The European Commission has officially issued its first-ever penalty under the Digital Services Act (DSA), slapping Elon Musk’s X with a €120 million (approximately $140 million) fine. The sanction follows a two-year investigation into the platform’s systemic failures regarding transparency, content moderation, and data access.
Deceptive Design: The Blue Check Controversy
At the heart of the dispute is X’s “blue checkmark” system. Historically, the badge served as a verification tool to confirm the identity of public figures, journalists, and government officials. Under Musk’s leadership, this was transformed into a paid subscription feature. The European Union argues this design is inherently “deceptive.”
According to the Commission’s formal statement, the current system allows any user to purchase “verified” status without meaningful identity checks. This practice violates DSA mandates against deceptive design, as it prevents users from accurately assessing the authenticity of accounts and the content they consume, ultimately increasing risks of impersonation fraud and scams.
Transparency Failures in Advertising
Beyond the verification controversy, the EU regulator identified critical lapses in X’s advertising repository. The Commission highlighted that the platform imposes excessive delays on access requests and fails to disclose essential information, such as the specific content or topic of advertisements and the identities of those funding them.
These barriers prevent researchers and the public from scrutinizing potential risks within online advertising, undermining the transparency requirements intended to protect the digital ecosystem.
Barriers to Public Data Access
The DSA explicitly requires major online platforms to grant researchers access to public data to facilitate the study of systemic risks. The investigation concluded that X has actively obstructed this process.
“X’s processes for researchers’ access to public data impose unnecessary barriers, effectively undermining research into several systemic risks in the European Union,” the Commission noted. By limiting independent scrutiny, X has restricted the ability of the scientific community to analyze the platform’s impact on public discourse and safety.
Next Steps and Potential Sanctions
Henna Virkkunen, executive vice-president for Tech Sovereignty, Security and Democracy, stated, “Deceiving users with blue checkmarks, obscuring information on ads, and shutting out researchers have no place online in the EU.”
X is now under a strict regulatory timeline:
- 60 days: To provide a plan addressing the deceptive nature of the blue checkmark system.
- 90 days: To submit a comprehensive action plan correcting breaches related to ad transparency and researcher data access.
Failure to comply with these directives could lead to further escalation. Under the Digital Services Act, confirmed breaches can result in penalties reaching up to 6% of a company’s total global annual turnover.