Microsoft is blaming a 2009 agreement with the EU for the recent CrowdStrike outage that brought the world to its knees.

CrowdStrike’s cybersecurity software runs at the lowest level of the operation system, the kernel, giving it access that goes far beyond ordinary software. Ideally, the kernel is well-protected against software wreaking havoc—either maliciously or through ineptness, as in the case of CrowdStrike.

Unfortunately, for Microsoft, the company is not able to lock down the kernel and protect it like it should be. According to The Wall Street Journal, a Microsoft spokesperson said the issue stems from a 2009 agreement Microsoft made with the EU in response to a complaint. The agreement stipulates that Microsoft will give third-party developers the same low-level access to the kernel that Microsoft has.

In contrast, Apple announced in 2020 that it would no longer allow developers to access the kernel, meaning macOS is inherently immune from CrowdStrike-like incidents. Put even more bluntly, it means that Microsoft Windows will never be as secure as macOS thanks to the deal it struck with the EU.

Microsoft’s predicament underscores growing concern about the EU’s regulatory efforts. The bloc has been aggressively cracking down on Big Tech, with the Digital Markets Act aimed at fostering a level playing field. Gatekeeper companies—companies that control an entire platform and meet users and income thresholds—have been especially targeted, with the EU trying to force them to open their platforms to third-party companies.

As Microsoft’s example shows, however, ripping platforms open so everyone and anyone can have unfettered access doesn’t always benefit users as much as lawmakers think it will. Instead, it can lead to disasters like CrowdStrike.