The European Commission has imposed a EUR 120 million fine on X for failing to meet transparency obligations under the Digital Services Act (DSA).
It’s worth pointing out that this represents the first non‑compliance decision issued under the DSA. The breaches identified include the platform’s handling of its verification system, shortcomings in its advertising repository, and restricted access to public data for researchers. Representatives from the Commission noted that these failures undermine user trust and inhibit oversight.
X’s ‘blue checkmark’ for verified accounts was found to be misleading. Users can obtain the badge through payment without meaningful verification of their identity, making it difficult for others to assess the authenticity of accounts and content. The Commission warned that this could expose users to impersonation scams and other malicious activities. While the DSA does not require platforms to verify users, it prohibits falsely representing accounts as verified.
The platform’s advertisement repository was also cited for failing to provide transparent and accessible information. X’s repository lacked key details, such as ad content, topic, and the legal entity funding the advertisements, and incorporated delays and barriers that hindered effective access. According to Commission officials, this limits the ability of researchers and the public to monitor online advertising for scams or coordinated disinformation campaigns.
Data access for research
X additionally fell short of DSA requirements for researcher access to public data. Its terms of service prevent eligible researchers from independently accessing certain public data, and procedural obstacles further restrict meaningful research, limiting understanding of systemic risks within the EU.
X has been given specific deadlines to address these breaches. The platform must report within 60 working days on measures to correct the verification system and submit an action plan within 90 working days for the advertising repository and research access issues. The Commission may impose additional penalties if compliance is not achieved.
Commission representatives emphasised that misleading verification, opaque advertising, and restricted data access have no place online in the EU and that the DSA is designed to protect users and enable researchers to identify potential threats.
