What exactly is published in the X DSA ad repository, and what is not?

The X DSA ad repository, published under the Article 39 transparency obligations of the EU Digital Services Act, contains a structured record of paid advertisements that ran on X reaching EU users during the period the repository covers. The published fields and the absent fields together define the competitive intelligence value of the repository and the exposure that advertisers should understand. The published fields include the advertiser identity (the name registered with X for billing and identification purposes), the period the advertisement ran (start and end dates), the targeting parameters used for the campaign at a generalized level (categories such as geography, demographic age bands, interest categories without surfacing individual user-level targeting), the content of the advertisement (creative copy, visible images and video, the destination URL if displayed), the language or languages the ad ran in, and an estimate of the reach within the EU. The repository typically does not include individual user-level targeting (specific cookie IDs or interest match scores), the bid amounts or bid strategy used, the campaign optimization goals, the conversion data, the audience matching lists in source form, the creative iteration history within a campaign, the agency or media buyer identity if different from the advertiser, the internal campaign naming or attribution structure, the reach outside the EU (the repository scope is EU-facing reach), or any data covered by separate privacy protection that would identify individuals. The repository structure is therefore generous enough to expose campaign strategy at a recognizable level (which creative, which messaging, which audience segments, which geographies, which timing) while not exposing the bid-level or conversion-level data that would constitute trade secret in the strict sense. The exposure level is sufficient to support competitor intelligence at the strategic and creative level even if not at the operational bid level. For ongoing DSA repository tracking and update monitoring see the Policy Change Tracker and the EU DSA Compliance Guide .

How are competitors actually using the X ad repository for intelligence?

Competitor intelligence use of the X ad repository has developed into a structured discipline over 2024-2026 across larger advertisers in regulated and competitive categories, and the patterns now operate as a meaningful workstream within competitive marketing teams. Understanding the patterns helps an advertiser audit its own exposure realistically rather than from theoretical examples. The most common competitor pattern is creative intelligence — collecting and analyzing the actual ad creative running across competitors to understand messaging direction, value proposition emphasis, visual approach, and creative iteration rate. The repository provides a substantially complete view of what creative is currently running and what has run recently, enabling competitive creative teams to track messaging shifts in near real time. Brands that previously relied on third-party ad intelligence services discover that the DSA repository provides higher fidelity, more complete coverage, and no licensing cost. The second pattern is audience targeting reverse engineering. The generalized targeting parameters published in the repository indicate which audience segments competitors prioritize, which geographies they emphasize, and how they layer targeting (broad versus narrow, single segment versus stack). Competitive teams use the pattern to infer audience strategy and to identify opportunity gaps (geographies or segments a competitor is not addressing). The targeting fields do not surface individual user matching, but the strategic targeting profile is recognizable. The third pattern is campaign cadence and budget signaling. While the repository does not publish budget amounts, the campaign duration, frequency, and breadth of running ads signals the relative scale of effort. Competitors who run consistently with broad creative variation are signaling sustained investment; competitors who pulse with concentrated effort during specific windows are signaling tactical campaign strategy. Competitive teams use the cadence signals to anticipate competitor moves and to time their own activity. The fourth pattern is regulatory and risk surveillance. Competitive intelligence teams monitor competitors for advertising claims, disclosure practices, and compliance posture visible in repository creative. Competitors with weaker compliance practices generate intelligence value as either market opportunity (where the competitor risk is high) or as a comparison baseline for the team's own compliance investment. The repository has become a primary input to competitive compliance intelligence. The fifth pattern, less mature but emerging, is creative variation analysis at the campaign level. Where the repository surfaces multiple creative within a campaign window, teams can infer the creative testing program structure, which provides direct insight into competitor creative strategy. For competitive intelligence frameworks across platforms see the enforcement digest .

How do researchers and regulators access the repository, and what scrutiny does it create?

Researcher and regulator access to the X DSA ad repository operates through structured channels under DSA Articles 40 and 41, and the access pattern creates a scrutiny layer that advertisers should understand because it produces enforcement and reputational exposure independent of competitor intelligence use. The researcher access channel operates under DSA Article 40, which provides vetted researchers with access to platform data including the advertising repository under controlled conditions. Vetted researchers receive expanded access (beyond the public repository) to support specific research projects on platform-level patterns, advertising practices, and societal effects of advertising. Researchers operate under data protection obligations and produce published work that can identify specific advertisers, campaigns, or patterns. Advertisers should expect that their advertising practices may be subject to academic research scrutiny without the advertiser being notified, and that research findings may be published in formats that name the advertiser. The Commission and EU member-state regulator access channel operates under DSA Article 41 and the enforcement provisions of the regulation. Regulators access repository data for enforcement and supervisory purposes, including investigation of compliance with DSA transparency obligations, investigation of sectoral advertising compliance (medical advertising, financial advertising, alcohol advertising under national rules), and assessment of platform compliance with content-moderation and advertising-policy obligations. The regulator access produces enforcement risk directly when advertising practices visible in the repository do not comply with sectoral or platform obligations. The December 2025 EU Commission decision against X for €120 million addressed advertising transparency failures specifically, establishing that the repository is treated as primary evidence in DSA enforcement actions. Both the platform and the advertisers visible in the repository face the consequence that the repository serves as enforcement evidence. Advertisers should expect that compliance issues visible in repository data may be referenced in regulatory action even where the action's primary target is the platform. The civil society and journalist access channel operates through the public repository surface, which is open and indexed. Civil society organizations focused on advertising regulation, consumer protection, and platform accountability operate ongoing monitoring of repository data and produce public analysis. Journalists use the repository for investigative reporting on advertiser practices. Advertisers should expect that significant compliance issues visible in the repository may produce public coverage. The cumulative scrutiny layer means that the repository functions as an open compliance audit surface where any sustained pattern of non-compliance is visible to regulators, researchers, journalists, and competitors. The scrutiny supports compliance investment even where direct enforcement risk is moderate, because the reputational dimension compounds across audiences. For coordinated compliance posture see the EU DSA Compliance Guide and use the Legal Compliance Scan on paid creative.

What does a self-audit on the X ad repository look like, and what should it produce?

A self-audit on the X ad repository should produce a current view of the advertiser's own exposure, a competitive benchmark against peer advertisers in the same category, and a remediation list for content or practice that the advertiser would prefer not to be visible in repository form. The audit workflow has four phases — inventory, content review, comparative assessment, and remediation planning. The inventory phase identifies every advertisement currently visible in the X repository under the advertiser's identity, including any subsidiary or product-line identities, any agency-of-record identities that the advertiser uses, and any historical identity changes that may have produced multiple repository entries. The inventory should be exhaustive — partial inventories miss exposure on satellite or legacy identities. The inventory should also identify the time window of available data and the completeness of the repository's coverage of the advertiser's actual EU advertising during that window. Gaps may indicate either missing repository entries (which is a separate compliance question for the platform) or actual advertising gaps (which is normal). The content review phase examines each repository entry for compliance against the advertiser's current compliance posture. Creative content review covers advertising claims and substantiation (are claims supported by evidence the advertiser can produce), required disclosures (are mandatory disclosures present and prominent), sensitive category handling (does the content respect sectoral rules for health, financial services, gambling, alcohol where applicable), and brand-voice consistency (does the content represent the brand as the advertiser would currently approve it). The comparative assessment phase benchmarks the advertiser's repository profile against peer advertisers in the same category and against direct competitors. The assessment covers volume and cadence (is the advertiser running consistent with the category norm), targeting breadth (is targeting recognizable as appropriate or potentially over-broad), creative variation rate (does the creative testing pattern signal a deliberate program), and compliance posture (does the visible compliance practice match or exceed the category baseline). The comparative assessment supports both competitive positioning judgment and risk calibration — being significantly below the category compliance baseline produces direct exposure. The remediation planning phase produces a prioritized action list. Critical remediation addresses content that creates direct regulatory exposure (claims without substantiation, missing disclosures, sensitive-category violations) and content that creates brand-safety issues (off-brand creative, outdated messaging). Important remediation addresses content that creates competitive intelligence value the advertiser would prefer to limit (creative iteration patterns that reveal testing program structure, targeting patterns that reveal audience strategy). Optional remediation addresses content that could be cleaned up but does not create material exposure. The audit should run quarterly and feed into the advertiser's broader DSA compliance program. For audit tooling on creative compliance use the AI Compliance Audit and the Keyword Risk Checker .

Can advertisers reduce repository exposure without reducing compliance, and how?

Advertisers cannot exempt their advertising from DSA repository inclusion if the advertising reaches EU users on X — the inclusion is a mandatory platform-level obligation that does not depend on advertiser preference. However, advertisers can shape what appears in the repository through campaign structure, creative approach, and identity management in ways that reduce competitive intelligence value while maintaining or even strengthening compliance. The shaping is legitimate within the DSA framework and is common practice among advertisers that have integrated the repository into their strategic thinking. The first shaping lever is identity consolidation. Advertisers with multiple identities (parent brand, product lines, regional variants, joint ventures) face repository visibility under each identity, and inconsistency between identities can reveal organizational structure that would otherwise be private. Consolidating to a smaller number of clearly identified entities reduces fragmentation and makes the repository profile cleaner. Identity consolidation does not change advertising substance, only the structural visibility. The second shaping lever is creative testing discipline. Advertisers that test extensively in production environments see all the test creative in the repository, which exposes the testing program structure. Moving high-volume creative testing into pre-launch environments, with only the validated creative going to production paid distribution, reduces the test-iteration visibility. The shift produces better creative on the production surface (where only validated creative runs) while keeping experimentation private. The third shaping lever is targeting clarity. Broad targeting that runs across many audience segments produces repository entries spanning the full segmentation, which makes the audience strategy visible. Concentrated targeting on clearly defined segments produces tighter repository entries that signal less strategy. Concentrated targeting also tends to produce better campaign performance, so the shaping aligns with general best practice. The fourth shaping lever is timing structure. Continuous-running campaigns produce uninterrupted repository visibility; pulse campaigns concentrated in tactical windows produce cleaner repository entries with clear start and end. Both approaches have legitimate strategic uses, but the timing structure choice does affect repository readability. The fifth shaping lever is disclosure and compliance quality. The most reputationally damaging repository exposure comes from compliance issues visible in creative — missing disclosures, unsubstantiated claims, sectoral violations. Strong compliance practice produces clean repository entries that demonstrate professional advertising operation, which is the inverse of exposure. The strongest defensive posture is therefore to make the repository entries display competence rather than to try to obscure them. For compliance-first posture see the X Ads Policy guide and the Legal Compliance Scan .

How does the X repository compare with Meta, TikTok, and Google ad repositories, and what is the cross-platform exposure picture?

The DSA ad transparency obligations apply uniformly to the very large online platforms designated under the regulation, but the implementation of the repository varies across platforms in ways that affect competitive intelligence value and advertiser exposure. Understanding the comparison supports a coordinated cross-platform repository strategy rather than treating each platform in isolation. The Meta ad library is the most mature of the major platform repositories, predating the DSA requirement and operating since 2018 across political and social issue advertising and since 2023-2024 across all advertising for EU users. The library publishes a broad set of fields and has substantial historical depth, making it the most analytically useful repository for longitudinal competitive analysis. Meta's coverage includes Facebook and Instagram and provides cross-product visibility. The TikTok ad library, mandated under DSA, publishes a comparable set of fields to Meta and X but the data structure and search interface are less mature, which raises the friction for competitive intelligence use. TikTok's coverage emphasizes the EU-facing inventory and has narrower historical depth than Meta. The Google ad transparency center covers Search, YouTube, Display, and other Google surfaces with substantial coverage but a fragmented structure across product types that makes cross-product analysis more complex than Meta's unified library. Google's coverage extends globally for political advertising and EU-focused for general advertising under DSA. The X repository, the focus of this audit guide, has fields and coverage comparable to peer VLOP repositories but with operational and quality issues that have been the subject of DSA enforcement (the December 2025 decision). Advertisers should expect ongoing repository improvements at X under the compliance program responding to enforcement action. The cross-platform exposure picture is therefore that every major paid advertising channel for EU users generates repository visibility, and the visibility is broadly comparable across platforms even where specific field implementations vary. Advertisers running campaigns across Meta, TikTok, Google, and X cannot escape repository visibility by shifting platforms — the visibility is structural across the major paid environment. The implication for competitive intelligence is that advertisers should treat repository monitoring as a cross-platform discipline, not a per-platform task. Competitive teams that monitor only one repository miss material activity by their competitors. The implication for advertiser defensive posture is that the shaping levers (identity consolidation, creative testing discipline, targeting clarity, timing structure, compliance quality) apply across platforms and should be implemented coherently rather than per platform. For coordinated cross-platform compliance posture see the EU DSA Compliance Guide and review the parallel Meta Ad Policies and Google Ads Policy guides.

X DSA Ad Repository 2026: Competitor Intelligence Risk

X DSA Ad Repository Audit 2026: What Competitors Can See About Your Spend

What the DSA Ad Repository Actually Exposes

The X DSA ad repository, published under Article 39 of the EU Digital Services Act, is the most consequential change to advertising transparency on the platform since the 2023 shift to the post-Twitter operating model. The repository is open, indexed, and free, which makes it a near-perfect competitive intelligence database. Most advertisers underestimate what their own repository profile reveals about strategy, creative testing, audience segmentation, and compliance posture, and the underestimation produces both missed competitive intelligence opportunities and avoidable exposure of the advertiser's own program.

The repository is not optional. Any advertising that reaches EU users on X is included in the repository under the platform's compliance program responding to the December 2025 enforcement decision that imposed a €120 million sanction for transparency failures. Advertisers cannot opt out, hide entries, or selectively expose campaigns. What advertisers can do is shape what the repository displays through campaign structure, creative discipline, identity consolidation, and compliance quality, in ways that reduce the competitive intelligence value of repository entries while maintaining or strengthening regulatory compliance.

"Article 39 of the DSA requires very large online platforms to compile and make publicly available repositories of advertisements served on the platform, with specific data fields. The obligation applies regardless of advertiser preference and is enforced against the platform.
— EU Digital Services Act, Article 39, summary"

This guide covers what the X repository specifically publishes, how competitors actually use the data, what scrutiny researchers and regulators apply, how to run a self-audit on your own repository profile, what defensive shaping is legitimate within the DSA framework, and how the X picture relates to Meta, TikTok, and Google repositories. For ongoing DSA-related policy tracking, see the Policy Change Tracker, and for broader regulatory posture, the EU DSA Compliance Guide.

Fields Visible in the X Repository

The repository structure publishes a defined set of fields per ad and explicitly excludes certain operational data. Understanding the precise list of published and absent fields is the basis for any audit, intelligence work, or defensive posture decision.

Published Fields

Field	Granularity	Intelligence Value
Advertiser identity	Registered billing name	Identifies the advertiser; reveals organizational structure where multiple entities exist
Campaign period	Start and end dates	Indicates campaign cadence and duration; supports tactical timing analysis
Targeting parameters	Generalized (geography, age bands, interest categories)	Reveals strategic audience choice without exposing user-level matching
Creative content	Copy, image, video, destination URL	Full creative intelligence; messaging, value proposition, visual approach
Language coverage	Per-language run periods	Indicates regional and language strategy
Estimated EU reach	Reach range within EU	Indicates relative scale of the campaign; not absolute spend

Excluded Fields

Bid amounts and bid strategy: Operational pricing data is not published.
Optimization goals: Campaign objectives and optimization signals are not in the repository.
Conversion data: Performance metrics beyond reach estimate are absent.
Source audience lists: Match lists and lookalike sources are not published.
Internal campaign naming: Attribution and naming structure remain private.
Non-EU reach: The repository covers EU-facing reach; broader global reach data is absent.
Agency identity: Where billing identity differs from the executing agency, the agency relationship is not visible.

Source: EU DSA Transparency Database, Article 39 framework; published under CC BY 4.0.

Competitor Intelligence Patterns

Competitor intelligence use of the X repository has matured over 2024-2026 into structured workflows across larger advertisers in regulated and competitive categories. The patterns now operate as a meaningful workstream within competitive marketing teams, and understanding them helps an advertiser audit its own exposure realistically.

Pattern Map

Creative intelligence: Collecting and analyzing actual ad creative for messaging direction, value proposition emphasis, visual approach, and iteration rate. The repository provides higher fidelity than third-party ad intelligence services at no licensing cost.
Audience targeting reverse engineering: Inferring strategic targeting from published targeting parameters; identifying segments and geographies competitors prioritize and gaps competitors are not addressing.
Cadence and budget signaling: Without explicit budget data, campaign duration, frequency, and breadth signal relative scale of effort and tactical timing.
Regulatory and risk surveillance: Monitoring competitors for claims, disclosures, and compliance practice visible in creative; identifying market opportunity where competitor risk is high.
Creative variation analysis: Where multiple creative appears within a campaign window, inferring the testing program structure and creative strategy.

Workflow Maturity

The competitive intelligence workflow in 2026 typically includes a defined monitoring cadence (weekly to monthly depending on category dynamics), competitor identity tracking that handles parent-and-subsidiary structures, automated change detection on competitor creative, and structured intelligence outputs that feed strategic and tactical marketing decisions. Advertisers without an active repository monitoring program are leaving competitive intelligence value on the table relative to peers that have built the workflow.

For competitive compliance benchmarking use the AI Compliance Audit alongside repository monitoring.

Researcher and Regulator Access

The repository creates a scrutiny layer beyond competitor use, because researchers and regulators have structured access channels that produce enforcement and reputational exposure independent of competitive intelligence.

Access Channels

Channel	Authority	Output Type
Vetted researcher	DSA Article 40	Academic and policy research that may identify advertisers
EU Commission and member-state regulators	DSA enforcement and supervisory powers	Enforcement actions; sectoral compliance investigations
Civil society organizations	Public repository access	Public analysis, advocacy reports, consumer protection focus
Journalists	Public repository access	Investigative reporting on advertiser practices
Competitors	Public repository access	Competitive intelligence and benchmarking

Enforcement Precedent

The December 2025 EU Commission decision against X for €120 million addressed advertising transparency failures specifically, establishing the repository as primary evidence in DSA enforcement actions and confirming that advertiser compliance issues visible in repository data may be referenced in regulatory action even where the action's primary target is the platform.

Source: EU DSA Transparency Database; enforcement actions published under CC BY 4.0. For regulatory framework see the EU DSA Compliance Guide.

Self-Audit Workflow

A self-audit on the X repository produces a current view of the advertiser's own exposure, a competitive benchmark, and a remediation list. The workflow has four phases that should run quarterly.

Phase Sequence

Inventory: Every advertisement currently visible under the advertiser's identity, subsidiary identities, agency-of-record identities, and historical identity changes. Exhaustive across the time window the repository covers.
Content review: Per-entry compliance review covering advertising claims and substantiation, required disclosures, sensitive-category handling, and brand-voice consistency.
Comparative assessment: Benchmark against peer advertisers in the category on volume, targeting breadth, creative variation, and compliance posture.
Remediation planning: Prioritized action list — critical (regulatory exposure), important (competitive intelligence reduction), optional (general cleanup).

Audit Outputs

Compliance remediation list: Specific content requiring update, replacement, or removal from current campaigns.
Defensive shaping plan: Structural changes to reduce competitive intelligence value without reducing compliance.
Competitive benchmark: Position relative to category peers; identification of best-practice peer examples.
Compliance baseline documentation: Evidence of audit process for regulatory inquiry response.

For automated audit input on creative compliance use the AI Compliance Audit and the Keyword Risk Checker.

Defensive Posture Without Reducing Compliance

Defensive posture toward the repository operates through legitimate shaping levers that reduce competitive intelligence value while maintaining or strengthening compliance. Each lever is within the DSA framework and aligned with general best practice.

Shaping Levers

Identity consolidation: Consolidate to a smaller number of clearly identified entities; reduce fragmentation across parent, subsidiary, and regional identities.
Creative testing discipline: Move high-volume creative testing to pre-launch environments; only validated creative goes to production paid distribution.
Targeting clarity: Concentrated targeting on clearly defined segments produces tighter repository entries than broad-segment campaigns.
Timing structure: Pulse campaigns concentrated in tactical windows produce cleaner repository entries than continuous-running campaigns.
Compliance quality: Strong compliance practice produces repository entries that demonstrate professional operation; the inverse of exposure.

What Does Not Work

Opt-out attempts: The repository inclusion is mandatory; no opt-out exists.
Entity obfuscation: Using ambiguous billing names to obscure identity creates regulatory exposure and does not effectively hide identity from competent intelligence work.
Targeting obfuscation: Excessively broad targeting to hide specific strategy degrades campaign performance and still reveals strategy through aggregate patterns.
Repository disclosure delay: Platform-side gaps in publishing timeliness are platform compliance issues, not advertiser-controllable defensive posture.

Source: EU DSA Transparency Database framework; CC BY 4.0. For audit and compliance tooling see the Legal Compliance Scan.

X Ad Repository Audit Checklist

[ ] Inventory every X repository entry under advertiser, subsidiary, and agency identities
[ ] Confirm registered advertiser identity matches verified brand handle
[ ] Review each entry for claim substantiation and required disclosures
[ ] Confirm sensitive-category creative complies with sectoral rules visible in repository
[ ] Benchmark against peer advertisers in category on volume, cadence, targeting breadth
[ ] Identify creative testing patterns visible in repository; move volume testing pre-launch
[ ] Consolidate fragmented identities where appropriate; document remaining structure
[ ] Document audit process and outputs for regulatory inquiry response
[ ] Schedule quarterly repository audit as part of DSA compliance program
[ ] Apply same audit framework to Meta, TikTok, Google repositories cross-platform
[ ] Confirm DSA disclosure on creative independent of repository visibility
[ ] Monitor competitor repository profile as ongoing competitive intelligence input

Source: EU DSA Transparency Database, CC BY 4.0.

Don't miss the next policy change.

Subscribe to the Policy Tracker — get weekly digests or instant Pro alerts across all 8 platforms. Or try our free Keyword Risk Checker first.

Subscribe Free

Report Keywords — Run AI Compliance Audit

#X Ads#DSA#Ad Repository#Ad Transparency#EU Regulation#Competitive Intelligence#Ad Compliance#Brand Safety#Advertisers#Agencies#2026 Policy#Compliance Guide 2026

Share This Report

Tweet Share

X DSA Ad Repository Audit 2026: What Competitors Can See About Your Spend