alt Hacker NewsLetting a US company (under jurisdiction of, say, US Cloud Act, but also unknown administration orders that might come) strictly control the phone for a privacy focused EU citizen (or more broadly, non-US citizen) seems super dangerous.
The requirements are not onerous, it is the basic preemption of monopolist behavior.
Qualifying "random apps" is something that is a true challenge, but that holds regardless of the API being offered — the problem is that Apple saves some programming API only for themselves, instead of introducing acceptable & objective market terms to be met (if deemed unsafe, they could require companies to demonstrate compliance with things like CRA to get access to these APIs).
I am perfectly ok with EU having different rules of their own but they also can't be upset when features aren't offered there. That is the trade-off they have chosen and I am ok with it.