Earlier in the week, Germany’s defence ministry and foreign ministry said they were suspending their activity on X, with the defence ministry saying it had become increasingly “unhappy” with the platform.
When asked if the expanded probe was a response to a discussion Musk conducted last week with AfD co-leader Alice Weidel, in which she was given free rein to promote her party’s platform and make false claims about Adolf Hitler, a Commission spokesperson said the new request helped “us monitor systems around all these events taking place.”
However, he said it was “completely independent of any political considerations or any specific events.”
“We are committed to ensuring that every platform operating in the EU respects our legislation, which aims to make the online environment fair, safe, and democratic for all European citizens,” said Henna Virkkunen, the Commission’s digital chief.
X did not immediately respond to a request for comment.
The Commission had been under recent political pressure to be tough on Musk’s X ahead of the Weidel interview.
Last week Damian Boeselager, member of the European parliament, wrote to Virkkunnen to demand a probe into whether the social media platform’s use of algorithms met the EU’s transparency requirements.
“There are allegations that Musk is boosting his own tweets,” Boeselager told the Financial Times last week. “The guy can be crazy but it is unfair if he’s amplifying who must listen to him.”
This story was updated shortly after publication with additional details.
The most significant impact this USB-C requirement has had so far is on Apple, which, while initially resisting, has gradually shifted its products from its proprietary Lightning connector to USB-C. Its latest iMac comes with a Magic Keyboard, Magic Mouse, and Magic Trackpad that all connect via USB-C. The firm stopped selling the Lightning-charging iPhone 14 and iPhone SE in the EU after December 28.
People who understand electrical terminology, and live in an EU member country, will soon have a better understanding of how many more cables they’ll need to buy for their newest gadget.
Credit: European Commission
People who understand electrical terminology, and live in an EU member country, will soon have a better understanding of how many more cables they’ll need to buy for their newest gadget. Credit: European Commission
In addition to simply demanding that a USB-C port be present, the Directive requires that anything with “fast charging”—pulling more than 5 volts, 3 amperes, or 15 watts—enable the USB Power Delivery (USB PD) standard. This should ensure that they properly negotiate charging rates with any charger with USB PD rather than require their own proprietary charging brick or adapter.
In Europe, devices must indicate on their product boxes whether they contain a charging plug or mid-cord brick. A different label will indicate the minimum and maximum power that a device requires to charge and whether it can support USB PD or not.
Can the EU make cables and cords get along?
The EU’s celebratory post on X is heavy with replies from doubters, suggesting that mandating USB-C as “THE charger” could stifle companies innovating on other means of power delivery. Most of these critiques are addressed in the actual text of the law, because more powerful devices are exempted, secondary power plugs are allowed, and wireless largely gets a pass. “What about when USB-D arrives?” is something no person can really answer, though it seems a vague reason to avoid addressing the e-waste, fragmentation, and consumer confusion of the larger device charging ecosystem.
How the Common Charger Directive will be enforced is yet to be seen, as that is something left up to member nations. Also unproven is whether companies will comply with it across their international product lines or simply make specific EU-compliant products.
The European Commission (EC) has opened an antitrust investigation into US-based glass-maker Corning, claiming that its Gorilla Glass has dominated the mobile phone screen market due to restrictive deals and licensing.
Corning’s shatter-resistant alkali-aluminosilicate glass keeps its place atop the market, according to the EC’s announcement, because it both demands, and rewards with rebates, device makers that agree to “source all or nearly all of their (Gorilla Glass) demand from Corning.” Corning also allegedly required device makers to report competitive offers to the glass maker. The company is accused of exerting a similar pressure on “finishers,” or those firms that turn raw glass into finished phone screen protectors, as well as demanding finishers not pursue patent challenges against Corning.
“[T]he agreements that Corning put in place with OEMs and finishers may have excluded rival glass producers from large segments of the market, thereby reducing customer choice, increasing prices, and stifling innovation to the detriment of consumers worldwide,” the Commission wrote.
Ars has reached out to Corning for comment and will update this post with response.
Gorilla Glass does approach Xerox or Kleenex levels of brand name association with its function. New iterations of its thin, durable glass reach a bit further than the last and routinely pick up press coverage. Gorilla Glass 4 was pitched as being “up to two times stronger” than any “competitive” alternative. Gorilla Glass 5 could survive a 1.6-meter drop 80 percent of the time, and 6 built in more repetitive damage resistance.
If the past five years of EU tech rules could take human form, they would embody Thierry Breton. The bombastic commissioner, with his swoop of white hair, became the public face of Brussels’ irritation with American tech giants, touring Silicon Valley last summer to personally remind the industry of looming regulatory deadlines.
Combative and outspoken, Breton warned that Apple had spent too long “squeezing” other companies out of the market. In a case against TikTok, he emphasized, “our children are not guinea pigs for social media.”
His confrontational attitude to the CEOs themselves was visible in his posts on X. In the lead-up to Musk’s interview with Donald Trump, Breton posted a vague but threatening letter on his account reminding Musk there would be consequences if he used his platform to amplify “harmful content.” Last year, he published a photo with Mark Zuckerberg, declaring a new EU motto of “move fast to fix things”—a jibe at the notorious early Facebook slogan. And in a 2023 meeting with Google CEO Sundar Pichai, Breton reportedly got him to agree to an “AI pact” on the spot, before tweeting the agreement, making it difficult for Pichai to back out.
Yet in this week’s reshuffle of top EU jobs, Breton resigned—a decision he alleged was due to backroom dealing between EU Commission president Ursula von der Leyen and French president Emmanuel Macron.
“I’m sure [the tech giants are] happy Mr. Breton will go, because he understood you have to hit shareholders’ pockets when it comes to fines,” says Umberto Gambini, a former adviser at the EU Parliament and now a partner at consultancy Forward Global.
Breton is to be effectively replaced by the Finnish politician Henna Virkkunen, from the center-right EPP Group, who has previously worked on the Digital Services Act.
“Her style will surely be less brutal and maybe less visible on X than Breton,” says Gambini. “It could be an opportunity to restart and reboot the relations.”
Little is known about Virkkunen’s attitude to Big Tech’s role in Europe’s economy. But her role has been reshaped to fit von der Leyen’s priorities for her next five-year term. While Breton was the commissioner for the internal market, Virkkunen will work with the same team but operate under the upgraded title of executive vice president for tech sovereignty, security and democracy, meaning she reports directly to von der Leyen.
The 27 commissioners, who form von der Leyen’s new team and are each tasked with a different area of focus, still have to be approved by the European Parliament—a process that could take weeks.
“[Previously], it was very, very clear that the commission was ambitious when it came to thinking about and proposing new legislation to counter all these different threats that they had perceived, especially those posed by big technology platforms,” says Mathias Vermeulen, public policy director at Brussels-based consultancy AWO. “That is not a political priority anymore, in the sense that legislation has been adopted and now has to be enforced.”
Instead Virkkunen’s title implies the focus has shifted to technology’s role in European security and the bloc’s dependency on other countries for critical technologies like chips. “There’s this realization that you now need somebody who can really connect the dots between geopolitics, security policy, industrial policy, and then the enforcement of all the digital laws,” he adds. Earlier in September, a much anticipated report by economist and former Italian prime minister Mario Draghi warned that Europe would risk becoming “vulnerable to coercion” on the world stage if it did not jump-start growth. “We must have more secure supply chains for critical raw materials and technologies,” he said.
Vestager—who vied with Breton for the reputation of lead digital enforcer (technically she was his superior)—will now be replaced by the Spanish socialist Teresa Ribera, whose role will encompass competition as well as Europe’s green transition. Her official title will be executive vice-president-designate for a clean, just and competitive transition, making it likely Big Tech will slip down the list of priorities. “[Ribera’s] most immediate political priority is really about setting up this clean industrial deal,” says Vermuelen.
Political priorities might be shifting, but the frenzy of new rules introduced over the past five years will still need to be enforced. There is an ongoing legal battle over Google’s $1.7 billion antitrust fine. Apple, Google, and Meta are under investigation for breaches of the Digital Markets Act. Under the Digital Services Act, TikTok, Meta, AliExpress, as well as Elon Musk’s X are also subject to probes. “It is too soon for Elon Musk to breathe a sigh of relief,” says J. Scott Marcus, senior fellow at think tank Bruegel. He claims that Musk’s alleged practices at X are likely to run afoul of the Digital Services Act (DSA) no matter who the commissioner is.
“The tone of the confrontation might become a bit more civil, but the issues are unlikely to go away.”
Surprisingly, this step wasn’t taken under laws like the Digital Services Act (DSA), the Digital Markets Act (DMA), or the General Data Protection Regulation (GDPR).
Instead, the EC announced Monday that Meta risked sanctions under EU consumer laws if it could not resolve key concerns about Meta’s so-called “pay or consent” model.
Meta’s model is seemingly problematic, the commission said, because Meta “requested consumers overnight to either subscribe to use Facebook and Instagram against a fee or to consent to Meta’s use of their personal data to be shown personalized ads, allowing Meta to make revenue out of it.”
Because users were given such short notice, they may have been “exposed to undue pressure to choose rapidly between the two models, fearing that they would instantly lose access to their accounts and their network of contacts,” the EC said.
To protect consumers, the EC joined national consumer protection authorities, sending a letter to Meta requiring the tech giant to propose solutions to resolve the commission’s biggest concerns by September 1.
That Meta’s “pay or consent” model may be “misleading” is a top concern because it uses the term “free” for ad-based plans, even though Meta “can make revenue from using their personal data to show them personalized ads.” It seems that while Meta does not consider giving away personal information to be a cost to users, the EC’s commissioner for justice, Didier Reynders, apparently does.
“Consumers must not be lured into believing that they would either pay and not be shown any ads anymore, or receive a service for free, when, instead, they would agree that the company used their personal data to make revenue with ads,” Reynders said. “EU consumer protection law is clear in this respect. Traders must inform consumers upfront and in a fully transparent manner on how they use their personal data. This is a fundamental right that we will protect.”
Additionally, the EC is concerned that Meta users might be confused about how “to navigate through different screens in the Facebook/Instagram app or web-version and to click on hyperlinks directing them to different parts of the Terms of Service or Privacy Policy to find out how their preferences, personal data, and user-generated data will be used by Meta to show them personalized ads.” They may also find Meta’s “imprecise terms and language” confusing, such as Meta referring to “your info” instead of clearly referring to consumers’ “personal data.”
To resolve the EC’s concerns, Meta may have to give EU users more time to decide if they want to pay to subscribe or consent to personal data collection for targeted ads. Or Meta may have to take more drastic steps by altering language and screens used when securing consent to collect data or potentially even scrapping its “pay or consent” model entirely, as pressure in the EU mounts.
“Subscriptions as an alternative to advertising are a well-established business model across many industries,” Meta’s spokesperson told Ars. “Subscription for no ads follows the direction of the highest court in Europe and we are confident it complies with European regulation.”
Meta’s model is “sneaky,” EC said
Since last year, the social media company has argued that its “subscription for no ads” model was “endorsed” by the highest court in Europe, the Court of Justice of the European Union (CJEU).
However, privacy advocates have noted that this alleged endorsement came following a CJEU case under the GDPR and was only presented as a hypothetical, rather than a formal part of the ruling, as Meta seems to interpret.
What the CJEU said was that “users must be free to refuse individually”—”in the context of” signing up for services—”to give their consent to particular data processing operations not necessary” for Meta to provide such services “without being obliged to refrain entirely from using the service.” That “means that those users are to be offered, if necessary for an appropriate fee, an equivalent alternative not accompanied by such data processing operations,” the CJEU said.
The nuance here may matter when it comes to Meta’s proposed solutions even if the EC accepts the CJEU’s suggestion of an acceptable alternative as setting some sort of legal precedent. Because the consumer protection authorities raised the action due to Meta suddenly changing the consent model for existing users—not “in the context of” signing up for services—Meta may struggle to persuade the EC that existing users weren’t misled and pressured into paying for a subscription or consenting to ads, given how fast Meta’s policy shifted.
Meta risks sanctions if a compromise can’t be reached, the EC said. Under the EU’s Unfair Contract Terms Directive, for example, Meta could be fined up to 4 percent of its annual turnover if consumer protection authorities are unsatisfied with Meta’s proposed solutions.
The EC’s vice president for values and transparency, Věra Jourová, provided a statement in the press release, calling Meta’s abrupt introduction of the “pay or consent” model “sneaky.”
“We are proud of our strong consumer protection laws which empower Europeans to have the right to be accurately informed about changes such as the one proposed by Meta,” Jourová said. “In the EU, consumers are able to make truly informed choices and we now take action to safeguard this right.”
In two weeks, iPhone users in the European Union will be able to use any mobile wallet they like to complete “tap and go” payments with the ease of using Apple Pay.
The change comes as part of a settlement with the European Commission (EC), which investigated Apple for potentially shutting out rivals by denying access to the “Near Field Communication” (NFC) technology on its devices that enables the “tap and go” feature. Apple did not develop this technology, which is free for developers, the EC said, and going forward, Apple agreed to not charge developers fees to provide the NFC functionality on its devices.
In a press release, the EC’s executive vice president, Margrethe Vestager, said that Apple’s commitments in the settlement address the commission’s “preliminary concerns that Apple may have illegally restricted competition for mobile wallets on iPhones.”
“From now on, Apple can no longer use its control over the iPhone ecosystem to keep other mobile wallets out of the market,” Vestager said. “Competing wallet developers, as well as consumers, will benefit from these changes, opening up innovation and choice, while keeping payments secure.”
Apple has until July 25 to follow through on three commitments that resolve the EC’s concerns that Apple may have “prevented developers from bringing new and competing mobile wallets to iPhone users.”
Arguably, providing outside developers access to NFC functionality on its devices is the biggest change. Rather than allowing developers to access this functionality through Apple’s hardware, Apple has borrowed a solution prevalent in the Android ecosystem, Vestager said, granting access through a software solution called “Host Card Emulation mode.”
This, Vestager said, provides “an equivalent solution in terms of security and user experience” and paves the way for other wallets to be more easily used on Apple devices.
An Apple spokesperson told CNBC that “Apple is providing developers in the European Economic Area with an option to enable NFC contactless payments and contactless transactions for car keys, closed loop transit, corporate badges, home keys, hotel keys, merchant loyalty/rewards, and event tickets from within their iOS apps using Host Card Emulation based APIs.”
To ensure that Apple Pay is on an equal playing field with other wallets, the EC said that Apple committed to improve contactless payments functionality for rival wallets. That means that “iPhone users will be able to double-click the side button of their iPhones to launch” their preferred wallet and “use Face ID, Touch ID and passcode to verify” their identities when using competing wallets.
Perhaps most critically for users attracted to Apple’s payment options convenience, Apple also agreed to allow rival wallets to be set as the default payment option.
These commitments will remain in force for 10 years, Vestager said.
Apple did not immediately respond to Ars’ request for comment. Apple’s spokesperson confirmed to CNBC that no changes would be made to Apple Pay or Apple Wallet as a result of the settlement.
Apple’s commitments go beyond the DMA
Before accepting Apple’s commitments, the EC spoke to “many banks, app developers, card issuers, and financial associations,” Vestager said, whose feedback helped improve Apple’s commitments.
According to Vestager, Apple’s changes go beyond the requirements of the EU’s strict antitrust law, the Digital Markets Act, which “requires gatekeepers to ensure effective interoperability with hardware and software features that they use within their ecosystems,” including “access to NFC technology for mobile payments.”
Beyond the DMA, Apple agreed to have its compliance with the settlement “ensured by a monitoring trustee,” as well as to provide “a fast dispute resolution mechanism, which will also allow for an independent review of Apple’s implementation.”
Vestager assured all stakeholders in the European Economic Area that these changes will prevent any potential harms caused by Apple seeming to shut other wallets out of its devices, which “may have had a negative impact on innovation.” By settling the yearslong probe, Apple avoided a potentially large fine. In March, the EC fined Apple nearly $2 billion for restricting “alternative and cheaper music subscription services” like Spotify in its app store, and the suspected anticompetitive behavior in Apple’s payments ecosystem seemed just as harmful, the EC found.
“This reduction in choice and innovation is harmful,” Vestager said, confirming that the settlement concluded the EC’s probe into Apple Pay. “It is harmful to consumers and it is illegal under EU competition rules.”
Meta continues to hit walls with its heavily scrutinized plan to comply with the European Union’s strict online competition law, the Digital Markets Act (DMA), by offering Facebook and Instagram subscriptions as an alternative for privacy-inclined users who want to opt out of ad targeting.
Today, the European Commission (EC) announced preliminary findings that Meta’s so-called “pay or consent” or “pay or OK” model—which gives users a choice to either pay for access to its platforms or give consent to collect user data to target ads—is not compliant with the DMA.
According to the EC, Meta’s advertising model violates the DMA in two ways. First, it “does not allow users to opt for a service that uses less of their personal data but is otherwise equivalent to the ‘personalized ads-based service.” And second, it “does not allow users to exercise their right to freely consent to the combination of their personal data,” the press release said.
Now, Meta will have a chance to review the EC’s evidence and defend its policy, with today’s findings kicking off a process that will take months. The EC’s investigation is expected to conclude next March. Thierry Breton, the commissioner for the internal market, said in the press release that the preliminary findings represent “another important step” to ensure Meta’s full compliance with the DMA.
“The DMA is there to give back to the users the power to decide how their data is used and ensure innovative companies can compete on equal footing with tech giants on data access,” Breton said.
A Meta spokesperson told Ars that Meta plans to fight the findings—which could trigger fines up to 10 percent of the company’s worldwide turnover, as well as fines up to 20 percent for repeat infringement if Meta loses.
Meta continues to claim that its “subscription for no ads” model was “endorsed” by the highest court in Europe, the Court of Justice of the European Union (CJEU), last year.
“Subscription for no ads follows the direction of the highest court in Europe and complies with the DMA,” Meta’s spokesperson said. “We look forward to further constructive dialogue with the European Commission to bring this investigation to a close.”
However, some critics have noted that the supposed endorsement was not an official part of the ruling and that particular case was not regarding DMA compliance.
The EC agreed that more talks were needed, writing in the press release, “the Commission continues its constructive engagement with Meta to identify a satisfactory path towards effective compliance.”
Enlarge/ A screen shows a virtual meeting with Microsoft Teams at a conference on January 30, 2024 in Barcelona, Spain.
Microsoft may be hit with a massive fine in the European Union for “possibly abusively” bundling Teams with its Office 365 and Microsoft 365 software suites for businesses.
On Tuesday, the European Commission (EC) announced preliminary findings of an investigation into whether Microsoft’s “suite-centric business model combining multiple types of software in a single offering” unfairly shut out rivals in the “software as a service” (SaaS) market.
“Since at least April 2019,” the EC found, Microsoft’s practice of “tying Teams with its core SaaS productivity applications” potentially restricted competition in the “market for communication and collaboration products.”
The EC is also “concerned” that the practice may have helped Microsoft defend its dominant market position by shutting out “competing suppliers of individual software” like Slack and German video-conferencing software Alfaview. Makers of those rival products had complained to the EC last year, setting off the ongoing probe into Microsoft’s bundling.
Customers should have choices, the EC said, and seemingly at every step, Microsoft sought instead to lock customers into using only its software.
“Microsoft may have granted Teams a distribution advantage by not giving customers the choice whether or not to acquire access to Teams when they subscribe to their SaaS productivity applications,” the EC wrote. This alleged abusive practice “may have been further exacerbated by interoperability limitations between Teams’ competitors and Microsoft’s offerings.”
For Microsoft, the EC’s findings are likely not entirely unexpected, although Tuesday’s announcement must be disappointing. The company had been hoping to avoid further scrutiny by introducing some major changes last year. Most drastically, Microsoft began “offering some suites without Teams,” the EC said, but even that wasn’t enough to appease EU regulators.
“The Commission preliminarily finds that these changes are insufficient to address its concerns and that more changes to Microsoft’s conduct are necessary to restore competition,” the EC said, concluding that “the conduct may have prevented Teams’ rivals from competing, and in turn innovating, to the detriment of customers in the European Economic Area.”
Microsoft will now be given an opportunity to defend its practices. If the company is unsuccessful, it risks a potential fine up to 10 percent of its annual worldwide turnover and an order possibly impacting how the leading global company conducts business.
In a statement to Ars, Microsoft President Brad Smith confirmed that the tech giant would work with the commission to figure out a better solution.
“Having unbundled Teams and taken initial interoperability steps, we appreciate the additional clarity provided today and will work to find solutions to address the commission’s remaining concerns,” Smith said.
The EC’s executive vice-president in charge of competition policy, Margrethe Vestager, explained in a statement why the commission refuses to back down from closely scrutinizing Microsoft’s alleged unfair practices.
“We are concerned that Microsoft may be giving its own communication product Teams an undue advantage over competitors by tying it to its popular productivity suites for businesses,” Vestager said. “And preserving competition for remote communication and collaboration tools is essential as it also fosters innovation” in these markets.
Changes coming to EU antitrust law in 2025
The EC initially launched its investigation into Microsoft’s allegedly abusive Teams bundling last July. Its probe came after Slack and Alfaview makers complained that Microsoft may be violating Article 102 of the Treaty on the Functioning of the European Union (TFEU), “which prohibits the abuse of a dominant market position.”
Nearly one year later, there’s no telling when the EC’s inquiry into Microsoft Teams will end. Microsoft will have a chance to review all evidence of infringement gathered by EU regulators to form its response. After that, the EC will review any additional evidence before making its decision, and there is no legal deadline to complete the antitrust inquiry, the EC said.
It’s possible that the EC’s decision may come next year when the EU is preparing to release new guidance to more “vigorously” and effectively enforce TFEU.
Last March, the EC called for stakeholder feedback after rolling out “the first major policy initiative in the area of abuse of dominance rules.” The initiative sought to update TFEU for the first time since 2008 based on reviewing relevant case law.
“A robust enforcement of rules on abuse of dominance benefits both consumers and a stronger European economy,” Vestager said at that time. “We have carefully analyzed numerous EU court judgments on the application of Article 102, and it is time for us to start working on guidelines reflecting this case law.”
Enlarge/ Features like Image Playground won’t arrive in Europe at the same time as other regions.
Apple
Three major features in iOS 18 and macOS Sequoia will not be available to European users this fall, Apple says. They include iPhone screen mirroring on the Mac, SharePlay screen sharing, and the entire Apple Intelligence suite of generative AI features.
In a statement sent to Financial Times, The Verge, and others, Apple says this decision is related to the European Union’s Digital Markets Act (DMA). Here’s the full statement, which was attributed to Apple spokesperson Fred Sainz:
Two weeks ago, Apple unveiled hundreds of new features that we are excited to bring to our users around the world. We are highly motivated to make these technologies accessible to all users. However, due to the regulatory uncertainties brought about by the Digital Markets Act (DMA), we do not believe that we will be able to roll out three of these features — iPhone Mirroring, SharePlay Screen Sharing enhancements, and Apple Intelligence — to our EU users this year.
Specifically, we are concerned that the interoperability requirements of the DMA could force us to compromise the integrity of our products in ways that risk user privacy and data security. We are committed to collaborating with the European Commission in an attempt to find a solution that would enable us to deliver these features to our EU customers without compromising their safety.
It is unclear from Apple’s statement precisely which aspects of the DMA may have led to this decision. It could be that Apple is concerned that it would be required to give competitors like Microsoft or Google access to user data collected for Apple Intelligence features and beyond, but we’re not sure.
This is not the first recent and major divergence between functionality and features for Apple devices in the EU versus other regions. Because of EU regulations, Apple opened up iOS to third-party app stores in Europe, but not in other regions. However, critics argued its compliance with that requirement was lukewarm at best, as it came with a set of restrictions and changes to how app developers could monetize their apps on the platform should they use those other storefronts.
While Apple says in the statement it’s open to finding a solution, no timeline is given. All we know is that the features won’t be available on devices in the EU this year. They’re expected to launch in other regions in the fall.
Broadcom CEO Hock Tan this week publicized some concessions aimed at helping customers and partners ease into VMware’s recent business model changes. Tan reiterated that the controversial changes, like the end of perpetual licensing, aren’t going away. But amid questioning from antitrust officials in the European Union (EU), Tan announced that the company has already given support extensions for some VMware perpetual license holders.
Broadcom closed its $69 billion VMware acquisition in November. One of its first moves was ending VMware perpetual license sales in favor of subscriptions. Since December, Broadcom also hasn’t sold Support and Subscription renewals for VMware perpetual licenses.
In a blog post on Monday, Tan admitted that this shift requires “a change in the timing of customers’ expenditures and the balance of those expenditures between capital and operating spending.” As a result, Broadcom has “given support extensions to many customers who came up for renewal while these changes were rolling out.” Tan didn’t specify how Broadcom determined who is eligible for an extension or for how long. However, the executive’s blog is the first time Broadcom has announced such extensions and opens the door to more extension requests.
Tan also announced free access to zero-day security patches for supported versions of vSphere to “ensure that customers whose maintenance and support contracts have expired and choose to not continue on one of our subscription offerings are able to use perpetual licenses in a safe and secure fashion.” Tan said other VMware offerings would also receive this concession but didn’t say which or when.
Antitrust concerns in the EU
The news follows Broadcom being questioned by EU antitrust regulators. In late March, MLex said that a European Commission spokesperson had contacted Broadcom for questioning because the commission “received information suggesting that Broadcom is changing the conditions of VMware’s software licensing and support.” Reuters confirmed the news on Monday, the same day Tan posted his blog. Tan didn’t specify if his blog post was related to the EU probing. Broadcom moving VMware to a subscription model was one of the allegations that led to EU officials’ probe, MLex said last month. It’s unclear what, if anything, will follow the questioning.
Tan said this week that VMware’s plan to move to a subscription model started in 2018 (he previously said the plans started to “accelerate in 2019”) before Broadcom’s acquisition. He has argued that the transition ultimately occurred later than most competitors.
The Commission previously approved Broadcom’s VMware purchase in July after a separate antitrust investigation.
However, various European trade groups, including Beltug, a Belgian CIO trade group, and the CIO Platform Nederland association for CIOs and CDOs, wrote a letter (PDF) to the European Commission on March 28, requesting that the Commission “take appropriate action” against Broadcom, which it accused of implementing VMware business practices that resulted in “steeply increased prices,” “non-fulfillment of previous contractual agreements,” and Broadcom “refusing to maintain security conditions for perpetual licenses.”
Partner worries
VMware channel partners and customers have also criticized Broadcom’s VMware for seemingly having less interest in doing business with smaller businesses. The company previously announced that it is killing the VMware Cloud Services Provider (CSP) partner program. The Palo Alto-headquartered firm originally said that CSPs may be invited to the Broadcom Expert Advantage Partner Program. However, reported minimum core requirements seemed to outprice small firms; in February, some small managed service providers claimed that the price of doing VMware business would increase tenfold under the new structure.
Small CSPs will be able to white-label offerings from larger CSPs that qualified for Broadcom’s Premier or Pinnacle partner program tiers as of April 30, when VMware’s CSP partner program shutters. But in the meantime, Broadcom “will continue existing operations” small CSPs “under modified monthly billing arrangements until the white-label offers are available,” Tan said, adding that the move is about ensuring that “there is continuity of service for this smaller partner group.”
However, some channel partners accessing VMware offerings through larger partners remain worried about the future. CRN spoke with an anonymous channel partner selling VMware through Hewlett Packard Enterprise (HPE), which said that more than half of its VMware customers “have reached out to say they are concerned and they want to be aware of alternatives.”
Another unnamed HPE partner told CRN that Broadcom’s perceived prioritization of “the “bigger, more profitable customers, is sensible but “leaves a lot of people in the lurch.”
Broadcom didn’t respond to Ars’ request for comment.
The European Commission (EC) is concerned that TikTok isn’t doing enough to protect kids, alleging that the short-video app may be sending kids down rabbit holes of harmful content while making it easy for kids to pretend to be adults and avoid the protective content filters that do exist.
The allegations came Monday when the EC announced a formal investigation into how TikTok may be breaching the Digital Services Act (DSA) “in areas linked to the protection of minors, advertising transparency, data access for researchers, as well as the risk management of addictive design and harmful content.”
“We must spare no effort to protect our children,” Thierry Breton, European Commissioner for Internal Market, said in the press release, reiterating that the “protection of minors is a top enforcement priority for the DSA.”
This makes TikTok the second platform investigated for possible DSA breaches after X (aka Twitter) came under fire last December. Both are being scrutinized after submitting transparency reports in September that the EC said failed to satisfy the DSA’s strict standards on predictable things like not providing enough advertising transparency or data access for researchers.
But while X is additionally being investigated over alleged dark patterns and disinformation—following accusations last October that X wasn’t stopping the spread of Israel/Hamas disinformation—it’s TikTok’s young user base that appears to be the focus of the EC’s probe into its platform.
“As a platform that reaches millions of children and teenagers, TikTok must fully comply with the DSA and has a particular role to play in the protection of minors online,” Breton said. “We are launching this formal infringement proceeding today to ensure that proportionate action is taken to protect the physical and emotional well-being of young Europeans.”
Likely over the coming months, the EC will request more information from TikTok, picking apart its DSA transparency report. The probe could require interviews with TikTok staff or inspections of TikTok’s offices.
Upon concluding its investigation, the EC could require TikTok to take interim measures to fix any issues that are flagged. The Commission could also make a decision regarding non-compliance, potentially subjecting TikTok to fines of up to 6 percent of its global turnover.
An EC press officer, Thomas Regnier, told Ars that the Commission suspected that TikTok “has not diligently conducted” risk assessments to properly maintain mitigation efforts protecting “the physical and mental well-being of their users, and the rights of the child.”
In particular, its algorithm may risk “stimulating addictive behavior,” and its recommender systems “might drag its users, in particular minors and vulnerable users, into a so-called ‘rabbit hole’ of repetitive harmful content,” Regnier told Ars. Further, TikTok’s age verification system may be subpar, with the EU alleging that TikTok perhaps “failed to diligently assess the risk of 13-17-year-olds pretending to be adults when accessing TikTok,” Regnier said.
To better protect TikTok’s young users, the EU’s investigation could force TikTok to update its age-verification system and overhaul its default privacy, safety, and security settings for minors.
“In particular, the Commission suspects that the default settings of TikTok’s recommender systems do not ensure a high level of privacy, security, and safety of minors,” Regnier said. “The Commission also suspects that the default privacy settings that TikTok has for 16-17-year-olds are not the highest by default, which would not be compliant with the DSA, and that push notifications are, by default, not switched off for minors, which could negatively impact children’s safety.”
TikTok could avoid steep fines by committing to remedies recommended by the EC at the conclusion of its investigation.
Regnier told Ars that the EC does not comment on ongoing investigations, but its probe into X has spanned three months so far. Because the DSA does not provide any deadlines that may speed up these kinds of enforcement proceedings, ultimately, the duration of both investigations will depend on how much “the company concerned cooperates,” the EU’s press release said.
A TikTok spokesperson told Ars that TikTok “would continue to work with experts and the industry to keep young people on its platform safe,” confirming that the company “looked forward to explaining this work in detail to the European Commission.”
“TikTok has pioneered features and settings to protect teens and keep under-13s off the platform, issues the whole industry is grappling with,” TikTok’s spokesperson said.
All online platforms are now required to comply with the DSA, but enforcement on TikTok began near the end of July 2023. A TikTok press release last August promised that the platform would be “embracing” the DSA. But in its transparency report, submitted the next month, TikTok acknowledged that the report only covered “one month of metrics” and may not satisfy DSA standards.
“We still have more work to do,” TikTok’s report said, promising that “we are working hard to address these points ahead of our next DSA transparency report.”
Enlarge/ Building of the European Court of Human Rights in Strasbourg (France).
The European Court of Human Rights (ECHR) has ruled that weakening end-to-end encryption disproportionately risks undermining human rights. The international court’s decision could potentially disrupt the European Commission’s proposed plans to require email and messaging service providers to create backdoors that would allow law enforcement to easily decrypt users’ messages.
This ruling came after Russia’s intelligence agency, the Federal Security Service (FSS), began requiring Telegram to share users’ encrypted messages to deter “terrorism-related activities” in 2017, ECHR’s ruling said. A Russian Telegram user alleged that FSS’s requirement violated his rights to a private life and private communications, as well as all Telegram users’ rights.
The Telegram user was apparently disturbed, moving to block required disclosures after Telegram refused to comply with an FSS order to decrypt messages on six users suspected of terrorism. According to Telegram, “it was technically impossible to provide the authorities with encryption keys associated with specific users,” and therefore, “any disclosure of encryption keys” would affect the “privacy of the correspondence of all Telegram users,” the ECHR’s ruling said.
For refusing to comply, Telegram was fined, and one court even ordered the app to be blocked in Russia, while dozens of Telegram users rallied to continue challenging the order to maintain Telegram services in Russia. Ultimately, users’ multiple court challenges failed, sending the case before the ECHR while Telegram services seemingly tenuously remained available in Russia.
The Russian government told the ECHR that “allegations that the security services had access to the communications of all users” were “unsubstantiated” because their request only concerned six Telegram users.
They further argued that Telegram providing encryption keys to FSB “did not mean that the information necessary to decrypt encrypted electronic communications would become available to its entire staff.” Essentially, the government believed that FSB staff’s “duty of discretion” would prevent any intrusion on private life for Telegram users as described in the ECHR complaint.
Seemingly most critically, the government told the ECHR that any intrusion on private lives resulting from decrypting messages was “necessary” to combat terrorism in a democratic society. To back up this claim, the government pointed to a 2017 terrorist attack that was “coordinated from abroad through secret chats via Telegram.” The government claimed that a second terrorist attack that year was prevented after the government discovered it was being coordinated through Telegram chats.
However, privacy advocates backed up Telegram’s claims that the messaging services couldn’t technically build a backdoor for governments without impacting all its users. They also argued that the threat of mass surveillance could be enough to infringe on human rights. The European Information Society Institute (EISI) and Privacy International told the ECHR that even if governments never used required disclosures to mass surveil citizens, it could have a chilling effect on users’ speech or prompt service providers to issue radical software updates weakening encryption for all users.
In the end, the ECHR concluded that the Telegram user’s rights had been violated, partly due to privacy advocates and international reports that corroborated Telegram’s position that complying with the FSB’s disclosure order would force changes impacting all its users.
The “confidentiality of communications is an essential element of the right to respect for private life and correspondence,” the ECHR’s ruling said. Thus, requiring messages to be decrypted by law enforcement “cannot be regarded as necessary in a democratic society.”
Martin Husovec, a law professor who helped to draft EISI’s testimony, told Ars that EISI is “obviously pleased that the Court has recognized the value of encryption and agreed with us that state-imposed weakening of encryption is a form of indiscriminate surveillance because it affects everyone’s privacy.”
