According to TheRegister.com, the European Union has issued its first-ever Digital Services Act (DSA) fine, hitting Elon Musk’s X with a €120 million (about $140 million) penalty. The fine, announced on Friday, stems from X’s breaches of EU rules on advertising transparency, data access for researchers, and its overhauled blue-checkmark verification system. The European Commission stated that X’s system, which now grants blue checks to paying subscribers, violates DSA rules against deceptive design by misleading users about verification. The company was also cited for an ad repository with “barriers to access” and terms of service that prohibit researchers from independently scraping public data. X has 60 working days to address the blue-check issue and 90 days to fix the ad and researcher access problems, or face periodic penalty payments.
The Blue Check Bait-and-Switch
Here’s the thing about the blue check drama: it’s a perfect case study in unintended consequences. Musk basically turned a system meant for authenticity into a commodity. Before, a blue check was a signal—flawed, but a signal—that an account was who it said it was. Now? It just means someone paid $8. The EU isn’t fining X for changing the system. They’re fining them because the new system deceives users. The Commission’s point is brutal in its simplicity: you can’t claim users are “verified” when all you’ve verified is their credit card. That opens the door to impersonation and scams, which is exactly what we’ve seen. And let’s be honest, the platform’s current state of bot-filled chaos is a direct result of this policy. The DSA isn’t mandating how you verify people; it’s just saying you can’t lie about it.
Transparency, Or The Lack Thereof
The other half of this fine is arguably more important, even if it’s less flashy than the blue-check saga. X got nailed for making its ad repository hard to use and for blocking researcher access to public data. Why does that matter? Because without that transparency, no one can effectively study the platform. You can’t track disinformation campaigns, coordinated inauthentic behavior, or scam ads if the data is locked behind a wall. The Commission said X’s repository lacks critical info like who exactly paid for an ad. That’s a huge accountability gap. And prohibiting scraping? That’s a direct shot at the independent research community. The EU’s stance is clear: if you’re a “Very Large Online Platform” operating here, you have to be a subject of study, not a black box.
The TikTok Contrast And US Pushback
Now, the most fascinating part of this story might be the contrast with TikTok. On the exact same day X got whacked with a massive fine, TikTok entered into a binding agreement with the EU to fix its ad repository. No fine, just a commitment to get into compliance. That shows the DSA has a playbook: work with us, and we’ll work with you. Fight us, and you’ll pay. X, according to the Commission, “did not offer any formal commitments.” So they chose the hard way.
And of course, the US political reaction was swift and predictable. FCC Commissioner Brendan Carr called it Europe “taxing Americans,” while Senator JD Vance somehow framed it as a fine for “not engaging in censorship.” That last one is particularly ironic, given the fine is literally for restricting access to information. But it underscores the growing transatlantic tech rift. The EU’s response is a stone-cold classic of bureaucratic power: “We have the sovereign to legislate and to enforce our legislation.” Translation: Our house, our rules.
What This Means For The Future
This is just the opening salvo. The €120 million fine is a statement of intent. The DSA is now fully armed and operational. For every other VLOP—from Meta to Google to AliExpress—the message is unmistakable. The EU is willing to go first, and it’s willing to go big. This isn’t about petty cash for these companies; it’s about establishing a precedent of enforceable accountability.
So what’s next for X? They can either spend the next 60-90 days actually building a compliant ad library, a sane researcher access program, and maybe rethinking what “verified” actually means. Or, they can dig in, refuse to change, and start accruing those periodic penalty payments, which would be a spectacularly expensive act of defiance. My bet? We’ll see a lot of legal maneuvering and minimal compliance, just enough to technically check the boxes. But the era of social platforms operating as lawless frontiers is over in Europe. The sheriff has arrived, and he’s writing tickets.
