Introduction

When we engage in transactions online, we agree to be bound by a set of rules established by the platforms, usually their terms of service. Those rules operate alongside and sometimes in place of traditional contract law established by states. This has created a regulatory framework coined by Mateusz Grochowski as ‘shadow contract law’: a body of rules that mirrors the structure and function of state-made contract law, but is unilaterally formulated and enforced by online platforms. The term ‘shadow contract law ’ is inspired by the notion of the ‘shadow of the law’ as developed by Mnookin and Kornhauser and Cooter and others. It captures the space that parties enjoy for negotiation outside the formal constraints of the law.

To gain a better understanding of shadow contract law and its impact on the platform economy, we have interviewed Dr. Mateusz Grochowski. He is an Associate Professor of Law at Tulane University School of Law, specialising in intersections of private law and digital technologies. He is co-editor of the book Enforcing Private Regulation in the Platform Economy and author of the article Shadow Contract Law in the Platform Economy, which analyses how platforms act as private lawmakers by imposing their own contractual rules on user transactions, largely beyond state control.

Interview

To what extent do you think that consumers and sellers are actually aware that they are subject to shadow contract law, and does this lack of awareness (if any) create specific risks?

Mateusz Grochowski: Most consumers and sellers know that digital platforms maintain elaborate regulatory frameworks. They have accepted terms of service, seen listings curated by algorithms, or had accounts suspended. Few recognise, however, how the internal governance schemes of platforms actually work – or how they relate to the ‘state-made’ rules that formally govern relations between platforms and their users. Naturally, platform rules are much more immediate and familiar to most users, who tend to look there first for answers when shopping online. A buyer considering returning a laptop that does not match its description will almost always check the platform’s cancellation and returns policy before thinking about their statutory right of withdrawal – even where they are functionally equivalent. Users generally experience the outputs (a refund granted, a complaint dismissed, a review removed) without fully realising whether the platform is enforcing ‘official’ law or its own internal rule.

This is precisely the phenomenon I refer to as ‘shadow contract law’: the growing infrastructure of platform terms, algorithmic governance mechanisms, interfaces, and technical protocols that operate alongside classical contract law in both B2C and B2B contexts. These composite regulatory infrastructures effectively structure rights, obligations, and remedies in digital markets, forming a parallel normative order that users often encounter long before they encounter state law.

The gap between the emergence of shadow contract law and consumers’ understanding of it creates several foundational risks. The first relates to users’ ‘normative reliance’. Even users with limited knowledge of applicable rules tend to assume that some basic conventional legal framework applies to their situation. Like market participants in most other contexts, they proceed on the reasonable expectation that background legal rules – on fairness, remedies, or performance – are in place. The platform’s own regime, however, may partially override those assumptions in ways they never anticipated and often cannot fully comprehend.

The second risk is remedial. Conventional contract law and the shadow regimes developed by platforms have fundamentally different enforcement mechanisms. While the former is primarily enforced by courts ex post (e.g., when a seller refuses to repair a defective item or when a buyer returns goods with excessive damage), the latter operates far more immediately, often without formalised procedures and sometimes in a fully automated manner. Users who do not understand how these two systems interact may act on false assumptions about what remedies are actually available to them, how quickly those remedies may apply, and how they can be challenged.

The third risk is epistemic. The platform economy is, to a significant extent, a sophisticated infrastructure for gathering and processing knowledge, and platforms convert that knowledge into regulatory schemes. Shadow contract law could not exist in its current form without the epistemic power exercised by platforms, nor without the sequestration and privatisation of that knowledge. Users cannot meaningfully contest systems they do not understand: how algorithms rank or flag reviews, what triggers account suspensions, or how platforms calculate individualised prices. This opacity is not just a byproduct of technical complexity. It is itself a mechanism of governance that enables platforms to exercise effective forms of private power while limiting meaningful scrutiny.

What structural features of the platform economy allow shadow contract law to operate beyond state control and do you see this changing in the near future?

Mateusz Grochowski: The platform economy has always had a strongly private regulatory character. By nature, platforms create relatively enclosed market spheres in which they can both intermediate between users and trade their own goods and services. Not all platforms exercise this potential to the same degree, opting for varying forms of regulatory involvement in the market partitions they establish and govern. However, the more extensive a platform’s regulatory activity becomes, and the more deeply it designs tools to control its own infrastructure, the more insulated its governance tends to be from external oversight. Several structural features combine to make shadow contract law especially resistant to conventional regulatory intervention.

The first is architectural control. Platforms do not merely draft terms; they design the entire transactional environment. They control search rankings, payment flows, visibility, access to data, review systems, suspension mechanisms, and dispute resolution pathways.

The second is information asymmetry and epistemic monopolisation. Platforms concentrate critical market-relevant knowledge, such as behavioural data, algorithmic risk assessments, and seller performance metrics, within their privatised systems of knowledge. Regulators must govern systems they cannot adequately understand without depending on the very entities they seek to regulate.

The third is scale and swiftness. Platforms update rules algorithmically, at a pace no legislative or judicial process can realistically match. By the time a court interprets terms of service or a public authority scrutinizes a practice, the platform may already move on to a revised version of that rule or conduct. This temporal asymmetry structurally advantages private rule makers over public ones.

The fourth is jurisdictional fluidity. Platforms operate simultaneously across multiple legal systems, while contract and consumer law remain predominantly territorial. Shadow contract law exploits this mismatch – it can function globally, while conventional regimes remain fragmented and heavily dependent on conflict-of-laws frameworks.

A change in this state of affairs is possible, but is unlikely to occur on a large scale. The EU’s regulatory ecosystem – particularly the DSA – represents a genuine attempt to reintroduce public epistemic access into platform governance. But regulatory development remains structurally slower than platform innovation, and no instrument currently in force directly addresses the norm-generating legitimacy of platforms as private lawmakers. What is ultimately needed is ‘meta contract law’ – a coordinating layer of principles that disciplines not only what platform rules contain, but how they are made, revised, and contested. That said, this ambition remains, at least for now, rather aspirational.

In Vanessa Mak’s case study on Amazon in the Legal Pluralism in European Contract Law, she argues that platforms can deliver customer protection that meets or exceeds the EU standard, but this is at the cost of the third-party trader. In the frame of shadow contract law, do you see the disadvantages for third-party traders as an inevitable feature? And as individuals increasingly move between roles as seller and consumer on platforms, how does shadow contract law affect such individuals, and does the current legal framework adequately protect them?

Mateusz Grochowski: Mak’s analysis captures what might be described as the ‘altruism paradox’ of the platform economy. Although platforms are driven primarily by profit maximisation, achieving that goal requires them to govern their ecosystems in ways that attract and retain both consumers and professional sellers. Part of that attraction is the quality of the platform’s internal regulatory framework and the degree of protection it offers. The paradox, however, is that this protection is distributed very unevenly. Platforms tend to offer consumers stronger and more readily available remedies (asymmetric returns windows, buyer-exclusive dispute channels), as consumer trust drives retention and transaction volume. As Mak observes, the cost of that consumer-facing protection is typically shifted onto third-party traders, primarily through infrastructural constraints, self-preferencing, and the systematic transfer of contract performance risk. Platforms do this simply because they control the architecture and face limited competitive pressure to change it: professional sellers are far more captive to the ecosystem than the consumers whose loyalty the platform most depends on.

I would not say trader disadvantage is logically inevitable – one could imagine platforms choosing to internalize more of those costs. But under the current structure of the platform economy, a structural shift seems unlikely in the near term.

A partial change might, however, come from a less expected direction: as digital tools become more sophisticated and governance infrastructure cheaper to deploy, some platforms may find it commercially attractive to develop more balanced frameworks – particularly in markets where professional sellers have genuine exit options and can credibly threaten to take their business elsewhere. But that is a marginal dynamic, not a systemic correction. The trajectory tilts toward increasing concentration of platform power, which in turn tends to produce more intensive governance schemes rather than more balanced ones.

User reviews and feedback systems are often used in platform communities. At the same time, international standards such as ISO 20488:2018 set principles for the collection, moderation, and publication of online consumer reviews. Do you think they can serve as a meaningful counterweight to shadow contract law and help to ensure the reliability and fairness of the platforms or are they inevitably insufficient to address the power imbalance that shapes how platforms operate?

Mateusz Grochowski: Review systems occupy a distinctive position within shadow contract law. Apart from being informational tools, they function simultaneously as bottom-up channels for producing knowledge about the platform economy, as community sanction mechanisms, and as governance instruments developed by platforms themselves. A low reputation score can restrict a seller’s online visibility, affect pricing (if personalised), or trigger fraud-detection safeguards. Feedback infrastructure is, in that sense, a core component of private platform governance, not a peripheral feature of it.

Standards like ISO 20488:2018 can serve as a meaningful counterweight, but within real limits. They can incentivise platforms to adopt common transparency benchmarks (such as clearer moderation practices, stronger protections against fraudulent reviews), and thereby create more coherence and predictability across the market. They also give regulators and civil society a reference point against which to evaluate platform practices.

Those benefits should not be downplayed. At the same time, however, tools like ISO 20488:2018 face several structural limits. They rest on voluntary compliance, and cannot prevent opaque gaps between a platform’s stated review policy and its actual implementation (especially when it is implemented via algorithmic decision-making which the ISO standards do not envisage at all).

More fundamentally, feedback frameworks themselves operate within shadow contract law and are governed by it. Platforms can adjust their review moderation policies, change how algorithms aggregate scores, or introduce AI-generated review summaries in ways that materially affect the reputational standing of sellers and consumers. All this may happen without any formalised amendment procedure or external accountability. Standards can improve the reliability of the reputational mechanism; they cannot change who controls it or on what terms.

Review systems are, at their core, inward-looking: they are designed to discipline individual users within the platform ecosystem. At the same time, they do not determine how platforms exercise their broader governance power, which is embedded in shadow contract law. User reviews cannot reach this level and therefore cannot prevent platforms from reproducing underlying power imbalances.

That said, review schemes are among the very few channels through which platform users can actively participate in shaping norms – however imperfect and platform-mediated that participation remains. They can be a useful regulatory tool, but only as part of more carefully engineered, multi-layered schemes. As a standalone counterweight to shadow contract law, they are structurally insufficient.

EU law has started to address platform regulation through regulations like the Digital Services Act. In your view, how effective would these instruments be in controlling the private regulatory power of the platforms and what gaps remain?

Mateusz Grochowski: The DSA is an ambitious attempt to introduce comprehensive checks and balances on platforms’ governance power. It engages with key dimensions of shadow contract law, both procedurally (e.g. how platforms set and unilaterally modify their terms) and substantively (e.g. how they allocate risks and enforce compliance). Most prominently, the DSA marks a shift in regulatory thinking toward grappling with the deeper power dynamics that drive platform self-regulation, through mandatory systemic risk assessments, algorithmic transparency, and audit schemes. By contrast, the 2019 Platform-to-Business Regulation introduced transparency obligations regarding ranking parameters and the reasons for account suspension or termination – elements that form part of shadow contract law. In doing so, however, it remains within the older regulatory logic, largely addressing symptoms rather than the underlying structural dynamics of platform power that the DSA seeks to confront.

The dual engagement of users in many platforms complicates this further. Many people today move fluidly between consumer and supplier/producer roles (think of an Airbnb host who also travels as a guest, an eBay seller who also buys supplies on that platform). Shadow contract law tracks them continuously, often through the same account, reputation score, and data profile. On a flipside, the conventional contract law schemes do not follow that fluidity, building on more clear-cut distinctions between consumers and non-consumers. Many users who depend on platforms as gateways to consumption or business activity fit into neither category, lacking more targeted protection. That is a mismatch that existing law has yet to adequately address. The DSA, with its intersectional category of ‘platform user’ seems to make the first step in this direction.

That said, real gaps remain. The DSA is primarily a content governance instrument. Its core architecture targets illegal content, disinformation, and systemic risks to public discourse. The contractual dimension of shadow contract law (how platforms design terms, allocate risk, and administer quasi-judicial enforcement) remains largely at the margins of its focus. Moreover, DSA only partly resolved the fundamental information-related problem: systemic risk assessments are still conducted by platforms, on platform-held data, using platform-designed methodologies. Regulators remain epistemically downstream from the entities they regulate, and the DSA does not change that architecture – it only makes it slightly more legible.

Finally, no current EU instrument directly addresses the norm-generating legitimacy of platform rulemaking as such. The DSA imposes transparency obligations regarding specific practices; it does not require that the processes by which private rules are made satisfy procedural standards of participation or accountability. Filling that gap requires developing a genuine framework governing how platform rules may be legitimately made, revised, and contested within democratic societies. This brings us back to the notion of a “meta-contract law” mentioned earlier, which appears to be the next necessary step in the evolution of the legal response to platforms’ private governance practices.

As you will also be a keynote speaker at our upcoming ConsumerID conference, can you provide us with a sneak peek at the topic you are going to discuss?

Mateusz Grochowski: My paper looks into the evolving boundaries of contemporary consumer law and explores how it absorbs new forms of consumption – along with the values we express through them. At the heart of the story is the ‘consumer-citizen,’ a concept developed in the early twentieth century to capture the overlap between our roles as participants in the market and as members of a democratic polity.

We have long known that consumer market choices are never purely economic acts, but also directly involve a political dimension. Such decisions are made not only collectively (think, for instance, of consumer boycotts), but also individually. In those moments, consumers – ‘voting’ with their purchase decisions – take part in the collective democratic process. In this way, business-consumer relations become part of political deliberation where values get negotiated as much as prices.

With the rise of the digital economy and the integration of sustainability into the core of EU consumer law, the figure of the consumer-citizen faces qualitatively new challenges. On social media, for instance, democratic deliberation is commodified into an elaborate service governed by the algorithmic architectures of private platforms. Consequently, the boundary between “the public” and “the private” – central to our understanding of private law, consumer protection, and the division of responsibility between the state and the individual for interpreting and enforcing collective values – is increasingly blurring. Simultaneously, elements of a sustainable economy, such as environmental protection and ethical production, are increasingly entering the domain of individual consumer interest, as citizens seek to express these values through their everyday market choices.

These and similar developments prompt us to ask about the role of consumer law in navigating the blurring division between the public and the private, and the extent to which it should protect consumers not only as market actors but also in relation to their political choices and values within the evolving consumer economy. My paper seeks to map this landscape and to ask why – and to what extent – modern consumer law may need to redefine its own boundaries in order to protect this hybrid figure. I very much look forward to discussing these questions at the conference.