Apple can revoke the entitlement if it's abused, as they've done many times in the past with signed apps. Nobody (including the EU) is demanding that it be an zero-auth free-for-all API, only that competitors can use it. It's not an absurd demand and there is absolutely precedent for Apple individually trusting competitors in this regard.

If you're astounded by hackers asking practical questions, maybe you should stop carrying water for corps and see how your back feels. Let's talk shop, what are the roadblocks Apple faces here?