDPR or the Green Deal. Any third-party assistant granted access would still need to comply with the privacy frameworks outlined and strengthen their environmental commitments. For destinations, the outcome of these disputes matters less than the recognition that the environment in which AI reaches visitors is now internally contested in Europe.
A Flexible Approach to Legislation
A key point to note is that the DMA came into force on 1 November 2022, before generative AI emerged as the powerful force it is today. By contrast, ChatGPT was released by OpenAI on 30 November of the same year. This means that the law currently shaping AI access in Europe was finalised before the moment it now governs was envisioned.
Training and operating a general-purpose frontier model requires capital expenditure at a scale that few companies can sustain. Many of the providers driving the current generation of AI are not even profitable yet. The pool of mainstream competitors is, in practical terms, small. Applying a competition law designed for a much larger pool of potential entrants is a reasonable response to platforms that lock out rivals, yet the implications need to be fully thought through in the context of applying it to a different digital environment than it was designed for.
Another legislative model that could have relevance for resolving this contrast is the one designed for Canada's proposed Safe Social Media Act. Designed to mirror Australia's ban on social media for under-16s, it has one important addition. Tech firms can sidestep the ban if they demonstrate they have effective policies to minimise harm to minors. The legislation accepts that the right outcome is platforms with strong safety standards and uses the law to push companies toward that outcome rather than to enforce a uniform restriction.
For Europe, a similar logic could apply where AI ethics and governance, judged against published criteria, become the defining factor in which competitor platforms can be integrated. At the DTTT, we believe that the objective most worth defending is that AI is built and operated to high standards on privacy, content integrity and environmental impact. A law that creates room for companies to demonstrate that they meet comparable standards and adjust access requirements accordingly would do more to protect consumers and allow innovation and competition to thrive. This race to the top means the EU incrementally raising standards.
Europe and AI Sovereignty
There is a related concern worth flagging. The USA is consistently where frontier AI launches first. Europe comes second or not at all. Apple's decision to hold back Siri AI on iPhone in the EU is the latest example, sitting inside a larger pattern in which the most capable consumer AI features have arrived months later in Europe than in the United States, if they arrive at all. Last week's US export control directive forcing Anthropic to disable Fable 5 and Mythos 5 for any foreign national worldwide is a reminder that dependence on AI built elsewhere carries a sovereignty risk. By giving local providers room to compete with global incumbents, competition policy is designed to reduce this risk. Yet any competition policy must first be based on establishing effective and high-level ethical compliance.
Nevertheless, the consequence reaches beyond Europe's competition policy. Capable AI is becoming part of how citizens search, work, plan and travel. A continent that is structurally behind on access is on its way to being structurally behind on capability. Visitor data is the most strategically important asset that DMOs hold. The models that they can access will define how AI can use that information, who has access and on what terms. For DMOs in the EU, the practical cost of losing access to the most powerful AI capabilities also means losing the ability to prototype and test the features made possible, with implications for the degree of creativity and innovativeness these DMOs can bring to their activities.
This affects how Europe is perceived as the destination experience is now mediated through devices and services whose capabilities differ across borders. Voice-led search, on-device visual intelligence and contextual actions in the camera are all features that will be affected. The smallest tourism businesses, often operated by a handful of people, do not have the time or capacity to keep up with the level of nuance that larger players can apply. Any industry response has to design for that asymmetry from the outset.
With the tools that Siri AI enables arriving inside the operating system, the structural point matters more than any single feature. A user generating content does not always notice when AI has shaped it. With editing having always been part of destination marketing, including through Photoshop enhancements, the authenticity of images has seen a gradual erosion over time. However, with AI, the editing now reshapes the scene rather than refining it.
When AI is Everywhere
A version of this debate played out among DTTT Members at X. Design Week earlier this month, where a strand of opinion held that disclosure is on its way to becoming unnecessary because AI will eventually become invisible infrastructure that nobody thinks to label. Treating every AI interaction as a disclosure event will lose meaning fast as AI moves into the productivity layer. However, AI becoming ambient strengthens the case for institutional disclosure, even as it weakens the case for per-event labels.
Few destination marketers would now describe colour correction or a horizon-level adjustment as manipulation. Techniques such as Spatial Reframing and generative fill sit at a different point on the same dial. What they leave is a destination image that visitors then expect to match what they encounter on arrival. When the gap is too wide, the decisions they made become more difficult to justify against their own satisfaction once they are there. Destinations carry the consequence in word-of-mouth and review scores.
Against this, the European Commission's Code of Practice on Transparency of AI-Generated Content supports compliance with the AI Act's transparency obligations. While the Code is voluntary, the underlying obligations are legal. Its focus is on the technical components of disclosure in establishing a standard approach for marking AI-generated content in machine-readable form and providing mechanisms for detecting watermarks or verifying digitally signed metadata markings. On a parallel front, OpenAI, in partnership with Google, has developed SynthID watermarking for images and a verification tool to identify if images were generated by OpenAI.
These technical foundations complement the disclosure principles outlined by the DTTT AI Transparency Framework, which asks organisations publishing content to disclose how AI was used in producing it. Our view is that even at the lighter end of the spectrum, some baseline disclosure is needed. A line at the foot of a destination's imagery saying images may be altered with AI, linked to a policy that explains how an organisation uses AI and which edits it treats as minor and acceptable, is not onerous. It anchors trust to a published position rather than to an assumption and gives DMOs a place to update that policy as the techniques evolve.
A key difference, however, is that while the AI Act leaves scope for AI-generated text that has gone through a process of human review or editorial control to be exempt from disclosure. While the principle of this decision comes from good intentions, a human review is not the same as a human author. Room is still left for AI hallucinations to slip into edited copy. The kind of small AI-introduced inaccuracy that a busy reviewer can miss is precisely the kind that erodes trust when a visitor later spots it. This is why having a strong culture of routine disclosure needs to be the baseline for building trust, with the technical layers building out of it. Four open questions now need to be addressed:
Detection: As AI becomes routinely embedded into the platforms DMOs already use and invisible at the operating system level, users creating content may not register that AI has been involved at all. At what point in that spectrum does disclosure become necessary?
Required threshold: A graded scale of involvement, from light assistance to full generation, respects how AI is used in practice, but it also creates ambiguity about where the bands begin and end.
Verification: Self-declared disclosure relies on being honest, and there is currently no mechanism to verify AI declarations at scale. The Coalition for Content Provenance and Authenticity (C2PA) has developed an open technical standard for embedding tamper-evident metadata into media files, recording the tools used to create or alter them. Industry adoption of this kind of standard would help. While the metadata can still be stripped or absent from many production pipelines, it is the most concrete attempt yet at making AI involvement machine-verifiable.
Audience: Disclosure has value only if the audience understands what is being disclosed.
These questions point to the work ahead. They are the reason to treat the Framework as a starting point, with the industry invited to join the governance committee in refining it.
Oops! Something went wrong while submitting the form.
Apple made several announcements last week at its Worldwide Developers Conference, with the headline being the next generation of Apple Intelligence and a new Siri AI. Yet, alongside it sat the revelation that Siri AI will not appear in the EU when iOS 27 is released because of the Digital Markets Act (DMA). The two announcements sit next to each other awkwardly. One pushes AI deeper into how people see, write and search, while the other holds back the most privacy-protective version of that AI from the region whose privacy values are most often invoked in the global debate.
The regulatory component cannot be read fairly without acknowledging an unusual position Apple holds among large technology companies. Of all the major firms, Apple has consistently set the highest bar for data protection, with end-to-end encrypted messaging and its on-device processing keeps a large share of AI workload off cloud servers. Private Cloud Compute is the most substantial attempt by any major platform to extend on-device privacy guarantees into the cloud, with independent verification of the software running on the servers. The child safety announcements alongside Siri AI continue a long pattern of investment in user protection.
This is not a defence of Apple, which is far from beyond legitimate criticism. However, on data protection, user safety and the design decisions that determine how much of a user's information a system can see, Apple has voluntarily moved closer to the values the European Union expresses in its own legislation than almost any other major technology firm. The irony is that this is the company being held back in Europe.
What Apple is Defending
Apple's case for resistance starts with privacy. The design of Siri AI limits what any system can see across the device. The European Commission's interpretation of the DMA would, in Apple's view, require dismantling those limits to grant equivalent access to competing virtual assistants, which would not be subject to the same protections. Apple says it proposed a phased rollout with a Trusted System Agent intermediary that would have addressed some of these concerns, but this approach was not approved.
There is also an operational dimension. Rewriting an operating system to make these system-level features available to third-party AI assistants is a substantial engineering exercise. It also introduces security risks. When a platform owner gives up control of their interface, it also gives up control of the outputs that interface produces. With testing by AI security company Mindgard identifying that ChatGPT can be prompted to generate graphic images using surprisingly simple wording, brand risk becomes a key consideration in facilitating external providers to reach your customers.
Where Two EU Laws Collide
The decision affecting Apple is not isolated. In early June, the European Commission ordered Meta to open WhatsApp to rival AI chatbots for free within five working days. Whatever the merits of the specific case, a clear pattern has emerged where the EU is consistently applying the DMA to AI integration on dominant platforms. The resulting reshaping of the AI landscape inside Europe is now an active policy outcome.
The AI Act and the General Data Protection Regulation (GDPR) exist to protect citizens and their data, with the DMA designed to open markets and prevent gatekeepers from locking out competitors. Each is defensible on its own terms. Yet, applied at the same time, they propose different directions. The likely effect of forced openness is a weaker privacy floor for European users.
Similarly, the European Green Deal commits the EU to reducing emissions and improving energy efficiency across the continent. Training a frontier AI model and the inference required to run data centres are highly energy-intensive. Research suggests that data centres are warming their surrounding location by an average of two degrees, above the 1.5-degree target outlined in the Paris Agreement that the EU is committed to enforcing. This opens the question of whether more AI competition is good for the environment, with each new entrant needing its own model and data centres.
If different pieces of legislation pursue contradictory objectives, the question of which one takes precedence is not currently settled in Brussels. As a matter of law, this is not technically a contradiction. Other EU instruments have produced similar conflicts before, with the Right to Be Forgotten sitting in tension with press freedom. The DMA does not override the AI Act, GDPR or the Green Deal. Any third-party assistant granted access would still need to comply with the privacy frameworks outlined and strengthen their environmental commitments. For destinations, the outcome of these disputes matters less than the recognition that the environment in which AI reaches visitors is now internally contested in Europe.
A Flexible Approach to Legislation
A key point to note is that the DMA came into force on 1 November 2022, before generative AI emerged as the powerful force it is today. By contrast, ChatGPT was released by OpenAI on 30 November of the same year. This means that the law currently shaping AI access in Europe was finalised before the moment it now governs was envisioned.
Training and operating a general-purpose frontier model requires capital expenditure at a scale that few companies can sustain. Many of the providers driving the current generation of AI are not even profitable yet. The pool of mainstream competitors is, in practical terms, small. Applying a competition law designed for a much larger pool of potential entrants is a reasonable response to platforms that lock out rivals, yet the implications need to be fully thought through in the context of applying it to a different digital environment than it was designed for.
Another legislative model that could have relevance for resolving this contrast is the one designed for Canada's proposed Safe Social Media Act. Designed to mirror Australia's ban on social media for under-16s, it has one important addition. Tech firms can sidestep the ban if they demonstrate they have effective policies to minimise harm to minors. The legislation accepts that the right outcome is platforms with strong safety standards and uses the law to push companies toward that outcome rather than to enforce a uniform restriction.
For Europe, a similar logic could apply where AI ethics and governance, judged against published criteria, become the defining factor in which competitor platforms can be integrated. At the DTTT, we believe that the objective most worth defending is that AI is built and operated to high standards on privacy, content integrity and environmental impact. A law that creates room for companies to demonstrate that they meet comparable standards and adjust access requirements accordingly would do more to protect consumers and allow innovation and competition to thrive. This race to the top means the EU incrementally raising standards.
Europe and AI Sovereignty
There is a related concern worth flagging. The USA is consistently where frontier AI launches first. Europe comes second or not at all. Apple's decision to hold back Siri AI on iPhone in the EU is the latest example, sitting inside a larger pattern in which the most capable consumer AI features have arrived months later in Europe than in the United States, if they arrive at all. Last week's US export control directive forcing Anthropic to disable Fable 5 and Mythos 5 for any foreign national worldwide is a reminder that dependence on AI built elsewhere carries a sovereignty risk. By giving local providers room to compete with global incumbents, competition policy is designed to reduce this risk. Yet any competition policy must first be based on establishing effective and high-level ethical compliance.
Nevertheless, the consequence reaches beyond Europe's competition policy. Capable AI is becoming part of how citizens search, work, plan and travel. A continent that is structurally behind on access is on its way to being structurally behind on capability. Visitor data is the most strategically important asset that DMOs hold. The models that they can access will define how AI can use that information, who has access and on what terms. For DMOs in the EU, the practical cost of losing access to the most powerful AI capabilities also means losing the ability to prototype and test the features made possible, with implications for the degree of creativity and innovativeness these DMOs can bring to their activities.
This affects how Europe is perceived as the destination experience is now mediated through devices and services whose capabilities differ across borders. Voice-led search, on-device visual intelligence and contextual actions in the camera are all features that will be affected. The smallest tourism businesses, often operated by a handful of people, do not have the time or capacity to keep up with the level of nuance that larger players can apply. Any industry response has to design for that asymmetry from the outset.
With the tools that Siri AI enables arriving inside the operating system, the structural point matters more than any single feature. A user generating content does not always notice when AI has shaped it. With editing having always been part of destination marketing, including through Photoshop enhancements, the authenticity of images has seen a gradual erosion over time. However, with AI, the editing now reshapes the scene rather than refining it.
When AI is Everywhere
A version of this debate played out among DTTT Members at X. Design Week earlier this month, where a strand of opinion held that disclosure is on its way to becoming unnecessary because AI will eventually become invisible infrastructure that nobody thinks to label. Treating every AI interaction as a disclosure event will lose meaning fast as AI moves into the productivity layer. However, AI becoming ambient strengthens the case for institutional disclosure, even as it weakens the case for per-event labels.
Few destination marketers would now describe colour correction or a horizon-level adjustment as manipulation. Techniques such as Spatial Reframing and generative fill sit at a different point on the same dial. What they leave is a destination image that visitors then expect to match what they encounter on arrival. When the gap is too wide, the decisions they made become more difficult to justify against their own satisfaction once they are there. Destinations carry the consequence in word-of-mouth and review scores.
Against this, the European Commission's Code of Practice on Transparency of AI-Generated Content supports compliance with the AI Act's transparency obligations. While the Code is voluntary, the underlying obligations are legal. Its focus is on the technical components of disclosure in establishing a standard approach for marking AI-generated content in machine-readable form and providing mechanisms for detecting watermarks or verifying digitally signed metadata markings. On a parallel front, OpenAI, in partnership with Google, has developed SynthID watermarking for images and a verification tool to identify if images were generated by OpenAI.
These technical foundations complement the disclosure principles outlined by the DTTT AI Transparency Framework, which asks organisations publishing content to disclose how AI was used in producing it. Our view is that even at the lighter end of the spectrum, some baseline disclosure is needed. A line at the foot of a destination's imagery saying images may be altered with AI, linked to a policy that explains how an organisation uses AI and which edits it treats as minor and acceptable, is not onerous. It anchors trust to a published position rather than to an assumption and gives DMOs a place to update that policy as the techniques evolve.
A key difference, however, is that while the AI Act leaves scope for AI-generated text that has gone through a process of human review or editorial control to be exempt from disclosure. While the principle of this decision comes from good intentions, a human review is not the same as a human author. Room is still left for AI hallucinations to slip into edited copy. The kind of small AI-introduced inaccuracy that a busy reviewer can miss is precisely the kind that erodes trust when a visitor later spots it. This is why having a strong culture of routine disclosure needs to be the baseline for building trust, with the technical layers building out of it. Four open questions now need to be addressed:
Detection: As AI becomes routinely embedded into the platforms DMOs already use and invisible at the operating system level, users creating content may not register that AI has been involved at all. At what point in that spectrum does disclosure become necessary?
Required threshold: A graded scale of involvement, from light assistance to full generation, respects how AI is used in practice, but it also creates ambiguity about where the bands begin and end.
Verification: Self-declared disclosure relies on being honest, and there is currently no mechanism to verify AI declarations at scale. The Coalition for Content Provenance and Authenticity (C2PA) has developed an open technical standard for embedding tamper-evident metadata into media files, recording the tools used to create or alter them. Industry adoption of this kind of standard would help. While the metadata can still be stripped or absent from many production pipelines, it is the most concrete attempt yet at making AI involvement machine-verifiable.
Audience: Disclosure has value only if the audience understands what is being disclosed.
These questions point to the work ahead. They are the reason to treat the Framework as a starting point, with the industry invited to join the governance committee in refining it.
Continue reading...
Get access to 100s of case studies, workshop templates, industry leading events and more.
.svg){kind=icon}
