Last month, I had the honour of representing my company vaic.at at the Global App Economy Conference EU (GAEC: EU) in Brussels, organized by ACT | The App Association. The event convened SMEs, startups, and policymakers from the European Commission and European Parliament to discuss the regulatory landscape shaping Europe’s digital future.
At vaic.at, we completely understand and have experienced the challenges that intricate regulatory frameworks present for innovation and security in the digital realm. During the conference, I shared our concerns regarding how overly complex compliance processes not only impede innovation but can also engender unintended cybersecurity vulnerabilities—a critical issue I have raised with EU policymakers.
These discussions are predicated on advocacy efforts I have been engaged in over the past year, including open letters and direct communications with DMA teams at the European Commission and Members of the European Parliament. Collaborating with other concerned EU-based SMEs, our message was unequivocal: regulation should not compromise user safety or developer trust.
Regrettably, initiatives such as the Digital Markets Act (DMA)—while well-intentioned—have already exhibited indications of doing precisely that.
Our Concerns with the Digital Markets Act
The Digital Markets Act (DMA) is intended to promote fairness and competition, but its current implementation raises serious concerns for small, privacy and security-focused developers like ourselves at vaic.at. In conjunction with numerous other SMEs across Europe’s technology ecosystem, we have repeatedly highlighted the detrimental unintended consequences that jeopardize innovation, user safety, and trust.
1. Security Risks from Forced Interoperability and Sideloading
The Digital Markets Act (DMA) mandates forced changes which we see as insecure backdoors into platforms (that vaic.at utilises to engage with our users) under the pretense of “platform openness,” including sideloading and third-party app store support. Platforms like Apple iOS, iPadOS, App Store and more are forced to implement unsafe modifications under the European Commission’s guidance which in our view disregards warnings from independent security and Apple security experts regarding proportionate security assurances. This poses a risk to the dismantling of existing safeguards against scams, malware, identity theft, and surveillance—safeguards that many European citizens and SMEs currently take for granted. Ultimately lowering the overall trust in the platform which is something SMEs rely on.
The industry has already observed an increase in abuse: fraudulent apps, dangerous use of dark patterns, impersonation, and unsafe app distribution, often occurring in instances where platform “gatekeepers” were compelled to reduce oversight. Rather than empowering consumers, these measures expose novel attack surfaces, particularly for vulnerable users such as children, the elderly, and those with limited digital literacy.
2. Disproportionate Compliance Burden on SMEs
Large technology companies possess the resources to navigate the DMA’s intricate requirements with comprehensive legal and compliance teams. SMEs, on the other hand, are left to interpret ambiguous obligations and navigate unclear boundaries. Consequently, we have witnessed fragmentation, confusion, and legal uncertainty, particularly in cross-platform and cross-border contexts. Practical support is lacking, leaving smaller players disadvantaged.
3. Chilling Effect on Privacy-Centric Innovation
The regulatory ambiguity surrounding the Digital Markets Act (DMA) poses a heightened risk for privacy-centric developers. If sideloaded applications can circumvent parental controls, biometric safeguards, or secure payment systems, ethical developers who establish reputations based on respecting user boundaries face a competitive disadvantage, while malicious actors benefit.
Rather than commending high standards, the DMA in our opinion inadvertently encourages shortcuts.
4. Erosion of Trust in the EU Digital Market
In the absence of robust safeguards and unambiguous implementation guidance, we are apprehensive that the EU may lose its well-earned standing as a leader in digital safety and responsible innovation. Numerous small developers have reported an escalation of abuse and exploitation of newly discovered vulnerabilities. Instead of fostering a level playing field, the current trajectory risks propelling developers and users alike toward less secure, fragmented ecosystems—or even beyond the EU entirely.
Industry Voices Echo Our Concerns
These concerns were widely shared among the conference participants. Bradley Simonich from ACT | The App Association highlighted that startups and SMEs are the foundation of the app economy, yet their voices often remain overlooked in policymaking. The conference provided an invaluable platform for addressing these concerns directly with EU decision-makers.
– Jonas Almeling summed it up best: without a supportive regulatory landscape, Europe risks not just slowing innovation—but losing it entirely. His meetings with Commissioners focused specifically on strategies to supercharge AI adoption among SMEs while ensuring regulations fuel rather than stifle progress.
https://www.linkedin.com/in/almeling/
– Erika Maslauskaite (deverium / alongID) emphasized the complexity of EU regulations compared to the US and the need to simplify them to foster innovation. Her discussions with MEPs covered critical topics including the AI Act, Digital Markets Act, Digital Services Act, eIDAS, and intellectual property rights in AI—all areas where streamlining is urgently needed.
https://www.linkedin.com/in/erikamaslauskaite/
– Guido Magrin (TeiaCare) emphasized the need for an environment “where innovation thrives, not where bureaucracy slows it down,” especially in AI and healthcare. As someone working at the intersection of technology and healthcare, he provided powerful examples of how regulatory hurdles particularly impact sectors where innovation directly improves lives.
https://www.linkedin.com/in/guidomagrin/
– Carlos Herce Fernández (World Challenge Game) highlighted that “innovation cannot be slowed by excessive regulatory policies,” a widely shared frustration. During his meetings with European parliamentarians, he specifically addressed how the current M&A limitations in Europe are creating barriers for startups seeking growth opportunities.
https://www.linkedin.com/in/carlosherce/
– Tomas Navratil (LucidCircus) shared that it’s becoming difficult to justify operating in Europe due to burdensome regulation—feedback that directly reflects the concerns we’ve submitted to the Commission. Having worked with both American and European startups, he provided compelling comparative examples of the differences in legal and compliance landscapes.
https://www.linkedin.com/in/tnavratil/
– Pedro Santos (Glazed – Elite Developers) called for smart policies that “empower innovation rather than slow it down,” warning that uncertainty is already pushing EU developers to explore other markets. He emphasized that in sectors like health tech, lack of regulatory clarity is directly delaying innovations that could improve patient outcomes.
https://www.linkedin.com/in/pedroatglazed/
– Jason Culloty (Skillsvista) reminded everyone of the resilience and adaptability of SMEs, and how policies must reflect the realities of a fast-moving global economy. As a non-technical founder who built a successful edtech platform despite being told it couldn’t be done, his story exemplifies the determination European innovators bring to the table.
https://www.linkedin.com/in/jason-culloty-81680560/
– Sveatoslav Vizitiu (Rhuna) stressed the importance of “a fairer, more inclusive digital ecosystem,” particularly in the areas of AI governance and data privacy. His company’s work developing tools for event organizers has given him firsthand experience with how current regulations often fail to account for the needs of smaller platforms.
https://www.linkedin.com/in/sveatoslav/
The Path Forward
During our meetings with policymakers, I specifically addressed the need to strike a balance between digital security concerns and competition goals. Drawing on our experience at vaic.at and our previous communications with EU authorities, I emphasized that policy must support, not undermine, the foundations of digital trust.
I shared examples from our open letters to the Commission, highlighting how the mandatory interoperability requirements have already introduced security vulnerabilities that impact our users. Additionally, I underscored how vague compliance guidelines have diverted resources away from product development towards legal consultations—resources that small businesses like ours cannot afford to squander.
The Global App Economy Conference served as a poignant reminder that small developers, startups, and privacy-first innovators remain pivotal voices in shaping the future. The connections established and insights gained at GAEC: EU will prove invaluable as we persistently advocate for a regulatory environment that genuinely supports innovation and security.
At vaic.at, we remain steadfast in our commitment to advancing this discourse—toward a Europe that not only leads in regulation but also in the appropriate kind of regulation: thoughtful, practical, and inclusive of all developers—not merely the most prominent players.
Comments
There are no comments yet.