The European Commission has imposed its first fine under Europe’s landmark Digital Services Act (DSA), and it’s against Elon Musk’s X.
The EC is taking issue with the fact that X, the social network formerly known as Twitter, has been allowing anyone to buy a “blue checkmark,” the platform’s long-standing symbol, which used to indicate that a user has been verified to be who they are claiming to be.
Calling the design of the blue checkmark system “deceptive,” the European Union’s executive arm on Friday imposed a fine of €120 million (about $140 million) on X, saying the company had breached its transparency obligations under the DSA.
The Commission said other breaches of the law include a lack of transparency of X’s advertising repository and failure to provide researchers access to public data.
Before Musk bought the company, Twitter used to issue blue checks to journalists, celebrities, politicians, and public figures on the platform after it had verified their identity. Musk did away with that policy in 2023, and all the “verified” blue check today indicates is that a user subscribes to X Premium, and that they meet certain eligibility criteria, like having a profile photo, a display name, and having linked their account to a phone number.
“X’s use of the ‘blue checkmark’ for ‘verified accounts’ deceives users,” the Commission wrote in a statement. “This violates the DSA obligation for online platforms to prohibit deceptive design practices on their services. On X, anyone can pay to obtain the ‘verified’ status without the company meaningfully verifying who is behind the account, making it difficult for users to judge the authenticity of accounts and content they engage with.”
The Commission added that such a system exposes users to scams, impersonation fraud and manipulation.
Techcrunch event
San Francisco
|
October 13-15, 2026
The regulator also found that X’s advertisement repository doesn’t comply with DSA requirements for transparency and accessibility, saying the company imposes excessive delays in processing requests for access. The Commission also said the ads repository doesn’t house information like the content or topic of ads, as well as who paid for those ads.
“This hinders researchers and the public to independently scrutinise any potential risks in online advertising,” the Commission wrote.
Access to public data is another area of concern for the EU. The DSA mandates that public platforms allow researchers access to public data to study systemic risks, and the EC’s investigation has found that X does not allow researchers to independently access its public data.
“Moreover, X’s processes for researchers’ access to public data impose unnecessary barriers, effectively undermining research into several systemic risks in the European Union,” the EC wrote.
The decision comes two years after the EC launched an investigation into the company on the suspected breach of rules linked to risk management, content moderation, dark patterns, advertising transparency, and data access for researchers.
“Deceiving users with blue checkmarks, obscuring information on ads, and shutting out researchers have no place online in the EU,” Henna Virkkunen, executive vice-president for Tech Sovereignty, Security and Democracy at the European Commission, said in a statement.
X now has 60 days to outline how it intends to address the complaint about the blue checkmarks, and 90 days to respond with an action plan for addressing the breaches relating to ads and public data transparency, and accessibility.
Confirmed breaches of the DSA can face a range of major sanctions, including fines of up to 6% of global annual turnover.
