HCE-based contactless NFC transactions for apps in the European Economic Area (EEA)

iOS 17.4 or later includes APIs that support contactless transactions for in-store payments, car keys, closed loop transit, corporate badges, home keys, hotel keys, program membership, and event tickets from within compatible iOS apps using host card emulation (HCE). Users based in the European Economic Area (EEA) with an iPhone running iOS 17.4 or later can initiate in-person NFC transactions from iOS apps at compatible NFC terminals or mobile devices.

To support contactless transactions, eligible iOS apps will need an HCE entitlement. The entitlement ensures that only authorized app developers who commit to comply with certain industry and regulatory requirements, and commit to ongoing security and privacy standards can access these APIs.

To help protect user privacy and security on iPhone, and to prevent payment transaction tokens and other sensitive personal and financial data from being compromised when using HCE, developers who want to build HCE capabilities into their app using these APIs will need to apply for the HCE Entitlement.

How it works

  • NFC transactions. Users of eligible apps can initiate NFC transactions from within the app with compatible NFC terminals.
  • Default app settings. Users can choose any eligible app as their default contactless app which will enable the app to support field detect and double-click.
  • Field detect. The default contactless app automatically launches when the user places the device in the presence of a compatible NFC terminal and after user authentication (if the iPhone is locked).
  • Double-click. The default contactless app automatically launches when the user double-clicks the side button (for Face ID devices) or the Home button (for Touch ID) and after user authentication (if the iPhone is locked).
  • Support for non-default apps. Eligible apps running in the foreground can prevent the system default contactless app from launching and interfering with the NFC transaction.

Requirements and availability

Requires iPhone XS or later running iOS 17.4 or later.

If you’d like your app to support NFC transactions within the EEA, you’ll need the HCE Entitlement. To be eligible for the entitlement,

You must:
  • Be established* in the EEA;
  • Be enrolled as an organization in the Apple Developer Program;
  • Commit to comply with all security standards and privacy requirements that apply to the processing of sensitive personal and financial data in the EEA and to the HCE Application and their business, including security standards published by the PCI DSS and EMVCo (for supporting In-store NFC Payments), GDPR, or other applicable law; and
  • Commit to maintaining (or have in place before the HCE Entitlement is granted) appropriate written policies and procedures for:
    • The processing of personal data, including disclosure to third parties, and
    • The disclosure, processing, and remediation of potential vulnerabilities in their HCE Application and back-end HCE infrastructure, and will have in place a process to promptly and without undue delay notify Apple of any actively exploited vulnerability in the HCE Application or HCE back-end infrastructure or of any Security incident.

* For these purposes, “established” shall mean the effective and real exercise of activities through stable arrangements in line with EU law. The legal form of such arrangements, whether through a branch or a subsidiary with a legal personality, is not the determining factor in that respect.

Your app must:
  • Be for iOS users in eligible EEA markets;
  • Have the ability to support ISO 14443-4 and ISO 7816-4 commands in order to communicate with the NFC terminal;
  • Follow the HCE requirements and experience guidelines below; and
  • Support at least one of the following use cases:
    • In-store NFC payments: If you have the legal right and the necessary regulatory permissions to provide mobile payment solutions in the EEA, you can request access to iOS APIs to develop, test or distribute an HCE Payments Application.
    • Closed-loop transit: If you are a transport operator (or you’ve partnered with a transport operator) and have a license to offer transit tickets or have a valid and binding agreement with an entity that’s licensed or authorized to offer transit tickets in the EEA, you can request access to iOS APIs to develop, test or distribute an HCE application for closed-loop contactless transactions.
    • Car Keys: If you are a car manufacturer or have a valid and binding agreement with a car manufacturer enabling you to offer or facilitate the offering of virtual car keys for specific car brands in the EEA, you can request access to iOS APIs to develop, test or distribute an HCE application.
    • Home Keys: If you are a home key manufacturer or you’ve partnered with a home key manufacturer and you want to offer virtual home keys for your customers to lock or unlock their homes (single-family, multi-family, etc.), you can request access to iOS APIs to develop, test or distribute an HCE application.
    • Hotel Keys: If you operate a hotel or have a valid and binding agreement with a hotel operator enabling you to offer or facilitate the offering of virtual keys to access hotel rooms in the EEA, you can request access to iOS APIs to develop, test or distribute an HCE application.
    • Corporate Badge access: If you operate an office building or have a valid and binding agreement with another entity enabling you to offer or facilitate the offering of virtual corporate badges to access office spaces in the EEA, you can request access to iOS APIs to develop, test or distribute an HCE application.
    • Program membership or benefits: If you operate a membership program or have a valid and binding agreement with another entity enabling you to offer or facilitate the offering of a membership program to consumers in the EEA, you can request access to iOS APIs to develop, test or distribute an HCE application.
    • Event Tickets: If you are a live event operator or have a valid and binding agreement with a live event operator enabling you to offer or facilitate the offering of NFC-enabled tickets to access specific venues in the EEA, you can request access to iOS APIs to develop, test or distribute an HCE application.

Requesting the HCE Entitlement

This entitlement ensures that the developer requesting access to the APIs will adhere to certain industry and applicable regulatory requirements — such as conforming to industry security standards when handling personal data (for example, Payment Card Industry Data Security Standards), have legal right and the necessary permissions to provide mobile HCE based contactless solutions in the EEA (if the service you want to offer is regulated), have the required certifications for your app, and commit to ongoing security and privacy standards to access and use these capabilities. You are responsible for ensuring you meet these requirements before submitting your request.

To get started, submit the entitlement request form. You’ll need to be the Account Holder of your organization’s membership in the Apple Developer Program, provide the additional details listed below, and agree to the entitlement’s terms and conditions. Please make sure your request is as complete as possible to avoid delays.

App name and Bundle ID. Enter your app name, and the bundle ID (the app’s unique identifier) that you plan to use. Entitlement requests are per bundle ID and assigned entitlements can only be used with the single binary associated with the bundle ID.

Use case: Indicate the use cases you plan to support in your app with the HCE Entitlement. You can optionally combine multiple use cases within the same HCE app.

List AID or RID prefixes: Enter a list of Application Identifier (AIDs) or Registered Application Provider Identifiers (RIDs) associated with your app.

Important: If you had been previously granted a HCE development entitlement and would like to apply for a distribution entitlement, please resubmit your request and accept the terms on the entitlement request form. As part of your resubmission request, please also include AIDs you’ve previously submitted and plan to continue using as part of your HCE solution.


Providing an HCE experience within your app

Design guidelines

Display the in-app NFC presentment sheet

Eligible iOS apps running on supported iPhone models must use the proposed solution to present an eligible credential to a compatible near-field communication (NFC) terminal. In the iOS app, you must invoke an NFC presentment sheet with customizable text whenever users are about to make a contactless transaction.

Use familiar terminology and provide brief instructional text

NFC may be unfamiliar to some people. To make it approachable, avoid referring to technical, developer-oriented terms like NFC, Core NFC, near-field communication, etc. Instead, use friendly, conversational terms that most people will understand. For example:

Use Don’t use
Hold your iPhone near the [object name] to make a payment. To use NFC payments, tap your phone to the [object name].

Presentment Intent Assertion

In order to enable a seamless experience, eligible app developers can prevent the system default contactless app from launching and interfering with their contactless transaction.

You can acquire a presentment intent assertion to suppress the default contactless app when the user expresses an active intent to perform an NFC transaction, like choosing a payment or closed-loop transit credential or activating the presentment UI. You can only invoke the intent assertion capability when your app is in the foreground.

The intent assertion expires if any of the following occur:

  • The intent assertion object deinitializes
  • Your app goes into the background
  • 15 seconds elapse

After the intent assertion expires, your app will need to wait 15 seconds before acquiring a new intent assertion.

Important: Use of the intent assertion API outside of the presentment intent, or abuse of this API for unsupported use cases, is against Apple policy and could result in being blocked from installation from the App Store or through alternative app marketplaces.

Only show the in-app NFC presentment sheet for eligible devices and users

Before presenting the NFC presentment sheet for contactless transactions, we recommend using the CardSession.isEligible iOS API to validate eligibility for contactless experiences. If CardSession.isEligible returns False, your app will be unable to invoke the presentment sheet. Applications should hide or otherwise disable features requiring CardSession when not eligible to deliver a good user experience.

Distinguish this solution from Apple Pay and Apple Wallet

The HCE-based solution is independent of Apple Pay and Apple Wallet, so to avoid any customer confusion between Apple Pay, Apple Wallet and this solution, it’s essential to distinguish the presentment experience from Apple Pay and Apple Wallet when leveraging this solution.

Specifically, avoid displaying an Apple Pay or Apple Wallet mark or logo in any button that launches the in-app NFC presentment sheet for HCE transactions.

In addition, when you design the user experience in your iOS app using the HCE-based solution, do not use visuals, graphic symbols, logos, icons or marks that appear confusingly similar to Apple Pay or Wallet.

Finally, you may not use any Apple Wallet or Apple Pay owned graphic symbol, logo, or icon in your HCE-based solution. This includes any variations or takeoffs of the Apple Wallet UI or the “Checkmark” presented after the transaction.


Configuring and enabling the entitlement in Xcode

Once you receive an email confirmation that the entitlement was assigned to your account and you’ve configured the app ID in Certificates, Identifiers & Profiles to support this entitlement, you’ll need to update your Xcode project, entitlements plist file, and Info.plist file to list the entitlement and metadata. The entitlement is compatible with iOS 17.4 and later on iPhone.

  1. In the Project navigator, select the .entitlements file. The filename is prefixed with an yellow checkmark seal icon.
  2. In the entitlements plist file, add a new entitlement key pair by holding the pointer over the Entitlements File row and clicking the add button (+).
  3. Provide the following values for this entitlement:
    1. Key: com.apple.developer.nfc.hce
      1. Type: BOOL
      2. Value: YES/NO
    2. Key: com.apple.developer.nfc.hce.iso7816.select-identifier-prefixes
      1. Type: Array of String
      2. Value: A list of AIDs or RIDs associated with the applications intended to be used with the iOS app.
      3. Examples:
        1. 325041592E5359532E4444463031 - PPSE
        2. A0000000032020 - Visa
        3. A0000000042010 - Mastercard
        4. A0000004400001010001 - HID
        5. A0000003964D344D24040181F8020001 - MIFARE
    3. Key: com.apple.developer.nfc.hce.default-contactless-app
      1. Type: BOOL
      2. Value: YES/NO
  4. Provide the required metadata in your Info.plist file as described in Updating your Info.plist file.

On the next build to your device or distribution request in Xcode Organizer, Xcode will detect that the .entitlements file and cached provisioning profile don’t match, and will request a new provisioning profile based on the latest app ID configuration to complete the code signing process.

Testing requirements

Apple has developed a solution which allows HCE Developers to develop and test HCE Payment Apps outside the EEA. The new solution allows development and testing on a device through known and well-used means such as Xcode and provisioning of profiles used for testing on devices within a developer’s organization. Developers will be able to have up to 100 test devices outside the EEA.

To test HCE-based contactless transactions, you’ll need to test with an iPhone and NFC hardware. CardSession requires the presence of an NFC reader, which isn’t supported in Simulator, to perform an ISO 7816 card emulation session. You can test with the following configurations:

  • Your iPhone is running iOS 18.2 or later
  • Your iPhone is running iOS 17.4 or later and with an iPhone and NFC hardware within the EEA

Submitting your app for review in App Store Connect

When submitting your new or updated app binary for review in App Store Connect, make sure to follow these submission requirements as well as the design guidelines, terms and conditions of the entitlement, the App Review Guidelines, and the Apple Developer Program License Agreement.

Please provide the following in order for us to evaluate your app and approve it for distribution:

  • Test login details
  • At least one test payment credential that can be provisioned and used in your HCE app for the purposes of making an NFC transaction
  • Screenshots or video of your app being used at a terminal for an NFC transaction
  • Video of your app demonstrating an implementation of the Presentment Intent Assertion API

If your submission is incomplete, review times may be delayed or your app may be rejected. Once your app has been reviewed, its status will be updated in App Store Connect and you will be notified. At all times, you’ll need to make sure your app’s entitlement details match your app’s binary, and are up to date.

To make updates to your entitlement details, such as adding a new AID or RID, re-submit the entitlement request form.

EC Commitments – Complaints

Apple has entered into Commitments with the European Commission to allow third-party wallet providers established in the European Economic Area (EEA) access to the HCE-based NFC Technical Solution on iOS in the EEA. Access to the NFC Technical Solution is free of charge and based on a fair, objective, transparent and non-discriminatory procedure and subject to certain eligibility criteria. Developers may distribute an Eligible HCE Payment Application through Apple’s App Store in the EEA and other software application distribution channels that are allowed and which are operating on iOS in the EEA. Users with an Apple Account registered in the EEA have the option to easily set an HCE payment app as their default app for payments in stores and to use relevant functionalities (i.e., Field Detect, Double-click) and authentication tools (i.e., Touch ID, Face ID, and device passcode). The Commitments will remain in force for ten years and apply throughout the EEA effective as of 17 July 2024.

The full text of the Commitments can be accessed at the following link: https://ec.europa.eu/competition/antitrust/cases1/202428/AT_40452_10155330_9978_4.pdf

The Commitments provide for two separate complaint handling mechanisms depending on the nature of the complaint. Complaints related to the requirements outlined in paras. 3.1-3.13 and 3.15-3.22 of the Commitments will be handled by the Monitoring Trustee, a third party appointed to oversee Apple’s compliance with the Commitments. Complaints related to Apple’s application of the eligibility criteria will be handled through a separate Dispute Resolution Procedure. A special Appeal Board (“NFC Appeal Board”) has been established to handle such disputes.

Monitoring Trustee Complaint Handling Procedure

Pursuant to para. 5.1 of the Commitments, you may submit a complaint regarding Apple’s compliance with the requirements outlined in paras. 3.1-3.13 and 3.15-3.22, which cover aspects such as the requirements to the NFC Technical Solution, default payment application settings, codification guidance, and non-discrimination of Eligible HCE Payment Applications. Complaints must be directed via a Complaint Form to the Monitoring Trustee at ApplePay.EC-commitments@alcis-advisers.com or sent to Alcis Advisers GmbH, Fasanenstraße 73, 10719 Berlin, Germany.

The Complaint Form and further information can be found on the Monitoring Trustee’s website: https://www.alcis-advisers.com/#apple-commitments-to-the-european-commission.

NFC Entitlement Program Dispute Resolution Procedure

Complaints related to Rejection Decisions, as specified below, are not covered by the Monitoring Trustee Complaint Handling Procedure, but are subject to a separate Dispute Resolution Procedure. This means that, for any complaints regarding Apple’s decisions related to the application of the eligibility criteria, i.e., decisions not to authorize, to revoke, restrict or deny HCE Developer’s access to the NFC Entitlement Program, including whether a decision has been made within the required deadlines, you must follow the NFC Entitlement Program Dispute Resolution Procedure. The full text of the procedure can be found here: https://ec.europa.eu/competition/antitrust/cases1/202428/AT_40452_10155330_9978_4.pdf

The separate Dispute Resolution process covers the following Rejection Decisions:

  • Any decision not to authorize a Developer Applicant under the NFC Entitlement Program in particular as specified in Annex 1, para. 8;
  • Any decision to revoke, restrict, or deny, in whole or in part, an HCE Developer’s access to the NFC Entitlement Program (once granted);
  • A failure to take a decision on an HCE Payment Entitlement under the NFC Entitlement Program Request within the time period defined in the NFC Entitlement Program Procedure (Annex 1); including the failure to confirm that the request is complete pursuant to para. 5 of Annex 1 of the Commitments;
  • Any specific material breach by Apple of the obligations provided at paras. 3.1-3.13 of the Commitments which directly results in the revocation, restriction, or denial, in whole or in part, of an HCE Developer’s access to the NFC Entitlement Program; and
  • Decisions adopted under the App Review procedure that are, or may reasonably be construed as being, directly and primarily, decisions on the application of the eligibility criteria under the NFC Entitlement Program similar to the matters in paras. 1.1(a)-(c) above. This does not apply to decisions made by Apple’s App Review in the ordinary course.

Process and Timing:

In the event of a dispute related to a Rejection Decision (“Dispute”), a Developer (Applicant) (“Requesting Party”) must, as a first step, submit a complaint to Apple (via HCEEntitlementdispute@apple.com), copying the Monitoring Trustee (ApplePay.EC-commitments@alcis-advisers.com). The complaint must be submitted within 15 business days of the Rejection Decision, and should set out the grounds of the complaint in detail (“Dispute Notice[1] ”). When submitting a complaint, the developer must also submit the consent form available here: https://developer.apple.com/support/downloads/downloads/Case-AT-40452-Consent-Form.pdf.

Once a complaint is submitted, the Requesting Party and Apple have 20 business days (“Consultation Period”) to try and resolve the Dispute through cooperation and consultation, using good faith, reasonable efforts. The Monitoring Trustee will help facilitate a solution by presenting a proposal to resolve the dispute, and, if both Parties agree, facilitate the settlement of the Dispute.

If the Requesting Party and Apple cannot solve the dispute within the Consultation Period, the Requesting Party may refer the matter to the NFC Appeal Board by submitting a written request (“Notice of Appeal”) to the Appeal Board (via chairperson@appeals-board.com), copying Apple (HCEEntitlementdispute@apple.com) and the Monitoring Trustee (ApplePay.EC-commitments@alcis-advisers.com).

A Notice of Appeal must be submitted within 20 business days from the end of the Consultation Period, and must include:

  1. the Requesting Party’s name, address and relevant identification criteria;
  2. legal and/or contractual representative before the Appeal Board;
  3. statement of the legal and/or factual grounds for appeal of the Rejection Decision;
  4. all supporting documents submitted during the Consultation Period (to ensure they can be included in the proceedings); and
  5. a short description of the Requesting Party’s envisaged solution.

An appeal will be decided by a Panel in accordance with a set of established procedural rules (“NFC Appeal Rules”) available here: https://developer.apple.com/support/downloads/NFC-Appeal-Rules.pdf.

Developers should closely consult and consider in detail the procedure set out in Annex 2 of the Commitments (available here: https://ec.europa.eu/competition/antitrust/cases1/202428/AT_40452_10155330_9978_4.pdf) and the NFC Appeal Rules to ensure the procedure is followed properly.

Documentation and resources