From WeChat to WhatsApp: AI’s Legal Dilemma in Challenging Super Apps

Recently, WhatsApp—the world’s largest instant messaging platform—restricted artificial intelligence (AI) bots from accessing its service. In response, the European Commission promptly launched an antitrust investigation. Meanwhile, in China, major super apps such as WeChat, Alipay, Taobao, and financial platforms have blocked access for the AI assistant “Doubao” (developed by ByteDance), drawing significant media attention. Behind these incidents lies a broader industrial conflict between closed, ecosystem-dominated mobile super apps and emerging AI companies seeking data access and interoperability. Today, we’ll examine this struggle from a legal perspective, focusing on the challenges and potential pathways for AI service providers attempting to break into traditional super app ecosystems. Specifically, we’ll compare the WhatsApp case with the earlier—and strikingly similar—case of Tencent blocking Microsoft’s Xiaoice AI bot.

Case 1: WhatsApp Bans AI Bots

In October 2025, Meta updated the terms of service for WhatsApp’s Business API. In essence, if a company’s core business is AI—such as offering AI chatbots, AI-powered Q&A assistants, or AI language tutors—its products are now prohibited from integrating with WhatsApp. However, AI tools used as auxiliary functions—like pre-defined automated replies for FAQs, customer support, or order tracking—are still permitted. Notably, Meta’s own “Meta AI” remains exempt from this restriction and continues to operate within WhatsApp.

In December, the European Commission announced an antitrust probe into Meta over this policy.

According to TechCrunch, a Meta spokesperson explained that WhatsApp’s Business API was originally designed to facilitate business-to-consumer customer service and transactional updates—not to serve as a distribution channel for general-purpose chatbots. The recent surge in generic AI bot usage has significantly increased message volume and system load, and Meta claims it is not yet prepared to support or monetize such use cases. In short: “Our system was built for customer service. Third-party AI bots are overloading our infrastructure, and since we haven’t figured out how to charge for it, we’re banning them for now.”

Case 2: Tencent Blocks Microsoft’s Xiaoice

Back in 2014—over a decade ago—Microsoft’s AI chatbot “Xiaoice” was abruptly banned from WeChat just three days after its launch. Tencent cited violations including simulated user behavior,诱导 users to create groups, and mass registration of spam accounts, arguing these actions threatened platform security and user privacy. According to reports from The Beijing News, Microsoft had registered approximately 100,000 Xiaoice accounts, which infiltrated 1.5 million WeChat groups. Microsoft swiftly denied the allegations, asserting that Xiaoice employed strict privacy safeguards and did not leak user data.

History repeats itself. Incumbent, data-rich, and walled-garden social platforms are clashing with ambitious AI newcomers desperate for data and interoperability. Yet today, these legacy platforms enjoy strong legal protections for their ecosystems. Based on the two cases above, if these disputes were litigated in court, the platforms would likely hold the upper hand.

Legal Analysis: WhatsApp Under EU Antitrust Law

The European Commission’s investigation cites traditional antitrust law—specifically, abuse of dominant market position. Under China’s Anti-Monopoly Law, such abuse requires two conditions: (1) a company holds more than 50% market share in a relevant market, and (2) it possesses actual market dominance.

Interestingly, just two months ago, a U.S. federal court dismissed the Federal Trade Commission’s (FTC) lawsuit against Meta over its acquisition of WhatsApp, ruling it did not violate antitrust laws. Although that case concerned illegal merger activity (not abuse of dominance), the court’s reasoning overlaps significantly with dominance analyses. The U.S. court was notably favorable to Meta on both key points:

Market definition: The court rejected the FTC’s narrow definition of a “personal social networking market,” noting that over the past decade, powerful alternatives like TikTok, YouTube, and X (formerly Twitter) have emerged. These platforms offer diverse social, entertainment, and communication functions, blurring traditional boundaries. As a result, market share might better be measured by user engagement time or ad revenue—metrics under which Meta’s share likely falls below 50%. Moreover, the dynamic nature of the social media landscape makes it difficult to establish stable, long-term dominance.

Of course, the EU applies a more stringent standard for antitrust enforcement than U.S. courts. While the U.S. ruling benefits Meta, it may not carry weight in Europe.

Notably, despite the EU’s Digital Markets Act (DMA)—which took effect recently and imposes explicit interoperability obligations on designated “gatekeepers”—the Commission chose to pursue this case under traditional antitrust law rather than the DMA. This is intriguing. Had the Commission invoked the DMA, proving wrongdoing might have been easier: Meta has already been designated a gatekeeper under the DMA, which legally obliges it to allow third-party services to interoperate with core platform services like WhatsApp and prohibits blocking or degrading third-party functionality.

Legal Analysis: Tencent vs. Microsoft Xiaoice

From a platform governance standpoint, Tencent’s actions in 2014 were legally defensible—even conservative by today’s standards. Consider what Microsoft did: it registered 100,000 WeChat accounts without platform authorization, added friends, and infiltrated 1.5 million group chats to collect data.

In today’s regulatory environment, such conduct could trigger billion-dollar fines—or even criminal liability.

First, mass-registering 100,000 accounts without permission violates the terms of service of virtually every global social platform. In China, such activity could constitute the crime of “illegally obtaining data from computer information systems” under the Criminal Law.

Second, while these accounts were invited into groups by existing users, other group members never consented to having their messages read by an AI bot. Thus, Xiaoice’s data collection involved large-scale, unauthorized access to personal information—a clear violation of privacy laws. Under China’s 2021 Personal Information Protection Law (PIPL), serious violations can incur fines up to RMB 50 million or 5% of annual global turnover.

Even Tencent’s own AI assistant, “Yuanbao,” is prohibited from joining WeChat group chats—highlighting the platform’s caution.

Although China’s PIPL didn’t exist in 2014, the Standing Committee of the National People’s Congress had already issued the Decision on Strengthening the Protection of Online Information in 2013, which established the principle that personal data cannot be collected without user consent.

Moreover, as a platform operator, Tencent bears legal obligations under China’s Cybersecurity Law and PIPL to protect user data. Failure to act against such violations could expose Tencent to even greater liability—akin to Facebook’s $5 billion penalty in the Cambridge Analytica scandal.

The Cambridge Analytica Parallel

In that infamous case, a personality quiz app collected data from 270,000 Facebook users—but due to an API flaw, it also harvested data from all their friends, ultimately affecting over 87 million users. The firm, Cambridge Analytica, later claimed it used this data to influence the Brexit vote and Trump’s 2016 election victory, triggering global outrage.

Facebook (now Meta) was forced to apologize publicly, its CEO Mark Zuckerberg testified before Congress, and the company eventually settled with the FTC for a record $5 billion fine—alongside stringent compliance reforms.

Given this history, it’s understandable why Meta now treads carefully when managing third-party AI access to WhatsApp. And similarly, Tencent cannot afford to be lax: allowing unchecked account creation or data scraping would invite severe penalties under China’s data protection regime—and could enable fraud, pyramid schemes, and other cybercrimes.

Beyond Privacy: The Ecosystem Lock-In Challenge

Even beyond legal barriers, AI entrants face another formidable obstacle: the deep integration of super apps like WeChat, Alipay, and Douyin into daily life. These platforms have cultivated closed, self-sufficient ecosystems where users seamlessly chat, shop, pay, hail rides, order food, and manage finances—all without leaving the app. User habits are entrenched, and there is currently little demand for AI agents that operate across multiple apps or automate cross-platform tasks.

Conclusion: A Paradox of Efficiency vs. Security

We may be entering a prolonged legal and technological paradox: we desire the seamless interoperability and hyper-efficiency promised by AI, yet we simultaneously rely on the security and order provided by walled-garden super apps. Even if future legislation—like the EU’s DMA—mandates API openness through “gatekeeper” obligations, super apps will likely retain control by invoking security and privacy concerns.

The battle between AI newcomers and tech incumbents is thus unlikely to yield quick victories. It will be a protracted war—one fought not only in code and markets, but in courts, parliaments, and the evolving norms of digital society.

From WeChat to WhatsApp: AI’s Legal Dilemma in Challenging Super Apps

Recently, WhatsApp—the world’s largest instant messaging platform—restricted artificial intelligence (AI) bots from accessing its service. In response, the European Commission promptly launched an antitrust investigation. Meanwhile, in China, major super apps such as WeChat, Alipay, Taobao, and financial platforms have blocked access for the AI assistant “Doubao” (developed by ByteDance), drawing significant media attention. Behind these incidents lies a broader industrial conflict between closed, ecosystem-dominated mobile super apps and emerging AI companies seeking data access and interoperability. Today, we’ll examine this struggle from a legal perspective, focusing on the challenges and potential pathways for AI service providers attempting to break into traditional super app ecosystems. Specifically, we’ll compare the WhatsApp case with the earlier—and strikingly similar—case of Tencent blocking Microsoft’s Xiaoice AI bot.

Case 1: WhatsApp Bans AI Bots

In October 2025, Meta updated the terms of service for WhatsApp’s Business API. In essence, if a company’s core business is AI—such as offering AI chatbots, AI-powered Q&A assistants, or AI language tutors—its products are now prohibited from integrating with WhatsApp. However, AI tools used as auxiliary functions—like pre-defined automated replies for FAQs, customer support, or order tracking—are still permitted. Notably, Meta’s own “Meta AI” remains exempt from this restriction and continues to operate within WhatsApp.

In December, the European Commission announced an antitrust probe into Meta over this policy.

According to TechCrunch, a Meta spokesperson explained that WhatsApp’s Business API was originally designed to facilitate business-to-consumer customer service and transactional updates—not to serve as a distribution channel for general-purpose chatbots. The recent surge in generic AI bot usage has significantly increased message volume and system load, and Meta claims it is not yet prepared to support or monetize such use cases. In short: “Our system was built for customer service. Third-party AI bots are overloading our infrastructure, and since we haven’t figured out how to charge for it, we’re banning them for now.”

Case 2: Tencent Blocks Microsoft’s Xiaoice

Back in 2014—over a decade ago—Microsoft’s AI chatbot “Xiaoice” was abruptly banned from WeChat just three days after its launch. Tencent cited violations including simulated user behavior,诱导 users to create groups, and mass registration of spam accounts, arguing these actions threatened platform security and user privacy. According to reports from The Beijing News, Microsoft had registered approximately 100,000 Xiaoice accounts, which infiltrated 1.5 million WeChat groups. Microsoft swiftly denied the allegations, asserting that Xiaoice employed strict privacy safeguards and did not leak user data.

History repeats itself. Incumbent, data-rich, and walled-garden social platforms are clashing with ambitious AI newcomers desperate for data and interoperability. Yet today, these legacy platforms enjoy strong legal protections for their ecosystems. Based on the two cases above, if these disputes were litigated in court, the platforms would likely hold the upper hand.

Legal Analysis: WhatsApp Under EU Antitrust Law

The European Commission’s investigation cites traditional antitrust law—specifically, abuse of dominant market position. Under China’s Anti-Monopoly Law, such abuse requires two conditions: (1) a company holds more than 50% market share in a relevant market, and (2) it possesses actual market dominance.

Interestingly, just two months ago, a U.S. federal court dismissed the Federal Trade Commission’s (FTC) lawsuit against Meta over its acquisition of WhatsApp, ruling it did not violate antitrust laws. Although that case concerned illegal merger activity (not abuse of dominance), the court’s reasoning overlaps significantly with dominance analyses. The U.S. court was notably favorable to Meta on both key points:

Market definition: The court rejected the FTC’s narrow definition of a “personal social networking market,” noting that over the past decade, powerful alternatives like TikTok, YouTube, and X (formerly Twitter) have emerged. These platforms offer diverse social, entertainment, and communication functions, blurring traditional boundaries. As a result, market share might better be measured by user engagement time or ad revenue—metrics under which Meta’s share likely falls below 50%. Moreover, the dynamic nature of the social media landscape makes it difficult to establish stable, long-term dominance.

Of course, the EU applies a more stringent standard for antitrust enforcement than U.S. courts. While the U.S. ruling benefits Meta, it may not carry weight in Europe.

Notably, despite the EU’s Digital Markets Act (DMA)—which took effect recently and imposes explicit interoperability obligations on designated “gatekeepers”—the Commission chose to pursue this case under traditional antitrust law rather than the DMA. This is intriguing. Had the Commission invoked the DMA, proving wrongdoing might have been easier: Meta has already been designated a gatekeeper under the DMA, which legally obliges it to allow third-party services to interoperate with core platform services like WhatsApp and prohibits blocking or degrading third-party functionality.

Legal Analysis: Tencent vs. Microsoft Xiaoice

From a platform governance standpoint, Tencent’s actions in 2014 were legally defensible—even conservative by today’s standards. Consider what Microsoft did: it registered 100,000 WeChat accounts without platform authorization, added friends, and infiltrated 1.5 million group chats to collect data.

In today’s regulatory environment, such conduct could trigger billion-dollar fines—or even criminal liability.

First, mass-registering 100,000 accounts without permission violates the terms of service of virtually every global social platform. In China, such activity could constitute the crime of “illegally obtaining data from computer information systems” under the Criminal Law.

Second, while these accounts were invited into groups by existing users, other group members never consented to having their messages read by an AI bot. Thus, Xiaoice’s data collection involved large-scale, unauthorized access to personal information—a clear violation of privacy laws. Under China’s 2021 Personal Information Protection Law (PIPL), serious violations can incur fines up to RMB 50 million or 5% of annual global turnover.

Even Tencent’s own AI assistant, “Yuanbao,” is prohibited from joining WeChat group chats—highlighting the platform’s caution.

Although China’s PIPL didn’t exist in 2014, the Standing Committee of the National People’s Congress had already issued the Decision on Strengthening the Protection of Online Information in 2013, which established the principle that personal data cannot be collected without user consent.

Moreover, as a platform operator, Tencent bears legal obligations under China’s Cybersecurity Law and PIPL to protect user data. Failure to act against such violations could expose Tencent to even greater liability—akin to Facebook’s $5 billion penalty in the Cambridge Analytica scandal.

The Cambridge Analytica Parallel

In that infamous case, a personality quiz app collected data from 270,000 Facebook users—but due to an API flaw, it also harvested data from all their friends, ultimately affecting over 87 million users. The firm, Cambridge Analytica, later claimed it used this data to influence the Brexit vote and Trump’s 2016 election victory, triggering global outrage.

Facebook (now Meta) was forced to apologize publicly, its CEO Mark Zuckerberg testified before Congress, and the company eventually settled with the FTC for a record $5 billion fine—alongside stringent compliance reforms.

Given this history, it’s understandable why Meta now treads carefully when managing third-party AI access to WhatsApp. And similarly, Tencent cannot afford to be lax: allowing unchecked account creation or data scraping would invite severe penalties under China’s data protection regime—and could enable fraud, pyramid schemes, and other cybercrimes.

Beyond Privacy: The Ecosystem Lock-In Challenge

Even beyond legal barriers, AI entrants face another formidable obstacle: the deep integration of super apps like WeChat, Alipay, and Douyin into daily life. These platforms have cultivated closed, self-sufficient ecosystems where users seamlessly chat, shop, pay, hail rides, order food, and manage finances—all without leaving the app. User habits are entrenched, and there is currently little demand for AI agents that operate across multiple apps or automate cross-platform tasks.

Conclusion: A Paradox of Efficiency vs. Security

We may be entering a prolonged legal and technological paradox: we desire the seamless interoperability and hyper-efficiency promised by AI, yet we simultaneously rely on the security and order provided by walled-garden super apps. Even if future legislation—like the EU’s DMA—mandates API openness through “gatekeeper” obligations, super apps will likely retain control by invoking security and privacy concerns.

The battle between AI newcomers and tech incumbents is thus unlikely to yield quick victories. It will be a protracted war—one fought not only in code and markets, but in courts, parliaments, and the evolving norms of digital society.