Logo
EU’s First Digital Services Act Crackdown on X

EU’s First Digital Services Act Crackdown on X

How a paid blue check, missing ad transparency, and blocked researchers turned Elon Musk’s platform into the EU’s test case for its new online-safety law

Overview

On December 5, 2025, the European Commission issued its first-ever non‑compliance decision under the Digital Services Act (DSA), fining Elon Musk’s social platform X €120 million for misleading users with its paid blue checkmark system, failing to provide a transparent advertising repository, and obstructing researcher access to public data. Regulators concluded that X’s subscription-based ‘verified’ badge constitutes deceptive design because anyone can buy it without meaningful identity checks, while the platform’s ad library and data-access rules prevent independent scrutiny of scams, influence operations, and systemic online risks.

The penalty caps nearly two years of escalating DSA enforcement moves against X, from urgent warnings over Israel–Hamas war disinformation to a formal probe in December 2023 and preliminary findings in July 2024 that the service breached key transparency rules. The fine is modest compared with the law’s maximum sanctions—up to 6% of a platform’s global revenue—but it sets a precedent for how aggressively Brussels will police ‘dark patterns’ and accountability on very large online platforms, and it has already inflamed a broader transatlantic fight over whether the DSA protects users or chills American-style free speech.

12 Sources:
+6
European Commission Associated Press The Verge The Guardian Financial Times Reuters European Commission European Parliament CNBC European Commission European Parliament CNBC

Key Indicators

€120M
Fine imposed on X under the Digital Services Act
First-ever DSA non‑compliance penalty, targeting deceptive blue checks, ad-transparency failures, and blocked researcher access to data.
3
Core transparency breaches cited
Deceptive blue checkmark design, lack of a compliant advertising repository, and failure to provide public data access for eligible researchers.
6%
Maximum share of global revenue at risk
Under the DSA, repeat or serious violations can draw fines up to 6% of worldwide annual turnover—far above X’s initial €120M penalty.
~23 months
Formal investigation duration before first fine
From the opening of DSA proceedings against X on December 18, 2023, to the non‑compliance decision on December 5, 2025.

People Involved

Elon Musk
Elon Musk
Owner of X; CEO of xAI; Tech Entrepreneur (Challenging EU enforcement and facing ongoing DSA probes)
Henna Virkkunen
Henna Virkkunen
European Commission Executive Vice-President for Tech Sovereignty, Security and Democracy (Lead political face of DSA enforcement against X)
Thierry Breton
Thierry Breton
European Commissioner for the Internal Market (Digital Policy Lead during early DSA enforcement) (Early enforcer who escalated pressure on X over disinformation risks)
Margrethe Vestager
Margrethe Vestager
Former Executive Vice-President for a Europe Fit for the Digital Age; Competition and Digital Policy Leader (Shaped early DSA enforcement theory applied in the X case)
Linda Yaccarino
Linda Yaccarino
CEO of X (Operational lead responding to EU demands and crisis letters)
J.D. Vance
J.D. Vance
Vice President of the United States (Trump administration) (Leading U.S. political critic of the DSA fine on X)
Marco Rubio
Marco Rubio
U.S. Secretary of State (Trump administration) (Diplomatic critic of EU’s DSA enforcement)

Organizations Involved

X (formerly Twitter)
X (formerly Twitter)
Corporation
Status: Subject of EU DSA non‑compliance decision and ongoing investigations

X is a global social media and microblogging platform owned by Elon Musk, designated by the EU as a very large online platform subject to heightened obligations under the Digital Services Act.

European Commission
European Commission
EU Executive
Status: Lead DSA enforcer for very large platforms including X

The European Commission is the executive branch of the European Union, responsible for proposing legislation and enforcing EU law, including the Digital Services Act.

Timeline

  1. Political backlash: U.S. officials and Musk denounce DSA fine

    Political Reaction

    Soon after the fine is announced, U.S. Vice President J.D. Vance and Secretary of State Marco Rubio accuse the EU of punishing X for not censoring speech and attack the DSA as an assault on American tech firms. Elon Musk echoes their criticism on X. EU officials, including Virkkunen, insist the action concerns transparency and deceptive design, not viewpoints or censorship. Several EU national ministers praise the fine as overdue, while some digital-rights advocates argue the penalty is still too small to change behavior.

  2. Commission fines X €120M in first-ever DSA non‑compliance decision

    Legal Action

    The European Commission fines X €120 million after concluding that the platform violated DSA transparency obligations in three areas: deceptive design of the blue checkmark, failure to provide a compliant and accessible advertising repository, and obstruction of researcher access to public data. X is given 60 working days to present measures addressing the blue check design and 90 days to remedy ad and data-access failures, or face higher penalties, potentially up to 6% of global revenue.

  3. EU finds Meta and TikTok breached transparency rules, signaling wider DSA reach

    Regulatory Finding

    The Commission announces that Meta and TikTok have violated certain DSA transparency requirements, but moves short of immediate fines and leaves room for commitments. The action contextualizes the X case as part of a broader regulatory push, though X remains first in line for a formal non‑compliance decision.

  4. Commission scales up DSA enforcement capacity amid multiple probes

    Institutional Capacity

    The Commission highlights its growing DSA enforcement team—aiming for about 200 staff—and notes that formal investigations are underway into X, Meta, TikTok, AliExpress, and Temu. Officials say the X case, with its advanced procedural stage, is a priority for clarifying how the DSA will be applied in practice.

  5. Virkkunen reiterates ongoing DSA investigation into X

    Public Statement

    Executive Vice-President Henna Virkkunen tells the European Parliament that on July 12, 2024 the Commission informed X of its preliminary view that it had breached DSA obligations related to dark patterns, advertising transparency, and researcher data access. She stresses that all actions follow due process and remain subject to judicial review.

  6. Commission confirms preliminary view of X’s DSA breaches to Parliament

    Public Statement

    In a written answer to MEPs, Executive Vice-President Margrethe Vestager confirms that the Commission’s preliminary view is that X failed to comply with DSA rules on dark patterns, ad transparency, and researcher data access. She notes that investigations into illegal content and information manipulation are still ongoing.

  7. Preliminary findings: X misleads users and fails on transparency

    Regulatory Finding

    After months of investigation, the Commission sends X preliminary findings stating that the platform violates DSA transparency duties. Officials say X uses ‘dark patterns’ in its blue check interface that deceive users, lacks a searchable and reliable ad repository, and blocks or burdens researcher access to public data—each a potential breach that could lead to fines up to 6% of global revenue.

  8. Commission opens first formal DSA proceedings, targeting X

    Investigation

    The European Commission opens formal infringement proceedings against X, the first such case under the DSA. The probe focuses on four areas: illegal-content risk management and notice systems; information manipulation and the effectiveness of Community Notes; transparency measures, including the ads repository and data access for researchers; and suspected deceptive design related to blue checkmarks.

  9. EU issues urgent DSA warning to Musk over Israel–Hamas disinformation

    Regulatory Warning

    Following the Hamas attacks on Israel and a surge of fake and repurposed war footage on social media, Commissioner Thierry Breton sends Elon Musk an urgent letter warning that X appears to be disseminating illegal content and disinformation in the EU. Breton reminds Musk of DSA duties on content moderation and crisis protocols and threatens potential fines of up to 6% of global revenue or an EU blackout for non‑compliance.

  10. DSA obligations take effect for very large platforms including X

    Regulatory Milestone

    Key provisions of the Digital Services Act enter into force for very large online platforms and search engines with more than 45 million EU users, including X. The law bans deceptive interface design, requires transparent ad repositories, and mandates data access for vetted researchers, laying the legal foundation for later enforcement against X’s blue checks, ads, and data policies.

  11. Legacy blue checks removed; paid badges become the norm

    Platform Design Change

    Twitter strips most legacy verified accounts of their blue checkmarks and requires users to pay for Twitter Blue (now X Premium) to retain or obtain a badge. Previously, verification denoted that Twitter had vetted account identity; now, nearly anyone who pays and verifies a phone number can display a blue check, increasing impersonation risks and confusing users about authenticity.

  12. Elon Musk acquires Twitter and signals overhaul of verification

    Corporate Change

    Elon Musk completes his $44 billion acquisition of Twitter, later rebranded as X. Shortly afterward he moves to replace the legacy, identity-based blue check system with a paid subscription model, foreshadowing the ‘deceptive design’ concerns that will later trigger DSA enforcement.

Scenarios

1

X Complies Under Protest and the DSA Model Solidifies

Discussed by: European Commission officials, EU digital-policy experts, and outlets such as the Financial Times and The Verge

In this scenario, X pays the €120 million fine, submits a DSA compliance plan within the 60–90 day deadlines, and ultimately implements meaningful changes: clarifying that blue checks do not imply identity verification or adding more robust ID checks; rebuilding its ad repository to meet DSA standards; and opening controlled but usable data-access channels for vetted researchers. Musk and U.S. political allies continue to frame the changes as coerced censorship, but internally X adjusts its product design and data architecture to avoid steeper penalties that could reach up to 6% of global revenue. The EU hails the case as proof the DSA can reshape platform design, and other firms—watching X’s outcome—pre‑emptively align their own interfaces, ad libraries, and research APIs with DSA expectations.

2

Protracted Legal Battle and Escalating Fines

Discussed by: Legal analysts quoted by Reuters, FT, and tech-policy think tanks drawing parallels to long-running EU antitrust and GDPR cases

Here X partially implements cosmetic fixes but resists deeper changes and files a legal challenge before the EU courts, arguing that the DSA is being misapplied or conflicts with free-expression principles. The Commission determines that X has not adequately remedied the deceptive blue check design, ad repository, or researcher data access and responds with larger follow‑on fines or periodic penalty payments, citing its power to sanction up to 6% of global turnover for serious non‑compliance. Litigation drags on for years, similar to Google’s appeals over Android antitrust fines and Meta’s challenges to billion-euro GDPR decisions, while X operates in a grey zone under interim measures and mounting financial and reputational risk in Europe.

3

X Scales Back or Exits the EU Market

Discussed by: Commentators speculating on Musk’s willingness to geo-block services rather than submit to EU rules, drawing on his confrontational posture toward regulators

In a more extreme outcome, Musk concludes that complying with DSA transparency and design rules undermines his vision for X or is not economically worthwhile given the platform’s EU revenue share. After further clashes or threatened multi‑billion‑euro penalties, X sharply limits features in the EU, geo‑blocks access to some or all services, or refuses to serve EU ads, effectively downgrading its European presence. The move would echo threats occasionally made by tech firms in response to GDPR or Australian media laws, but at far greater scale. It would trigger fierce political backlash in Europe, accelerate efforts to promote domestic or alternative platforms, and reinforce the EU’s willingness to sacrifice access to some U.S. services in order to enforce its digital-regulatory model.

4

Transatlantic Tech-Regulation Rift Spurs a Political Deal

Discussed by: International-relations and trade analysts, plus coverage in Reuters and European policy outlets linking digital rules to wider EU–U.S. tensions

Because the X fine coincides with U.S. accusations that the DSA is protectionist and threats to tie EU digital policy to trade concessions, the dispute could escalate into a broader regulatory rift. In this scenario, sustained pressure from Washington and European business lobbies leads to an attempt at a political understanding: the EU maintains core DSA principles but issues guidance clarifying limits on its reach, while the U.S. agrees not to pursue aggressive trade retaliation and begins its own debate over platform transparency rules. X still must meet baseline DSA obligations, but some interpretative issues—such as how far dark-pattern rules reach, or how researcher access can be balanced against security—are settled in a more negotiation-like process rather than pure litigation.

Historical Context

GDPR Mega-Fines Against Meta Over Data Transfers

2018–2023

What Happened

Under the EU’s General Data Protection Regulation (GDPR), Meta’s Facebook service was fined a record €1.2 billion in 2023 for transferring EU user data to the United States without adequate safeguards, after a long-running legal battle over transatlantic data flows. Regulators ordered Meta to suspend certain data transfers and bring processing into compliance, while the company appealed and warned of potential service disruptions if no new legal framework emerged.

Outcome

Short term: Meta faced immediate financial penalties and tight deadlines to adjust its data-transfer mechanisms, while lobbying heavily for a new EU–U.S. data framework.

Long term: The case entrenched the idea that EU digital rules can reshape global tech practices via large fines and compliance deadlines, even against dominant U.S. firms—providing a template for how the DSA is now being used against X.

Why It's Relevant

The Meta GDPR saga shows that the EU is willing to impose billion-euro penalties and force technical changes in how U.S. platforms handle data, even amid intense transatlantic political pressure. The X case extends this approach from privacy into platform design and transparency, suggesting that if X resists, the Commission could escalate far beyond the initial €120 million fine.

EU Antitrust Fines Against Google Over Android

2011–present (key fine in 2018; appeals ongoing)

What Happened

In 2018, the European Commission fined Google €4.34 billion for abusing its dominance in the Android mobile operating system, requiring manufacturers to pre-install Google Search and Chrome to access the Play Store and restricting alternative Android forks. Google appealed, but EU courts have largely upheld a slightly reduced fine of about €4.1 billion, and additional antitrust cases have followed.

Outcome

Short term: Google had to change licensing terms and unbundle some apps in Europe, while continuing to fight the fines in court. The record penalty signaled that EU competition law could force structural changes to digital ecosystems.

Long term: Even years later, appeals remain underway, but the basic finding stands and has shaped how both regulators and companies think about EU power over platform design. The DSA’s enforcement against X echoes this pattern: detailed investigations, large but potentially appealable fines, and design remedies that reach deep into the product.

Why It's Relevant

The Android and other Google cases demonstrate that EU regulatory decisions can endure years of legal challenge while still reshaping global product strategies. The X DSA fine is smaller in absolute terms but operates in a similar mold, with threats of higher penalties and binding design changes if the company fails to comply.

Germany’s Network Enforcement Act (NetzDG)

2017–present

What Happened

Germany’s Network Enforcement Act (NetzDG) requires large social networks to remove ‘clearly illegal’ content within 24 hours and other illegal material within seven days or face fines up to €50 million. Platforms must also issue regular transparency reports about how they handle takedowns. The law, aimed at combating hate speech and illegal content, has been criticized for encouraging over-removal and effectively outsourcing legal judgments to private platforms.

Outcome

Short term: Major platforms created dedicated German takedown workflows and transparency reporting mechanisms to avoid fines, demonstrating their willingness to adjust practices for a single large EU member state.

Long term: NetzDG became an early, national-level prototype for regulating platform responsibility and transparency. Its perceived shortcomings—especially overbroad removals and fragmented enforcement—helped motivate an EU‑wide framework, which materialized as the DSA.

Why It's Relevant

NetzDG shows both the power and the risks of platform-liability laws. The DSA, and its enforcement against X, attempts to correct for those risks by emphasizing transparency, systemic-risk assessments, and due process rather than direct content quotas. The X fine, focused on deceptive design and ad/data opacity rather than individual posts, illustrates how Brussels is trying to steer away from content-by-content censorship while still imposing strong obligations.