Editor’s Note: This article is part of Regulating Social Media Platforms: Government, Speech, and the Law, a symposium organized by Just Security, the NYU Stern Center for Business and Human Rights, and Tech Policy Press.
Middleware, third-party software that serves as an intermediary between users and platforms, offers a potentially promising solution to counter the concentrated power of centralized social media platform governance. Middleware, in this context, refers to open, third-party products and services that are composable—meaning they allow multiple providers to be mixed and matched for specific use cases, allowing users agency over the overall user experience. One example of this was the app BlockParty, which let users nuke trolls from their feeds on X by configuring settings in BlockParty’s easy-to-use interface. Although middleware may serve as a user agent for many purposes, scholars who study the impact of concentrated platform power on democracy and society have speculated about middleware’s potential benefits for increasing user agency over content curation and moderation specifically. In giving users more agency over the content that they see—or the content they wish to avoid–middleware might encourage a more pluralistic and democratic digital ecosystem.
For the still-nascent middleware market to flourish, however, incentives must be aligned, regulatory barriers addressed, and platform cooperation encouraged. Here, we outline key steps necessary to cultivate a viable middleware market, balancing innovation with user protection and regulatory clarity. The insights presented here are derived from a paper we co-authored for the December 2024 Georgetown University McCourt School of Public Policy and Foundation for American Innovation whitepaper, titled “Shaping the Future of Social Media with Middleware.”
Paths to Middleware Adoption
A few short years ago discussions of social media middleware policy focused largely on how to compel large platforms to cooperate. But lately, recent technological trends and user adoption of protocol-based social media communities (such as Bluesky or the Fediverse, which use open technical standards – or protocols – that allow different apps to connect and share content across a common network) suggest that middleware adoption now has the potential to follow one of two paths: via integration within centralized platforms or via the expansion of decentralized, federated networks.
In a centralized adoption model, dominant platforms such as Meta, YouTube, or X (formerly Twitter) would incorporate middleware services into their existing ecosystems – offering a proliferation of third-party services like BlockParty, meeting different user needs (imagine something like an app store, but on a social media platform). This model can quickly scale middleware adoption by leveraging large user bases and established infrastructures, but it also risks allowing major platforms to maintain significant control over middleware providers. X somewhat notoriously altered the terms and costs for third-party access to its API, effectively shutting down many third-party services built on top of the platform. Meta has had unfortunate experiences with unethical third-party providers such as Cambridge Analytica, which improperly obtained user data to build U.S. voter profiles. The resulting scandal is one reason Meta trended toward becoming more closed rather than open over time. However, in a departure from its normal “walled garden” approach, it has recently integrated its platform Threads with ActivityPub, a common, open standard for decentralized social networking.
Alternatively, a decentralized adoption model assumes continued growth of federated networks like Mastodon and Bluesky, where middleware services are built into inherently open ecosystems. This approach offers greater user autonomy and less reliance on corporate gatekeepers but, on this path, middleware faces challenges in achieving widespread adoption and long-term sustainability; funding models for protocol-based social media remain an open question. Additionally, although Bluesky already offers third-party labelers (moderation tools) and feeds (curation experiences), it is unclear how many users are aware of them. Broad user adoption of middleware will likely require some education, and less-resourced platforms may be less well-equipped to manage a middleware marketplace while focused on their own growth challenges.
For middleware to gain widespread adoption, policymakers should focus on creating conditions that allow middleware services to function effectively within both centralized and decentralized adoption paths. Reducing liability risks for platforms that integrate middleware services and fostering a regulatory environment that supports competition will be essential steps in this process.
Reducing Legal and Regulatory Barriers
Some of the most significant recent regulation of large technology platforms has come from Europe. The European Union’s Digital Markets Act (DMA) has set a precedent by mandating interoperability and data portability, requiring dominant platforms to provide greater openness. The EU’s Digital Services Act complements these measures by requiring that users have more control over the content they see, and mandating greater transparency in algorithmic processes. The United Kingdom and Australia have also introduced regulatory initiatives that emphasize competition and user choice. Momentum, therefore, may be driving toward middleware as a solution that centralized platforms will embrace. However, European regulatory success has been mixed. The DMA has faced significant challenges and malicious compliance from incumbent platforms, and its critics argue that it is overreaching and particularly burdensome for smaller tech companies.
Whether and how the Trump administration might align with these efforts remains uncertain, but fostering a middleware-friendly ecosystem will require clear standards for interoperability and platform openness.
Jurisdiction over middleware-related public policy is currently spread across multiple federal agencies, including the Federal Trade Commission (FTC), Federal Communications Commission (FCC), Department of Commerce, Consumer Financial Protection Bureau, U.S. Patent and Trademark Office, and the U.S. Copyright Office. For example, the FTC has jurisdiction over unfair and deceptive practices that could be used to challenge companies that change interoperability rules, while the FCC, which already oversees broadly analogous interoperability requirements in the telecommunications space, could bring its expertise to platforms. Although the White House’s Office of Science and Technology Policy aims to coordinate federal technology policies, the reality is that these agencies operate with different, and sometimes conflicting, mandates, creating a fragmented regulatory environment and potentially stifling innovation.
A more unified regulatory approach could reduce uncertainty, streamline compliance, and foster an ecosystem that better supports middleware development. However, given the unlikelihood of creating a new agency, a more feasible approach would be to enhance coordination among existing regulators. The FTC could address antitrust concerns, the FCC could promote interoperability, and the Department of Commerce could support innovation through trade policies and the development of technical standards. Even here, slow rulemaking and legal challenges could hinder progress. Ensuring agencies have the necessary authority, resources, and expertise will be critical.
A soft-law approach, modeled after the National Institute for Standards and Technology (NIST) AI Risk Management Framework, might be the most feasible option. A Middleware Standards Consortium could help establish best practices and compliance frameworks. Standards development organizations (SDOs) such as the Internet Engineering Task Force or the World Wide Web Consortium (W3C), are well-positioned to lead this effort, given their experience crafting internet protocols that balance innovation with stability.
For example, a consortium of SDOs with buy-in from NIST could establish standards for API access, data portability, and interoperability of several key social media functionalities. This approach has the added benefit of providing guidance and incentives without rigid mandates. However, voluntary standards alone may not suffice—dominant platforms could delay adoption or manipulate processes to maintain control. To counteract this, policymakers could offer regulatory incentives, such as reduced liability for compliant platforms.
Finally, current legal uncertainties may also stymie middleware development. It is presently unclear whether middleware providers qualify for Section 230 protections, legislation that protects platforms from liability for content posted by users, particularly if they engage in curation or filtering. Similarly, the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA) Section 1201, which restricts the circumvention of digital access controls, might require amendment to exempt middleware providers, allowing them to modify content presentation without legal risk. Addressing these legal barriers through exemptions or clarifications would provide a clearer path for middleware innovation while safeguarding user protections.
Whether through centralized platform adoption or decentralized networks, middleware has the potential to redefine digital interactions by enhancing user choice and competition in the digital ecosystem. Policymakers should lay the groundwork to assist the development of a more open and democratic online future.