The European Commission has issued a fine of €120 million to Elon Musk’s X service for the ‘deceptive’ design of its blue checkmark and breaching transparency obligations under EU internet rules.
The Commission says X’s breaches of the EU Digital Services Act (DSA) include obscuring information on ads and a failure to provide access to public data for researchers.
“The DSA restores trust in the online environment,” said EC executive vice-president Henna Virkkunen: “With the DSA’s first non-compliance decision, we are holding X responsible for undermining users’ rights and evading accountability.”
According to the Commission, X’s use of the ‘blue checkmark’ for ‘verified accounts’ deceives users. This is a violation of a DSA obligation for online platforms to prohibit deceptive design practices on their services.
On X, anyone can pay to obtain the ‘verified’ status without the company meaningfully verifying who is behind the account, making it difficult for users to judge the authenticity of accounts and content they engage with. The Commission says this deception exposes users to scams, including impersonation frauds, as well as other forms of manipulation by malicious actors. While the DSA does not mandate user verification, it clearly prohibits online platforms from falsely claiming that users have been verified, when no such verification took place.
The second breach is a ‘lack of transparency of X’s ads repository’. The EU executive says X’s advertisement repository fails to meet the transparency and accessibility requirements of the DSA. Under the DFSA, accessible and searchable ad repositories are viewed as critical for researchers to detect scams, hybrid threat campaigns, coordinated information operations and fake advertisements.
The Commission says X incorporates design features and access barriers, such as excessive delays in processing, which undermine the purpose of ad repositories. X’s ads repository also lacks critical information, such as the content and topic of the advertisement, as well as the legal entity paying for it. This hinders researchers and the public to independently scrutinise any potential risks in online advertising.
X fails to meet its DSA obligations to provide researchers with access to the platform’s public data. X’s terms of service prohibit eligible researchers from independently accessing its public data, including through scraping. The EU says X’s processes for researchers’ access to public data impose unnecessary barriers, effectively undermining research into several systemic risks in the European Union.
The fine issued by the Commission was calculated taking into account the nature of these infringements, their gravity in terms of affected EU users, and their duration.
This is the first non-compliance decision under the EU’s DSA rules.
X now has 60 working days to inform the Commission of specific measures it intends to take to bring to an end the infringement, related to the deceptive use of blue checkmarks.
X has 90 working days to submit an action plan setting out necessary measures to address the infringements.
