How will it be installed once the deal closes?

Assuming default settings, the EA App runs a background service with elevated privileges (often as TrustedInstaller on Windows), and automatic updates are enabled by default. That means:

• No user action is required for software updates, including those that install kernel-mode drivers.
• Kernel-level components can be silently updated or extended through routine game patches or EA App updates.
• Any newly introduced or modified driver (e.g., an anti-cheat update) would be signed by EA, but users are not alerted to the depth of the update unless they manually inspect it, which is virtually impossible given the encrypted/proprietary nature of the codebase.

So, once the acquisition closes, any architectural changes to anti-cheat or telemetry mechanisms can be deployed silently as part of routine patching cycles. This does not require a new game release or user intervention.

Has it already been installed?

This is a fair assumption under standard security threat modeling practices.

• EA has already shipped kernel-level drivers (e.g., EAAntiCheat.sys) since 2023, and these are typically installed alongside online multiplayer titles such as EA Sports FC and Battlefield 2042.
• These drivers run with the highest system-level privileges, and the EA App has full access to update them.
• The compiled binaries are not open-source, not auditable, and may include encrypted segments or obfuscated logic, meaning users and third parties have no reliable way to verify what the software is actually doing.

Security best practices assume that any installed kernel-level driver is capable of full system access, including:

• Reading any file or memory region
• Installing persistence mechanisms
• Monitoring user input
• Communicating externally, including via encrypted channels

So yes, if you’ve installed a modern EA game, the capability is already there. The only real change under a new ownership model is intent.

Could this be a concern if the acquirer wasn’t Saudi Arabia’s PIF?

The kernel-level threat model doesn’t change based on ownership, the capabilities remain the same. But the motivations and likely use cases absolutely do.

It is a factual and well-documented reality that Saudi Arabia is:

• An authoritarian regime with little tolerance for dissent
• Known for surveillance and digital repression (including use of spyware such as Pegasus)
• Responsible for state violence, including the murder of journalist Jamal Khashoggi
• Building a significant intelligence and cyber operations apparatus under the guise of technological investment

In that context, PIF’s ownership of a widely installed, privileged software platform, with millions of endpoints and baked-in telemetry infrastructure, is not just theoretical risk, it’s an active national security concern.

It’s reasonable to assume that whatever institutional restraint EA may have had about using anti-cheat for more than gameplay integrity may now be loosened, or removed entirely.

Does this apply to all EA games? Is it properly disclosed?

EA claims that kernel-level anti-cheat is used “selectively”, primarily in high-profile online multiplayer titles. However:

• There is no centralized or transparent disclosure list showing which games install kernel drivers.
• The EA App and installers do not consistently warn users at install time that a kernel-level driver will be added to their system.
• Detection is only possible after installation, by manually inspecting the installed drivers or using tools like Autoruns, Process Hacker, or Sigcheck.

So while it’s technically true that not all EA games use kernel anti-cheat, the lack of disclosure and difficulty in verifying makes it functionally impossible for the average user to know which games are safe, especially given the bundled update system that can install new software silently at any time.

Games purchased outside the EA App (e.g., on Steam or Epic) often still require the EA launcher to run, meaning kernel drivers can still be deployed through those channels.