EU orders Google to share search data and open Android AI to rivals by 2027
Two Digital Markets Act specification decisions force Android AI interoperability and search data access, with Google warning of privacy and security risks.

The European Commission announced two specification decisions under the Digital Markets Act: it will require Google to enable broader third-party AI assistant access on Android and to share search data with other search engines and AI chatbots. The deadlines start in January 2027 for search sharing and July 2027 for Android AI interoperability, escalating Google-EU conflict over privacy, security, and competition.
The European Commission just pulled two big levers against Google, and it is doing it in a way that looks less like a verdict and more like a blueprint: starting in January 2027, Google will have to share search data with competitors (with anonymization rules), and starting in July 2027, competitors’ AI assistants will get much broader access to Android-powered devices, including voice activation and the ability to take actions in apps on users’ behalf.
Google calls the move a threat to privacy and security guardrails for millions of Europeans. In a statement, Kent Walker, Google and Alphabet president of global affairs, warned that “Today’s decisions risk undermining vital privacy and security guardrails for millions of Europeans.” On the AI side, Walker argued the ruling is unnecessary because AI assistants “already safely access Android’s capabilities” when OEMs allow it, and he said the “Android ruling threatens device security by granting external apps sensitive and powerful device permissions without [OEM] safeguards.” The Commission, for its part, is framing this as clarification and interoperability enforcement, not a judgment that Google has been violating the Digital Markets Act.
Here is the key EU framing: the Commission says Thursday’s specification proceeding is not a noncompliance decision, and it does not try to determine whether Google has been flouting its obligations as a DMA gatekeeper. Instead, it wants Google and the other parties to be clear about what the EU wants Google to do to lessen Google’s monopolistic hold on search and its control over the operating system on the majority of the world’s smartphones.
On Android AI interoperability, the Commission’s core concern is practical access. “Currently, on Android phones, competitors' AI assistants only have restricted access to key functionalities,” the EU said. Today’s decision, it argues, will ensure that users can activate their preferred AI assistant. The Commission says Google will be required to give third-party AI providers extensive access to Android-powered devices, including allowing them to be voice-activated in place of Gemini and to take actions in apps on a user’s behalf.
Google’s pushback is direct. The company’s position is that the EU is side-stepping OEM responsibilities for vetting and securing AI assistants. Google also argues the interoperability requirement creates a “huge window for threat actors” because it effectively grants system-level access for external apps, and it characterizes the EU approach as a rushed checklist rather than actual law. Meanwhile, the Commission’s own FAQ response to privacy and security concerns matters because it undercuts the simplest version of Google’s argument. The Commission says Google and OEMs still retain control through eligibility conditions. “In view of the sensitive nature of some of the features, Google may put in place objective and non-discriminatory eligibility conditions to limit access to third parties meeting certain privacy, security and integrity standards,” the Commission said.
Then there is the second spec decision, and it is where the stakes for search competitors get very concrete. The Commission says Google’s previous attempts to open up search access were “innefective so far,” and it wants other search engines to be able to access Google data to improve their services and compete more effectively. The Commission states, “Subject to anonymisation, Google should share the same data that it collects to optimise its own search services,” and it explicitly notes that this includes giving AI chatbots access to that data to improve their services.
Google’s complaint on search sharing is equally pointed. Walker argued that “Europeans’ private searches would be exposed to unfamiliar companies, without adequate anonymisation of the data and without user knowledge or consent.” He warned this would “weaken citizens' privacy, risk business trade secrets, and endanger national security.” The Chamber of Progress, which the source notes speaks for the tech industry and is funded in part by Google, made a parallel argument about consumer safety and execution risk, saying the Commission is “ignoring well documented privacy risks” to impose a vision of the digital economy rather than work with industry on solutions “safe and supported by consumer demand.” The group’s VP for Europe, Kay Jebelli, said the likely result is services will be pulled while legal challenges are mounted.
What makes Thursday’s decision more than a political slapfight is the level of detail in the Commission’s anonymization and control plan. Per the FAQ, the technical elements include suppressing search records that contain rare items such as usernames and passwords, addresses, and bank account info. It calls for generalization of metadata and grouping users into bundles of at least 1,000 people with similar geographic and device data. It also calls for removal of direct and indirect identifiers.
The Commission adds additional guardrails on who can receive data and what they can do with it. Search data shared by Google would only be available to eligible beneficiaries with verified investment plans to improve online search services. Recipients cannot link the data to any other datasets, share it with any third party, and must undergo independent audits to verify safeguards and compliance with EU policy before access, followed by yearly audits afterward. The measures are also subject to biennial reviews to reflect practical experience and any new developments.
If you are wondering whether this is déjà vu, the source says yes. Google’s complaints are “nearly identical” to those it made when the EU first told it to open up search data in April. The comparison is important because it hints that this is a continuation of an ongoing DMA tug-of-war, not a one-off compromise.
In the end, the Commission insists Google has a right of defense and that independent judicial scrutiny of these announcements is still warranted. But timelines are now real: if nothing changes, Google must comply with the search data sharing specifications beginning in January 2027, while the AI interoperability portion goes into effect in July 2027. For executives watching from the sidelines, the message is simple and uncomfortable: in the DMA era, access is becoming a deliverable, not a courtesy, and privacy, security, and distribution are about to be engineered into compliance schedules across platforms.
This story's Key Insights and Take-aways are locked.
Create a free account to unlock Executive Actions for one credit.
Register to UnlockAlways free for Executives Club members. Join the Club
More in Business

Uber buys Delivery Hero for nearly $15B, vaulting to top food delivery outside China
The deal doubles Uber's dual-services footprint and pushes a ride-and-eats bundling play into 50 more markets.

Epic and Google drop settlement bid, forcing rival Android app stores by July 22
Google told the court it is ready to carry third-party app stores starting Wednesday, July 22.

SK Hynix opens at $170, raises $26.5B, and tops foreign IPO records
In Friday's Wall Street debut, SK Hynix turns AI RAM demand into a $26.5B fundraising moment that rewrites comps.

