Brussels, 5 December 2025 – The European Commission today imposed a €120 million fine (approximately $140 million) on X Corp, the social media platform formerly known as Twitter, for systematic violations of the European Union’s Digital Services Act (DSA). The penalty, confirmed after a two-year investigation, marks the first time the bloc has used its flagship digital rulebook to sanction one of the world’s largest online platforms.
In a 187-page decision, the Commission accused X of three distinct and continuing breaches of the DSA’s transparency and accountability obligations:
- Operating a “deceptive” blue-check verification system
- Maintaining an inadequate and opaque advertising transparency repository
- Denying researchers meaningful access to public data
Commissioner for the Internal Market, Thierry Breton, described the infringements as “serious, prolonged and affecting more than 150 million EU users.” While €120 million is modest compared with the theoretical maximum of 6 % of X’s global annual turnover (which would exceed $3 billion), the fine is intended as a deterrent and a clear signal that the DSA has teeth.
The Core of the Case: A: The Blue Checkmark “Deception”
When Elon Musk acquired Twitter in October 2022, one of his first major changes was to turn the blue verification checkmark — previously reserved for notable public figures after manual review — into a paid subscription perk under the rebranded “X Premium” (formerly Twitter Blue).
Any user willing to pay $8 per month (later raised in most markets) could obtain the same blue tick that had for years signalled authenticity. Identity verification was limited to a phone number and credit-card payment; no proof of real name or notability was required.
The Commission ruled that this design choice is inherently deceptive under Article 26 of the DSA, which prohibits “dark patterns” and practices that mislead users about the reliability or authority of an account.
“By decoupling the blue checkmark from any meaningful verification process,” the decision reads, “X created a system in which malicious actors can purchase the appearance of legitimacy for a trivial fee. This has facilitated large-scale impersonation fraud, phishing campaigns, cryptocurrency scams, and coordinated disinformation operations targeting EU citizens.”
The ruling cites dozens of documented cases between November 2022 and mid-2025 in which scammers used paid blue ticks to impersonate politicians, central banks, pharmaceutical regulators, and major corporations. One particularly damaging campaign in early 2024 saw fake accounts bearing verified checkmarks spread false information about COVID-19 vaccine recalls, reaching an estimated 47 million impressions in the EU-27 before removal.
The Core of the Case B: A Broken Advertising Transparency Repository
Under Articles 39 and 40 of the DSA, very large online platforms (VLOPs) must maintain a publicly searchable repository containing detailed information about every active advertisement: the advertiser’s identity, the content of the ad, targeting parameters, reach, and spend.
Investigators found X’s repository to be “systematically incomplete, inaccurate, and unfit for purpose.” Key failures included:
- Missing or falsified advertiser identities (often listed simply as “X Corp” or generic payment processors)
- Absence of meaningful targeting criteria (e.g., “interests: politics” with no further breakdown)
- No disclosure of political or issue-based advertising during multiple national and European Parliament election cycles
- Ads removed for violating X’s own policies remaining visible in the repository without explanation
The Commission concluded that these shortcomings “severely impair the ability of regulators, journalists, and civil society to detect and counter covert influence campaigns and fraudulent advertising.”
The Core of the Case C: Blocking Researchers
Article 40 of the DSA obliges platforms to provide eligible researchers with access to public data necessary for systemic risk assessments. After initially complying in 2023 through an expensive paid API tier, X abruptly raised prices in early 2024 to $42,000 per month for basic access and later restricted even free academic access to a few months afterward.
The decision describes this as a “de facto refusal” to comply, noting that fewer than five independent European research teams were able to obtain data between mid-2024 and the present day. The Commission argues this has blinded oversight bodies to emerging risks, particularly during the 2024–2025 wave of AI-generated disinformation.
X’s Defense and the Political Firestorm
In its formal response submitted in September 2025, X argued that:
- The blue checkmark is now clearly labelled as a “Premium subscription indicator,” not a verification mark
- Paid verification is an industry-standard monetisation practice (citing LinkedIn and YouTube)
- Advertising transparency tools meet the legal minimum and have been iteratively improved
- Researcher access restrictions were necessary to prevent abuse and protect user privacy
The Commission rejected each of these arguments, stating that a label added only in 2024 does not retroactively cure two years of deception, that no other platform equates payment with authenticity, and that X’s pricing rendered researcher access illusory.
The ruling has ignited fierce transatlantic controversy. United States Vice President JD Vance called the fine “straight-up censorship by Brussels bureaucrats” and vowed that the incoming Trump administration would “push back hard against foreign regimes trying to regulate American speech.” Several Republican lawmakers have revived proposals for a “Digital Iron Curtain Act” that would prohibit U.S. companies from complying with certain EU content-moderation demands.
Elon Musk has remained relatively restrained on the platform itself, posting only a single retweet of a meme showing the EU flag morphing into the Soviet hammer and sickle, captioned “History rhymes.”
What Happens Next?
X has 30 days to pay the fine or lodge an appeal with the EU General Court in Luxembourg. Legal experts expect an appeal, which could drag the case out for years. In the meantime, the Commission has issued a separate cease-and-desist order requiring X to:
- Reinstate a meaningful verification process separate from paid subscriptions by 1 March 2026
- Bring its ad repository into full compliance within 90 days
- Offer free, good-faith data access to vetted researchers within 60 days
Failure to comply could trigger daily penalties of up to 5 % of X’s average daily worldwide turnover — a figure that would rapidly dwarf today’s €120 million sanction.
A Turning Point for Platform Regulation
Today’s decision is widely seen as the opening shot in a broader EU enforcement campaign. Parallel DSA investigations into Meta, TikTok, and Alibaba’s AliExpress are at advanced stages, with decisions expected in 2026.
For the first time, a regulator has formally declared that monetising authenticity itself can constitute an illegal deceptive practice — a precedent that could reshape verification systems across the internet.
Whether the EU’s assertive stance will force genuine change at X, provoke a full-scale corporate exodus from the European market, or simply harden the emerging divide between American and European visions of online speech remains one of the defining questions of the coming year.