EU Fines X €120 Million for DSA Violation Over ‘Deceptive’ Blue Check Verification
Ddos 
The European Commission has recently imposed a substantial penalty on X for violating the Digital Services Act (DSA), concluding that the platform breached three transparency requirements. As a result, X has been fined €120 million (approximately $140 million).
The ruling chiefly targets X’s highly contentious Blue Check verification system, along with deficiencies in its advertising-transparency database and its restrictions on researchers’ access to public data.
At the heart of the Commission’s findings is the design of the Blue Checkmark itself. Under Twitter’s previous regime, the blue badge signified that an account had undergone official verification. After Elon Musk’s acquisition of the platform, however, the system shifted to a paid subscription model — effectively allowing anyone to purchase the badge.
According to the EU, this constitutes a “deceptive design”, one that prevents users from knowing whether the person they are interacting with is genuine, thereby exposing them to heightened risks of scams and impersonation. The Commission stressed: “Although the DSA does not mandate user verification, it explicitly prohibits platforms from falsely suggesting that users are verified when no such verification has occurred.”
In addition to the Blue Check issue, the Commission identified two further violations:
- Insufficient advertising transparency: X’s ad library, the EU found, contains “design features and access barriers” that make it difficult for the public to determine who is behind advertisements or to identify fraudulent or harmful activity. The platform has failed to provide adequate information about ad content and the entities paying for it.
- Unlawful restrictions on research access: The DSA requires platforms to make public data accessible to qualified researchers. The EU alleges that X imposed unnecessary limitations that directly obstruct research into systemic risks within the Union.
This marks the first enforcement action under the DSA specifically addressing the Blue Check verification scheme. X now has 60 working days to respond to the Commission’s findings regarding the badge system, and 90 days to submit a meaningful action plan detailing how it intends to remedy deficiencies in its advertising transparency database and research-data access. Failure to comply may result in additional fines.
Related Posts:
- EU Charges Meta and TikTok with Widespread DSA Violations
- EU Targets Musk’s X with Potential $1B Fine for Violating Digital Services Act
- Dutch Court Orders Meta to Fix Algorithmic Feed, Citing DSA Violation
- YouTube, Snapchat, TikTok Ordered to Reveal Recommender System Details Amid DSA Crackdown
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
