On July 16, 2026, the European Commission adopted two binding decisions under the Digital Markets Act (DMA) concerning Google Search data sharing and AI interoperability for Google Android. Google must provide anonymized data to qualifying search competitors, and on Android, it must open the 11 OS features used by Gemini to rival AI systems on equal terms. What the EU is targeting are the two advantages underpinning Google's AI business: the massive usage data that continuously improves search, and the pathway through which AI is invoked on smartphones, reads context, and operates apps.

The proposal published in April was at the consultation stage. With this final decision, the timeline has been confirmed: search data sharing begins in January 2027, and most Android features must be available in the next major release, Android 18, by no later than August 1, 2027. However, this does not mean Google's search algorithm or raw search history will be made public. Rather, it is a system that precisely defines how the shared data is processed, and to whom, under what conditions and fees it is provided—a framework whose ability to balance competition promotion with privacy protection will be tested at the implementation stage.

AD

What Search Data Is Shared, and What Isn't

Article 6(11) of the DMA covers rankings and queries generated on Google Search, along with click and browsing data. Recipients must be online search engines, and AI chatbots with search functionality may also apply. Recipients can use the data to understand query intent, improve autocomplete, and enhance search ranking and information retrieval. It can also help in selecting which websites to prioritize for indexing. For AI systems with search capabilities, this serves as material for training the retrieval systems that pull in up-to-date web information and support the grounding of answers.

The European Commission specified the requirements in such detail because Google's previous proposal was, in practice, not being used. According to the Commission, the previous dataset excluded 90-100% of unique search queries and also excluded AI chatbots with search functionality. Google Search is said to have held over a 90% market share in Europe for decades, and competitors have struggled to replicate the improvement-oriented data derived from that scale of usage. This decision set the scope for third parties based on the data that Google itself collects and uses to improve its own search service.

That said, recipients only receive a processed subset of the data. User account information, search history, precise search timestamps, and ad result URLs are excluded, as are records containing overly long queries or rare terms. There is no obligation to hand over the search algorithm or Google's underlying technology. Recipients cannot use the data to train general-purpose AI models, for advertising or consumer profiling, or for systematically replicating Google Search results; use is restricted to improving search technology and search services.

Data is provided in daily batches, at least 7 days after the search occurred. Each recipient may use the data for a maximum of 5 years from the start of access. Google can factor into its fees the reasonable costs incurred from sharing and a reasonable return on the capital required to provide it, but the rate of return is capped at Alphabet's weighted average cost of capital (WACC). In other words, the EU has not made the data a free public good, but has instead set a formula that makes it difficult for Google to set prices high enough to shut out competitors.

11 Android Features to Narrow the Gap with Gemini

The Android-side decision goes deeper than the conventional notion of "openness"—simply being able to install AI apps. The European Commission determined that while roughly 60% of European mobile users use Android devices, Gemini has near-exclusive control over functions such as always-on voice activation, understanding of screen and app context, and operating other apps. Even when third-party AI attempted to perform the same tasks, ordinary app permissions made it difficult to achieve the same responsiveness and scope of integration as Gemini, which is built into the OS.

The 11 features to be opened up fall into four groups. The first covers long-press activation via the home button or navigation handle, and always-on voice listening triggered by custom wake words. The second covers concentrated access to app data stored on the device, context acquisition from screen, location, microphone, camera, and other sources, and proactive suggestions. The third covers app operation, automated operation across different screens, and changes to OS settings such as brightness and Bluetooth. The fourth covers on-device models including Gemini Nano, third-party on-device models, and background execution using the CPU or NPU.

The scope of app integration is also broad. The final measures require that third-party AI be given the same access for retrieving and operating on information in Gmail, Calendar, Drive, and Docs. Maps, YouTube, Messages, and Phone are also included, bringing the total to 8 services. This could cover, for example, processes such as searching for an email, drafting a reply, and adding an appointment, or reading a shopping list and proceeding with an order in a different app. Screen automation is even designed to anticipate multi-step operations carried out in a virtual window while the user works on something else.

Google must provide these interoperability features free of charge and cannot make being set as the default AI assistant a condition of use. The same APIs must be made available on Android devices sold by manufacturers other than Google, and whenever a new feature is added to Gemini, it must be opened to third parties simultaneously. Most features must be implemented in Android 18 by August 1, 2027. Only the feature allowing multiple AI services to use always-on voice listening simultaneously is deferred to Android 19, with a deadline of August 1, 2028.

AD

Two Gatekeeping Mechanisms: Anonymization and Eligibility

Search data sharing incorporates strong anonymization processing. Google removes direct identifiers such as usernames and IP addresses, as well as precise timestamps and input format. In addition to names and addresses, rare terms that could include passwords or bank account numbers are suppressed on a per-record basis, as are unusually long queries. Furthermore, users sharing the same location, device type, and language are grouped into cohorts of at least 1,000, and the European Commission states that 95% of users fall into cohorts of 29,000 or more.

Constraints continue even after technical processing. Recipients must keep the data in an isolated environment and are prohibited from combining it with other datasets, re-sharing it with third parties, re-identifying individuals, or analyzing the anonymization measures themselves. An independent audit is required before access begins, followed by an initial compliance audit within 6 months of the start of sharing, and annual audits thereafter. The anonymization methods and system will be reviewed every two years, and if new attack methods or market changes emerge, the European Commission can reopen the process.

The eligibility requirements pose a high barrier for small development teams. Applicants need an average of at least 50,000 monthly search users in the EU over the past year, and existing operators must demonstrate at least 2 years of service provision in the EU. New entrants established less than 2 years ago must have received capital investment exceeding €50 million. Additionally, Google may exclude companies subject to EU sanctions or controlled by third countries posing serious, structural cybersecurity or data protection risks.

On Android as well, explicit user consent is a prerequisite for all features. For 5 areas—screen automation, structured app integration, OS integration, concentrated access to on-device app data, and context awareness—Google may establish objective, non-discriminatory certification requirements. Draft conditions will be published by February 1, 2027, with final conditions by May 1, and individual reviews must be completed within 4 weeks of receiving an application. Even though access to OS features is free, developers will still need the engineering capacity to demonstrate safety and respond to audits.

A Long Implementation Process Beginning August 2026

On the day of the decision, Google formally pushed back, arguing that it risks undermining privacy and device security. The company emphasized the current system in which device manufacturers vet AI assistants, arguing that granting strong permissions to external apps would weaken safety measures. Regarding search data, Google also argued that private searches would be handed to companies unknown to users, endangering trade secrets and national security. The company plans to push for revisions by leveraging the mechanism the European Commission has acknowledged, which allows measures to be adjusted based on future evidence.

The EU side maintains that it has not mandated unconditional openness. For search, it combines anonymization, restrictions on purpose of use, independent audits, and safety review by Google. For Android, it makes user consent the baseline while allowing a certification system for the 5 sensitive features. The device safety concerns Google raises cannot justify a blanket denial of access, but measures that are necessary and proportionate, and that apply equally to Google's own services, can be implemented.

The initial process will begin shortly. Google must have search data application forms and guidance pages ready by the end of August 2026, license templates and test data by September, the anonymized dataset by November, and fees set by January 2027. After that, the Android certification system will take concrete shape from February through May, with most of the 11 features loaded into Android 18 by August. In August 2028, the final step follows, enabling multiple AI systems to run simultaneous voice listening.

This specification decision is not a procedure that finds Google in violation of the DMA and imposes a fine. Rather, it is a decision that, building on obligations already established in law, spells out implementable APIs and data formats, and further concretizes eligibility, fees, and deadlines. Can competitors retain data quality useful for improvement even after anonymization? Will the fees avoid deterring entry? Will Android certification be operated under the same standards as Google's own services? Only once these three points are confirmed will the EU's two decisions actually expand the range of choices in search and mobile AI.