The DMA already requires that any integrity or security measures Google imposes on third-party access must be "strictly necessary and proportionate" — meaning Google cannot broadly block interoperability on security grounds without proving each restriction is narrowly tailored .
A separate specification proceeding, also opened on 27 January 2026, addresses Google's obligation to provide third-party search engines and AI developers with access to its online search data — including data related to the Gemini AI model — on "fair, reasonable, and non-discriminatory" (FRAND) terms . Reuters reported that the Commission's guidance covers how rivals can access Google's search ranking data, click-and-query data, and AI-related services
.
Google has argued that "Android is inherently open" and that it is "already sharing Search data with rivals in accordance with the DMA," but warned it is "apprehensive that a prescriptive approach may harm user security and privacy" . In a September 2025 blog post, Google stated the DMA is "making it difficult to protect users from scams and malicious links on Android by forcing us to remove our legitimate safeguards that protect users' security and safety," citing the risk that interoperability mandates force Android to weaken protections against sideloaded malware and phishing
. Google has also complained that gatekeepers under investigation do not receive full access to the Commission's file, which it calls "inconsistent with the rights of defense" in EU law
.
The DMA was designed to increase "market contestability in digital markets" and "create more room for innovation and more choice for consumers" . Its interoperability and data-sharing provisions are seen as essential to breaking platform lock-in, especially in the emerging AI market. The Commission's own two-year review (June 2026) concluded the DMA "remains fit for purpose and does not need to be revised"
, signaling the EU's intent to press forward despite industry warnings.
The specification proceedings against Google follow similar measures against Apple in 2025 over iOS interoperability for connected devices like smartwatches . This demonstrates a systematic regulatory push across both major mobile ecosystems. The confrontation is sharpest around AI: the Commission is effectively trying to prevent Google from using Android as a competitive moat for Gemini, just as the generative AI market takes shape. TNW described it as determining "whether artificial intelligence becomes the next great platform lock-in or the first to be broken before it sets"
.
ECIPE noted that "DMA enforcement is now also generating tensions with other EU regulatory frameworks, particularly in the areas of data protection, cybersecurity, intellectual property rights, and consumer protection" . The enforcement of interoperability obligations "illustrates these tensions particularly clearly" because what the DMA demands for competition may directly conflict with what the GDPR, NIS2 Directive, and Cyber Resilience Act require for security. The Commission acknowledges this tension in its own documents: the DMA allows integrity measures only where "strictly necessary and proportionate"
, but critics argue the burden of proof rests on the gatekeeper, creating a chilling effect on proactive security.
Bottom line: The EU is pushing Google to open Android's core features and search data to competitors — especially AI rivals — while Google and numerous security experts warn the mandated interoperability will weaken malware protections, increase attack surfaces, and create conflicts with other EU cybersecurity laws.