EU Regulatory Scrutiny Increases for Tech Firms

- The European Commission fined Apple €500 million in April 2025 for breaching the Digital Markets Act (DMA) by imposing anti-steering rules that prevent developers from informing users about alternative purchasing options outside the App Store. Apple was given 60 days to comply or face further periodic penalty payments. - While Ireland's Data Protection Commission (DPC) has imposed over €4 billion in fines since GDPR was introduced in 2018, less than €20 million has been collected. The majority of fines, including a €1.2 billion penalty against Meta in May 2023 for data transfer violations, are tied up in lengthy appeals processes. - Signaling a more aggressive enforcement posture, the Irish DPC launched a large-scale inquiry in February 2026 into Elon Musk's X platform and its Grok AI chatbot. The investigation focuses on whether the generation of non-consensual sexualized imagery complies with GDPR obligations regarding data protection by design and default. - The next significant piece of EU legislation, the AI Act, entered into force on August 1, 2024, and its rules are being implemented in phases. A ban on AI systems posing unacceptable risks began in February 2025, rules for general-purpose AI models apply from August 2025, and requirements for high-risk systems will take effect in August 2026. - Under the Digital Services Act (DSA), developers classified as "traders" must now provide a valid address, phone number, and email for display on their App Store product pages in the EU. Apple required all developers, even those not distributing in the EU or not classified as traders, to declare their status by February 17, 2025, to avoid potential removal from the EU App Store. - Other major GDPR fines issued by Ireland's DPC include a €530 million fine against TikTok in 2023 for alleged transfer of European user data to China and a €405 million penalty against Meta over the handling of teenage Instagram users' data.