If a user pays for a badge that implies identity, but the platform only verifies their credit card, is that a service or a scam? The European Commission has decided it is the latter. In a landmark decision – the first of its kind under the Digital Services Act (DSA) – the Brussels executive has fined Elon Musk’s X €120 million. The charge? Deceiving users with “dark patterns” and blocking the researchers trying to figure out what is really happening on the platform. The reaction from the platform’s owner was swift and characteristic: a demand to “Abolish the EU” and the immediate retaliatory blocking of the Commission’s own advertising account.

European Commission – Press release

The Parties: The European Commission (acting as the primary enforcer of the DSA) vs. X (formerly Twitter), a designated Very Large Online Platform (VLOP) serving approximately 102 million active monthly users in the EU.

The Origin: The dispute emanated from the “chaos era” of X following its 2022 acquisition. On 18 December 2023, the Commission opened formal proceedings. After a nearly two-year investigation, the Commission concluded that X’s “compliance” was largely performative.

The Financial Breakdown:
The €120 million fine is not a lump sum but a calculated aggregate of three specific failures:

• €45 million for the “deceptive design” of the Blue Checkmarks.
• €40 million for failing to provide researchers with legally required data access.
• €35 million for insufficient transparency in the advertising repository.

At the Berlaymont (The Legal Reasoning)

The Commission’s decision is built on the plank of law that “transparency is the price of market access.” The investigators were stymied by X’s refusal to align its architecture with EU norms.

1. The “Blue Checkmark” Deception (Article 25 DSA)
The Commission found that X’s interface manipulated users. Historically, the “Blue Tick” was a sign of identity verification (a status symbol for journalists, officials, and celebrities). X changed this to a paid feature ($8/month).

• The Conflict: The Commission argued this was a “dark pattern.” By using a symbol universally associated with authenticity for a purely commercial subscription, X misled millions of users. It was not clear to the average scroller whether an account was “verified” or simply “funded.”
• The Statistic: The Commission noted that this design choice affected 100% of the platform’s EU user base, exposing them to higher risks of impersonation scams.

2. The “Black Box” Ad Repository (Article 39 DSA)
The DSA mandates that VLOPs must maintain a searchable repository of all ads to allow civil society to monitor election interference and disinformation.

• The Difficulty: Compounding the difficulty for regulators, X’s repository was found to be “labyrinthine.” It lacked critical metadata – specifically the identity of the legal entity paying for the ad.
• The Finding: The Commission ruled that a repository that is technically “online” but functionally unusable (due to delays and missing fields) does not satisfy Article 39.

3. Locking Out the Watchdogs (Article 40 DSA)
Perhaps the most contentious point was X’s hostility toward academic scrutiny.

• The Barrier: X’s Terms of Service effectively banned researchers from scraping public data. Furthermore, the API access fees were deemed “dissuasive” – priced so high that independent universities could not afford them.
• The Consequence: By blinding the researchers, X effectively shielded itself from independent risk assessment regarding hate speech and hybrid threats.

The Penalty & Next Steps

The Fine: €120 million (approx. 4.5% of X’s estimated EU-attributable revenue, though well below the global 6% cap).

The Ultimatum:

• 60 Days: To rectify the “deceptive” blue checkmarks.
• 90 Days: To overhaul the ads repository and grant API access to vetted researchers.
• The Retaliation: In a move that may trigger further “non-cooperation” fines, X deactivated the European Commission’s ad account shortly after the decision was docketed.

Comment

This is the DSA’s first real bite. It sends a chilling signal to other VLOPs (like Meta and TikTok) that “compliance” cannot be a box-ticking exercise. The breakdown of the fine reveals that the Commission places nearly equal weight on Researcher Access (€40m) as it does on Consumer Protection (€45m).

Against that backdrop, the decision sets a vital precedent: “Design” is now a legal battlefield. If your UI tricks the user, or if your API pricing is a de facto ban on scrutiny, the Commission is willing to fine you for it.