As far as I can tell this basically means that all apps must be approved by Apple to follow their “platform policies for security and privacy” even if publishing on a third party app store. They will also disable updating apps from third party app stores if you stay outside the EU for too long (even if you are a citizen of an EU country, with an Apple account set to the EU region).
The idea that preventing app updates is in line with their claims of protecting security is utterly absurd. “Never attibute to malice what can be explained with stupidity,” but Apple isn’t stupid.
I think it’s a safe bet they had their legal teams sifting through the whole DMA to find a way to comply while making it as obnoxious as possible to the user, the third party providers, and everyone else pretty much.
Though it’s also pretty evident that this is bad faith compliance and not in the spirit of the DMA, so the EU legislators will hopefully slap them with another fine.