In the first compliance decision under the Digital Services Act (DSA)., the European Commission has issued a fine of €120 million to X for breaching its transparency obligations under the DSA. The breaches include the deceptive design of its “blue tick”, the lack of transparency of its advertising repository, and the failure to provide access to public data for researchers.
Deceptive design of X’s blue tick
The Commission says that X’s use of the blue tick for ‘verified accounts’ deceives users. This violates the DSA obligation for online platforms to prohibit deceptive design practices on their services. On X, anyone can pay to obtain the ‘verified’ status without the company meaningfully verifying who is behind the account, making it difficult for users to judge the authenticity of accounts and content they engage with. This deception exposes users to scams, including impersonation frauds, as well as other forms of manipulation by malicious actors. While the DSA does not mandate user verification, it clearly prohibits online platforms from falsely claiming that users have been verified, when no such verification took place.
Lack of transparency of X’s ads repository
According to the Commission, X’s advertisement repository fails to meet the transparency and accessibility requirements of the DSA. Accessible and searchable ad repositories are critical for researchers and civil society to detect scams, hybrid threat campaigns, coordinated information operations and fake advertisements.
X incorporates design features and access barriers, such as excessive delays in processing, which undermine the purpose of ad repositories. X’s ads repository also lacks critical information, such as the content and topic of the advertisement, as well as the legal entity paying for it. This hinders researchers and the public to independently scrutinise any potential risks in online advertising.
Failure to provide researchers access to public data
The Commission’s view is that X fails to meet its DSA obligations to provide researchers with access to the platform’s public data. For instance, X’s terms of service prohibit eligible researchers from independently accessing its public data, including through scraping. In addition, X’s processes for researchers’ access to public data impose unnecessary barriers, effectively undermining research into several systemic risks in the EU.
The fine was calculated considering the nature of these infringements, their gravity in terms of affected EU users, and their duration.
Next steps
X now has 60 working days to inform the Commission of the specific measures it intends to take to bring to an end the infringement of Article 25 (1) DSA, related to the deceptive use of blue ticks.
It has 90 working days to submit to the Commission an action plan setting out the necessary measures to address the infringements of Articles 39 and 40(12) DSA, relating to the advertising repository and to the access to public data for researchers. The Board of Digital Services will have one month from receipt of X’s action plan to give its opinion. The Commission will have another month to give its final decision and set a reasonable implementation period.
Failure to comply with the non-compliance decision may lead to periodic penalty payments. The Commission continues to engage with X to ensure compliance with the decision and with the DSA more generally.
According to the Times, X’s response has been to call for the European Union to be disbanded. The Trump Administration has also criticised the fine.
