Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
Apple's App Store Review Guidelines establish the requirements that application developers must satisfy for app approval, distribution, and continued availability across Apple's platforms including iPhone, iPad, Mac, Apple TV, Apple Vision Pro, and Apple Watch. The guidelines require developers to implement Apple's In-App Purchase system for the sale of digital goods and subscriptions, through which Apple retains a commission. The guidelines additionally mandate that apps display App Privacy labels disclosing data collection categories and usage, and establish heightened restrictions on data collection and advertising practices for applications designated for users under 13.
This document is Apple's App Store Review Guidelines, a platform policy governing the submission, approval, and distribution of applications through the App Store across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The guidelines assert that Apple reserves the right to reject, remove, or request modification of any app that does not comply with its rules, and require developers to agree to the Apple Developer Program License Agreement as the binding legal basis for participation. Notable provisions include mandatory use of Apple's In-App Purchase system for digital goods and services (with Apple retaining a commission), requirements for age-gating and parental consent mechanisms for apps directed at minors, restrictions on specific content categories including gambling, political advertising, and health-related apps, and requirements that apps collecting user data disclose practices through App Privacy labels and comply with Apple's tracking permission framework via AppTrackingTransparency. The guidelines engage with COPPA (regarding child-directed apps and data collection from minors), GDPR and CCPA (regarding privacy disclosures, user consent, and data handling obligations), FTC regulations (regarding advertising disclosures and in-app purchase transparency), and sector-specific frameworks such as HIPAA (for health and medical apps) and financial services regulations (for apps offering financial products); applicability of specific regulatory provisions depends on jurisdiction and the nature of the developer's app. Compliance teams should note that Apple's IAP commission requirement, its gatekeeping authority over app distribution, and its unilateral right to update guidelines with developer compliance required as a condition of continued distribution have been subjects of regulatory scrutiny in the EU under the Digital Markets Act, and the guidelines include EU-specific provisions reflecting ongoing legal and regulatory developments in that jurisdiction.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial1 important change detected
3 versions captured · Last updated: June 2026
This new provision establishes mandatory user consent for cross-app tracking and prevents functionality discrimination based on tracking consent, reflecting heightened privacy enforcement standards.
This new high-severity provision establishes comprehensive regulatory compliance requirements for health and medical apps, including restrictions on health data monetization and mandatory regulatory approvals.
This new provision establishes specific requirements for gambling apps including mandatory licensing, geo-restriction, free App Store distribution, and prohibits in-app purchase integration with real-money gaming.
Removal of this provision eliminates the explicit requirement for in-app account deletion functionality, potentially reducing user data control protections.
Removal of this provision eliminates specific disclosure requirements for AI-generated content and privacy label requirements related to AI, reducing transparency obligations for AI-powered apps.
Removal of this as a standalone high-severity provision (content merged into broader IAP requirement) reduces explicit emphasis on anti-steering and pricing transparency enforcement.
Removal of this informal content moderation standard (with the 'I'll know it when I see it' reference) reflects a shift toward more objective and legally-defined rejection criteria in the current guidelines.
Removal of this provision eliminates explicit requirements for subscription transparency and in-app cancellation management.
Severity downgraded from high to medium, scope expanded to explicitly include cryptocurrencies and cryptocurrency wallets as prohibited unlock mechanisms, and positive phrasing added about permitted use of in-app purchase.
Requirements restructured to add explicit prohibitions on unnecessary personal information collection and social networking/chat features, and parental consent language shifted from 'should' to 'may not' for third-party data collection.
Requirement extended to explicitly cover app updates (not just new apps), added obligation to clearly describe privacy-related features, and expanded scope to mandate disclosure of third-party partner, SDK, and analytics tool data collection.
Severity downgraded from high to medium, scope expanded to include alternative browser engine provision for EU developers, added requirement for notarization of apps distributed outside App Store, and removed specific mention of alternative payment service providers and fee structures.
Severity downgraded from high to medium, scope shifted from developer termination to app rejection/removal, added explicit categories (false, fraudulent, misleading content), added appeal rights for developers, and changed from 'detrimental to users' to 'harmful to users or the ecosystem'.
Monitoring
Apple has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Anti-Steering Prohibition and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.