The EU laws allow exceptions for security, but most of the Apple shenanigans related to the DMA were walked back the minute the EU said they would launch an investigation into the matter.

So no, I would say it is absolutely about whether they can open up and still be secure. It seems that they lack confidence that the arguments they had put forward would survive scrutiny asking just that question. Heck, there are even exceptions in the law that would allow them extended time periods in order to comply with the requirements in order to ensure security. So if it is just a question of needing more time, they can get it, and if it is a question of not being possible for users to be secure when interoperable with third parties, they can get exceptions for that.