8 Total
2 High severity
6 Medium severity
0 Low severity
Summary

Apple's App Store Review Guidelines establish the requirements that application developers must satisfy for app approval, distribution, and continued availability across Apple's platforms including iPhone, iPad, Mac, Apple TV, Apple Vision Pro, and Apple Watch. The guidelines require developers to implement Apple's In-App Purchase system for the sale of digital goods and subscriptions, through which Apple retains a commission. The guidelines additionally mandate that apps display App Privacy labels disclosing data collection categories and usage, and establish heightened restrictions on data collection and advertising practices for applications designated for users under 13.

Technical / Legal Breakdown

This document is Apple's App Store Review Guidelines, a platform policy governing the submission, approval, and distribution of applications through the App Store across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The guidelines assert that Apple reserves the right to reject, remove, or request modification of any app that does not comply with its rules, and require developers to agree to the Apple Developer Program License Agreement as the binding legal basis for participation. Notable provisions include mandatory use of Apple's In-App Purchase system for digital goods and services (with Apple retaining a commission), requirements for age-gating and parental consent mechanisms for apps directed at minors, restrictions on specific content categories including gambling, political advertising, and health-related apps, and requirements that apps collecting user data disclose practices through App Privacy labels and comply with Apple's tracking permission framework via AppTrackingTransparency. The guidelines engage with COPPA (regarding child-directed apps and data collection from minors), GDPR and CCPA (regarding privacy disclosures, user consent, and data handling obligations), FTC regulations (regarding advertising disclosures and in-app purchase transparency), and sector-specific frameworks such as HIPAA (for health and medical apps) and financial services regulations (for apps offering financial products); applicability of specific regulatory provisions depends on jurisdiction and the nature of the developer's app. Compliance teams should note that Apple's IAP commission requirement, its gatekeeping authority over app distribution, and its unilateral right to update guidelines with developer compliance required as a condition of continued distribution have been subjects of regulatory scrutiny in the EU under the Digital Markets Act, and the guidelines include EU-specific provisions reflecting ongoing legal and regulatory developments in that jurisdiction.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

1 important change detected

3 versions captured · Last updated: June 2026

June 9, 2026

medium
What changed Apple updated its App Store Review Guidelines to broaden language about alternative app distribution from EU and Japan specifically to a more generalized statement about 'some markets and certain platforms'. The guidelines also expanded requirements for app developers regarding child safety, stating that developers must ensure age-appropriate experiences and remove user-generated content that violates guidelines or community standards, with escalating consequences including potential app removal for non-compliance.
Why this matters The updated guidelines state that developers must ensure kids receive age-appropriate experiences within their apps and must remove user-generated content that violates the guidelines, terms of service, or community standards. Under the revised policy, if Apple identifies policy-violating content, the developer will be asked to remove it and provide a compliance improvement plan. Based on the developer's response, the app may be removed from the App Store until compliance is demonstrated. This establishes a formal escalation pathway where developer inaction or inadequate remediation can result in app suspension or removal.
View full change record →

Recent Provision Changes Jun 9, 2026

Added (3)
AppTrackingTransparency Consent Requirement Medium

This new provision establishes mandatory user consent for cross-app tracking and prevents functionality discrimination based on tracking consent, reflecting heightened privacy enforcement standards.

Health and Medical App Requirements High

This new high-severity provision establishes comprehensive regulatory compliance requirements for health and medical apps, including restrictions on health data monetization and mandatory regulatory approvals.

Gambling and Real-Money Gaming Restrictions Medium

This new provision establishes specific requirements for gambling apps including mandatory licensing, geo-restriction, free App Store distribution, and prohibits in-app purchase integration with real-money gaming.

Removed (5)
Mandatory Account Deletion Requirement

Removal of this provision eliminates the explicit requirement for in-app account deletion functionality, potentially reducing user data control protections.

AI-Generated Content Disclosure Requirement

Removal of this provision eliminates specific disclosure requirements for AI-generated content and privacy label requirements related to AI, reducing transparency obligations for AI-powered apps.

Anti-Steering Prohibition on External Purchase Links

Removal of this as a standalone high-severity provision (content merged into broader IAP requirement) reduces explicit emphasis on anti-steering and pricing transparency enforcement.

App Content Moderation and Prohibited Content Categories

Removal of this informal content moderation standard (with the 'I'll know it when I see it' reference) reflects a shift toward more objective and legally-defined rejection criteria in the current guidelines.

Subscription Auto-Renewal and Cancellation Requirements

Removal of this provision eliminates explicit requirements for subscription transparency and in-app cancellation management.

Modified (5)
Mandatory In-App Purchase System

Severity downgraded from high to medium, scope expanded to explicitly include cryptocurrencies and cryptocurrency wallets as prohibited unlock mechanisms, and positive phrasing added about permitted use of in-app purchase.

Kids Category Data Collection Restrictions

Requirements restructured to add explicit prohibitions on unnecessary personal information collection and social networking/chat features, and parental consent language shifted from 'should' to 'may not' for third-party data collection.

App Privacy Label Disclosure Requirement

Requirement extended to explicitly cover app updates (not just new apps), added obligation to clearly describe privacy-related features, and expanded scope to mandate disclosure of third-party partner, SDK, and analytics tool data collection.

EU Alternative Distribution and Browser Engine Provisions

Severity downgraded from high to medium, scope expanded to include alternative browser engine provision for EU developers, added requirement for notarization of apps distributed outside App Store, and removed specific mention of alternative payment service providers and fee structures.

App Removal and Rejection Standards

Severity downgraded from high to medium, scope shifted from developer termination to app rejection/removal, added explicit categories (false, fraudulent, misleading content), added appeal rights for developers, and changed from 'detrimental to users' to 'harmful to users or the ecosystem'.

View full change record →
High — 2 provisions
Medium — 6 provisions

Monitoring

Apple has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Anti-Steering Prohibition and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

CCPA/CPRA
California, USA
View official text ↗
COPPA
United States Federal
View official text ↗
FTC Act Section 5
United States Federal
View official text ↗
GDPR
European Union
View official text ↗
UK GDPR
United Kingdom
View official text ↗
Archival ProvenanceSource & Archival Record
Last Captured June 9, 2026 00:07 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000025
Version ID CA-V-003543
SHA-256 4757c78422154f6dba5cf35af2a90cf427e5b7c56e974238344df717cb9eb93f
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans