On 4 December, the Commission fined X €120 million for violating transparency obligations under the Digital Services Act (DSA). The violations included the misleading design of its ‘blue checkmark,’ lack of transparency in its advertising, and failure to provide public data access for researchers.
“Deceiving users with blue checkmarks, obscuring information on ads and shutting out researchers have no place online in the EU. The DSA protects users. The DSA gives researchers the way to uncover potential threats. The DSA restores trust in the online environment. With the DSA’s first non-compliance decision, we are holding X responsible for undermining users’ rights and evading accountability,” said Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy.
On 18 December 2023, formal proceedings began to investigate whether X breached the DSA regarding illegal content dissemination and ineffective measures against information manipulation. This investigation includes issues of deceptive design and insufficient data access. Preliminary findings were issued on 12 July 2024, followed by a non-compliance decision on 4 December 2025.
X’s use of the blue checkmark for verified accounts misleads users and violates the DSA by allowing anyone to pay for verification without proper identity checks. This creates challenges for users in assessing account authenticity and exposes them to scams like impersonation fraud.
While the DSA does not mandate user verification, it prohibits platforms from falsely claiming verification when it hasn’t occurred. Additionally, X’s ad repository fails to meet DSA transparency requirements, lacking essential details about the advertisements, such as their content and the paying entity. These shortcomings hinder researchers from effectively identifying scams and assessing risks in online advertising.
Moreover, X restricts researchers’ access to public data, making it challenging to investigate systemic risks within the European Union. The fine issued today reflects the severity and duration of these violations. This is the first non-compliance decision under the DSA.
X has 60 working days to notify the Commission of the measures it will take to address the infringement of Article 25(1) of the DSA concerning the deceptive use of blue checkmarks. Additionally, X has 90 working days to submit an action plan outlining remedies for violations of Articles 39 and 40(12) related to the advertising repository and access to public data for researchers.
The Board of Digital Services will have one month to provide its opinion on the action plan, after which the Commission will take another month to reach a final decision and set an implementation timeline. Non-compliance may lead to periodic penalties. The Commission is working with X to ensure compliance with the DSA.
