UK competition regulator proposes opening Apple and Google app stores to external payments and NFC access

At a glance:

• UK CMA proposes letting developers direct users to off-platform payment options outside Apple and Google app stores
• Regulator may require Apple to open NFC access for alternative contactless payment options within apps
• Apple opposes changes citing security, fraud protection, and parental control concerns

CMA unveils targeted interventions for mobile ecosystems

The UK Competition and Markets Authority has published provisional findings that would fundamentally reshape how Apple and Google operate their app marketplaces in Britain. The regulator's proposals would remove restrictions preventing UK developers from steering users toward payment options outside the App Store and Play Store, a practice both companies have long prohibited. Any fees Apple or Google charge for enabling such "steering" must be fair, reasonable, and remain below their existing commission rates, which typically range from 15 to 30 percent. The CMA also stipulated that developers should be able to pass savings on to consumers or reinvest them in innovation, creating a direct economic incentive for alternative payment adoption.

Beyond payments, the CMA is considering a separate but related intervention: requiring Apple to open its near-field communication (NFC) technology to third-party developers. Currently, only Apple Pay can use the iPhone's NFC chip for contactless transactions. Opening this interface would allow banking apps, digital wallets, and other services to offer tap-to-pay functionality directly within their own applications, bypassing Apple Pay entirely. The regulator argues that Apple's exclusive control over NFC creates a significant barrier to competition in mobile payments, a market worth billions in the UK alone.

Strategic market status designation enables targeted action

These proposals flow directly from the CMA's 2025 decision to designate Apple with strategic market status (SMS) for iOS and iPadOS in the United Kingdom. That designation, the first of its kind under the UK's new digital markets regime, grants the regulator powers to impose specific conduct requirements on firms deemed to hold entrenched market power. Google's Android platform is also under SMS investigation, though a final designation decision remains pending. The SMS framework allows the CMA to move beyond general competition law and craft bespoke remedies tailored to the specific anti-competitive dynamics of each platform, rather than relying on one-size-fits-all rules.

The regulator's approach reflects a growing international consensus that traditional antitrust tools are too slow and blunt for fast-moving digital markets. The European Union's Digital Markets Act, which took full effect in 2024, imposes similar obligations on designated gatekeepers including Apple and Google. Japan, South Korea, and Australia have all enacted or proposed legislation targeting app store practices. The UK's SMS regime, overseen by the CMA's Digital Markets Unit, represents a more flexible, case-by-case alternative to the EU's ex-ante regulatory model.

Apple pushes back on security and user protection grounds

Apple has consistently opposed mandatory steering and NFC opening, arguing that both measures would undermine the security architecture it has built around the iOS ecosystem. In a statement to Reuters, an Apple spokesperson warned that directing users away from the company's "trusted payment infrastructure" exposes them to "scams, bait-and-switch tactics, and the circumvention of parental controls." The company contends that its App Store review process, combined with centralized payment processing, provides critical fraud detection, subscription management, and refund enforcement that third-party systems cannot replicate. Apple also emphasizes that its 15-to-30 percent commission funds the development of iOS, developer tools, and platform security — costs that would not disappear if developers bypassed the App Store.

The security argument extends to NFC access. Apple maintains that restricting the NFC chip to Apple Pay ensures a consistent, secure contactless experience protected by the Secure Element hardware and biometric authentication. Opening NFC to arbitrary apps, the company argues, could enable malicious software to intercept payment credentials or spoof legitimate terminals. Critics counter that Android has allowed third-party NFC access for years without systemic security failures, and that Apple's stance primarily protects its Apple Pay revenue stream, which generates transaction fees from issuing banks.

February agreement set baseline for fairer app store practices

The current proposals build on a voluntary agreement the CMA secured from both Apple and Google in February 2026. Under those terms, both companies committed to reviewing and ranking apps in a "fair, objective, and transparent way" without discriminating against apps that compete with their own services. Apple also agreed to let developers more easily request access to iOS features and functionality, potentially clearing the way for third-party apps to better compete with Apple's native offerings like Maps, Messages, and Wallet. The CMA characterized the February commitments as a necessary but insufficient first step, noting that structural barriers — particularly around payments and NFC — required formal intervention.

That earlier agreement came after a lengthy CMA investigation into mobile browsers and cloud gaming, which found that Apple's ban on alternative browser engines on iOS and restrictions on cloud gaming apps harmed competition. The browser engine mandate, which forced all iOS browsers to use WebKit, was subsequently relaxed in the EU under DMA pressure but remains in place in the UK pending SMS remedies. The cloud gaming restrictions were also partially lifted following CMA engagement. These incremental changes illustrate the regulator's strategy: secure voluntary concessions where possible, then impose binding requirements where market power persists.

Developers and consumers stand to gain from increased choice

For UK developers, the ability to steer users to external payment pages could significantly reduce customer acquisition costs and enable direct billing relationships. Subscription businesses like Spotify, Netflix, and numerous productivity apps have long argued that Apple's commission makes their services uncompetitive on iOS compared to web sign-ups. Small developers, in particular, could benefit from lower fees and the ability to offer localized payment methods popular in specific markets. Consumers may see lower prices, more payment options, and innovative billing models such as usage-based pricing that are difficult to implement within App Store constraints.

The NFC opening could spark a wave of innovation in contactless payments, loyalty integration, and transit ticketing. UK banks and fintechs have lobbied for NFC access for years, arguing that Apple Pay's dominance stifles competition and limits consumer choice. Transport for London, which operates one of the world's largest contactless transit systems, has expressed interest in integrating its Oyster and contactless ticketing directly into third-party apps. However, widespread adoption will depend on whether Apple implements NFC access with reasonable technical conditions — or whether it engages in "malicious compliance" by imposing onerous certification requirements that effectively block competitors.

What happens next and why it matters globally

The CMA's proposals are provisional, with a consultation period running through late 2026 before final remedies are imposed. Apple and Google will submit detailed responses, likely reiterating security arguments and proposing alternative remedies. The regulator must then weigh evidence and issue a final order, which can be appealed to the Competition Appeal Tribunal. Given the complexity, binding requirements may not take effect until 2027. Meanwhile, the EU's DMA enforcement continues in parallel, and the US Department of Justice's antitrust suit against Apple — which includes App Store and NFC allegations — proceeds toward trial.

The UK's approach matters beyond its borders because it demonstrates how a mid-sized digital economy can wield targeted regulatory power without waiting for global consensus. If the CMA's remedies prove effective — increasing competition without compromising security — they could become a template for regulators in Canada, India, Brazil, and other jurisdictions currently drafting digital competition laws. For Apple and Google, the cumulative weight of UK, EU, US, and Asian regulatory pressure makes the status quo increasingly untenable. The companies face a strategic choice: fragment their global app store policies by jurisdiction, or adopt a unified, more open approach that anticipates the regulatory trajectory. The next twelve months will reveal which path they choose.