ECIPE Webinar: Cybersecurity at Risk – How the EU’s Digital Markets Act Could Undermine Security across Mobile Operating Systems

The EU’s Digital Markets Act (DMA) is designed to foster competition by opening up digital markets. However, its enforcement – in particular Article 5(4) – may unintentionally weaken cybersecurity safeguards on proprietary and open-source mobile operating systems.

This ECIPE webinar will explore how mandatory third-party link-outs could circumvent established app store protections, expose users to malicious content, and create regulatory trade-offs that compromise platform integrity and user safety.

At a time when the EU is significantly investing in cybersecurity – through initiatives such as the NIS2 Directive and the Cyber Resilience Act – the DMA risks introducing regulatory contradictions that undermine consumer protection and digital resilience.

The discussion will bring together leading experts in digital regulation and app security to examine the real-world implications of the DMA on security architecture, developer liability, and user trust. The panel will also assess whether the current one-size-fits-all regulatory model is compatible with platform-specific risk management, particularly with respect to vulnerable user groups, financial data, and sensitive personal information.

Key Questions to Be Addressed:
1. Are the DMA’s link-out obligations compatible with the EU’s overarching cybersecurity agenda, or do they risk creating a fundamental policy contradiction?
2. What risks do app developers face from mandatory external linking, and how does this affect their responsibility for safeguarding users?
3. Should DMA enforcement be adapted to reflect the fundamental differences between Android and iOS security models?
4. Is there a case for exempting platform restrictions from DMA penalties when they are grounded in demonstrable cybersecurity risks?