Lessons From AliExpress’ Binding Commitments Under EU's Digital Services Act

On June 18, the European Commission announced that AliExpress – the product marketplace owned by China's Alibaba Group – agreed to a number of binding commitments to address concerns raised in formal proceedings under the Digital Services Act (DSA). These precedent-setting commitments will bring the platform into legal compliance with the DSA in six major areas, including recommender and advertising system transparency and researcher data access.

This analysis breaks down AliExpress’ binding commitments and why they matter, with a focus on how commitments for transparency of recommender systems, access to public data for researchers, and monitoring can lead to meaningful accountability.

AliExpress’ commitments related to recommender system transparency and design are an important step, but could be strengthened through more structured disclosure of information necessary for meaningful oversight. Commitments to enable researcher access to publicly available platform data are promising, particularly in relation to automated collection and customized requests. Finally, while the creation of an internal monitoring framework is a critical component, it must be paired with measurable benchmarks and external verification to ensure accountability.

How the EU enforces the DSA

The DSA is the world’s most comprehensive regulatory framework aimed at ensuring transparency and accountability of online tech platforms. The DSA’s enforcement framework provides the Commission a range of investigatory and sanctioning powers to ensure compliance. Investigations under the DSA seek to bring platforms into compliance, either through negotiated commitments or a non-compliance decision. A non-compliance decision can trigger fines, specific measures, and enhanced ongoing supervision.

To date, the Commission has requested information from many platforms. These information requests are a first step in investigating potential noncompliance by platforms. In response to requests for information, the Commission may also initiate formal proceedings and has done so against ten platforms, including AliExpress, Meta (Facebook and Instagram), TikTok, X, Temu, and several pornographic websites.

June’s announcement in the AliExpress investigation is significant, as it marks the second platform (after TikTok) that has agreed to specific actions to address the Commission's concerns. The Commission previously accepted TikTok’s commitments to permanently withdraw its Lite Rewards programme in Europe due to its possible addictive design and not having undergone the required risk assessment, particularly concerning children’s mental health.

In the case of AliExpress, the platform made commitments to address multiple dimensions of the Commission’s open investigation, including internal complaint handling systems, transparency regarding platforms' advertising and recommender systems, the traceability of traders, and researchers' access to data. The announcement also clarified that the Commission would continue its investigation against AliExpress in relation to the dissemination of illegal products under the DSA.

Dialogue in negotiating the commitments featured prominently in this enforcement, as highlighted by both the Commission and AliExpress. The head of EU affairs for AliExpress’ parent group Alibaba, Claudia Vernotti, for example, stated, “We deeply value the open and constructive dialogue” with the Commission in the investigation. Henna Virkkunen, the Commission’s Executive Vice-President for Tech Sovereignty, Security and Democracy, similarly stated that this “decision serves as an illustration of the Commission’s expectations when we raise concerns” – namely that platforms and the Commission will negotiate how to come into compliance with the DSA obligations.

Taking stock of AliExpress’ commitments

AliExpress’s legally binding commitments relate to multiple areas of platform design and offer the opportunity to take stock of the Commission’s emerging enforcement approach.

Below, I analyze three critical commitments that are steps in the right direction, but require strengthening to ensure meaningful platform transparency and accountability: 1) transparency of recommender systems, 2) access to public data for researchers, and 3) monitoring.

1. Transparency of recommender systems

AliExpress will let users opt out of “personalization” and will also explain how its marketplace product recommendations work. This is a good start – but not enough as the commitments lack specificity and disclosure of key recommender system data.

The announcement states that AliExpress will “introduce a user-friendly option for … users to exercise options as regards personalization.” Additionally, AliExpress will provide “easily accessible information, in plain language, on how products are recommended on the platform’s website and mobile app.” The announcement does not specify whether more detailed confidential commitments were provided to the Commission.

The requirements in regard to personalization could be more detailed. Requiring “a user-friendly option” to “exercise options” does not establish an objective and measurable goal. AliExpress should provide choices and defaults that allow users to tailor their platform experiences and switch between different recommendation systems. KGI’s recent Better Feeds report provides detailed policy guidance for how to operationalize and measure these recommender system designs meaningfully.

In relation to the main parameters of recommender system design, AliExpress should disclose the specific input data and weights used in the design of its recommender systems.

Disclosure of all input data categories and weights will be more valuable than general “easily accessible information” of how products are recommended. The Better Feeds report details how to achieve meaningful transparency of recommender system input data and weights. Consistent and detailed disclosure of specific input data and weights is essential for a meaningful understanding and evaluation of recommender system design, risk, and mitigation strategies.

2. Access to public data for researchers

AliExpress commits to multiple access points for eligible researchers to access publicly available platform data, which would allow for greater accountability and independent oversight of risk. However, systemic risk and publicly available data are undefined in the commitments, meaning it's up to AliExpress to define them, potentially allowing the platform to overly restrict legitimate research.

AliExpress makes multiple commitments related to data access modalities. These include explicit reference to the analysis of “systemic risks via automated means, such as ‘data scraping’.” AliExpress will also provide a dedicated API with download capabilities as well as customized data requests for eligible researchers as defined by the DSA. AliExpress also commits to maintaining a webpage providing relevant information about data access.

These actions represent a significant step forward. During the DSA negotiations, academics and civil society researchers consistently stressed the importance of access to publicly available data, including through automated and independent means. Platforms’ interpretations of the DSA’s requirements vary widely. Some researchers have been unable to secure access to publicly available data.

The commitments’ explicit reference to automated data collection, downloadable data through API access, and customized requests is particularly notable. Article 40 of the DSA does not specify such data access mechanisms. The AliExpress commitments show the Commission’s efforts to prioritize diverse access mechanisms under Article 40.

The commitments, however, do leave some areas unaddressed. Challenges with other platform data access mechanisms underscore the need for ongoing oversight. Furthermore, the failure to define key terms, including systemic risk and publicly available data, could enable AliExpress to frustrate effective research. But it also leaves space for ongoing debate on refining definitions.

3. Internal monitoring framework

Lastly, the commitments’ focus on an internal monitoring framework is essential. The monitoring commitment specifically states that a dedicated internal AliExpress team will “systematically assess the proper implementation and effectiveness of all commitments.” This is critical.

However, this is also an area where greater specificity is necessary. There are many experiences to draw on in relation to the supervision of legal settlements. A recent paper co-authored by KGI and other experts, Social Media Harm Abatement, describes how to establish an implementable mechanism for an abatement plan capable of addressing social media harms, grounded in an internal and external monitoring framework. Such ongoing monitoring and assessment will be essential to ensure that AliExpress upholds its commitments.

To assess ongoing implementation, DSA commitments should be grounded in robust measurements based on internal and external data sources, enabling effective assessment of compliance, risk, and mitigation.

The path towards meaningful accountability

The AliExpress DSA commitments represent a significant development in DSA enforcement – sending a clear message to other online tech platforms that the EU is prioritizing collaboration to bring companies in line with legal compliance.

However, the commitments made by AliExpress should be seen as a floor, not a ceiling. They set an important precedent for platform-level changes and also revealed areas that require greater clarity and specificity for true DSA compliance.

As the Commission continues to define expectations through investigations and commitments, it is essential that future commitments include specificity, measurable outcomes, and mechanisms for independent oversight, including clear definitions of key expectations to avoid overly discretionary interpretation and robust internal monitoring frameworks, paired with external oversight mechanisms to effectively assess compliance and risk.