WEBVTT 00:00.000 --> 00:22.840 And while we are waiting to get set up here, 00:22.840 --> 00:36.840 And while we're waiting to get set up here, just want to remind people, there's we have an open session where we can do it ever we want with it due to a cancellation at 430. 00:36.840 --> 00:43.840 So if you have an idea for that session, I think at this point we have a few ideas, but they're very specific, so we might turn them into lightning talks. 00:43.840 --> 00:51.840 But a very short lightning talks. We'll see how it goes. But if you have an idea for a session topic, you can enter it at SFC. 00:51.840 --> 01:09.840 And that link is also on the Fossum calendar for that session. Also on your way out from this previous session that Denver gave their signups for Foss users EV up in front, if anybody wants on your way out. 01:09.840 --> 01:17.840 And without any further ado, you'll introduce yourselves. Very excited for the next panel. Let's give them a round of applause. 01:17.840 --> 01:33.840 Hello, hello. Okay, so it's working, right? People in the back, you can confirm that you're hearing me well. Okay, good. 01:34.840 --> 01:48.840 So we are very, very happy to be here again in Fossum and to have here the members of the European Commission and also from data rights to discuss a very important topic, the digital markets act. 01:48.840 --> 01:56.840 I think everyone heard about interoperability, right? But who has heard about the digital markets act? Here's your hand. 01:56.840 --> 02:10.840 This is a very qualified audience and I'm happy. So in the beginning of this dev room, the first talk, we learn that copyright applies by default, right? 02:10.840 --> 02:22.840 You know, every time someone writes a code, copyright applies by default. And then, you know, who creates this code already has legally speaking, some kind of monopoly over that creation, right? 02:22.840 --> 02:29.840 And this crowd here, of course, we are always talking about a free and open source software, which is the opposite, right? 02:29.840 --> 02:44.840 So we came with the terms like copy left. So we tried to disintermediate control over software, you know, so we can free, we are free to share to study the source code to redistribute, right? 02:44.840 --> 02:58.840 And but free software doesn't apply by default, right? So we have to, well, some licenses, we need to put some effort in order to have this type of freedom over software. 02:58.840 --> 03:12.840 Well, the same word less applies over interoperability, right? And interoperability is very, very much important, because this creates opportunity for everyone to interconnect between different systems. 03:12.840 --> 03:31.840 But the problem with interoperability is, and this is the topic of our today panel, is that the incentives are kind of paradoxal. Why companies, they are small, you know, they pretty much love interoperability, because this gave them the opportunity to interact with other systems. 03:31.840 --> 03:45.840 But as soon as you start to grow, your company starts to grow and you start to be very important to the extent that your services become subject of interoperability regulation, then you don't like interoperability anymore, right? 03:45.840 --> 04:05.840 And the digital market sector is this solution, regulatory solution, that puts interoperability back on agenda, you know, in order to regulate this, the greatest companies in the planet, that they don't want to cooperate in the terms of interoperability. 04:05.840 --> 04:29.840 So, my next question to our audience is, in order for us to contextualize the importance of this panel here together with the commission and the civil society is, who uses iPhone here in our audience, right? And who uses, well, default Android, you know, a lot of people, but who uses an alternative ROM, okay? 04:29.840 --> 04:49.840 All right? Who doesn't use any of these two providers, so is there like only a Linux phone, perhaps? Okay, so yeah, and exactly, so I think, last day, one percent of the room uses something that is not iOS or Android or Android days operating system. 04:49.840 --> 05:16.840 And this demonstrates exactly the relevance of this panel today, right? Different from other laws, like the cyber resilience act or the online safety laws that we just heard, that impose some of obligations on free software companies or providers, the DNA is a different kind of beast, you know, the DNA puts obligations on the largest companies on the planet, right? 05:16.840 --> 05:30.840 And it helps free software to get access to the infrastructure, to the services, to the elements that are provided by these companies. 05:30.840 --> 05:48.840 And, well, it's all a bit fendandy, but we have the members of the enforcement team, and I can assure you that it's up here battle, in order to get interoperability, in order to get this law enforced is an up here battle. 05:48.840 --> 06:12.840 Therefore, I would like to take off this panel after this short contestualization, and to ask you there, the very first question, how free software projects can request interoperability from gatekeepers for companies like Apple, Google, Microsoft, Amazon? 06:12.840 --> 06:21.840 Well, first of all, also, thank you for inviting us, we're happy to be in a room where there's people who actually noted it to Microsoft, usually we need to start to by explaining it. 06:21.840 --> 06:35.840 And also people who know the different operating systems just to summarize, you might know the interoperability obligation in DMA, it's that you need, or you can request interoperability with the operating system that's designated. 06:35.840 --> 06:42.840 Those are three different ones, the ones that you know, Android, iOS, and Microsoft's Windows. 06:42.840 --> 06:51.840 It's very simple, in fact, the law, as you heard, says that you are supposed to get interoperability by design. 06:51.840 --> 07:02.840 So they're supposed to provide it, it's supposed to be provided free of charge, but a few of them sold their chance to introduce a request-based process, 07:02.840 --> 07:07.840 where they can sort of assess if they think it falls within the scope of the DMA. 07:07.840 --> 07:12.840 That applies both for Apple, Google, and Microsoft, in fact. 07:12.840 --> 07:17.840 You simply need to search for it when whichever search platform you use. 07:17.840 --> 07:29.840 I think for Google, it's on the book report page for Android, for Apple, they've dedicated pays for the developers, where you can go in, if you're looking right now, for example. 07:29.840 --> 07:34.840 And from there, you can go through the process of requesting interoperability. 07:34.840 --> 07:43.840 What we saw in the beginning of the DMA when it came out about two years ago was that, for Apple, in particular, it was very difficult to request interoperability. 07:43.840 --> 07:53.840 And so we issued what's called specifications, which we will tell you a bit more about later, where we told them to make the request process easier and more transparent, essentially. 07:53.840 --> 07:57.840 And aligned with how we view this obligation. 07:57.840 --> 08:03.840 And that meant that it was brought into a space with more accessible for all of you to request it. 08:03.840 --> 08:09.840 So if that's how you want to do, you simply search for it, you go into that page, request it, and then you go through the process. 08:09.840 --> 08:14.840 The process shouldn't take long, that's what they have promised us. 08:15.840 --> 08:27.840 You can see the sort of deadlines that we have subscribed to them for Apple, I think it's up to 90 days, but I can't remember exactly how long before they have to respond to you, at least. 08:27.840 --> 08:38.840 The same goes for Google more or less, five to six weeks at a maximum, but, ultimately, they should respond to you way before, especially if it's something that's easily provided by them. 08:38.840 --> 08:40.840 I think that's it, basically. 08:40.840 --> 08:51.840 Right, yeah, it sounds quite straightforward, but again, this very powerful company is, they fight very well in order to not provide this. 08:51.840 --> 09:04.840 So I think it is good that the European Commission is here having contact together with the community, and I'm very happy to see already some alternative, you know, 09:04.840 --> 09:14.840 the app, app started developers here, that, you know, are facing a lot of challenges, you know, when we interact with Apple in order to have their own services running. 09:14.840 --> 09:23.840 So I think that this dialogue together with smaller developers, and the regulatory is very, it's very useful. 09:23.840 --> 09:33.840 But we heard also today in this dev room, that the free software movement is already 40 years old, right? 09:33.840 --> 09:45.840 And since the beginning, we always heard some escape routes, kind of, you know, motives to not open the ecosystems, not to open the infrastructures. 09:45.840 --> 10:01.840 And the basic, the these two elements have been around for way, way earlier than the DMA, you know, is our security and integrity, you know, and, and of course, I completely agree that there are several risks, 10:01.840 --> 10:19.840 and this risk should be properly assessed, but also we need to, we need to be mindful that the elements regarding, you know, security and integrity of the practices should not be over estimated in order to impair each other, 10:20.840 --> 10:25.840 So my next question is for Alexander, right? 10:25.840 --> 10:34.840 What are the concerns regarding integrity and security regarding the operating system in moving to the availability of grants and the DMA? 10:34.840 --> 10:44.840 Yeah, thank you. So yeah, the gatekeepers, they really like to show that if we would impose full availability on them, 10:44.840 --> 10:54.840 then it could be that that would reduce the security privacy and integrity of the users of their users, and that's why they want to keep full control of their ecosystem. 10:54.840 --> 11:12.840 And is this a bit more than that, and it's a bit more nuanced than that. So first, I think it's good to just talk about the three different definitions, like if you have integrity, just purely concerns the hardware and the operating system as it is defined in the DMA. 11:12.840 --> 11:23.840 So it's about that the security of the operating system is protected. So if I install some third parties software on my operating system, 11:23.840 --> 11:34.840 I don't want that it gets like really deep access and can control everything, and that the user choice is still taken into account. 11:34.840 --> 11:45.840 And when we look at security, it's more that I as a user want to protect my data, so I put potential security measures in there like a passcode. 11:45.840 --> 11:51.840 And then the integrity of the operating system would provide that the passcode cannot be bypassed easily. 11:51.840 --> 12:03.840 And if you look at privacy, it's that I as the user want to use user choice to define which data or which pieces of hardware can be accessed. 12:03.840 --> 12:09.840 So if I want to give access to an app to my camera, that would go into this bucket. 12:09.840 --> 12:17.840 And then integrity basically goes around all that and just ensures that my user choice is enabled. 12:17.840 --> 12:29.840 And that is why only intervability is actually for intervability, only integrity is mentioned here, because it's about the operating system and protecting core of the operating system. 12:29.840 --> 12:43.840 And not just the user's privacy and security choices, because it's up to the user to decide how they want to share data, how they want to give access to other software under operating system. 12:43.840 --> 12:58.840 So when we look at the DMA, then the gatekeepers, they are required to ensure that the integrity is protected even when they provide intervability. 12:58.840 --> 13:10.840 And that part is then often used to say, oh, we cannot provide intervability here, but it's more than that as we just go went through the definitions, right? 13:10.840 --> 13:25.840 We have integrity protection in intervability, it can both go together. It's not like that I lose all my security because I provide intervability. 13:25.840 --> 13:36.840 So that's also really critical to really think about the background of operating systems, because operating systems in the past have been more open and more accessible. 13:36.840 --> 13:48.840 And then that also lacked user control and user choice. So when I had the old operating systems, I installed an app, it had access to all my data, just because I installed this application. 13:48.840 --> 13:54.840 And now we have sandboxing and other mechanisms that protect apps from accessing just all my data. 13:55.840 --> 14:08.840 This evolution not only made things more secure and also protected the integrity of DOS, but also some things were basically left on the path to go there. 14:08.840 --> 14:20.840 So some features are currently not only available that have been available in the past, and that might be relevant to be re-enabled or to find new APIs that provide intervability here. 14:20.840 --> 14:34.840 And what's also good is to take a look at article 64 of the DMA, because here this is about installing fair party app stores on your device, and here it actually mentioned security as well. 14:34.840 --> 14:49.840 And security here means that the user has to have the ability to use to secure their device, and potentially use extra security measures to protect their device from malicious apps they could download. 14:49.840 --> 14:55.840 But this is not about imposing security on the user. It's about enabling the user to use security. 14:55.840 --> 15:04.840 And as a last thing that I could maybe say is like when we look at the cyber resilience index also coming, this is also not preventing intervability in any way. 15:04.840 --> 15:17.840 It's also just it goes hand in hand. So when we provide intervability, we must provide it also in a secure way now, which just in makes interoperable solutions better for everyone. 15:17.840 --> 15:27.840 And the GDPR also always still applies. It's not that the GDPR or the cyber resilience would prevent anything in the DMA intervability part. 15:27.840 --> 15:40.840 Yeah, I'm amazing and I'm very happy that you mentioned the other loss, especially the cyber resilience act, because I followed the regulatory process is called the specifications. 15:40.840 --> 15:48.840 But a bit of specification decision that the commission took in order to help Apple to comply with the DMA. 15:48.840 --> 16:00.840 And exactly you will explain the different concepts, like under the U-law security integrity and how this relates and how this is not impairing interoperability. 16:00.840 --> 16:23.840 I think this was very, very enlightening for us in order to, you know, to, to understand that indeed. Yes, okay, so interoperability may affect this, but not in the legal sense that the gatekeepers are trying to make us believe that that is so I really appreciate that the commission shuts some light on there. 16:23.840 --> 16:52.840 But since I, I still, I have to there, Alexander, I would like to dive in on an example, right, that we are having and last year, last year was a hard year, let's put, like, mutely for the free European source community in relation to Google, right, because Apple is very easy, Apple has this very, you know, adversarial type of attitude approach towards. 16:52.840 --> 17:02.840 Free and open source software, right, but Google the situation is a little bit more nuanced, right, the Android operating system. 17:02.840 --> 17:19.840 It's consistent also with a very important free and open source element, the Android open source project, right, and well, and Android is the most used operating system in the world, right, and it's maintained, 17:19.840 --> 17:30.840 measured by Google, right, and due to the free and open source characteristics of IOSP, we have a plethora, we have a spectrum of alternative operating systems. 17:30.840 --> 17:45.840 Many of you here in this room are developers of this alternative operating system, right, I can name several of them, right, but last year it was, well, there is a blow right on interoperability when, you know, 17:46.840 --> 18:09.840 Google stopped for an example to take pixel phones as reference device, right, and then alternative operating system, we didn't have, I have more access to device trees and other information like source code history, and there was a several of hurdles imposed on alternative, 18:09.840 --> 18:24.840 operating system that are based on Android, and well, diminishing their capacity to compete with Google, right, so Alex and of course the other members of our panel would like to just start. 18:24.840 --> 18:38.840 In our view, what are the main challenges posed by the changes in governance that Google introduced on Android open source project and how this affects the MA and special interoperability. 18:39.840 --> 19:06.840 I think this is a hard question, right, Android itself is still kind of an open platform, we have pixel devices that are still open to be modified, we can route them, we can put alternative software on them, but the ability that has been taken away is the device trees and that makes it harder for third parties to develop alternative versions of Android, 19:06.840 --> 19:11.840 because it's just lacking the parts that they had access to before. 19:11.840 --> 19:19.840 And to me it's still a complex problem to see how this can tie into with Article 6-7 in interoperability, 19:19.840 --> 19:34.840 I know you have written an entire paper on that, and this is your main interest, but I think it's taking away this ability for developers, for sure. 19:34.840 --> 19:45.840 But we can definitely see that there is a different governance that Google is doing over Android over the past years. 19:45.840 --> 20:03.840 Yes, I appreciate that, and that's why my question started that, this is new ones, and that's why we are here today, because we don't also just to bring you, you know, ready answers to the questions, but we want to establish a dialogue, right, and we want to hear, because as you mentioned, 20:03.840 --> 20:14.840 I have been involved in the LX-6 months on a study that we interviewed a lot of research, not to research, I'm sorry, developers working for alternative operating systems based on Android, 20:14.840 --> 20:31.840 and we want to understand better how this impacted their work, how it impacted their capacity to compete with Google, stock Android, right, so this is the beauty of this dialogue, because we are still formulating some question. 20:31.840 --> 20:36.840 Gabriel, perhaps you also have some inputs on this. 20:36.840 --> 20:44.840 Yeah, sure, I think it's a good conclusion of foundation, as Alex said, that there is no direct answer, and this needs to be addressed in this way. 20:44.840 --> 20:49.840 And if that was the case, we probably already had done something about it. 20:50.840 --> 20:56.840 Yeah, it's as I'm good. 20:56.840 --> 20:58.840 I think like it. 20:58.840 --> 21:10.840 All right, then we interact with the community on a regular basis, I hope you people are aware of that, that we often meet not just with you guys, but also with the other people who operate on, you know, 21:10.840 --> 21:22.840 to operate these operating alternative operating systems, however you want to turn them, to understand what the challenges are for you guys, and to understand if the DMA is applicable in any way to that. 21:22.840 --> 21:36.840 And that's something we spend a lot of time on looking into, and something that we simply need you guys help to understand, because we're not developers of an alternative operating systems, so not me, I'm a lawyer, so I would know how to. 21:36.840 --> 21:43.840 But that's the starting point, as you saying, to have this dialogue and something that we welcome from anyone who is interested in it. 21:43.840 --> 21:54.840 We're confined by the the limits and the scope of the DMA, which means as Alex was saying, that legally we can only act within what six seven provides us for interoperability. 21:54.840 --> 21:59.840 And so we need to think in how it's applicable to the problems that you described to us. 21:59.840 --> 22:06.840 We need to be aware of the problems, of course we also, I would say at this point, up to date on them, as Alex said, described. 22:06.840 --> 22:10.840 And so I think that's the show that, or the long answer actually. 22:10.840 --> 22:15.840 Yeah, so we heard already in the panel several times the term six seven, right? 22:15.840 --> 22:26.840 So just a question, of course, on our article six seven, it's a article that concerns, you know, interoperability of the operating system, 22:27.840 --> 22:32.840 the features and functionalities controlled by the operating systems in the DMA. 22:32.840 --> 22:48.840 And my analogy, my personal analogy that I like to use, this article is like a Ken opener, you know, because it is an opening access to alternative providers to to interact with features and functionalities that are controlled by the operating system. 22:48.840 --> 22:56.840 And the general mention in the beginning, this type of European ability to be provided free of charge. 22:56.840 --> 23:04.840 And in the same level of control that the gatekeeper has, Apple and Google has to the feature and functionality, should be granted to third parts. 23:04.840 --> 23:11.840 So this is a very powerful type of, of article, and I'm very happy that this made it to the DMA. 23:11.840 --> 23:15.840 So where's the, your micro league there? 23:15.840 --> 23:21.600 Gabriel mentioned something important, we need your input, we need your what the community says, right? 23:21.600 --> 23:29.000 So that is a FIKI KIDOF interoperability survey. So if you are ready to request the interoperability with Google, Microsoft or Apple, 23:29.000 --> 23:38.080 please reach out to Daniel, he's here again, and he's conducting this type of survey. We are happy to, and many of you are ready to contribute and then we are very grateful. 23:38.080 --> 23:43.720 Yeah, moving along, because interoperability does not only concern the software, right? 23:43.720 --> 23:55.360 In this audience, of course, the majority of interest is software, but I would like also to talk a little bit about data, because the data is as important as a software, right? 23:55.360 --> 24:01.880 And there are provisions in the DNA that concerns also data, data interoperability, data portability, right? 24:01.880 --> 24:09.400 And therefore, I'm very happy that we have our representative of the data rolled in our panel. 24:09.560 --> 24:24.080 And Laurie, I would like to start asking a question to you, is how the DNA provides other obligations and how can free software developers rely on to facilitate switching? 24:24.080 --> 24:35.400 Because switching, I think you can explain a little bit about this, especially related to data interoperability and portability issues, and how the free software scan profit from that. 24:35.400 --> 24:40.400 And I'm also interested to know what data rights this, you know? 24:40.400 --> 24:46.400 Maybe I can present data rights in the question, so hello world, I am apparently the data world. 24:46.400 --> 24:55.400 So maybe, because also coming from a legal background, we love definitions, so I thought I would start with that a little bit. 24:55.400 --> 25:01.400 So interoperability, basically, is about having two systems, they're able to communicate between each other. 25:02.400 --> 25:08.400 And the communication can also involve exchange of data in two ways, but it doesn't have to be the case. 25:08.400 --> 25:14.400 And so that's where I would say portability is quite different, because portability is basically one way. 25:14.400 --> 25:20.400 You will have data that flows one way towards another entity. 25:20.400 --> 25:30.400 And I think it's interesting here because, of course, you know of the GDPR, but so it's interesting to know that the GDPR created for the first time the right to data portability. 25:30.400 --> 25:40.400 The problem of the GDPR is that it created one of kind of data dump, which was a huge problem, because then users would just be sitting with their data and thinking, okay, right now. 25:40.400 --> 25:49.400 And so that's where the DMA then takes the stick from the GDPR and goes further and says, okay, now we're going to actually establish dynamic portability. 25:49.400 --> 26:04.400 And as in you have a flow of data, so typically I think the example that helps me the most is you know aggregators of plane prices, you go on the website and you have up to date prices from different websites. 26:04.400 --> 26:14.400 Okay, so now that this is done, in terms of the GDPR, so by law, the rules are fairly fairly clear, in terms of portability, it has to be free. 26:14.400 --> 26:21.400 And it has to be based on the authorization of the user because, of course, we're talking about personal data here. 26:21.400 --> 26:29.400 And also very importantly, there is a tool that needs to be provided by the gatekeeper. I think this is something very important for developers to be aware of. 26:29.400 --> 26:38.400 And this has to be the flow of data has to be continuous and real time when technically feasible. 26:38.400 --> 26:42.400 I want to highlight this point because this is where they will have you. 26:42.400 --> 26:48.400 And you know, they will say, oh, actually, unfortunately, we're very sorry to say that this was not technically feasible here. 26:48.400 --> 26:57.400 So this is where a lot of interactions with you are really needed because even if it is true and we would need to check whether this is true. 26:57.400 --> 27:00.400 Even if it were to be true today, it might not be true tomorrow. 27:00.400 --> 27:05.400 So this is something where legally this is very important to keep an eye out. 27:05.400 --> 27:13.400 And then in terms of the data that we're talking about here, it's the data given by users, but it's also the data generated by users. 27:13.400 --> 27:18.400 Okay, so now we're looking at interoperability, a bit of a mouthful. 27:18.400 --> 27:20.400 So it has to be by design. 27:20.400 --> 27:25.400 And as we mentioned already, it has to be free of charge. 27:25.400 --> 27:31.400 And I actually want to pause it a bit on this because it also means no hidden costs. 27:31.400 --> 27:32.400 That's actually what this means. 27:32.400 --> 27:40.400 And so typically when we're starting to hear, you know, competitors saying, oh, but meta is requiring that I do X or YZ. 27:40.400 --> 27:45.400 Well, actually, that's a hidden cost because this is going to cost you a lot to implement. 27:45.400 --> 27:46.400 So that's a hidden cost. 27:46.400 --> 27:49.400 So just to throw this out there. 27:49.400 --> 27:51.400 The interoperability has to be effective. 27:51.400 --> 27:57.400 So here again, if you have some weird barriers, then ask yourself, wait, is this supposed to be like this? 27:57.400 --> 28:00.400 Because probably the answer is no. 28:00.400 --> 28:07.400 And then your software has to be treated has to not be treated less favorably. 28:07.400 --> 28:12.400 So this is a bit of a legal concept, but yeah, ask yourself this question. 28:12.400 --> 28:15.400 Do they actually have to treat to be treated like this internally? 28:15.400 --> 28:21.400 Because again, if you feel that the answer might be no, then the answer might be no. 28:21.400 --> 28:31.400 And now in terms of building on this to disruptive rights, we have other aspects that are obligations that support this rights for switching. 28:31.400 --> 28:36.400 So I'm going to talk now about strong access rights. 28:36.400 --> 28:39.400 And then I'm going to talk about anti locking measures. 28:39.400 --> 28:43.400 So in terms of access rights, so they really build on what I was talking about. 28:43.400 --> 28:47.400 And this is really meant at helping the switching. 28:47.400 --> 28:55.400 So the interoperability access has to be associated with APIs interfaces and important documentation. 28:55.400 --> 29:04.400 And again, as a lawyer, this is really interesting that it just says important documentation because that leaves a lot of room to specify and say, well, actually, 29:04.400 --> 29:06.400 we used to consider that this was not important. 29:06.400 --> 29:08.400 And now we realize that technically this is fundamental. 29:08.400 --> 29:14.400 So please now consider that this is part of what the law actually requires. 29:14.400 --> 29:24.400 And there's also, yes, also I wanted to point out this aspect about, well, we talked about cybersecurity, but I love to think about how can we also turn this against the gay keepers. 29:24.400 --> 29:30.400 Because if they don't give the documentation, then you know you're on your own and you reverse engineer. 29:30.400 --> 29:33.400 And that actually opens the door to creating vulnerabilities. 29:33.400 --> 29:36.400 So I want, yeah, just to stressing this out there. 29:36.400 --> 29:50.400 And then in terms of also access to performance and usage data, I think this is very important because, well, first of all, that enables for your software to not actually be used to compete against you. 29:50.400 --> 29:52.400 So that's that's what I'm driving ball. 29:52.400 --> 29:55.400 And it has to be also real time and continuous. 29:55.400 --> 30:02.400 So now the types of data that are covered by usage and performance data are aggregated. 30:02.400 --> 30:04.400 And non aggregated data. 30:04.400 --> 30:09.400 And we're talking also about data generated through the interactions with the users. 30:09.400 --> 30:11.400 So we're talking about a lot of data. 30:11.400 --> 30:18.400 And in terms of also how that data has to be looking like it has to be very high quality, machine readable. 30:18.400 --> 30:24.400 So again, this is interesting because with the GDPR we had huge problems with individuals being given scans. 30:24.400 --> 30:28.400 So that the gay keepers actually didn't really have to follow the law. 30:28.400 --> 30:30.400 So yeah, stressing that one as well. 30:30.400 --> 30:35.400 And provided on a fair reasonable and non-discriminary basis. 30:35.400 --> 30:43.400 I think this is a bit of a mouthful that you will need to turn to lawyers in the future to make sure you understand to be honest. 30:43.400 --> 30:49.400 And now in terms of the anti-locking measures, I just wanted to stress, but I'm sure you probably heard about this. 30:49.400 --> 30:57.400 But the DMA is also here to say, okay, the whole dense where you had to, you know, as a developer pay some sort of a weird fee just for the pleasure. 30:57.400 --> 31:00.400 Of existing in the platform, that's gone. 31:00.400 --> 31:09.400 So you know, you are allowed to actually clearly communicate with your users, invite them to go outside, practice your own prices, use your own payment system. 31:09.400 --> 31:15.400 So these are all solutions that are meant to actually prevent, you know, for example, so the bundling. 31:15.400 --> 31:18.400 Oh, to actually use the service, you have to sign up to this other service. 31:18.400 --> 31:20.400 So this is also illegal now. 31:20.400 --> 31:24.400 And so yeah, these are all anti-switching measures that are pretty strong. 31:24.400 --> 31:32.400 And maybe just to finish, there's actually an article that says, and by the way, it's also illegal in general to prevent users from switching. 31:32.400 --> 31:38.400 So I'm just, I'm just throwing this because even if there's something where you feel, oh, I don't really recognize the situation here. 31:38.400 --> 31:41.400 There's also a safety net here. 31:41.400 --> 31:46.400 Yeah, I mean, things a lot for this very comprehensive overview. 31:46.400 --> 31:53.400 Well, it's pretty interesting that everything that Laurie was just explained right now. 31:53.400 --> 32:01.400 You know, many of our, in our community, in the free software community, people that work with open data takes different granted, right? 32:01.400 --> 32:05.400 So you're switching, you know, and all other elements. 32:05.400 --> 32:10.400 But, but gatekeepers, they, they try to fight it. 32:10.400 --> 32:14.400 You know, there is an interesting writer. 32:14.400 --> 32:22.400 I like his work a lot, a card doctor of, and he writes about the right to general purpose computers, right? 32:22.400 --> 32:25.400 And I think gatekeepers, they don't like this, right? 32:25.400 --> 32:31.400 And they came up with some terms like side loading regarding to software, right? 32:31.400 --> 32:36.400 Let's think, for example, side loading means installation of software. 32:36.400 --> 32:39.400 If we could make some analogy, right? 32:39.400 --> 32:47.400 Side thinking when I'm not using AI or perhaps side listening, when I'm not listening to Spotify, right? 32:48.400 --> 33:01.400 So I think that, well, we are accustomed to, to some things that in the proprietary world, in the world of this gatekeepers, this is not the case. 33:01.400 --> 33:09.400 And that's why we need some law, like the DMA in order to remind us that in fact, this is good for competition, this is good for healthy digital markets. 33:09.400 --> 33:14.400 But then let's talk a little bit about the, the teeth of the DMA, right? 33:15.400 --> 33:20.400 Gabriel, perhaps you could help us to understand what happens. 33:20.400 --> 33:23.400 If gatekeepers do not comply with the law, right? 33:23.400 --> 33:31.400 So Apple or Google doesn't, or Amazon or Microsoft, one of the gatekeepers, they don't comply with the law. 33:31.400 --> 33:32.400 What happens to them? 33:32.400 --> 33:39.400 Yeah, so you've gone in now, you sent you requests for interrability and 90 days pass, and there's still no answer. 33:39.400 --> 33:45.400 Once you finally get it, you don't get the interrability you're expecting despite the fact that it's written in the law. 33:45.400 --> 33:58.400 Then what do we do? Our day-to-day work is very much what we call regulatory dialogue, which is a fine word for that we meet with these companies very regularly, sometimes on a weekly basis, but at least on a monthly basis. 33:58.400 --> 34:07.400 And then we talk with them and we tell them the, for example, the problems that we hear from older companies and organizations that we interact with. 34:07.400 --> 34:16.400 And through that dialogue, we also, of course, pressure them. We tell them, look, this can't be, this is not how we see the DMA, you will have to change this, this and this. 34:16.400 --> 34:33.400 And a lot of the time they actually do, we already achieved a few things through that, I think, for example, the data portability was achieved through that, as well as the switching between Android and iOS, which will come out soon also, I think, actually concrete solutions from that. 34:33.400 --> 34:42.400 And that's come from this dialogue. So that's most of our work that is not confrontational in the sense of you, we hear from this and then we send a fine right away. 34:42.400 --> 34:49.400 But otherwise we have other tools in our toolbox and they also include what we told about earlier, the specification. 34:49.400 --> 35:01.400 Specification is that we work with the company for six months where we also interact with you guys, for example, to find out how they can best comply, for example, with the interrability. 35:01.400 --> 35:13.400 So we tell them, look, you need to set up a request portal that's accessible, you need to answer within these days, you need this, this and this concrete measures that are open for anyone to read actually. 35:13.400 --> 35:24.400 We're already good for that for Apple and we just started last week, a new process for Google in relation to AI services and online search data also. 35:24.400 --> 35:36.400 Once we start these, the clock starts ticking and that means that we have three months to issue what's called preliminary findings and measures which is then published for everyone to read also. 35:36.400 --> 35:47.400 After that's released, everyone can comment on it including everyone in this room, even people who aren't residing in the EU, I think, comment on it, you just go into our webpage and you leave a comment. 35:47.400 --> 35:55.400 And we have to take that into account and then we have three months more to issue the final findings and then they have to comply with it. 35:55.400 --> 36:04.400 The last thing we have in our toolbox is of course noncompliance which is proceeding that doesn't have a final deadline, so that can take a little bit longer than half a year. 36:04.400 --> 36:14.400 But essentially what will happen is that if we find noncompliance, we can find the companies and we've also already done so we find Apple and Meta. 36:14.400 --> 36:20.400 So that's the ultimate sort of teeth that we have in the DMA. 36:20.400 --> 36:32.400 Yes, just what's maybe interesting to know the difference between the noncompliance and the specification is that while the noncompliance just identifies that they're not compliant. 36:32.400 --> 36:44.400 The specification would actually impose the measures as Gabrielle said, so when we have noncompliance, we cannot tell the gatekeeper what they have to do to comply. 36:44.400 --> 37:02.400 They have to come up with a compliant solution on their own and then we can check that while the specification is really for these tricky things where, okay, how do they, like, how for AI, like, this we just started how AI features can be accessed on Android, like, it's not a simple answer to that. 37:02.400 --> 37:22.400 There's multiple layers you need to understand and there's different interpretations from the gatekeepers and from us and we just it's more like a guiding tool that tells them, look, you have to do this and that and that's when we think you are or compliant and these are the, this is the main difference between these two things. 37:22.400 --> 37:23.400 Excellent. 37:23.400 --> 37:29.400 Yes, we have some questions afterwards, but I'll keep you in mind. 37:30.400 --> 37:38.400 We are hearing a lot about digital sovereignty, right, so this is one of the topics that we have been hearing a lot. 37:38.400 --> 37:56.400 And there is one element in this debate that I don't particularly like is when people say that, yeah, we need some European solution against North American solutions or against the Chinese solutions, because sometimes we forget that the free software movement is a global movement, right, 37:56.400 --> 38:05.400 and imagine we have alternative free software-based projects like FDRIED, they have developers all over the place. 38:05.400 --> 38:25.400 We interviewed alternative, alternative ROMs, alternative Android-based operating systems and they have developers all over the world and the GMA, when we are discussing the GMA, the political impact of the GMA, the future of the enforcement of the GMA, people say, oh, 38:26.400 --> 38:32.400 GMA is an anti-American law, you know, they are targeting anti-American law, it's a discriminatory law. 38:32.400 --> 38:51.400 And I don't agree with this assessment, you know, I do think that we should train this debate into big tech versus small tech, you know, because monopoly, it's a bad thing not only to you, it's better for North American citizens and consumers, it's better for, you know, 38:51.400 --> 39:04.400 Well, consumers and citizens in China are in the other country, right, and I do think that the future, you know, the enforcement of the DMA should prevail if we had this mindset that we are not targeting 39:04.400 --> 39:15.400 National companies from whatever place, you know, but your target companies that are so big, that they become gatekeepers of digital markets, they basically do whatever they want on digital markets. 39:15.400 --> 39:22.400 Well, it happens to be that mostly of the gatekeepers nowadays are not from American, but it could be from anywhere else, right, 39:22.400 --> 39:31.400 the FSA fee for an example has been engaged in other companies, initiatives like router freedom, where we try to liberate routers, 39:31.400 --> 39:40.400 and there the monopolists were the Internet service providers, the Europeans once, right, they don't allow you to run free software on your router, right, 39:40.400 --> 39:54.400 So coming back for the DMA, and I would like to disembark strategic long term thinking type of question, and Victor perhaps this, you could help us to start thinking about this type of answer, 39:54.400 --> 40:01.400 as does the DMA effectively shift gatekeeper control from Apple and Google, do you think so or not? 40:01.400 --> 40:06.400 Yeah, and of course also other gatekeepers, it's not even just them, it's any gatekeeper which has been identified, 40:06.400 --> 40:13.400 also we are now even in a process where we're trying to identify additional gatekeepers, especially in the cloud space, 40:13.400 --> 40:24.400 so to kind of identify all of these companies who have to be subject to the DMA, and also the strength of the DMA in that sense is that they kind of try to not have this 40:24.400 --> 40:32.400 almost subjectivity of which companies we target, like are we waiting for them to be too big, which is kind of more the remit of traditional competition, 40:32.400 --> 40:39.400 or you kind of wait for the problems that happen, and then you resolve it, this is really meant to be what we would like to call on legal terms X&T, 40:39.400 --> 40:45.400 which means that it sets out like obligations upfront, so whenever you, whenever you even get to the certain size, 40:45.400 --> 40:52.400 imagine a new company or a new business or a new developer kind of grows and grows and needs the thresholds, 40:52.400 --> 41:03.400 then they become subject to those obligations which again try to make sure that there's no kind of monopolies and digital markets that people switching is a lot in this form. 41:03.400 --> 41:10.400 In terms of shifting gatekeeper control way, I think that the DMA has kind of effects on two levels. 41:10.400 --> 41:18.400 You have the direct effect, which is the obligations that the DMA sets out, so it causes changes to the services that the DMA regulates, 41:18.400 --> 41:24.400 like an operating system features are opened up and are made intropiable for others to access. 41:24.400 --> 41:33.400 You now on ALS have for the first time the ability to have an alternative app source, so the app also required to introduce this into the operating system. 41:33.400 --> 41:38.400 You also have the ability to set an app as a default, so before maybe you're forced to use the gatekeeper app, 41:38.400 --> 41:43.400 now you can set that you want to use an app from a third party. 41:43.400 --> 41:48.400 So that's the direct effect, that's what actually will be this change that the demand, 41:48.400 --> 41:54.400 that kind of also we as a team at the commission can cause, that's what will happen. 41:54.400 --> 41:56.400 Then there's the indirect effect. 41:56.400 --> 42:04.400 These change that create opportunities opportunities for developers, for also the software community, 42:04.400 --> 42:10.400 to kind of seize those changes that have been made, build on top of them and through that action, 42:10.400 --> 42:20.400 reduce the gatekeeper influence, so it's about developing a smartwatch that interoperates with the operating system and it uses those features. 42:20.400 --> 42:27.400 It's about creating the alternative app store and putting it out there for people to install and use. 42:27.400 --> 42:33.400 It's about creating the open source software that you can now set as your default app, 42:33.400 --> 42:36.400 and that's like much better cares for your privacy and your security. 42:36.400 --> 42:41.400 But that's an indirect effect, that's kind of what we have to wait for other people to do, 42:41.400 --> 42:47.400 and what we have to kind of see people do in order for it then this control to be produced. 42:47.400 --> 42:54.400 So it's really about enticing users, enticing people in the EU, 42:54.400 --> 43:02.400 to switch to these other platforms to have the ability to choose for platforms that better care for privacy, 43:02.400 --> 43:08.400 or security that meaty goals of digital sovereignty. 43:08.400 --> 43:13.400 But it's really about something that is like a commission we can all directly influence, 43:13.400 --> 43:19.400 we're not going to be an advertising bureau and kind of try to do this. 43:19.400 --> 43:29.400 But of course, the experiences that people who try to buy it away at the gatekeeper power, 43:29.400 --> 43:34.400 experience that they have and kind of, of course, the hurdles that they might face, 43:34.400 --> 43:37.400 of course, that's something that we can take back. 43:37.400 --> 43:41.400 I think also very strong in the DMA is that it sets out these obligations, 43:41.400 --> 43:48.400 but that basically has kind of a catch-all obligation that gatekeeper shouldn't try to circumvent this, 43:48.400 --> 43:52.400 so shouldn't try to make it super difficult to interpret a certain feature, 43:52.400 --> 43:56.400 just to try to make it super difficult for users to switch a default, 43:56.400 --> 44:01.400 just to kind of again try to retain that power and prevent this action from happening. 44:01.400 --> 44:08.400 So there are certain tools there, but at some point we have to wait and see what happens, 44:08.400 --> 44:13.400 and how users are going to be switching to these other platforms, 44:13.400 --> 44:18.400 but I think that there are these very strong arguments for people to do this. 44:18.400 --> 44:22.400 So let's hope that we can see like a brighter future where this control. 44:22.400 --> 44:24.400 So we have our homework, right? 44:24.400 --> 44:28.400 So the first of the communities are communities of makers. 44:28.400 --> 44:31.400 We don't wait for others, we do ourselves, right? 44:31.400 --> 44:33.400 So we have our task. 44:33.400 --> 44:37.400 The holds in the infrastructure are being open, right? 44:37.400 --> 44:39.400 And we need to few this open. 44:39.400 --> 44:43.400 Actually, I think that what you just said is very important, 44:43.400 --> 44:47.400 because we are on the verge of a strategic thinking, 44:47.400 --> 44:54.400 you know, so when this holds our open, what should we do here in Europe? 44:54.400 --> 44:57.400 Should we have a European gatekeepers, 44:57.400 --> 45:01.400 or should we have ecosystem that are based on free open source, 45:01.400 --> 45:04.400 and open data in open protocols, open standards? 45:04.400 --> 45:08.400 You know, that we respect people's freedom, people's rights. 45:08.400 --> 45:10.400 I subscribe to the second one. 45:10.400 --> 45:16.400 I really think that the free software community is up to the task. 45:16.400 --> 45:19.400 You know, in order to size the moment, 45:19.400 --> 45:22.400 to size this type of regulation that tries to, you know, 45:22.400 --> 45:26.400 to set up a plain field for competition, you know, 45:26.400 --> 45:28.400 so we can build upon it. 45:28.400 --> 45:31.400 And, Laurie, perhaps we could go to the last question 45:31.400 --> 45:36.400 because we would like some time for a question as well. 45:36.400 --> 45:39.400 On your view, what would be the community responses 45:39.400 --> 45:44.400 to make this happen, you know, in order to preserve software freedom, 45:45.400 --> 45:47.400 especially on mobile devices? 45:47.400 --> 45:52.400 I think this is one of the main challenges for the free software community. 45:52.400 --> 45:53.400 Thank you. 45:53.400 --> 45:56.400 So maybe just to start off a comment, 45:56.400 --> 45:59.400 but I think you put it very well earlier. 45:59.400 --> 46:03.400 It's interesting to see how in the data rights environment, 46:03.400 --> 46:07.400 we see how much there is a call from big authorities 46:07.400 --> 46:09.400 and big companies to have data to flow, 46:09.400 --> 46:12.400 but then you realize they mean every data, 46:12.400 --> 46:14.400 except the one they set on. 46:14.400 --> 46:16.400 So that's always very enlightening. 46:16.400 --> 46:20.400 And so in terms of the needs in the space, 46:20.400 --> 46:22.400 so as I said, the GDPR really planted the seed, 46:22.400 --> 46:25.400 but users were alone, and this is really where the DMA 46:25.400 --> 46:28.400 is bringing the developers and the nonprofit projects 46:28.400 --> 46:30.400 and the companies to the rescue. 46:30.400 --> 46:34.400 And so to my, I would say that there's two needs 46:34.400 --> 46:36.400 that really need to be tackled right now, 46:36.400 --> 46:38.400 enforcement and governance. 46:38.400 --> 46:40.400 I'm also going to mention the commission. 46:40.400 --> 46:42.400 In terms of the commission, of course, 46:42.400 --> 46:44.400 they need to continue to do what they described, 46:44.400 --> 46:48.400 which is investigate, but also sanction and form, 46:48.400 --> 46:51.400 inform developers and inform users. 46:51.400 --> 46:53.400 And in terms of governance, 46:53.400 --> 46:56.400 I think this is exactly the approach that they're taking, 46:56.400 --> 46:58.400 which is once they see that the gatekeepers 46:58.400 --> 47:00.400 incapable of actually playing fair, 47:00.400 --> 47:02.400 then they will go and sit and say, 47:02.400 --> 47:04.400 okay, so these are the things that you're going to follow 47:04.400 --> 47:07.400 in terms of starting to standardize the governance 47:07.400 --> 47:11.400 and how certain APIs, for example, are going to be dealt with. 47:11.400 --> 47:13.400 So in terms of the first community, 47:13.400 --> 47:15.400 and I would say also the NGO community, 47:15.400 --> 47:18.400 so I'm also going to talk about enforcement and governance. 47:18.400 --> 47:20.400 So in terms of this community, 47:20.400 --> 47:23.400 I think there's a lot to do in terms of really making sure 47:23.400 --> 47:25.400 that you have a rough understanding of your rights, 47:25.400 --> 47:28.400 and that you start also informing your users. 47:28.400 --> 47:32.400 And most importantly, that you start testing the tools, 47:32.400 --> 47:35.400 and by testing, I'm in testing and documenting what happens, 47:35.400 --> 47:38.400 because this is really where NGOs, 47:38.400 --> 47:40.400 we really want to help, 47:40.400 --> 47:43.400 but if there's no hard evidence, we cannot. 47:43.400 --> 47:46.400 And so maybe to go a little bit deeper on this, 47:46.400 --> 47:48.400 something that feels weird, 47:48.400 --> 47:50.400 something that feels incomplete, 47:50.400 --> 47:53.400 that's also something that you should document. 47:53.400 --> 47:57.400 As long as you're not overwhelmed by how well this is working, 47:57.400 --> 47:59.400 you need to document basically. 47:59.400 --> 48:02.400 And so in terms of NGOs, 48:02.400 --> 48:04.400 I think there's really a, 48:04.400 --> 48:08.400 we're really in a moment where NGOs need to set up their game 48:08.400 --> 48:10.400 in terms of technical savviness, 48:10.400 --> 48:13.400 because this is really difficult. 48:13.400 --> 48:15.400 And this is also where you document, 48:15.400 --> 48:17.400 also helps NGOs to actually follow you, 48:17.400 --> 48:19.400 and figure out how they can help. 48:19.400 --> 48:21.400 And also, I would say, 48:21.400 --> 48:23.400 if you're working with companies, 48:23.400 --> 48:25.400 maybe suggest that they give money to that space, 48:25.400 --> 48:27.400 because at the moment there's not much. 48:27.400 --> 48:29.400 And then in terms of enforcement, 48:29.400 --> 48:31.400 I think the NGOs, 48:31.400 --> 48:34.400 they should really try to force themselves to advise 48:34.400 --> 48:36.400 as much as possible, 48:36.400 --> 48:37.400 your community, too. 48:37.400 --> 48:38.400 Yeah, as I said, 48:38.400 --> 48:42.400 to really get into the nitty gritty details of what is not working, 48:42.400 --> 48:44.400 to be able to actually fight. 48:44.400 --> 48:46.400 Okay, but actually that sounds like a hidden cost, 48:46.400 --> 48:47.400 where you know, 48:47.400 --> 48:49.400 you're dealing with the day-to-day challenges, 48:49.400 --> 48:51.400 and you actually don't realize that maybe this is something 48:51.400 --> 48:53.400 that the DMA is already saying is illegal. 48:53.400 --> 48:57.400 I also think that NGOs should start researching 48:57.400 --> 49:00.400 what are the priorities of users and users in terms of, 49:00.400 --> 49:03.400 you know, all the services that are covered by the DMA, 49:03.400 --> 49:06.400 which are the ones that users really want to switch from 49:06.400 --> 49:07.400 and priority. 49:07.400 --> 49:09.400 And of course, of course, 49:09.400 --> 49:12.400 the OS environment is a strong one. 49:12.400 --> 49:15.400 And we're working on it to try to figure out what are the priorities. 49:15.400 --> 49:17.400 And then in terms of governance, 49:17.400 --> 49:20.400 I think this really also builds on evidence. 49:20.400 --> 49:24.400 I think there's a space here where NGOs need to monitor 49:24.400 --> 49:26.400 a little bit of different cases 49:26.400 --> 49:31.400 that are going to be started by entities like the ones 49:31.400 --> 49:33.400 that you might be representing, 49:33.400 --> 49:36.400 to figure out which ones they can actually help to make sure 49:36.400 --> 49:40.400 that they infuse in the legal process, 49:40.400 --> 49:43.400 the chance to actually have judges to interpret the law 49:43.400 --> 49:46.400 in the way that actually helps the free software community. 49:46.400 --> 49:47.400 You know, for example, by saying, 49:47.400 --> 49:48.400 oh, actually, 49:48.400 --> 49:52.400 we realize that open formats are how we need to understand 49:52.400 --> 49:54.400 mesh and readable transfers. 49:54.400 --> 49:57.400 So we realize that open standards are really what 49:57.400 --> 49:59.400 needs to be considered as the best. 49:59.400 --> 50:02.400 You know, this is something that I think is also ahead of us 50:02.400 --> 50:05.400 in terms of how we develop this space together. 50:05.400 --> 50:07.400 Yes, perfect. 50:07.400 --> 50:10.400 Before we open up for questions, 50:10.400 --> 50:11.400 I would like to, 50:11.400 --> 50:14.400 you join me in a round of applause. 50:14.400 --> 50:15.400 These people here, 50:15.400 --> 50:17.400 they have a very busy schedule, 50:17.400 --> 50:18.400 but they, 50:19.400 --> 50:22.400 you know, 50:22.400 --> 50:25.400 I would like to thank you for your presentation. 50:25.400 --> 50:28.400 Thank you very much. 50:28.400 --> 50:31.400 Thank you. 50:31.400 --> 50:34.400 Thank you. 50:34.400 --> 50:35.400 Thank you. 50:35.400 --> 50:37.400 Thank you. 50:37.400 --> 50:38.400 Thank you. 50:39.400 --> 50:40.400 Thank you. 50:40.400 --> 50:42.400 Thank you. 50:42.400 --> 50:45.400 Thank you. 50:45.400 --> 50:48.600 for your input. 50:48.600 --> 50:54.440 My question is kind of about the interoperability, 50:54.440 --> 50:58.960 because I use Apple products, and I hate it. 50:58.960 --> 51:03.960 I would like to open up one by one still using other stuff. 51:03.960 --> 51:06.880 My question was, for example, Arctic. 51:06.880 --> 51:08.280 Anyone here using Arctic? 51:08.280 --> 51:16.480 Like, is it, within the law, is it planned that those devices 51:16.480 --> 51:21.480 or Apple Watch or other devices that could come in the future 51:21.480 --> 51:28.680 are also regulated within interoperability that you can use 51:28.680 --> 51:35.480 to stop with Android or that you could use your iPhone 51:35.480 --> 51:36.960 with a Linux system. 51:36.960 --> 51:42.080 For example, there is a thing you cannot use that with an iPhone. 51:42.080 --> 51:43.520 And I hate it. 51:43.520 --> 51:47.840 And I feel like maybe there could be, like, 51:47.840 --> 51:53.080 this could really open the system to free software. 51:53.080 --> 51:55.440 So I think it's very fine that you ask about AirTex, 51:55.440 --> 51:58.680 because that was what I did before I joined the commission. 51:58.680 --> 52:00.880 I was researching AirTex. 52:00.880 --> 52:04.720 And yeah, there is, for example, they, 52:04.720 --> 52:08.760 so first, you can use AirTex without an iPhone. 52:08.760 --> 52:12.400 There's an open source version that we made that basically 52:12.400 --> 52:14.040 makes a possible, there's a little bit of work to do 52:14.040 --> 52:18.080 to enable it for AirTex, but there is alternatives. 52:18.080 --> 52:20.000 It's called OpenHasteStack. 52:20.000 --> 52:25.920 And from the DMA side, the interoperability is not just about 52:25.920 --> 52:27.920 software, it's also about hardware. 52:27.920 --> 52:32.480 So if they add tech into operates very well with the iPhone, 52:32.480 --> 52:35.680 then a third party checker should 52:35.680 --> 52:39.800 interpret the same way with the iPhone, 52:39.800 --> 52:41.600 but it doesn't work the other way around. 52:41.600 --> 52:46.280 So I'm not, the, the, the, the, the, the, the DMA does not 52:46.280 --> 52:50.320 have the airTex as a separate product that's designated. 52:50.320 --> 52:51.320 It's only iOS. 52:51.320 --> 52:54.960 So things that work with iOS, the other things should work 52:54.960 --> 52:57.120 from Apple, that should work the same, 52:57.120 --> 52:59.760 from third parties should work the same way with iOS. 52:59.760 --> 53:03.880 But the airTex itself should not, does not have to work 53:03.880 --> 53:05.160 with Android. 53:05.160 --> 53:07.720 I have to get a phone, can shoot to it. 53:07.720 --> 53:09.720 I'm very far from home. 53:09.720 --> 53:12.560 But then how, how is it, like a little bit? 53:12.560 --> 53:18.160 But it's, but, but there is, then how is it secured that? 53:18.160 --> 53:21.160 But I'm, I have brand it. 53:21.160 --> 53:23.000 So, it's okay. 53:23.000 --> 53:24.000 Thank you. 53:24.000 --> 53:25.000 Thank you. 53:25.000 --> 53:26.000 You can ask me later. 53:26.000 --> 53:28.160 Here was the next one. 53:28.240 --> 53:30.960 I have a question about an aspect of interoperability 53:30.960 --> 53:33.560 that I'm not sure if it's covered by the DMA, 53:33.560 --> 53:35.280 because it wasn't discussed here. 53:35.280 --> 53:37.200 And it's not the case of running free software 53:37.200 --> 53:39.200 on Android or iOS. 53:39.200 --> 53:42.960 But proprietary software that refuses to run 53:42.960 --> 53:46.600 on alternative Android distributions for the classic example 53:46.600 --> 53:49.560 that is my banking app refusing to run on graffinoes, 53:49.560 --> 53:53.640 because graffinoes doesn't Google, the Google play 53:53.640 --> 53:57.640 integrity API refuses to, like, admit that graffinoes 53:57.640 --> 54:01.240 is secure, so my banking app says, oh, this doesn't look nice. 54:01.240 --> 54:03.240 I'm not going to run on graffinoes. 54:03.240 --> 54:05.240 So, is that covered under the DMA 54:05.240 --> 54:07.800 and if not, what can we do about it? 54:10.240 --> 54:11.240 Yeah. 54:11.240 --> 54:13.960 Well, so this is one of the issues that we are very well aware 54:13.960 --> 54:17.680 for and have been informed of by multiple parties. 54:17.680 --> 54:19.680 We're thinking about whether it falls 54:19.680 --> 54:21.520 within the scope of the DMA. 54:21.520 --> 54:23.840 And that's what I can say at this point, 54:23.840 --> 54:27.080 because it's not the sixth, seventh, the article 54:27.080 --> 54:30.280 that was mentioned a lot during this S, not necessarily 54:30.280 --> 54:33.320 clear how it applies to it, but that doesn't mean 54:33.320 --> 54:36.120 that we're not considering it. 54:36.120 --> 54:40.480 One quick request from the moderators, if you have a question 54:40.480 --> 54:43.440 and you raise your hand, keep it up, because else I assumed 54:43.440 --> 54:46.560 that it was answered already in some of the other questions. 54:46.560 --> 54:50.320 And it's very difficult to remember who had hands up. 54:50.320 --> 54:51.720 And keep me short, please. 54:51.720 --> 54:52.880 Yeah. 54:52.880 --> 54:55.120 OK, I'll try to make this as brief as I can. 54:55.120 --> 54:58.360 But basically, to me, it just seems like, 54:58.360 --> 55:00.360 so I'm from the US, and you mentioned, you know, 55:00.360 --> 55:02.560 this is a global thing, but it's not. 55:02.560 --> 55:05.440 Because I live in the US, and even though I like iOS 55:05.440 --> 55:07.720 is supposed to allow different browser engines 55:07.720 --> 55:09.320 and this isn't that in Europe, 55:09.320 --> 55:12.360 doesn't do it in the United States. 55:12.360 --> 55:15.920 And we're facing a lot of a global uncertainty 55:15.920 --> 55:21.280 where Apple and Google have turned off 55:21.280 --> 55:25.760 like international court access to their services. 55:25.760 --> 55:29.560 It seems to me, y'all are taking the hardest possible way 55:29.560 --> 55:34.440 to why does it be you just fund a mobile operating system 55:34.440 --> 55:38.040 instead of begging companies to just do the right thing 55:38.040 --> 55:41.280 when they'll always drag their feet and always make it harder. 55:46.920 --> 55:52.120 Well, we are talking about a law here, right? 55:52.120 --> 55:56.920 So I think that the DMA is not our miracle instrument 55:56.920 --> 56:01.520 that will resolve all the problems of the digital market. 56:01.520 --> 56:03.760 I think there is, in this room, 56:03.760 --> 56:08.000 there's a lot of people working for funding a free software. 56:08.000 --> 56:11.760 Public money should be, you know, invested in free software. 56:11.760 --> 56:14.400 So I do think that the DMA is one element 56:14.400 --> 56:17.680 in a strategic approach for us to change the nature 56:17.680 --> 56:19.320 of digital markets, right? 56:19.320 --> 56:21.520 So DMA takes the real-glotter level, 56:21.520 --> 56:22.800 but we need a strategy. 56:22.800 --> 56:25.160 We need the public money on open standards, 56:25.160 --> 56:28.720 the public money on open software, you know? 56:28.720 --> 56:30.880 So I think if we think strategically, 56:30.880 --> 56:36.600 then we can approach this type of question. 56:36.600 --> 56:37.200 Thank you. 56:37.200 --> 56:39.360 So the next one, call either. 56:39.360 --> 56:43.200 Regarding 64 with App Store, opening up the app 56:43.200 --> 56:45.960 for us physically with regards to Apple, 56:45.960 --> 56:49.440 the only real exemption that the DMA offers 56:49.440 --> 56:54.080 to the gatekeepers is based on security arguments. 56:54.080 --> 56:56.680 But, for example, with Apple, 56:56.680 --> 56:58.400 it's been well established for over 10 years 56:58.400 --> 57:01.640 that they have their enterprise developer program 57:01.640 --> 57:04.280 where you can directly take a application 57:04.280 --> 57:05.720 and install in your device. 57:05.720 --> 57:07.720 Presumably, they make security arguments 57:07.720 --> 57:11.160 that are private to discussions with you. 57:11.240 --> 57:14.400 Is it possible that they might someday come out 57:14.400 --> 57:16.200 in the open where there can be a debate 57:16.200 --> 57:18.360 about whether or not these security arguments 57:18.360 --> 57:21.240 are actually reasonable and accurate? 57:21.240 --> 57:24.120 Or is that always gonna remain an internal dialogue 57:24.120 --> 57:27.080 that is not open to public scrutiny and feedback? 57:29.560 --> 57:31.080 It would be great to have. 57:31.080 --> 57:33.080 I don't know if we have kind of the regulatory power 57:33.080 --> 57:35.800 to force them to open up about this. 57:37.000 --> 57:38.720 I think what you will actually see 57:38.720 --> 57:42.000 is that over the course of us engaging with them 57:42.000 --> 57:44.440 and then actually also going towards proceedings 57:44.440 --> 57:47.720 and procedures, you might actually see some 57:47.720 --> 57:51.720 of that argument trickle into what we write about it. 57:51.720 --> 57:53.120 So if you would look at the decisions 57:53.120 --> 57:55.880 that we write about the specifications decisions 57:55.880 --> 57:58.160 that we put out about like interoperability 57:58.160 --> 58:00.840 with connected devices, there's a whole section. 58:00.840 --> 58:02.160 There's like 10, 15 pages. 58:02.160 --> 58:04.400 There's just security arguments, security arguments, 58:04.400 --> 58:05.600 security arguments. 58:05.600 --> 58:07.800 And of course, it will also say Apple says that 58:07.800 --> 58:11.280 and we say that and I think just to distill it, 58:11.280 --> 58:15.840 it's really about yes security privacy integrity 58:15.840 --> 58:18.800 are important issues, but they are also kind of important 58:18.800 --> 58:22.080 to all and any security measures that are being taken, 58:22.080 --> 58:24.600 security privacy integrity is always a short hand. 58:24.600 --> 58:27.720 Actually, they would benefit both Apple and third parties 58:27.720 --> 58:29.880 if they were kind of implemented across the board. 58:29.880 --> 58:31.240 So that's how we kind of distill 58:31.240 --> 58:32.520 and also from this competition angle. 58:32.520 --> 58:33.840 They still principles about it. 58:33.840 --> 58:35.840 Yes, I just can be applied, but it should be like 58:35.840 --> 58:36.680 not the screen at all. 58:36.680 --> 58:37.520 It should be objective. 58:37.520 --> 58:38.640 They should be transparent. 58:38.640 --> 58:41.120 They shouldn't depend on Apple being Apple. 58:41.120 --> 58:44.000 They should, if any, they should depend on really 58:44.000 --> 58:47.320 so many kind of being able to prove that they take certain measures 58:47.320 --> 58:49.880 that they kind of have the right, I don't know, encryption standards 58:49.880 --> 58:50.880 that they apply. 58:50.880 --> 58:55.560 So it also boils down to the user having the choice trust 58:55.560 --> 58:59.160 who they want, the person here, they might want to trust Apple 58:59.160 --> 59:02.040 for, say, the hardware, but not for certain of the software 59:02.040 --> 59:03.720 on it, and it's really about enabling this. 59:03.720 --> 59:06.560 And not having Apple as an argument, our software 59:06.560 --> 59:08.320 couldn't do different things because we are Apple 59:08.320 --> 59:09.480 and we trust ourselves. 59:09.480 --> 59:11.760 That's kind of the principle that we want to go beyond 59:11.760 --> 59:14.920 it's really about empowering users, not only in the choice 59:14.920 --> 59:16.480 of their advice, but both in their choices 59:16.480 --> 59:17.120 about privacy security. 59:20.720 --> 59:22.680 Also, just to be transparent about the process that I 59:22.680 --> 59:24.760 explained with the dialogue that we have with these companies, 59:24.760 --> 59:27.800 for example, Apple, it functions that we meet with them 59:27.800 --> 59:29.040 maybe every week every month. 59:29.040 --> 59:29.960 Then we meet with you guys. 59:29.960 --> 59:31.760 I think we've also met with F-troid if that's 59:31.760 --> 59:33.560 where you're from a few times. 59:33.560 --> 59:36.960 And then we try to reconcil what we hear because a lot of the time 59:36.960 --> 59:38.600 it's not the same thing we hear from Apple 59:38.600 --> 59:40.960 and then what we hear from F-troid, for example, you guys. 59:40.960 --> 59:44.120 And that forms the full picture of how we do our work, right? 59:44.120 --> 59:45.680 So it's very important that you actually 59:45.680 --> 59:48.240 interact with us and tell us, as I said earlier, 59:48.240 --> 59:50.680 what's your problems, what you've used, that will help us 59:50.680 --> 59:53.800 also when we engage with these companies to say, 59:53.800 --> 59:56.440 that's funny because we heard actually from third parties 59:56.440 --> 59:59.680 that this, this and this, and that makes it easier to count 59:59.680 --> 01:00:03.720 the academics that are not necessarily vented. 01:00:03.720 --> 01:00:05.400 Thank you for your own divide attention. 01:00:05.400 --> 01:00:07.240 And again, join me in our round of applause. 01:00:07.240 --> 01:00:08.080 It was a pleasure. 01:00:08.080 --> 01:00:16.080 APPLAUSE 01:00:16.080 --> 01:00:17.280 Thank you very much. 01:00:17.280 --> 01:00:18.080 Thank you. 01:00:18.080 --> 01:00:19.080 Thank you. 01:00:19.080 --> 01:00:20.080 Thank you. 01:00:20.080 --> 01:00:21.080 Thank you. 01:00:21.080 --> 01:00:22.080 Thank you.