There is a major consumer shift to purchasing meals and groceries through third-party delivery (TPD) platforms. This shift is becoming explosive under pandemic conditions and may change consumer behavior long term. Once the shift has gone mainstream, it seems inevitable that online purchasing and public health issues will coincide. While few if any statistics around foodborne illnesses¹ have been linked to TPD platforms, emerging correlations of their activities will inevitably draw consumer and government attention to the following:

  • The Dilemma: A U.S. food safety regulatory framework that largely excludes TPD platforms
  • The Opportunity: The leveraging of meal and grocery traceability to more effectively prevent, and react to, potential foodborne illness outbreaks

In this article, we discuss the following aspects of the above dilemma and possible solutions:

  • Regulation and the risk posed to industry
  • Shortfalls of local departments of environmental health (DEHs)
  • Lack of federal regulatory oversight
  • Arguments for and against regulating TPD platforms
  • Potential solutions

In short, as TPD platforms become mainstream and new waves of competitors emerge, it may be time for the leading TPD platforms to take the driver’s seat to establish a single, reasonable food safety standard to stave off debilitating regulatory developments and bolster consumer confidence in their role in the U.S. food supply chain.


Regulation and the Risk Posed to Industry

TPD platforms face the possibility of the following regulatory landscapes:

  1. The federal government enacts and implements laws with sensible regulation, which states adopt with minimal additions; this is the case generally for food manufacturing facilities.
  2. State governments enact and implement heterogeneous sets of laws and regulation, as with alcohol and Cannabis products.
  3. States, counties, and cities across the U.S. individually pass ordinances and policies that completely splinter the regulatory landscape; this is the case for mobile food facilities (“food trucks”).

Regulation for any industry is viewed as a scourge and a threat to profitability. Such a viewpoint is expressed in the recently enacted California bill AB 3336.² 

The California Chamber of Commerce, the California Grocers Association, Internet Association, and TechNet are opposed to this bill and state that it would stifle work opportunities and potentially destroy third-party restaurant delivery at a time when it is more vital than ever by adding excessive and unwarranted regulation to companies. The opponents also believe this bill would enact burdensome and unnecessary requirements for delivery drivers who deliver groceries and the innovators providing access to food delivery.

However, the risk of prematurely burdening business operations with a sensible food safety standard may outweigh the risk of regulatory fragmentation.³ Los Angeles County’s new ordinance and California’s recently enacted bill are evidence of such potential. While the ordinance is limited to safety concerns, its codification of the term “food delivery platforms” and inclusion of contract delivery persons in the definition of “employees” set the stage for additional requirements to emerge at a local level. Meanwhile, the California bill establishes statewide requirements related to food safety. Anxiousness from inspectors to establish regulatory oversight for delivery platforms is clearly expressed by the bill’s sponsor, the California Association of Environmental Health Administrators (CAEHA):

This bill…is intended to provide a minimum of public health protection during the delivery of ready-to-eat food. CAEHA states that especially during this COVID-19 [coronavirus disease 2019] pandemic, and given the rapidly increasing use of third-party food delivery services, this bill is necessary to provide restaurants, the consumer, and the drivers with necessary protection. CAEHA states that numerous local jurisdictions wish to provide some reasonable oversight of this service, but are likely to be preempted by the CalCode [California Retail Food Code] from taking action. According to CAEHA, this bill is necessary to clarify the “regulatory gray area” that these ready-to-eat services fall into as they are not able to meet the current commercial food delivery requirements, yet are still operating extensively across the state. The Los Angeles County Board of Supervisors supports this bill, stating that this bill aligns with the County’s objective for safe food handling practices by third-party delivery drivers.


Shortfalls of Local DEHs

No guarantee of access to consumer feedback

TPD platforms are collecting a vast amount of quality feedback from consumers across the United States. Sharing this feedback with restaurants and grocery stores is in the interest of TPD platforms for several reasons, including to ensure incident resolution, bolster customer loyalty, avoid allegations of negligence, improve corporate governance, and ensure merchants comply with applicable regulations.

Merchants are not, however, guaranteed access to this information. Consequently, local DEHs rely on the good faith of TPD platforms or on notification by affected consumers. 

Difficulty identifying emerging trends

The reach of most local DEH authority is limited by municipal or county lines, while the services of a TPD platform may extend nationwide. Consequently, if a TPD platform receives news of a recurring issue across multiple municipalities and states, each local DEH won’t necessarily get the news. 

Difficulty addressing problems with TPD platforms’ delivery persons and vehicles

TPD platforms typically use contractors to shop and deliver meals and groceries on behalf of the TPD platform. These delivery persons:

  • Are not necessarily trained on personal health and hygiene
  • Are not obligated to distinguish themselves in the course of operations, thus decreasing the likelihood of an intervention by on-site food safety managers and inspectors
  • Can work across multiple local jurisdictions (so, if a contractor were discovered to be problematic by one local inspector, the individual could simply work in another jurisdiction)
  • Might not use vehicles in a manner, or in a condition, to safely deliver food (e.g., a part-time landscaper could hold food where fertilizer bags are stored)

While industry leaders may have developed and implemented programs intended to mitigate risks associated with contractors, these are voluntary and self-imposed standards that do not apply to emerging TPD platforms.

Exclusion from the U.S. Food and Drug Administration (FDA) Model Food Code

Delivery-related requirements in the FDA Model Food Code do not apply to TPD platforms and their delivery persons. For starters, FDA refers to “delivery service, such as home delivery of grocery orders or restaurant takeout orders” as an operation that falls outside the definition of a retail “food establishment.” It is important to note here that the definition of a “food establishment” includes an operation that relinquishes possession of food to a consumer directly, or indirectly through a delivery service such as home delivery of grocery orders or restaurant takeout orders, or a delivery service that is provided by common carriers.

Likewise, the definition of “employee” results in exclusion. An “employee” means the permit holder, person in charge, food employee, person having supervisory or management duties, person on the payroll, family member, volunteer, person performing work under contractual agreement, or other person working in a food establishment. 

Contract agreements presumably exist between TPD platforms and delivery persons, and TPD platforms and retail food establishments. But it is unclear whether the web of contractual agreements would make a delivery person an “employee,” as Section 2-103.11 distinguishes delivery persons from employees:

The person in charge shall ensure that employees and other persons such as delivery and maintenance persons and pesticide applicators entering the food preparation, food storage, and warewashing areas comply with this Code.

One may be inclined to interpret this section to mean that delivery persons must comply with the FDA Model Food Code. However, dining areas and grocery store aisles, where most delivery persons’ access is limited, are not listed as conditions for the Code to apply. Moreover, the public health reasons and administrative guidelines provided address this requirement only in the context of delivery persons delivering incoming goods to food establishments (not outgoing to consumers).

Section 3-501.19, “Time as a Public Health Control,” may give some people the idea that a 4-hour delivery time would be safe. However, subsection (D) states that this control may not be used if food is served to a “highly susceptible population,” which is increasingly the case with delivery during the COVID-19 pandemic. Even if this were not the case, this control is intended only for time/temperature control for safety (TCS) food before cooking or for ready-to-eat (RTE)/TCS food that is displayed or held for sale or service. 

Delivery platforms intent on predicating safe delivery times per Section 3-501.19 ought to review the sources cited in Annex 2 and Annex 3 of the FDA Model Food Code and in Schaffner's article, “Utilization of Mathematical Models to Manage Risk of Holding Cold Food without Temperature Control.”


Lack of Federal Regulatory Oversight

U.S. Department of Agriculture Food Safety and Inspection Service (USDA-FSIS)

USDA-FSIS involvement historically in retail-related activities is limited and confined to a handful of food categories: meat, poultry, siluriformes (e.g., catfish), and egg products. The Federal Meat Inspection Act of 1906 and the Poultry Products Inspection Act of 1957 provide the statutory authority for USDA-FSIS’s regulations that, if certain criteria are met, exempt retail stores and restaurants from inspection. In recently published guidance,⁴ USDA-FSIS reaffirms the limits of the exemptions. In the same guidance, USDA-FSIS also articulates the potential applicability of these exemptions to “online markets” and “home-delivered meals.”

While registration and traceability records requirements exist for online markets, no such requirement applies to home-delivered-meals businesses. Although USDA-FSIS has suggested mail-order food safety practices for consumers,⁵ it has not explicitly addressed requirements or best practices for TPD platforms. 


Although TPD platforms are not mentioned in its scope, Sections III.B. Need for Regulation and III.E. Improving Traceability for all Food of the preamble to FDA’s recently proposed rule “Requirements for Additional Traceability Records for Certain Foods” articulates a traceability framework in which TPD platforms would significantly enhance FDA’s ability to prevent and mitigate foodborne illness outbreaks. FDA also addresses the limited scope of the rule:

...while this proposed rule would not require retail establishments to maintain [Key Data Elements] for consumer purchases, we support efforts by retailers to identify and provide anonymized consumer purchase data for outbreak investigations...Access to traceability lot codes and product identifiers at the consumer level would further enhance our ability to focus on specific products purchased and narrow the scope of implicated shipments...Consistent with FDA's “New Era of Smarter Food Safety” initiative…, we will pursue ways to help all supply chain entities adopt practices and technologies that will promote rapid and effective tracking and tracing of foods to prevent or mitigate foodborne illness outbreaks.

The limited scope of the rule can be attributed partly to the statutory language of the Food Safety Modernization Act (FSMA), which makes no explicit mention of TPD platforms, and partly to FDA’s interpretation. In New Era of Smarter Food Safety, FDA’s Blueprint for the Future, FDA includes under core element #3 its intention to make up for this apparent lack of statutory authority with the following collaboration efforts and recommendations:

  • Work with regulatory partners to address new business models that may not be currently covered by FSMA (e.g., address who “owns” the food in the last mile).
  • Partner with food delivery companies to provide education on the importance of proper food handling, including outreach to delivery services such as the U.S. Postal Service, UPS, FedEx, Uber, Lyft, DoorDash, etc.

FDA addresses its policy of exemption for meal-kit type services, grocery stores, and restaurants that sell food through TPD platforms in Guidance for Industry: Questions and Answers Regarding Food Facility Registration, but the agency does not specifically address TPD platforms. 

One may find possible inclusion of TPD platforms in Section 111 of FSMA, “Sanitary Transportation Practices”:

The Secretary shall by regulation require shippers, carriers by motor vehicle or rail vehicle, receivers, and other persons engaged in the transportation of food to use sanitary transportation practices prescribed by the Secretary to ensure that food is not transported under conditions that may render the food adulterated.⁶ 

The question is: Are TPD platforms considered to be “engaged in the transportation of food” by virtue of coordinating contract delivery persons, consumers, and retail food establishments? If so, then FDA would have the statutory authority to address the shared activities of TPD platforms, contract delivery persons, and retail food establishments.⁷ Right now, no official interpretation of the statutes exists. FDA did, however, express that transportation practices included transportation activities related to retail food establishments, but that waivers would be intended for these activities.


Arguments for and against Regulating TPD Platforms

“TPD platforms’ relationships to food businesses are strictly financial and transactional. They don’t handle food.”

Argument: TPD platforms have relationships to grocery stores and restaurants that are limited to financial and transactional dealings. Contract workers that work on behalf of TPD platforms don’t ever handle the food, except when handling loose produce during grocery shopping. 

Counter: Federally regulating entities whose involvement in the movement of food is characterized exclusively by financial transactions is not unprecedented. Importers, for example, may not handle food, but are nonetheless subject to the Foreign Supplier Verification Program (FSVP) regulations. 

“TPD platforms are more like brokers than U.S. owners or consignees, for which reason they ought to be exempt from federal regulation.”

Argument: Brokerage firms are entities that typically charge a fee for brokering sales between foreign suppliers and domestic buyers. They tend to not meet the definition of an importer and so are not included in the U.S. regulatory framework for food safety. Similarly, TPD platforms broker a sale between consumers and retail food establishments. On this basis, TPD platforms, like brokers, ought to be exempt from the U.S. food safety regulation. 

Counter: The argument fails to mention that a TPD platform, like an “importer (not necessarily a broker),” is the primary entity responsible for coordinating the movement of goods between the foreign supplier and the customer. 

“Corporate parents are not necessarily regulated for activities in which subsidiaries are involved. Why should TPD platforms be regulated for the activities of contract delivery drivers?”

Argument: The relationship between parent companies, their subsidiary manufacturing facilities, and TP logistics (TPL) companies is analogous to the relationship between TPD platforms, retail food establishments, and delivery persons. FDA addresses the former relationship in the FSVP and STHAF final rules and makes clear that the regulations apply to the entities directly responsible for importation and transportation practices, although the responsible entities can “use common integrated written procedures” developed and maintained by the latter that prescribe practices for sanitary food transportation and FSVP activities. TPD platforms should be excluded from the scope of a U.S. regulatory framework, on the same principle. 

Counter: The analogy between the two relationships is imperfect. The subsidiary manufacturing facilities of a parent company and its TPLs fall within the scope of a U.S. regulatory framework. Delivery persons do not. Moreover, TPD platforms are responsible for directing delivery persons engaged in transportation practices, while parent companies are not.

“Restaurants and grocery stores are already subject to inspection under a U.S.-based inspection framework.”

Argument: TPD platforms do not need to be regulated because the grocery stores and restaurants are covered by an existing regulatory framework modeled on the FDA Model Food Code. To develop regulations for TPD platforms would be redundant and pointless. 

Counter: Foreign suppliers for importers, such as covered farms and registered food manufacturing facilities, fall under an existing regulatory framework, and yet importers are still subject to FSVP regulations. Moreover, the activities of TPD platforms’ contractors are not necessarily covered by existing U.S. regulatory frameworks, as mentioned earlier.

“We are already obligated to create risk-mitigation programs; further regulation would be redundant.”

Argument: Corporate governance laws and regulations require TPD platforms to develop, implement, and maintain risk management systems. Additional government oversight would be redundant, at least for corporate TPD platforms. 

Counter: There are many corporations in the food industry that are subject to layers of regulatory oversight, including by FDA.

“FDA doesn’t think transportation activities conducted by retail food establishments need to be regulated by the federal government.”

Argument: The STHAF regulations should not apply to contractors engaged in the last-mile delivery of food because FDA’s intention was that “a waiver be provided to retail food establishments, which are permitted, or authorized by regulatory authorities under a regulatory authority’s adoption of requirements based on the FDA [Model] Food Code.”⁷ Such “regulatory authorities are already performing food safety and regulatory oversight and inspection activities for their permitted or otherwise authorized retail food establishments through state and local regulations modeled after the FDA [Model] Food Code.” 

Counter: Contractors are contract employees of the provider, not the retail food establishment, and because contractors are not necessarily distinguishing themselves from everyday consumers, management and supervisory tools available to trained food safety managers at retail food establishments may not be readily and consistently applied to correct behavior, comportment, or use and integrity of equipment that deviate from state and local regulations modeled after the FDA Model Food Code. 

“Delivered meals and groceries aren’t at risk because they are totally enclosed in packaging.”

Argument: Delivered meals and groceries are always unexposed, so contractors would never have an opportunity to contaminate them. In recent rulemaking from FSMA, FDA clears warehouses handling unexposed packaged food from developing food safety plans and supply chain programs because of their inherent lower risk. 

Counter: While FDA’s recent rulemaking has cleared warehouses from the burden of developing risk-based preventive controls, the same rulemaking did not clear them from the training, temperature control, and Current Good Manufacturing Practices requirements. And even if the food is unexposed, it could still be affected by insanitary conditions, temperature abuse, dysfunctional and poorly maintained equipment, viral shedding by ill persons, poor hygiene practices, and a lack of training. 

“Delivered food is safe from intentional adulteration because it is too difficult to do wide-scale and without getting caught.”

Argument: Tamper-evident solutions are not necessary because if a consumer finds evidence of tampering, TPD platforms could easily identify the culprit. Moreover, meals and groceries would have to be intentionally adulterated individually, which makes it impossible to cause wide-scale public health harm, which is an essential element for determining a mitigation strategy appropriate under FDA’s Intentional Adulteration rule. 

Counter: The fact that individuals intentionally adulterating food may be traceable would be an incentive for Congress and FDA to formalize traceability requirements as was done in the Bioterrorism Act of 2002 and its implementing regulations. With regard to the scope of FDA’s Intentional Adulteration rule, states may not have the same incentive as FDA to narrow the focus to acts intended to cause wide-scale public health harm. 

In the California bill's Assembly Floor Analysis (8/31/2020), there was concern expressed for a pattern of incidence rather than for the potential for causing wide-scale public health harm. This bill would provide critical basic consumer protections against food contamination from RTE delivery services by establishing principal safeguards. The author opines that there is a concern—as well as documented incidents—of food safety problems associated with these TP deliveries. Media reports and anecdotal evidence suggest that food delivered by these services is being tampered with or contaminated during transport. 

It may be worth noting that FDA narrowed its focus to activities intended to cause wide-scale public health harm in the Intentional Adulteration rule; it was not a congressionally mandated scope rooted in the statutory language of FSMA. The scope of FDA’s enforcement activities includes nationally distributed domestic and imported foods and largely excludes retail food operations, which makes it reasonable to assume that the focus of agency regulations would have a different scope.


Potential Solutions

Embrace industry best practices 

Industry players have proven interested in establishing best practices. The Council III of the Conference for Food Protection, with representation from popular TPD platforms, composed the Guidance Document for Mail Order Food Companies,⁸ which is modeled after Great Britain’s Food Industry Guide to Good Hygiene Practice: Mail Order Food.⁹ These industry standards are useful for any legislative initiative or rulemaking activity seeking to understand best practices for contractors but not necessarily for TPD platforms. The next step would be to begin formulating best practices for TPD platforms on how to collect, trend, share, and act on real-time and historical data. 

Collaborate to craft sensible federal legislation and regulation

Industry standards along with existing risk-based, prevention-oriented frameworks would provide direction for state and federal legislative initiatives. A model example of legislative language for such an initiative can be found in FSMA. “U.S. Owners or Consignees,” per 21 C.F.R. 1.500, meet the definition of “importer” through their financial relationship with foreign suppliers, not by handling food.

Following the FSVP model, industry could work with legislators and state/federal agencies to perform the following through the legislative and rulemaking processes:

  • Formally define and differentiate TPD platforms (e.g., exposed/unexposed, cold/hot held, grocery, meal and meal kit)
  • Construct food safety program requirements based on industry standards that ensure that delivery persons (inconspicuously) identify themselves and their vehicles to food safety managers
  • Establish record-keeping expectations for identifying performance trends
  • Articulate terms for collaboration with agencies to address foodborne illness outbreaks
  • Identify adequate training for TPD platforms’ qualified individuals responsible for the development and implementation of the food safety programs
  • Provide flexibility for small and very small TPD platforms

Alternatively, states and TPD platforms could take measures to ensure that delivery persons, working on behalf of TPD platforms, fit into the local/state regulatory framework modeled on a new version of the FDA Model Food Code (as California did in September 2020,¹⁰ or through FDA Model Food Code adoption). The next step would be to ensure that delivery persons identify themselves and their vehicles to:

  • Food safety managers and supervisors to ensure supervision at the retail food establishments
  • Inspectors to ensure that applicable sections of food codes (modeled on the FDA Model Food Code) are enforced, although those sections are fairly limited now

There are three concerns with this latter approach: 

  1. The FDA Model Food Code may be amended insufficiently, causing the regulatory landscape to splinter as seen with mobile food facilities.
  2. States may choose to not legislate to adopt the most current version of the FDA Model Food Code; it tends to take 8–12 years from proposal to widespread adoption.
  3. Anecdotal evidence suggests that delivery persons tend to be treated disagreeably, by consumers and food establishment employees, when they identify themselves visually. To encourage compliance, it may be beneficial to develop a form of identification that is both inconspicuous to consumers and perceptible to those who need to observe contractors’ practices and equipment (e.g., food safety managers, supervisors, and local DEH inspectors).

Develop training and realistic record-keeping requirements 

As records will probably involve teasing relationships from large relational databases, it is foreseeable that the training associated with a TPD platform’s qualified individuals (and FDA investigators tasked with inspecting TPD platforms) will need to address data analysis skills to ensure that data can be rendered intelligible, actionable, and accessible for inspection upon request.



The regulatory climate for TPD platforms is changing. This article addresses possible positive outcomes in which TPD platform leaders partner with legislators, regulators, and other stakeholders to craft a sensible regulatory landscape to:

  • Assure consumer rights groups that sufficient measures have been taken to protect consumers
  • Prevent an unfavorable regulatory framework (or worse, a fragmented regulatory landscape)
  • Protect delivery platform technology from misuse by competitors
  • Enhance government’s traceback capabilities to prevent and mitigate foodborne illness outbreaks
  • Control the narrative regarding the coincidental correlation between TPD platforms’ popularity and national foodborne illness statistics

Of course, TPD platforms can choose to adopt a compliance strategy of waiting until catalyzing food safety events spark a national wave of legislation. But once consumer rights groups, regulatory associations, and local, state, and federal government agencies frame their positions more concretely on the correlation between foodborne illness outbreak data and TPD platform popularity, it may be a challenge for leading TPD platforms to shape their own regulatory landscape. As some people in politics like to say: “If you aren’t at the table, you are on the menu.”








6. FD&C Act Section 415(b), FSMA Section 111, 21 U.S.C. 350(e); bold and italics added for emphasis.





Michael and Charlie Kalish are the managing members and cofounders of Food Safety Guides, a virtual food safety consulting and training company.