The European Commission has signalled that Google's planned Android developer verification program must not undermine the Digital Markets Act's requirement to allow sideloading and third-party app stores, warning that any security measures must be strictly necessary and proportionate.
In a written answer on 15 June 2026 to a question from Social Democrat MEP Christel Schaldemose, Executive Vice-President Henna Virkkunen said the Commission is aware of Google's announcement to introduce a verification process from September 2026 in some jurisdictions outside the EU. The program would require all Android app developers — including those distributing via third-party stores or sideloading — to register with Google, provide official identification, pay a fee, and accept Google's terms. An 'advanced flow' for superusers would require 24 hours and numerous steps to bypass.
Virkkunen noted that Article 6(4) of the DMA obliges gatekeepers like Alphabet to allow effective distribution of apps through third-party stores or the web. However, the DMA also permits Google to introduce measures that are strictly necessary and proportionate to protect the integrity of hardware or operating systems, provided they are duly justified. The Commission is engaged in a regulatory dialogue with Alphabet on this article and is monitoring compliance to ensure apps can be effectively distributed outside Google Play.
The answer did not set a deadline for a decision or announce formal proceedings, but the Commission's active monitoring signals that it views the verification program as a potential restriction on sideloading and third-party app stores. The response also acknowledged public campaigns such as 'Keep Android Open' that have emerged in reaction to Google's announcement.
The Commission's position balances the DMA's goal of opening app distribution against Google's security concerns, with the burden on Google to justify any restrictions. The outcome will affect Android app developers, users who sideload apps, third-party app stores, and Google itself, which faces potential enforcement if the verification program is deemed non-compliant.