Skip to main content
Home/Blog/X's €120M DSA Fine: Ad-Repository Transparency and What It Means for Advertisers in 2026
Back to Intelligence Hub
regulationEuropean UnionRisk Level: high

X's €120M DSA Fine: Ad-Repository Transparency and What It Means for Advertisers in 2026

The EU's first DSA non-compliance fine hit X over its ad repository, blue-checkmark design and researcher access — a signal on ad-library transparency for advertisers.

Updated July 10, 2026· Originally published July 10, 202612 min readAuditSocials Research
TweetShare
Quick Answer

The European Commission's first non-compliance fine under the Digital Services Act, 120 million euros against X, was based on three transparency failures, one of which sits at the centre of advertising: the Commission found that X's advertising repository did not meet the DSA's transparency and accessibility requirements, alongside the deceptive design of its 'blue checkmark' verified-account feature and a failure to give researchers adequate access to public data. Under the DSA, very large online platforms must maintain a public, searchable repository of the ads they carry, including who paid for each ad and the parameters used, so that researchers and civil society can scrutinise advertising and detect scams, coordinated operations and fake ads. The Commission concluded that X's repository fell short — incorporating design features and access barriers such as processing delays, and lacking critical information such as the content and topic of ads and the legal entity paying for them. For advertisers, the fine is not a direct obligation but a set of signals: ad-library transparency is now enforced, so the ads you run on major platforms are increasingly visible and scrutinised; verification-based trust signals like blue checkmarks are under regulatory pressure, which affects brand-safety assumptions; and the direction of travel is toward more, not less, ad transparency. The practical response is to assume your ads are publicly discoverable, keep creative and targeting defensible, and factor verification changes into brand-safety planning. Review X-specific rules in the X ads policy guide, track enforcement on the Policy Change Tracker, and pre-check campaigns with the AI Compliance Audit.

X's €120M DSA Fine: Ad-Repository Transparency and What It Means for Advertisers in 2026

The First DSA Non-Compliance Fine

The European Commission's 120 million euro penalty against X was the first non-compliance fine issued under the Digital Services Act, and its subject matter puts advertising transparency at the centre of DSA enforcement. The Commission found three breaches of the DSA's transparency obligations: the deceptive design of X's 'blue checkmark' verified-account feature, the lack of transparency of its advertising repository, and a failure to provide researchers with adequate access to public data. Two of the three go directly to how advertising is disclosed and scrutinised.

The significance for the advertising ecosystem is that the DSA's ad-transparency machinery — the public ad repositories that very large online platforms must maintain — is now being enforced with real penalties, not merely encouraged. For advertisers, this reframes a long-standing assumption: the ads they run on major platforms are increasingly visible in public repositories, searchable by researchers, journalists and civil society, and a platform that fails to make that repository properly transparent faces consequences. The scrutiny that used to attach mainly to political advertising now extends to advertising transparency generally.

"Accessible and searchable ad repositories are critical for researchers and civil society to detect scams, coordinated information operations and fake advertisements.
— European Commission, on the DSA ad-repository requirements"

This guide explains what the DSA requires of ad repositories, where X's fell short, the separate blue-checkmark finding, and what advertisers should take from a ruling that targets the platform rather than them. For X-specific advertising rules see the X ads policy guide, and for the wider EU framework the EU DSA compliance guide.

What the DSA Requires of Ad Repositories

At the heart of the advertising finding is the DSA's requirement that very large online platforms maintain a public repository of the advertisements they present. This is a transparency mechanism designed to let outside observers see what advertising is running, who is behind it, and how it is targeted — turning advertising from something visible only to its audience into something the public can examine.

The Core Repository Requirements

RequirementWhat it meansPurpose
Public and searchableThe repository must be accessible and usable, not hidden or obstructedEnables scrutiny by researchers and civil society
Who paidThe legal entity paying for each ad must be identifiableReveals who is behind advertising
Content and parametersThe ad content, and the main targeting parameters, must be recordedShows what was shown and how it was targeted
Retention and completenessInformation must be stored and complete, without critical gapsAllows meaningful, historical analysis

Alongside the repository, the DSA also requires that individual ads be clearly labelled as advertising, with information about who placed them and why the user is seeing them. The repository and the per-ad labelling work together: labelling informs the individual viewer, while the repository informs the public. The obligation falls on the platform, but its effect is that advertisers' campaigns become part of a public record. For how ad transparency operates specifically for political advertising, which has its own layer, see the DSA political-advertising transparency guide.

Where X's Repository Fell Short

The Commission's finding was not that X lacked an ad repository, but that the repository it provided failed the DSA's transparency and accessibility standards in specific ways. The shortcomings fall into two groups: barriers that made the repository hard to use, and gaps in the information it contained.

The Identified Shortcomings

  • Access barriers: the Commission pointed to design features and obstacles — including processing delays — that undermined the repository's usability and defeated its purpose of enabling scrutiny.
  • Missing content and topic: the repository was found to lack critical information such as the content and topic of the advertisements, so an observer could not fully see what was being advertised.
  • Missing payer identity: the repository was found to lack clear information about the legal entity paying for the advertisement, obscuring who was behind the ads.

These shortcomings matter because a repository that exists but is slow, incomplete or hard to search does not deliver the transparency the DSA requires — the Commission's point was that the purpose of an ad repository is defeated by access barriers and missing fields even if a repository nominally exists. For advertisers, the corrective direction is clear: platforms will be pushed toward repositories that fully record ad content, topic and payer identity, which means the ads advertisers run will be more completely and durably documented in public. Track how platforms adjust their ad libraries on the Policy Change Tracker.

The Blue-Checkmark Dark-Pattern Finding

The third breach, distinct from the repository issue, concerned the design of X's 'blue checkmark' verified-account feature. The Commission found that the way X implemented verification amounted to a deceptive design — a dark pattern — because it no longer reliably signalled what users had come to associate with a verified account, allowing anyone to obtain the badge in a way that could mislead users about authenticity.

Why Verification Design Matters for Advertisers

  • Trust signals shift: when a verification badge no longer denotes vetted authenticity, the brand-safety value advertisers attach to appearing alongside 'verified' accounts changes.
  • Impersonation risk: a badge obtainable by anyone can facilitate impersonation of brands and public figures, a direct brand-safety and consumer-protection concern.
  • Regulatory pressure on design: the finding shows that deceptive design of trust features is itself an enforceable DSA violation, which may drive platforms to redesign verification.

For advertisers, the blue-checkmark finding is a reminder that platform trust signals are not fixed and that their meaning can change in ways that affect brand-safety assumptions and impersonation exposure. Advertisers should not treat a verification badge as a durable guarantee of authenticity when its basis has shifted, and should factor potential verification redesigns into planning. For the deceptive-content rules that govern advertising on X directly, see the X prohibited and deceptive content guide.

What Advertisers Should Take From It

As with other platform-directed enforcement, the fine imposes obligations on X, not on advertisers — it does not change what advertisers may run or add a filing duty. Its value to advertisers is as a set of signals about the environment they operate in, and those signals point consistently in one direction: more advertising transparency and more scrutiny.

The Practical Signals

  • Assume public discoverability: operate on the assumption that ads on major platforms are, or will be, publicly discoverable in repositories, and keep creative and targeting defensible on that basis.
  • Transparency is enforced, not optional: the DSA's ad-transparency requirements now carry real penalties, so the trend toward complete, searchable ad records will strengthen.
  • Verification is not a fixed trust anchor: build brand-safety planning that does not over-rely on platform verification badges whose meaning can change.
  • Scrutiny extends beyond politics: ad-transparency enforcement is not limited to political ads; commercial advertising is part of the public record too.

The reassuring counterpoint is that advertisers running truthful, policy-compliant, well-targeted campaigns have little to fear from greater transparency — a public record is a problem mainly for deceptive or non-compliant advertising. Treating public discoverability as the default is simply good discipline: write creative you would be comfortable seeing in a public library, and keep targeting within policy. Pre-check campaigns against platform and legal standards with the AI Compliance Audit, and for the harmful-content and brand-safety dimension of DSA enforcement see the harmful-content brand-safety playbook.

Ad-Transparency Readiness Checklist

  • [ ] Assumed ads on major platforms are publicly discoverable in ad repositories
  • [ ] Ensured creative would be defensible if seen in a public ad library
  • [ ] Kept targeting parameters within platform policy and applicable law
  • [ ] Confirmed the legal entity paying for ads is accurate and consistent
  • [ ] Reviewed reliance on platform verification badges in brand-safety planning
  • [ ] Assessed impersonation exposure where verification no longer guarantees authenticity
  • [ ] Distinguished the platform's DSA obligation from any advertiser duty
  • [ ] Monitored platform ad-repository and verification changes
  • [ ] Reviewed deceptive-content rules for advertising on the platform
  • [ ] Confirmed current DSA ad-transparency status against official Commission sources

Don't miss the next policy change.

Create a free account — track every policy change across 8 platforms, get instant alerts, and access every free compliance tool. Or try our Keyword Risk Checker first.

Create Free Account

Report Keywords — Run AI Compliance Audit

#X Ads#DSA#Ad Transparency#Ad Repository#Brand Safety#Content Moderation#Ad Compliance#Advertisers#European Union#2026 Policy#Dark Patterns#Compliance Guide 2026

Share This Report

TweetShare

Related Posts

Related Resources