The European Commission has imposed a €120 million fine on X for multiple breaches of the Digital Services Act (DSA), marking the first non-compliance decision under the EU’s landmark online-platform regulation. The violations concern deceptive design practices, inadequate advertising transparency, and failure to provide researchers with access to public data.
Deceptive Use of the Blue Checkmark
The Commission found that X’s approach to its “blue checkmark” verification badge misleads users by suggesting identity verification where none occurs. Because any user can purchase verification without meaningful checks, the Commission concluded that X violates the DSA prohibition on deceptive design practices. This system exposes users to impersonation, scams, and manipulation by malicious actors.
Insufficient Transparency in Advertising
The Commission also determined that X’s advertising repository fails to meet DSA transparency standards. The repository lacks essential information—such as ad content, subject matter, and the paying entity—and incorporates operational barriers that slow or block access. These shortcomings impede researchers and civil society groups from investigating disinformation, coordinated manipulation, and fraudulent advertising.
Blocking Researcher Access to Public Data
X was additionally found to have violated its obligations to provide researchers with access to public platform data. The company’s restrictions—including prohibitions on scraping and onerous procedural hurdles—were deemed to obstruct legitimate research into systemic risks within the EU.
Next Steps
X must, within 60 working days, inform the Commission of the measures it will take to end the deceptive use of the blue checkmark. It also has 90 working days to submit an action plan addressing deficiencies in its advertising transparency and data-access policies. The Digital Services Board will review the plan before the Commission issues a final decision and implementation timeline.
Failure to comply may result in additional periodic penalties.
Commission Statement
Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy, stated:
“Deceiving users with blue checkmarks, obscuring information on ads and shutting out researchers have no place online in the EU. With the DSA’s first non-compliance decision, we are holding X responsible for undermining users’ rights and evading accountability.”
The Commission continues its broader investigation into X’s handling of illegal content, information manipulation, and other potential DSA breaches.