The private company argument has limits. Common carrier status for one. At least in the EU there also are exemptions for repairing and interoperability.
In my opinion repairability should extend to the ability for the owner of a device to side-load any software.
If apple wants to police their own app-store, fine. But they shouldn't be allowed to exclude installation through other means. If they had not complete control over the ecosystem then they would not be in the situation where they can and have to play deputy sheriff for the government.
You can load your own software on to an iOS device provided you have access to the code. AFAIK iOS dev tools that enable you to load apps onto the device no longer require the $99 annual fee so if you download them you can side-load software.
My point was you can side-load apps. As for that specific API even the official docs seem a bit confused:
"Except when you use the NEHotspotHelper class, you do not need to obtain entitlements from Apple to use Network Extension classes. However, you still need to enable the Network Extension entitlement via the Developer portal."
My understanding is that you still need a developer certificate from apple which has a limited lifetime. So you're not given permanent control over your device in the sense of unshackling you from the manufacturer, which is a requirement for repairability.
They're merely handing out breadcrumbs to give the appearance of a way out which they can retract at any time.
In my opinion repairability should extend to the ability for the owner of a device to side-load any software.
If apple wants to police their own app-store, fine. But they shouldn't be allowed to exclude installation through other means. If they had not complete control over the ecosystem then they would not be in the situation where they can and have to play deputy sheriff for the government.