This post is part of a series of provocations published in Tech Policy Press following the third iteration of a Digital Markets Act (DMA) enforcement symposium hosted in Brussels on November 20 and 21 by the free-speech organization ARTICLE 19 in partnership with the Center for Digital Governance at the Hertie School, the University of Trento, the Amsterdam Center for European Law and Governance and the University of Namur.

Imagine a free and open source software (FOSS) developer seeking to distribute an application on Apple’s iOS or iPadOS. The developer aims to have the software curated within a non‑profit, free software‑oriented repository, similar to F‑Droid on Android. This matters not only for the developer but also for users who want to avoid a distribution model where Apple controls how software is made available.

This is, indeed, only an imaginary scenario, since this isn’t possible on iOS or iPadOS. Apple offers no option for a non-profit or community-driven FOSS app store. The company actively blocks such initiatives through steep financial requirements and tight restrictions, preventing users from freely installing software. This issue was discussed during the 2024 Article 19 Digital Markets Act (DMA) Enforcement Symposium and even led to a formal complaint submitted by civil society groups in 2025.

Blocking alternative app stores is just one example of the wide range of restrictive practices imposed by Big Tech. The DMA aims to address such behavior by imposing interoperability obligations on app installation and uninstallation, access to operating system features, and enabling alternative app stores and competing services.

Yet many software developers, especially non-profits, have learned that the promise of interoperability remains fragile. Without proper DMA enforcement, essential infrastructure built by non-profits and small tech firms faces existential risk.

Gatekeepers: a threat to FOSS and small developers

Far from being a niche domain, FOSS forms the infrastructure of the digital economy. Every major operating system, cloud platform, and mobile device depends on it—from the Linux kernel powering Android to cryptographic libraries securing communications, to compilers and developer tools used across Apple, Google, and others. Over 96% of software produced globally contains FOSS elements. In the EU, investments in FOSS have surpassed 1 billion euros annually, and SMEs attribute over half their revenues to it. In the mid-2000s, when Google entered the mobile operating system market, it open-sourced Android to encourage collaboration among developers, handset makers, and carriers.

That openness created a shared technical base and lowered entry barriers for manufacturers, resulting in the world’s most widely adopted mobile operating system. Apple, too, consolidated its business through the App Store by opening it to third-party developers. FOSS and interoperability go hand in hand. Without interoperability, the disruptors of that time (today’s gatekeepers) could not have built on FOSS, APIs, protocols, standards, and other components.

Yet interoperability carries a contradiction: while market actors benefit from it, they resist when their assets face interoperability regulation. Google and Apple have built a network of anti-competitive lock-ins that entrench their dominance and make market entry nearly impossible for rivals. The DMA seeks to counter this power. The examples below illustrate this tension.

Google: the mystery of the missing interoperability in Android

Android’s open licensing scheme allows its code to be freely used, customized, and redistributed. Google has tolerated the existence of non-commercial Android “forks” despite its anti-competitive history of preventing fragmentation. These alternatives serve millions worldwide, offering improved performance, stronger security, privacy, and sustainability standards, as well as independence from Google services. However, in 2025, Google introduced new interoperability restrictions with Android 16.

In March, Google closed the open-source part of Android, unilaterally delaying source code releases. Until then, code was released immediately, but now FOSS developers are hindered. The available code lags by weeks or months, limiting how developers keep up with Android platform changes.

Later, in June, developers noticed missing interoperability data. System files began arriving late or not at all, and several drivers vanished from repositories. Developers faced long delays restoring features that previously worked out of the box. Without proper interoperability documentation for Pixel devices, third-party developers cannot test on physical hardware. Instead, Google now provides a “virtual machine” for third parties, while continuing to use physical hardware internally, with full functionality, to test its own systems.

Then, in August, came the hardest hit. Google announced a new security measure limiting side-loading. End-users will only be able to install apps signed by developers registered with Google. Alternative Android-based operating systems and app stores will be most affected.

Such restrictions are not mere technical inconveniences. They conflict with the interoperability obligations of Art. 6(7) DMA, as clarified in the recent decisions by the Commission on Apple's conduct. At the 2025 ARTICLE 19 DMA Symposium, it was shown how this impedes third-party developers from reproducing, auditing, or modifying the system as before. Restoring this flow of interoperability information is a priority for non-profit operating systems. It remains to be seen how the Commission will evaluate Google’s behavior.

Apple: paternalistic control over security

Apple takes a different route to the same destination against interoperability: monopolized control over its platform. On iOS and iPadOS, every app, even those distributed via alternative app stores, must go through “notarization,” where Apple reviews, re-signs, and encrypts applications before users can install them. The company calls this a security feature, but FOSS developers call it a gate that can be closed at any time. This behavior is non-compliant with the DMA and prompted civil society organizations, led by ARTICLE 19, to file a complaint with the European Commission.

Alongside these practices, Apple took a harder adversarial stance against the DMA’s interoperability mandate. It started litigation against Art. 6(7) DMA – the core of the law’s interoperability obligations – claiming it violated its human rights by expropriating its intellectual property. Apple then proposed a non-compliant interoperability solution, prompting the Commission to launch two regulatory procedures to improve transparency, due process, and accountability in Apple’s handling of interoperability. Unsatisfied, Apple renewed its litigation, appealing both decisions with 18 claims against interoperability. All this reflects a form of “security paternalism” over devices. Such control, seen already in 2000s policies against iPhone jailbreaking, artificially limits the capabilities of iPhones and iPads as general-purpose computers.

This matters because it concerns users’ right to use their devices, like PCs, including installing or removing any software. Courts in both the United States and the European Union have recognized smartphones as computers, not only “phones.” In Riley v. California, the US Supreme Court held that smartphones contain the “privacies of life.” If smartphones are users’ most personal computers, they should be free to install whatever software they want. Art. 6(4) of the DMA mandates unfettered installation (sideloading) and removal of pre-installed software. The burden lies with gatekeepers to prove that blocking third-party software is strictly necessary, not with users to justify wanting freedom. Apple still blocks sideloading for iOS and iPadOS, and Google does not allow full uninstallation of many proprietary pre-installed apps in Android.

Making the DMA deliver

The permissionless innovation enabled by FOSS allowed smaller and non-profit business models to flourish, letting organizations develop and provide high-quality technological products and services to market sectors often ignored by commercial companies. Enforcing the DMA could consolidate interoperability as a foundational policy for Europe’s digital infrastructure. The DMA was not written only for big tech competitors. It also exists for volunteer maintainers, small non-profits, academic projects, and everyday users seeking control of their digital lives. An enforcement process navigable only by powerful companies would miss the point entirely.

That is why spaces like the ARTICLE 19 DMA Enforcement Symposium are so valuable. They offer a forum where enforcers, academics, technologists, and FOSS developers can meet, exchange insights, and highlight real-world challenges.

We must listen to small developers and community projects building FOSS alternatives to gatekeepers’ services, because these tools ultimately make digital freedom tangible. A swift, effective, and vigorous enforcement of the DMA is a condition for that to happen.

Disclaimer: As an independent non-profit organization, the Free Software Foundation Europe receives donations and grants from individuals, companies and public institutions. The FSFE has received corporate donations from some of the gatekeepers (https://fsfe.org/donate/thankgnus.html).