In its first DSA penalty, EU fines X €120M for ‘deceptive’ blue check verification system

The European Commission (EC) has issued its first-ever fine under the EU’s landmark Digital Services Act (DSA) — and the penalty is directed at Elon Musk’s platform, X.

The EC argues that X misled users by allowing anyone to purchase a blue checkmark, a symbol historically associated with identity verification. The regulator stated that this paid system violates the DSA because it fails to meet transparency standards.

On Friday, the European Union’s executive body confirmed a €120 million (approximately $140 million) fine against X, criticising the blue check program as a “deceptive design practice.” The Commission also found additional violations, including shortcomings in X’s advertising transparency tools and failures to provide researchers access to public data.

Before Elon Musk acquired the company, Twitter awarded blue checkmarks to journalists, public figures, politicians, and celebrities after verifying their identities. In 2023, Musk eliminated that verification process, making the blue badge a benefit of the X Premium subscription. Today, the checkmark only confirms that a user has paid for the service and meets minimal requirements, such as having a profile photo, a display name, and linking a phone number.

The EEC emphasised in its statement:

“X’s use of the ‘blue checkmark’ for ‘verified accounts’ deceives users. Anyone can pay for ‘verified’ status without meaningful identity checks, making it harder for users to assess the authenticity of accounts or content.”

The Commission said this system increases risks of impersonation, scams, fraud, and manipulation.

Additional violations identified by the EC

1. Advertising Transparency Failures
The EC found that X’s ads repository does not comply with DSA rules. According to the investigation, the platform delays access to data and omits key information, such as:

• Who paid for the advertisement
• The nature and topic of the ad
• Essential context needed for public scrutiny

These gaps make it harder for researchers and the public to assess potential risks from online advertising.

2. Blocking Researcher Access
The DSA requires large platforms to grant researchers access to public data to study systemic risks. The EC determined that X places unnecessary barriers that prevent independent research.

The regulator wrote:

“X’s processes for researcher access impose obstacles that undermine the study of systemic risks in the EU.”

A multi-year investigation reaches a decisive moment

This ruling follows a two-year inquiry launched by the EC into potential violations involving risk management, transparency, content moderation, dark patterns, advertising integrity, and researcher data access.

Henna Virkkunen, EU Executive Vice President for Tech Sovereignty, Security, and Democracy, stated:

“Deceiving users with blue checkmarks, obscuring advertising information, and shutting out researchers have no place online in the EU.”

Next steps for X

The company now faces strict deadlines:

• 60 days to present a plan to fix the deceptive blue checkmark issue
• 90 days to outline steps addressing advertising transparency and researcher data access violations

If X fails to comply, the EU may impose harsher penalties. Under the DSA, platforms can face fines up to 6% of their global annual revenue.