In a landmark enforcement action on [today], the European Commission fined Elon Musk’s platform X €120 million (£105 million) for what regulators called a deceptive verification scheme. The Commission concluded that allowing paid blue checkmarks without meaningful identity verification misleads users and raises the risk of impersonation and scams across the EU. The decision, issued under the Digital Services Act (DSA), requires X to present a plan to comply or face further periodic penalties. The move marks the Commission’s first formal finding of DSA non-compliance against a major platform.
Key takeaways
- The European Commission levied a €120m fine (about £105m) against X for misleading users over paid verification badges.
- Regulators said X failed to meaningfully verify accounts that pay for blue ticks, increasing impersonation and fraud risk for EU users.
- The ruling cites three issues: deceptive blue checkmarks, insufficient ad transparency, and restricted researcher access to public data.
- Henna Virkkunen, EU executive vice-president for tech sovereignty, framed the action as holding X accountable for undermining user rights.
- The decision is the Commission’s first DSA non-compliance finding, and X must outline corrective measures or face ongoing fines.
- U.S. political figures, including Vice President JD Vance, criticized the EU response as hostile to American companies and free speech.
- The verification changes trace to Musk’s takeover of Twitter in late 2022, when paid verification was tied to a Premium subscription.
Background
The Digital Services Act took effect to tighten platform obligations on content, advertising transparency and data access for researchers across the EU. It requires large platforms to manage systemic risks, be transparent about ads, and permit qualified research access to public data. After Elon Musk acquired Twitter in late 2022 and rebranded it X, the platform overhauled verification: a blue tick became tied to a paid Premium tier rather than identity confirmation.
Under X’s post-2022 system, an account seeking a blue check must show a display name and profile picture, confirm a phone number, and have been active in the prior 30 days; it also must not be ‘misleading or deceptive’ or engage in spam activity. Prior verification approaches on major platforms typically required independent proof of identity or public notability. Regulators, consumer groups and security researchers warned at the time that a paid tick could make impersonation easier and elevate misleading accounts.
Main event
The Commission announced its €120m sanction after determining that X’s paid verification practice ‘deceives users’ because the platform does not sufficiently verify who is behind accounts that buy blue ticks. Regulators said this created conditions that expose users to impersonation fraud and manipulation by malicious actors. The ruling additionally highlights shortcomings in ad transparency and limits on researchers’ access to public data, which the Commission viewed as aggravating factors.
Henna Virkkunen, the Commission’s executive vice-president for tech sovereignty, publicly framed the decision as accountability for undermining users’ rights and avoiding oversight. The Commission said the fine amount reflects the nature, gravity and duration of the infringements and is designed to enforce compliance with the DSA. X has been ordered to explain how it will bring its practices into line with EU law or face further periodic penalties.
The action represents the first formal determination of DSA non-compliance by the Commission against a large platform, signaling regulators’ readiness to apply the law’s sanctions. It follows months of scrutiny and public commentary from U.S. officials who warned European regulation could overreach. The BBC has approached X for comment; the company’s responses to the Commission’s findings will shape next steps, including potential appeals or operational changes in the EU market.
Analysis & implications
Operationally, X faces a choice: adjust its verification and transparency practices for EU users or risk repeated fines tied to enforcement deadlines. That could force platform-level changes—reinstating identity-based checks, improving ad labelling and granting researchers fuller access to public data sets. Those changes would affect product design and could reduce revenue tied to subscriptions if paid ticks are restricted or restructured for EU accounts.
Politically, the decision escalates friction between U.S. tech platforms and European regulators, highlighting divergent regulatory philosophies on speech, platform liability and consumer protection. U.S. officials’ public criticisms underscore transatlantic tensions; yet the ruling rests on consumer-safety and transparency grounds rather than content moderation alone. For other platforms, the decision signals that the DSA will be enforced and that paid features that mimic trust signals will attract scrutiny.
Economically, X built part of its revenue plan around monetising verification through subscriptions and promoting engagement for verified accounts. If the Commission forces stricter verification or revokes the visibility advantages of blue ticks, X may need to seek alternative monetisation paths or accept lower subscription uptake in the EU. For advertisers and partners, improved transparency could be welcome but may require new reporting and compliance investments.
Comparison & data
| Period | Verification basis | Key requirements |
|---|---|---|
| Before late 2022 | Identity/Notability checks | Proof of identity or public interest; platform-led verification |
| After late 2022 (X) | Paid subscription (Premium) | Display name, profile picture, confirmed phone number, activity in 30 days, no spam/misleading behaviour |
| DSA expectation | Risk-based safeguards & transparency | Meaningful verification where trust signals affect user decisions; ad transparency; researcher access |
The table contrasts verification approaches and the DSA’s expectations. Regulators emphasise that when a platform provides an on-site trust signal (like a blue tick), the signal must correspond to verifiable identity or clear standards so users are not misled. The Commission cited the mismatch between X’s paid tick and meaningful identity verification as central to its finding. Data access and advertising transparency were listed as compounding violations rather than standalone fines in this decision.
Reactions & quotes
EU officials framed the decision around user protection and accountability. The following excerpts capture official and political reactions and the contexts in which they were delivered.
“Holding X responsible for undermining users’ rights and evading accountability.”
Henna Virkkunen / European Commission (official)
The Commission made that statement as part of its public rationale for the sanction, emphasising that deceptive trust signals harm users and run counter to the DSA’s aims.
“The EU should be supporting free speech, not attacking American companies over garbage.”
JD Vance / U.S. Vice President (political)
U.S. political figures voiced concern that European enforcement could amount to punitive overreach against U.S. firms; Vance’s comment reflects broader political resistance in some U.S. quarters to stricter foreign tech regulation.
“This deception exposes users to scams, including impersonation frauds, as well as other forms of manipulation by malicious actors.”
European Commission (official statement)
The Commission used this language in its decision summary to link the verification policy to concrete user-harm scenarios investigators flagged during the inquiry.
Unconfirmed
- Whether X will immediately change its verification criteria across the EU or pursue a legal appeal remains unverified and dependent on the company’s internal decision-making.
- Reports that the Commission considered a larger fine before settlement are unconfirmed; the published decision cites the final €120m figure without detailing earlier calculations.
- It is unconfirmed how many EU users purchased Premium primarily to obtain a blue tick versus for other features; precise subscriber breakouts have not been publicly released.
Bottom line
The Commission’s €120m fine crystallises a regulatory limit: trust signals that look like identity verification must be backed by meaningful checks or clear consumer information. For X, the ruling forces a strategic reassessment in the EU—either to restore stricter verification and transparency or to face recurring penalties and potential reputational cost.
Broader implications extend beyond X: the decision signals that the DSA will be actively enforced and that product features monetising trust markers will receive careful regulatory scrutiny. Firms operating in multiple jurisdictions should expect divergent legal obligations and be prepared to tailor features, data access and ad transparency to meet EU standards.
Sources
- BBC News — news media report summarising the Commission decision and reactions.
- European Commission: Digital Services Act — official EU policy and enforcement framework (official).