Britain's competition watchdog is intensifying pressure on technology giants Apple and Google to dismantle barriers that lock developers into their proprietary payment systems, marking a significant escalation in the country's approach to digital market regulation. The Competition and Markets Authority has identified what it calls "steering"—the ability for app creators to guide users towards alternative payment options outside the companies' own platforms—as a critical mechanism for fostering genuine choice and competition in the mobile app economy.

Steering currently exists in a regulatory grey zone across major markets. Apple explicitly prohibits the practice within its ecosystem, while Google imposes restrictions that have the practical effect of discouraging developers from using it in Britain. The CMA's intervention signals that British regulators view these constraints as anti-competitive barriers that prevent smaller developers from accessing cost-effective alternatives to the 15-30 percent commission rates that Apple and Google typically extract from in-app purchases. This regulatory stance brings the UK into alignment with the European Union, which has already pushed similar requirements through its Digital Markets Act, creating momentum for a coordinated approach to app store governance across the Atlantic.

The authority has proposed a nuanced framework that would permit steering while preserving some protections for the platforms. Rather than requiring absolute prohibition on charging for steering functionality, the CMA suggests that Apple and Google should be allowed to levy fees—provided these charges are calibrated as "fair and reasonable." This balancing act reflects recognition that platforms do incur costs to maintain their infrastructure and security systems, yet acknowledges that current arrangements give them disproportionate control over payment flows. The regulatory body argues that if developers retain a greater share of their revenue, these savings could be reinvested into product development, customer service, or lower prices for consumers, creating a positive feedback loop through the broader app ecosystem.

Google has already signalled compliance, stating that it had implemented the changes contemplated by the CMA's recommendations. The company's swift acknowledgment suggests either that its current restrictions were less stringent than Apple's, or that the search giant views regulatory accommodation as preferable to prolonged scrutiny and potential forced action. Apple, by contrast, has mounted a more robust defence of its existing policies, emphasizing fraud prevention and the integrity of parental controls. A company spokesperson argued that when users are directed away from Apple's payment infrastructure, they lose access to the security measures that the company has embedded into its systems, opening pathways for scammers and circumvention of family safety features that parents depend upon.

Beyond steering, the CMA is investigating whether to compel Apple to grant third-party developers access to the iPhone's NFC contactless payment technology, a feature currently restricted to Apple Pay and a narrow set of partners. This represents a more ambitious intervention than steering alone, as it would directly expose core hardware functionality to competitors. The rationale is that unlocking NFC access would enable British fintech companies and developers to build contactless payment services that operate independently of Apple's ecosystem, fostering what the CMA describes as genuine innovation in payment infrastructure. Such access could facilitate the emergence of new payment methods, including digital currencies and blockchain-based identification systems, which might otherwise be stifled by Apple's gatekeeping role.

The precedent for this type of intervention already exists in the European Union, where iPhone users gained access to competing contactless payment services following a four-year investigation that concluded in 2024. The EU's enforcement actions have effectively created a test case demonstrating that mandatory interoperability is technically feasible and commercially viable. This experience provides the CMA with real-world evidence that Apple's security and control concerns, while not entirely baseless, need not result in absolute monopoly over payment infrastructure. The European outcome suggests that carefully designed third-party access can coexist with security measures, contradicting Apple's implicit claim that opening up the system would inevitably compromise user protection.

For Malaysian and Southeast Asian markets, these regulatory developments carry important implications. British and European regulatory momentum is creating international pressure on platform companies to adopt more permissive policies, and many multinational developers operate across these jurisdictions simultaneously. A developer operating in both the UK and Malaysia might eventually expect comparable policy frameworks, particularly if major platforms adopt uniform global policies rather than maintaining region-specific rules. Additionally, the competitive dynamics being reshaped in Britain could influence how regional companies price their services and how international platforms behave in emerging markets that currently lack equivalent regulatory capacity.

The financial impact on the app development community could be substantial. For independent developers and small studios, steering and NFC access represent pathways to lower distribution costs and greater customer autonomy. The ability to negotiate directly with users about payment methods, or to integrate alternative payment systems seamlessly into apps, could shift the balance of power in negotiations over commission rates. Larger publishers and international companies might find new opportunities to offer region-specific payment solutions that better serve local preferences, such as e-wallet integration or bank transfer options that have stronger adoption in Southeast Asia than in Western markets.

Apple's defence centred on security and parental controls reflects a legitimate concern, yet it also illustrates how security rhetoric can serve as a justification for market control. Regulators in Britain and Europe have concluded that security need not require complete proprietary gatekeeping, and that third parties can implement comparable protections. This reasoning shifts the burden of proof: rather than assuming that open platforms are inherently less secure, regulators now expect companies to demonstrate that specific security measures require exclusive control. The distinction matters because it moves away from paternalistic models where companies decide what users can do "for their own good" towards frameworks where users retain choice while security measures protect against genuine harms.

The CMA's proposals remain recommendations rather than binding mandates at this stage, yet regulatory language from competition authorities typically precedes formal action. If Apple and Google do not voluntarily comply within reasonable timeframes, the CMA possesses enforcement powers to compel compliance, as the European Union has demonstrated through fines and structural remedies. The trajectory suggests that by the end of the decade, app store economics across major markets will look substantially different from today's concentrated model, with implications extending throughout the technology sector and into adjacent industries reliant on digital distribution platforms.