In January Apple made a proposal to address the European Commission’s preliminary conclusion that it was abusing its dominant position by reserving access to near field communication (NFC) functionality to the Apple Pay wallet for tap to pay. This prevented others from launching NFC mobile wallets on the iPhone. Today the European Commission said it made Apple’s commitments legally binding for ten years and also expanded them.
Apple had already opened up access to NFC to certain developers in the EU in January without charge. It also allows another wallet to be set as the default payment app. However, it tried to limit access to licensed payment service providers or their developers. Apple dropped that restriction alongside some additional commitments.
The Commission consulted other providers to see whether Apple’s commitments address their competition concerns.
Notably, the deal involves access to NFC in Host Card Emulation mode (‘HCE’). Credentials are not stored in the secure element of the device. Instead, the bank keeps them in a private cloud. It sends some short term credentials to the phone in advance to support contactless payments.
In its January announcement, Apple said that “HCE apps, which are software-based solutions, can be more susceptible to attack vectors whereby payment transaction tokens and other sensitive financial data may be compromised, including through exposure to untrusted and potentially malicious entities.” That was its rationale for restricting access to licensed entities.
Meanwhile, in April, the European Central Bank (ECB) gave an update on its design for offline tap to pay functionality for the digital euro. At the time, it noted it needed access to the phone’s secure enclave to store keys (already available) and the NFC functionality.