Kategorie

Can’t get the staff

Recently we reported on a global Microsoft 365 outage that disrupted Teams and Exchange services. We said that aggressive traffic rerouting was blamed for service failures; with experts warning of architectural brittleness and rising cloud fragility.  

It was that fragility that caught the attention of Computerworld readers, who rushed to ask Smart Answers about one potential cause. We know that IT skills are in short supply even as lots of IT pros are being laid off. But the chat tends to focus on AI skills: we don’t often hear about how hard it is to get data center staff. But it’s a real factor, both in the public cloud sector, and maybe especially for those who are repatriating data back to their own data centers. We hear reports of understaffing in areas such as operations, electrical engineering, and cloud architecture.  

And it’s a problem. According to Smart Answers, being short staffed increases the risk of human error. It leads to maintenance being delayed, less effective remote monitoring, and longer response times when things do go wrong.  

Find out: How can insufficient data center staff contribute to cloud outages?  

Remind me…?

This week Computerworld broke the stunning news that – alongside all the generative-AI silliness – Google’s Gemini has some genuinely practical purposes on Android — if you know what to ask. Our readers latched on to one in particular. Now which one was it..?  

Oh yes: ‘Remember that’. 

‘Remember that’ is a genuinely useful feature, and Smart Answers has an outline of how to use it. Activation, Information Storage, Information Retrieval, and Note Creation. But you don’t need to remember that list – just ask our own useful AI assistant. 

Find out: How do I use Gemini’s “remember that” feature?  

Danger in the shadows

Recently we reported that SAP and IBM were slammed for their roles in a Quebec auto insurance board ERP overhaul fiasco. We said that a Quebec anti-corruption squad raided the organization that commissioned the over-budget ERP overhaul – (SAAQ) the provincial auto insurance board. Investigation into the project continues. 

Of interest to readers of CIO.com was one risk factor for all operators of large scale IT projects: shadow IT. They asked Smart Answers how shadow IT introduces risks such as vulnerabilities to be exploited by bad actors. There are more – but you’ll have to ask Smart Answers to find out.  

Find out: What risks does shadow IT pose to enterprise infrastructure?  

About Smart Answers 

Smart Answers is an AI-based chatbot tool designed to help you discover content, answer questions, and go deep on the topics that matter to you. Each week we send you the three most popular questions asked by our readers, and the answers Smart Answers provides.  

Developed in partnership with Miso.ai, Smart Answers draws only on editorial content from our network of trusted media brands—CIO, Computerworld, CSO, InfoWorld, and Network World—and was trained on questions that a savvy enterprise IT audience would ask. The result is a fast, efficient way for you to get more value from our content. 

Google is rolling out Veo 3 to everyone using Vertex AI, which is an ML-testing platform provided by Google Cloud. [...]

Vulnerabilities affecting a Bluetooth chipset present in more than two dozen audio devices from ten vendors can be exploited for eavesdropping or stealing sensitive information. [...]

Cloudflare has implemented end-to-end encryption (E2EE) to its video calling app Orange Meets and open-sourced the solution for transparency. [...]

Recent years have demonstrated a notable shift in the cybersecurity landscape, with Linux systems increasingly targeted by adversaries. Once considered relatively immune to malware threats , Linux servers have seen the emergence of sophisticated attack vectors, including high-profile Linux malware strains such as Cloud Snooper, HiddenWasp, and Tycoon.

Let's Encrypt has announced it will no longer notify users about imminent certificate expirations via email due to high costs, privacy concerns, and unnecessary complexities. [...]

The U.S. Federal Bureau of Investigation (FBI) has revealed that it has observed the notorious cybercrime group Scattered Spider broadening its targeting footprint to strike the airline sector. To that end, the agency said it's actively working with aviation and industry partners to combat the activity and help victims. "These actors rely on social engineering techniques, often impersonating Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool. "Recent campaigns in June 2025 demonstrate GIFTEDCROOK's enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Facebook, the social network platform owned by Meta, is asking for users to upload pictures from their phones to suggest collages, recaps, and other ideas using artificial intelligence (AI), including those that have not been directly uploaded to the service. According to TechCrunch, which first reported the feature, users are being served a new pop-up message asking for permission to "allow Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

If you've ever set up or maintained a multimedia pipeline on Linux, you already know the stakes. Your system needs to decode, encode, stream, and sync diverse media formats flawlessly, often under significant workload. GStreamer has been the workhorse of open-source multimedia for years, but it's not unbreakable. That's why version 1.26.3 matters.

The fireworks that could soon go off across the US have nothing to do with July 4 celebrations, but are reaction to a double hit that every state in the union may soon face relating to a potential reduction of connectivity capabilities and a proposed 10-year ban on its ability to regulate AI.

Drastic legislative changes around both issues are contained in the Trump administration’s Reconciliation Tax Bill, which is now before the Senate.

In early June, 260 state lawmakers from both parties in all 50 states sent a letter to Congress voicing strong opposition to the AI regulation ban. The letter, which was spearheaded by Americans for Responsible Innovation (ARI), a nonprofit policy advocacy organization, stated, “the proposed 10-year freeze of state and local regulation of AI and automated decision systems would cut short democratic discussion of AI policy in the states with a sweeping moratorium that threatens to halt a broad array of laws and restrict policymakers from responding to emerging issues.”

ARI president Brad Carson said, “lawmakers from every state in the country are sending a clear message that the proposed ban on state AI laws would freeze a whole range of common-sense laws that voters depend on.”

There is, he said, “room for a debate on pre-emption of a targeted set of state AI laws with the passage of a federal framework for AI governance. But this proposal fails on all counts, with an overbroad scope and nothing to offer when it comes to federal governance.”

Moratorium would be ‘a historic mistake’

On Thursday, lawmakers from Utah, South Carolina, Ohio, Tennessee, Wisconsin and Montana held a press conference organized by the ARI to ask Congress to remove the moratorium. There has also been a major new twist since Trump’s so-called One Big Beautiful Bill moved to the Senate for final approval, in that Senator Ted Cruz, chair of the Senate Committee on Commerce, Science, and Transportation, inserted a clause that would preclude any state receiving funding under the Broadband, Equity, Access and Deployment (BEAD) program if they refused to introduce an AI law moratorium.

Satya Thallam, senior advisor with ARI, said in a release following the press conference, “state lawmakers are sending a clear message to Congress: the moratorium threatens a range of state laws, from kids’ online safety to pro-innovation measures, and it needs to be struck from the bill.”

He added, “preventing lawmakers back home from doing the hard work of legislating on AI issues for the next decade would be a historic mistake. Congress shouldn’t be working in opposition to state lawmakers, but hand-in-hand with state legislators to get AI policy right.”

Amba Kak, co-executive director of AI Now Institute, said Thursday in an email to Computerworld, “simply put, this ban on state AI law would leave American consumers and workers with even less protections than we have today against some of the worst forms of AI-related abuse and exploitation. The moratorium rolls back the clock on the protections that are in place, and prevents new rules from coming into place. Essentially [it’s] forcing state lawmakers to turn a deaf ear to their constituents.”

‘AI being used on us, not just by us’

Who might be most at risk? “It’s all of us, any of us, that will be at the receiving end of AI mediating our life and work, whether we choose to opt in or not,” she said. “AI is routinely being used on us, not just by us. But it is most unconscionable to unleash these risks on those least well positioned to fend for ourselves — children, seniors more susceptible to AI scams and manipulation, low income people subject to faulty and error ridden AI-mediated social services systems, and those working jobs that are being aggressively devalued or replaced.” 

Kak added, “I’d also flip that question to say: who has most to gain here? Big Tech: The same industry that, by increasingly bipartisan consensus, has gotten too big for its boots. And have proven themselves to be reckless custodians of this power. This moratorium drives that impunity further, in ways that send a truly dangerous message to the Big Tech AI firms: they’re in charge, no questions asked.”

On Wednesday, Cruz issued a release which said that he had published updated text for the Commerce Committee’s portion of the budget reconciliation bill.

A backgrounder accompanying the release states that the update involves the appropriation of  “$500 million to the National Telecommunications and Information Administration (NTIA) to support deployment of AI models or systems and underlying infrastructure. The proposal uses the administrative structure of the Broadband, Equity, Access, and Deployment (BEAD) program to streamline allocation of new funding.”

It goes on to say that, in order to receive “a portion of this new $500 million federal investment to deploy AI,” states must agree to several conditions, one of which is the temporary pause of “any enforcement of any state restrictions, as specified, related to AI models, AI systems, or automated decision systems for 10 years.”

US Senator Maria Cantwell, a Democrat and Ranking Member of the committee, reacted by saying, “the newly released language by Chair Cruz continues to hold $42 billion in BEAD funding hostage, forcing states to choose between protecting consumers and expanding critical broadband infrastructure to rural communities.”

Cementing the digital divide

Drew Garner, director of policy engagement at Benton Institute for Broadband & Society, a nonprofit organization whose focus is ensuring all people in the US have access to competitive, high-performance broadband, sided with Cantwell, saying, “[it] sounds insane even not tied to BEAD, but tied to BEAD is doubly insane.”

The Trump administration and Cruz, he said, are “treating [BEAD] like a piñata right now and it’s crazy. It is an awful time to be in a state broadband office.”

This new threat worsens an already bad situation. In March, US Department of Commerce secretary Howard Lutnick announced that he had launched a “rigorous review of the BEAD program. The Department is ripping out the Biden administration’s pointless requirements. It is revamping the BEAD program to take a tech-neutral approach that is rigorously driven by outcomes, so states can provide internet access for the lowest cost.”

And following the release of revised rules earlier this month, Garner wrote, “[Lutnick’s] actions will cement the digital divide for decades. He is hurting our economic competitiveness, our healthcare and education … Secretary Lutnick wants to invest in the ‘cheapest’ broadband infrastructure, not the best infrastructure. It’s a self-inflicted wound to American competitiveness.”

Hackers associated with Scattered Spider tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors [...]

Over the next few years, agentic AI is expected to bring not only rapid technological breakthroughs, but a societal transformation, redefining how we live, work and interact with the world. And this shift is happening quickly.

“By 2028, 33% of enterprise software applications will include agentic AI, up from less than 1% in 2024, enabling 15% of day-to-day work decisions to be made autonomously,” according to research firm Gartner.

Unlike traditional AI, which typically follows preset rules or algorithms, agentic AI adapts to new situations, learns from experiences, and operates independently to pursue goals without human intervention. In short, agentic AI empowers systems to act autonomously, making decisions and executing tasks — even communicating directly with other AI agents — with little or no human involvement.

One key driver is the growing sophistication of large language models (LLMs), which provide the “brains” for these agents. Agentic AI will enable machines to interact with the physical world with unprecedented intelligence, allowing them to perform complex tasks in dynamic environments, which could be especially useful for industries facing labor shortages or hazardous conditions.

The rise of agentic AI also brings security and ethical concerns. Ensuring these autonomous systems operate safely, transparently and responsibly will require governance frameworks and testing. Preventing the law of unintended consequences will also require human vigilance.

Because job displacement is a potential outcome, strategies for retraining and upskilling workers will be needed as the technology necessitate a shift in how people approach work, emphasizing collaboration between humans and intelligent machines.

To stay on top of this evolving technology, follow this page for ongoing agentic AI coverage from Computerworld and Foundry’s other publications.

Agentic AI news and insights IFS rolls TheLoops agentic AI into industrial ERP

June 27, 2025: IFS is adding AI agent development and management capabilities to its ERP platform with the acquisition of software startup The acquisition brings TheLoops’ full Agent Development life cycle (ADLC) platform into IFS, enabling enterprises to design, test, deploy, monitor, and fine-tune AI agents with built-in support for versioning, compliance, and performance optimization.

How AI agents and agentic AI differ from each other

June 12, 2025: With agentic AI in its infancy and organizations rushing to adopt AI agents, there seems to be confusion about the difference between “agentic AI” and “AI agents” technologies, but experts say there’s growing understanding that the two are separate, but related, tools.

The future of RPA ties to AI agents

June 10, 2025: RPA is accelerating toward a crossroads, with IT leaders and experts debating its future. Some IT leaders say that more powerful and autonomous AI agents will replace the two-decade-old AI precursor technology, while others predict that AI agents and RPA will work hand-in-hand.

MCP is enabling agentic AI, but how secure is it?

June 2, 2025: Model context protocol (MCP) is becoming the plug-and-play standard for agentic AI apps to pull in data in real time from multiple sources. However, this also makes it more attractive for malicious actors looking to exploit weaknesses in how MCP has been deployed. 

The agentic AI assist Stanford University cancer care staff needed

May 30, 2025: At Microsoft Build 2025 earlier this month, Nigam Shah, CDO for Stanford Health Care, discussed agentic AI’s ability to redefine healthcare, especially in oncology, as physicians get overloaded with the administrative tasks of medicine, he said, which lead to burnout.

Agentic AI, LLMs and standards big focus of Red Hat Summit

May 26, 2025: Red Hat, announced a number of improvements in its core enterprise Linux product, including better security, better support for containers, better support for edge devices. But the one topic that dominated the conversation was AI.

Putting agentic AI to work in Firebase Studio

May 21, 2025: Putting agentic AI to work in software engineering can be done in a variety of ways. Some agents work independently of the developer’s environment, working essentially like a remote developer. Other agents directly within a developer’s own environment. Google’s Firebase Studio is an example of the latter, drawing on Google’s Gemini LLM o help developers prototype and build applications .

Why is Microsoft offering to turn websites into AI apps with NLWeb?

May 20. 2025: NLWeb, short for Natural Language Web, is designed to help enterprises build a natural language interface for their websites using the model of their choice and data to answer user queries about the contents of the website. Microsoft hopes to stake its claim on the agentic web before rivals Google and Amazon do.

Databricks to acquire open-source database startup Neon to build the next wave of AI agents

May 14, 2025: Agentic AI requires a new type of architecture because traditional workflows create gridlock, dragging down speed and performance. To get ahead in this next generation of app building, Databricks announced it will purchase Neon, an open-source serverless Postgres company.

Agentic mesh: The future of enterprise agent ecosystems

May 13, 2025: Nvidia CEO Jensen Huang predicts we’ll soon see “a couple of hundred million digital agents” inside the enterprise. Microsoft CEO Satya Nadella takes it even further: “Agents will replace all software.”

Google to unveil AI agent for developers at I/O, expand Gemini integration

May 13, 2025: Google is expected to unveil a new AI agent aimed at helping software developers manage tasks across the coding lifecycle, including task execution and documentation. The tool has reportedly been demonstrated to employees and select external developers ahead of the company’s annual I/O conference.

Nvidia, ServiceNow engineer open-source model to create AI agents

May 6, 2025: Nvidia and ServiceNow have created an AI model that can help companies create learning AI agents to automate corporate workloads. The open-source Apriel model, available generally in the second quarter on HuggingFace, will help create AI agents that can make decisions around IT, human resources and customer-service functions.

How IT leaders use agentic AI for business workflows

April 30, 2025: Jay Upchurch, CIO at SAS, backs agentic AI to enhance sales, marketing, IT, and HR motions. “Agentic AI can make sales more effective by handling lead scoring, assisting with customer segmentation, and optimizing targeted outreach,” he says.

Microsoft sees AI agents shaking up org charts, eliminating traditional functions

April 28, 2025: As companies increasingly automate work processes using agents, traditional functions such as finance, marketing, and engineering may fall away, giving rise to an ‘agent boss’ era of delegation and orchestration of myriad bots.

Cisco automates AI-driven security across enterprise networks

April 28, 2025: Cisco announced a range of AI-driven security enhancements, including improved threat detection and response capabilities in Cisco XDR and Splunk Security, new AI agents, and integration between Cisco’s AI Defense platform and ServiceNow SecOps.

Hype versus execution in agentic AI

April 25, 2025: Agentic AI promises autonomous systems capable of reasoning, making decisions, and dynamically adapting to changing conditions. The allure lies in machines operating independently, free of human intervention, streamlining processes and enhancing efficiency at unprecedented scales. But David Linthicum writes, don’t be swept up by ambitious promises. 

Agents are here — but can you see what they’re doing?

April 23, 2025: As the agentic AI models powering individual agents get smarter, the use cases for agentic AI systems get more ambitious — and the risks posed by these systems increase exponentially.A multicloud experiment in agentic AI: Lessons learned

Agentic AI might soon get into cryptocurrency trading — what could possibly go wron

April 15, 2025: Agentic AI promises to simplify complex tasks such as crypto trading or managing digital assets by automating decisions, enhancing accessibility, and masking technical complexity.

Agentic AI is both boon and bane for security pros

April 15, 2025: Cybersecurity is at a crossroads with agentic AI. It’s a powerful tool that can create reams of code in a blink of an eye, find and defuse threats, and be used so decisively and defensively. This has proved to be a huge force multiplier and productivity boon. But while powerful, agentic AI isn’t dependable, and that is the conundrum. 

AI agents vs. agentic AI: What do enterprises want?

April 15, 2025:  Now that this AI agent story has morphed into “agentic AI,” it seems to have taken on the same big-cloud-AI flavor that enteriprise already rejected. What do they want from AI agents, why is “agentic” thinking wrong, and where is this all headed?

A multicloud experiment in agentic AI: Lessons learned

April 11, 2025: Turns out you really can build a decentralized AI system that operates successfully across multiple public cloud providers. It’s both challenging and costly.

Google adds open source framework for building agents to Vertex AI

April 9, 2025: Google is adding a new open source framework for building agents to its AI and machine learning platform Vertex AI, along with other updates to help deploy and maintain these agents. The open source Agent Development Kit (ADK) will make it possible to build an AI agent in under 100 lines of Python code. It expects to add support for more languages later this year.

Google’s Agent2Agent open protocol aims to connect disparate agents

April 9, 2025: Google has taken the covers off a new open protocol — Agent2Agent (A2A) — that aims to connect agents across disparate ecosystems.. At its annual Cloud Next conference, Google said that the A2A protocol will enable enterprises to adopt agents more readily as it bypasses the challenge of agents that are built on different vendor ecosystems not being able to communicate with each other.

Riverbed bolsters AIOps platform with predictive and agentic AI

April 8, 2025: Riverbed unveiled updates to its AIOps and observability platform that the company says will transform how IT organizations manage complex distributed infrastructure and data more efficiently. Expanded AI capabilities are aimed at making it easier to manage AIOps and enabling IT organizations to transition from reactive to predictive IT operations.

Microsoft’s newest AI agents can detail how they reason

March 26, 2025: If you’re wondering how AI agents work, Microsoft’s new Copilot AI agents provide real-time answers on how data is being analyzed and sourced to reach results. The Researcher and Analyst agents take a deeper look at data sources such as email, chat or databases within an organization to produce research reports, analyze strategies, or convert raw information into meaningful data.

Microsoft launches AI agents to automate cybersecurity amid rising threats

March 26, 2025: Microsoft has introduced a new set of AI agents for its Security Copilot platform, designed to automate key cybersecurity functions as organizations face increasingly complex and fast-moving digital threats. The new tools focus on tasks such as phishing detection, data protection, and identity management.

How AI agents work

March 24, 2025: By leveraging technologies such as machine learning, natural language processing (NLP), and contextual understanding, AI agents can operate independently, even partnering with other agents to perform complex tasks.

5 top business use cases for AI agents

March 19, 2025: AI agents are poised to transform the enterprise, from automating mundane tasks to driving customer service and innovation. But having strong guardrails in place will be key to success.

Nvidia launches AgentIQ toolkit to connect disparate AI agents

March 21, 2025: As enterprises look to adopt agents and agentic AI to boost the efficiency of their applications, Nvidia this week introduced a new open-source software library — AgentIQ toolkit — to help developers connect disparate agents and agent frameworks..

Deloitte unveils agentic AI platform

March 18, 2025: At Nvidia GTC 2025 in San Jose, Deloitte announced Zora AI, a new agentic AI platform that offers a portfolio of AI agents for finance, human capital, supply chain, procurement, sales and marketing, and customer service.The platform draws on Deloitte’s experience from its technology, risk, tax, and audit businesses, and is integrated with all major enterprise software platforms. 

The dawn of agentic AI: Are we ready for autonomous technology?

March 15, 2025: Much of the AI work prior has focused on large language models (LLMs) with a goal to give prompts to get knowledge out of the unstructured data. So it’s a question-and-answer process. Agentic AI goes beyond that. You can give it a task that might involve a complex set of steps that can change each time.

How to know a business process is ripe for agentic AI

March 11, 2025: Deloitte predicts that in 2025, 25% of companies that use generative AI will launch agentic AI pilots or proofs of concept, growing to 50% in 2027. The firm says some agentic AI applications, in some industries and for some use cases, could see actual adoption into existing workflows this year.

With new division, AWS bets big on agentic AI automation

March 6, 2025: Amazon Web Services customers can expect to hear a lot more about agentic AI from AWS in future with the news that the company is setting up a dedicated unit to promote the technology on its platform.

How agentic AI makes decisions and solves problems

March 6, 2025: GenAI’s latest big step forward has been the arrival of autonomous AI agents. Agentic AI is based on AI-enabled applications capable of perceiving their environment, making decisions, and taking actions to achieve specific goals. 

CIOs are bullish on AI agents. IT employees? Not so much

Feb. 4, 2025: Most CIOs and CTOs are bullish on agentic AI, believing the emerging technology will soon become essential to their enterprises, but lower-level IT pros who will be tasked with implementing agents have serious doubts.

The next AI wave — agents — should come with warning labels. Is now the right time to invest in them?

Jan.13, 2025: The next wave of artificial intelligence (AI) adoption is already under way, as AI agents — AI applications that can function independently and execute complex workflows with minimal or limited direct human oversight — are being rolled out across the tech industry.

AI agents are unlike any technology ever

Dec. 1, 2024: The agents are coming, and they represent a fundamental shift in the role artificial intelligence plays in businesses, governments, and our lives.

AI agents are coming to work — here’s what businesses need to know

Nov. 21, 2024: AI agents will soon be everywhere, automating complex business processes and taking care of mundane tasks for workers — at least that’s the claim of various software vendors that are quickly adding intelligent bots to a wide range of work apps.

Agentic AI swarms are headed your way

November 1, 2024: OpenAI launched an experimental framework called Swarm. It’s a “lightweight” system for the development of agentic AI swarms, which are networks of autonomous AI agents able to work together to handle complex tasks without human intervention, according to OpenAI. 

Is now the right time to invest in implementing agentic AI?

October 31, 2024: While software vendors say their current agentic AI-based offerings are easy to implement, analysts say that’s far from the truth.

Threat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups. The Operational Relay Box (ORB) network has been codenamed LapDogs by SecurityScorecard's STRIKE team. "The LapDogs network has a high concentration of victims Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Starting June 9, 2025, Russian internet service providers (ISPs) have begun throttling access to websites and services protected by Cloudflare, an American internet giant. [...]

Brother Industries is grappling with a critical authentication bypass vulnerability affecting hundreds of different printer models, many of them used in enterprises, allowing unauthenticated remote code execution (RCE) on the devices when chained with another flaw.

The admin password bypass stems from a manufacturing issue and cannot be fixed through firmware according to Rapid7, the cybersecurity firm that discovered the vulnerability — along with seven others — affecting 689 different device models.

One of those vulnerabilities enables attackers to extract the serial number of a printer, and that’s at the root of Brother’s problems.

A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices. [...]

A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians' Convention on Tibet (WPCT), China's education policy in the Tibet Autonomous Region (TAR), and a recently published book by the 14th Dalai Lama, Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Critics might argue that Apple at the 11th hour stepped forward with new rules for developers in Europe that might be acceptable to the region’s anti-trust regulators — but that’s not how Apple sees it. That company, which is appealing the rules Europe has applied to directly constrain its business, says regulators have not been transparent throughout the process, making arbitrary decisions despite constant communication between both sides on the matter.

Apple does, however, hope the changes it has now introduced to its steering arrangements for developers in will bring its business in line with Europe’s Digital Markets Act. It certainly has reasons to think so; Apple said it worked with the regulators on the arrangements and believes they bring it into harmony there. 

Apple announced the latest rounds of EU DMA-inspired changes via a Thursday note on its developer’s website.

Malicious compliance

But there is still a problem; Apple says that even though it’s been meeting intensively with European Commission regulators for more than a year, the experience has been a frustrating one. Regulators have continuously moved the goalposts on what compliance looks like. The company complains that they have even prevented Apple from implementing new solutions to bring its business into compliance and then fined the company for not making changes. 

This has placed a big burden on the company, which has had to invest thousands of hours in attempting to meet the Commission’s ever-changing demands. From what I hear, it’s akin to throwing darts at a board attached to a rope, allowing the board to move out the way once the dart is fired. It’s an unequal, opaque process seemingly designed for Apple to lose and perhaps in itself an articulation of malicious compliance — with malice from the regulators.

We’ll have to wait and see whether the changes Apple announced do actually meet European regulators’ demands. They should, as Apple is very much giving the impression they were introduced in collaboration with EC authorities. 

Apple will appeal

That doesn’t mean Apple accepts the changes it’s been forced to make. The company has until July 7 to appeal and will do so. Apple is quite open that it opposes the demands Europe has made of it and continues to warn that the patchwork of changes it introduced will erode security and privacy, dent the user experience, and make it harder for the company to innovate. 

Apple’s enemies, typically, remain critical of the changes. Epic Games CEO Tim Sweeney, who has spent millions on his assault on Apple business practices, slams the new terms as “blatantly unlawful,” calling them a “mockery of fair competition.”

I imagine Apple might suggest that they are inherently lawful and support Europe’s view of fair competition. The changes can loosely be grouped as changes in the way steering is supported on the platform, and changes in business terms.

What steering changes did Apple introduce?

In short, the changes comprise policy and payment tweaks and the removal of some restrictions.

One of the biggest alterations concerns the warning notice Apple provides users to warn them when they tap on external links. Critics had complained this mandatory warning got in the way of consumer choice and wanted it removed. It looks as if Apple partially won that argument, in that the warning will now appear the first time a user taps on an external link, but there is now an option to opt out of seeing the warning later when tapping external links in the same app.

In other words, you’ll be warned the first time you tap out from an app but can override future warnings if you trust the developer. Apple had wanted a warning to appear each time you tap an external link.

Additionally:

• Changes apply to all developers, whether or not they have wanted to use alternative business terms in Europe.
• Developers can use URLs in their apps that direct traffic to external websites, other apps, and alternative app marketplaces. They can also link to in-app promotions — and they can use multiple URLs inside their app, not just one as before. 
• The links developers put inside their apps can collect additional user information through tracking parameters, redirects, and intermediate links. This will increase the burden on consumers to verify the security and privacy of a link they find in an app before they use it.
• Apple had originally insisted developers use its own templates for interfaces to links and promotions; under the new rules, developers can freely design these.

What business changes has Apple made?

The company also changed its business terms in the EU. These do not apply to apps sold via third-party app stores, and they are not applied against offers directed from inside an app. But they do apply to links that direct users to the web, as well as in-app alternative payment service providers.

The deal is that Apple charges an Initial Acquisition Fee, a Store Services Fee and Core Technology charges.

In brief, these consist of:

Initial Acquisition Fee

This is designed to recognize Apple’s role in connecting users to developers.

• A 2% fee on the sale of digital goods and services to new users.
• The fee applies for the first six months after the user first downloads an app from the app store.
• The fee is waived for developers in Apple’s Small Business Program
• There is no fee for existing users.

Store Services Fee

Apple’s App Store offers a range of services to developers, who can now choose between a basic set of mandatory services, or the full collection of services:

Tier One Store Services: A 5% fee in exchange for which developers get trust and safety features, app management, and app distribution and delivery services. The fee does not extend to automatic app updates or automatic downloads across devices.

Tier Two Store Services: Set at 13% (or 10% for Small Business Program members), this fee gives developers access to all the services the App Store presently provides, including promotions, search suggestions, discovery, automatic downloads and automatic updates.

Core Technology charges

• Developers signed up to Apple’s alternative terms in the EU will pay the previously announced Core Technology Fee of €0.50 per install for each first annual install over 1 million.
• Developers on Apple’s standard business terms will now pay a Core Technology Commission of 5% on sales made through in-app promotion of alternate payments.
• Apple will migrate all its European developers to the new fee structure by Jan. 1, 2026.

Where can I find out more about Apple’s European changes?

The company has published a range of pages describing the changes it has applied:

• StoreKit External Purchase Link Entitlement Addendum for EU Apps.
• Alternative Terms Addendum for Apps in the EU
• Communication and promotion of offers on the App Store in the EU

What will happen?

I remain concerned about the dilution of warnings on the store and the lack of implicit control over what links developers use to direct their audiences to external traffic. I’m in no doubt whatsoever that these openings will be abused to form new attack surfaces over which Apple has little control. Enterprise users will no doubt use device management policy to forbid use of third-party payment services and installs in an attempt to protect corporate data.

Even more concerning: Apple’s accusations concerning its negotiations with the EC as if that body has been deliberately opaque, meaning enforcement of the DMA has very swiftly become a political weapon, perhaps in some unspoken European economic battle against the US. I doubt we’ve heard the last of this ongoing battle, which will likely last longer than the game that kicked it off.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today’s security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all [email protected]