According to TechCrunch, the European Commission has imposed its first-ever fine under the Digital Services Act (DSA), hitting Elon Musk’s X with a €120 million penalty. The fine, announced on Friday, centers on X’s “deceptive” blue checkmark verification system, which the EU says misleads users about account authenticity. The Commission also cited breaches for X’s non-compliant advertising repository, which lacks key info and has excessive access delays, and for failing to provide researchers with access to public data. X now has 60 days to address the blue check complaint and 90 days to submit an action plan for the ad and data transparency issues. Confirmed DSA breaches can lead to fines of up to 6% of a company’s global annual turnover.
The core deception
Here’s the thing: the EU’s argument is pretty straightforward and hard to refute. For years, that little blue check meant something specific—it was a signal, however imperfect, that the platform had vouched for the identity of a notable person or entity. Musk’s decision to sell it as part of X Premium completely changed its meaning. Now, it just means someone paid. The Commission’s point is that this is a classic “dark pattern”—a design choice that tricks users. You see a checkmark, your brain still associates it with legitimacy, and that’s a problem when it could be on a scammer’s account. It seems like a fundamental misalignment between the symbol’s historical meaning and its current utility. And the EU is basically saying that’s not just bad practice, it’s illegal under their new rules.
Beyond the blue check
But the fine isn’t just about the checkmarks. The other two breaches are arguably more significant for the platform’s overall health and accountability. An opaque ads repository? That means we can’t easily see who’s paying to influence public discourse on the platform. That’s a huge deal for election integrity and general transparency. And blocking researcher access to public data? That prevents independent scrutiny of everything from disinformation campaigns to coordinated harassment. So while the blue check issue is the flashy headline, these other findings cut to the heart of what the DSA is supposed to do: make very large online platforms auditable. X is failing that test.
A warning shot
This is a major moment. The DSA has been in force for a while, but this is the first financial penalty. The EU is sending a clear signal that it’s serious about enforcement. A €120 million fine is substantial, but for a company like X, it’s probably more about the precedent than the money. The real threat is that 6% of global turnover clause. Future fines could be astronomically larger if systemic problems aren’t fixed. The question now is how X responds. Will it fight this legally, or will it actually redesign its systems? Given the company’s combative stance toward regulators so far, I’d expect a legal challenge. But the clock is ticking.
The bigger picture
Look, this isn’t just about one social media company. This is the opening salvo in a new era of platform regulation. The EU is setting the playbook here. Other giant platforms are watching closely. The message is that superficial compliance won’t cut it; the DSA demands meaningful transparency and user protection. If you’re running a major online service, you can’t just slap a disclaimer on a deceptive feature and call it a day. You have to build systems that allow for real oversight. That’s a massive shift. For users, it’s a potential win. But for platforms used to marking their own homework, it’s a painful new reality. The battle between Silicon Valley’s “move fast and break things” ethos and Brussels’ meticulous rule-making has just entered a much more expensive phase.
