← Back to Insights PL
Regulations 18 December 2025 · 4 min

DSA's First Major Fine — €120M for X (Twitter)

The Decision

On December 5, 2025, the European Commission issued its first non-compliance decision and fine under the Digital Services Act (DSA), penalizing X (formerly Twitter) €120 million for three distinct violations.

The Three Breaches

  • Deceptive design of blue checkmarks (€45M) — X Premium's "verified accounts" badge constituted deceptive design because X did not meaningfully verify account holders' identities. Users could pay for verification without any actual identity check, creating a misleading signal of trustworthiness.
  • Advertising transparency failures (€35M) — X's ad repository was missing key information including ad content, topics, payers, and targeting criteria. Accessing the repository involved excessive delays, undermining the transparency objectives.
  • Researcher data access barriers (€40M) — X imposed unnecessary barriers for researchers seeking to access public platform data, violating the DSA's data access provisions (Article 40).

Compliance Deadlines

X was given specific remediation deadlines:

  • 60 working days to address the deceptive blue checkmark design
  • 90 working days to submit an action plan for the remaining infringements

What This Means for Other Platforms

This is a landmark precedent. The DSA allows fines of up to 6% of global annual turnover — the €120M fine represents a fraction of what is possible for a company of X's size. Key takeaways:

  • Deceptive design is enforceable — dark patterns and misleading UI elements are not just UX issues; they carry regulatory consequences
  • Ad transparency is mandatory — incomplete or hard-to-access ad repositories violate the DSA
  • Researcher access is a right — platforms cannot create arbitrary barriers to data access
  • The Commission is willing to act — 14 investigations were already open by November 2025

Lessons for Platform Operators

  1. Review all verification badges — ensure any "verified" or "trusted" labels reflect genuine verification
  2. Audit your ad repository — must be comprehensive, accessible, and contain all mandatory fields
  3. Prepare for researcher requests — establish procedures for data access under Article 40
  4. Take DSA compliance seriously — enforcement is real and escalating

Want to ensure your platform is DSA-compliant? Schedule a compliance review.

Related articles

Author: Przemysław Kołakowski · Legal Counsel · Harbor Legal