On October 22nd, some of Silicon Valley’s biggest critics introduced a bill that’s meant to undercut social media monopolies. The Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act is designed to make “large communications platforms” loosen their hold on user data. It builds on regulations that have already been implemented in Europe, and it speaks to serious concerns about online walled gardens.

But the ACCESS Act doesn’t lay out precisely how these rules might change our relationship with companies like Twitter and Facebook. Some of its details are still up in the air. But based on what we know, here’s why the bill matters and why it’s not a surefire solution for opening up the internet.

What does the bill say?

As my colleague Makena Kelly explains, the ACCESS Act applies to “large communications platforms” with 100 million monthly users that generate income from collecting, processing, or sharing user data. That would cover Twitter, Facebook, Pinterest, and most other well-known social networks.

These platforms would have to offer interfaces that let users download their own data or transfer it to another service. Platforms would also need to let users authorize third-party apps that could access and interact with data as long as these “custodial third-party agents” register with the Federal Trade Commission and meet basic ethics and security standards.

Platform owners can revoke a third party’s access if it engages in fraud or malicious activity (among other offenses), and they can charge a fee if it exceeds a “reasonable threshold” of access. But they can’t abruptly lock down the interface without an explanation, and if they offer interoperability between their own services — the way Mark Zuckerberg has discussed connecting WhatsApp, Facebook, and Instagram messaging — then other companies should get access as well.

Won’t big platforms already let you export data?

Yes, but the systems are limited. Facebook and Twitter, for example, deliver a big folder full of posts, photos, and other account content. Google offers Takeout, a similar export system for its many services. All three companies (plus Microsoft) are working on a more full-featured system called the Data Transfer Project. But it’s still in development.

But the ACCESS Act isn’t just about exporting data. It’s also about offering companies access to live social networks through application programming interfaces, or APIs. We’ve seen companies weaponize API access to cut off competitors. Facebook did serious damage to Vine, for example, by revoking access to its friend-finding system. Interoperability standards like those in the ACCESS Act could undercut these strategies.

How could interoperability change social networking?

The ACCESS Act echoes Europe’s General Data Protection Regulation (GDPR), which includes a section on “data portability.” In the wake of the GDPR, several services have promised to help users share information on their own terms — like Digi.me, which securely aggregates sensitive personal information, including health records, or Hub of All Things, a “microserver” network for storing your digital footprint. A US law could cement the idea that information should be held by users, not individual apps.

Interoperability, meanwhile, could reduce the pull of huge social networking sites in a way that simply downloading your data off one service doesn’t. “A one-time portability helps a user switch more easily,” says Charlotte Slaiman, senior policy counsel at advocacy group Public Knowledge. “But if they can’t communicate back with their friends and connections on the large network, I think there’s still a real lock-in effect.”

Interoperability won’t make sense for lots of existing networks. (Most people probably don’t want to post their tweets on TikTok, for instance.) “The big theory would be that new entrants would come,” says Slaiman. “It’s really hard in today’s environment for a company that would rely on this thing that doesn’t exist yet to survive without it for a while. So I think that if we are able to have interoperability required, then innovators will know if you come up with a new startup that is based on this system, you will have the opportunity for success.”

If a new company wanted to compete with Facebook, for example, it wouldn’t have to build an independent user base. Instead, it could plug into the main Facebook community and offer a unique set of features or a better interface. Facebook could clone these features, but its massive network would provide less of a crushing advantage because smaller competitors could access the same network as well.

Even if the main goal is growing new networks, some existing ones could benefit — like Mastodon, a Twitter-like platform based on small “federated” servers. “The main challenge facing Mastodon and other decentralized social media platforms is the network effect, i.e. ‘can I talk to my existing friends on this platform?’” says Mastodon creator Eugen Rochko. “I often get asked if it’s possible to have an app where you can follow Twitter users from a Mastodon account (which right now is of course not possible).” If Twitter were legally required to interface with Mastodon, that wouldn’t be a problem.

What’s the catch?

The ACCESS Act sketches out this big goal, but it doesn’t define what reasonable interoperability looks like. According to a spokesperson from Sen. Warner’s office, companies can adopt their own standards. But the bill also gives the National Institute of Standards and Technology (NIST) 180 days to to publish technical standards for interoperability on different kinds of platforms, including models for messaging, sharing multimedia content, and the broad category of “social networking.”

If companies adopt a standard that’s comparable to NIST’s, they’ll enjoy a presumption of “fair, reasonable and non-discriminatory” operation — creating an incentive for companies to hew to these guidelines. “NIST would set up the specific technical specifications of how interoperable the services need to be,” explains Slaiman. A broad framework might require platforms to give up access to most data for free. A narrow one could let them charge for anything beyond basic access. Even if this bill passes, we won’t know until later just how meaningful it is, and tech companies will probably push to get their favored definition accepted as a de facto standard.

Digi.me founder Julian Ranger, a firm advocate of data portability, worries that drawing up detailed interoperability rules will make it less effective. “The intent behind the bill is great, but they over-specify,” says Ranger. “The most important thing that the bill should do is mandate data portability with a well-formed API. Don’t say anything else.” Otherwise, he believes, policymakers will only slow down the bill’s implementation while laying down rules that quickly become obsolete or that unduly limit companies.

Third-party access always raises big privacy and security questions. The ACCESS Act mandates privacy safeguards, but bad actors will still try to take advantage of the system. Interoperability might also raise awkward questions about moderation. If a hate group tries to build its own Facebook offshoot, Facebook will probably face criticism for granting them access, even if it’s following the letter of the law. So is interoperability worth the risks? That’s what lawmakers will have to decide.

Update 3:40PM ET: Added more detail about NIST standard-setting from Sen. Warner’s office.