Commission fines X €120 million under the Digital Services Act

Today, the Commission has issued a fine of €120 million to X for breaching its transparency obligations under the Digital Services Act (DSA). The breaches include the deceptive design of its ‘blue checkmark, the lack of transparency of its advertising repository, and the failure to provide access to public data for researchers.

Deceptive design of Xs ‘blue checkmark

Xs use of the ‘blue checkmark for ‘verified accounts deceives users. This violates the DSA obligation for online platforms to prohibit deceptive design practices on their services. On X, anyone can pay to obtain the ‘verified status without the company meaningfully verifying who is behind the account, making it difficult for users to judge the authenticity of accounts and content they engage with. This deception exposes users to scams, including impersonation frauds, as well as other forms of manipulation by malicious actors. While the DSA does not mandate user verification, it clearly prohibits online platforms from falsely claiming that users have been verified, when no such verification took place.

Lack of transparency of Xs ads repository

Xs advertisement repository fails to meet the transparency and accessibility requirements of the DSA. Accessible and searchable ad repositories are critical for researchers and civil society to detect scams, hybrid threat campaigns, coordinated information operations and fake advertisements.

X incorporates design features and access barriers, such as excessive delays in processing, which undermine the purpose of ad repositories. Xs ads repository also lacks critical information, such as the content and topic of the advertisement, as well as the legal entity paying for it. This hinders researchers and the public to independently scrutinise any potential risks in online advertising.

Failure to provide researchers access to public data

X fails to meet its DSA obligations to provide researchers with access to the platforms public data. For instance, Xs terms of service prohibit eligible researchers from independently accessing its public data, including through scraping. Moreover, Xs processes for researchers access to public data impose unnecessary barriers, effectively undermining research into several systemic risks in the European Union.

The fine issued today was calculated taking into account the nature of these infringements, their gravity in terms of affected EU users, and their duration.

This is the first non-compliance decision under the DSA.

Next Steps

X now has 60 working days to inform the Commission of the specific measures it intends to take to bring to an end the infringement of Article 25 (1) DSA, related to the deceptive use of blue checkmarks.

X has 90 working days to submit to the Commission an action plan setting out the necessary measures to address the infringements of Articles 39 and 40(12) DSA, relating to the advertising repository and to the access to public data for researchers. The Board of Digital Services will have one month from receipt of Xs action plan to give its opinion. The Commission will have another month to give its final decision and set a reasonable implementation period.

Failure to comply with the non-compliance decision may lead to periodic penalty payments. The Commission continues to engage with X to ensure compliance with the decision and with the DSA more generally.

Background

On 18 December 2023 the Commission opened formal proceedings to assess whether X may have breached the DSA in areas linked to the dissemination of illegal content and the effectiveness of the measures taken to combat information manipulation, for which the investigation continues.

These proceedings covered also the use of deceptive design, the lack of advertising transparency and insufficient data access for researchers, for which the Commission adopted preliminary findings on 12 July 2024 and a non-compliance decision today.