What is a transparency notice under Australia's Online Safety Act, and which platforms can receive one?

A transparency notice under Australia's Online Safety Act 2021 is a legal instrument that lets the eSafety Commissioner compel an online service provider to report on how it is meeting the Basic Online Safety Expectations, and any provider within the Act's reach — large social media platforms, messaging services, search engines, app distribution services, and hosting providers — can receive one. The Online Safety Act 2021 came into force in January 2022 and gave the eSafety Commissioner a suite of powers, one of which is the ability to require providers to report on the reasonable steps they are taking to keep Australian users safe. There are two reporting mechanisms tied to the Basic Online Safety Expectations: periodic reporting notices, which require regular reporting over a defined window, and non-periodic reporting notices, which are one-off requests for information on specified matters. The notice issued to X was a request for information about how the service was handling child sexual exploitation material, a category eSafety has prioritised. Failing to comply with a reporting notice — by not responding, responding late, or responding incompletely or inaccurately — is a contravention that can attract civil penalties, and eSafety can also issue infringement notices and seek court-imposed penalties, which is the path the X matter ultimately took. The significance for advertisers is that a transparency notice is not a content-removal order; it is a disclosure demand. It forces a platform to put on the record how it actually moderates harmful content, with what tools, with what staffing, and at what speed. When a platform resists or fails that disclosure, it signals either that the underlying moderation is weaker than its public messaging suggests or that the platform is unwilling to be measured — both of which are material to a brand assessing adjacency risk. The mechanism is also being mirrored elsewhere: the EU's Digital Services Act requires transparency reporting and statements of reasons, and the UK's Online Safety Act 2023 gives Ofcom information-gathering powers. It is worth being precise about the limits of the power, because advertisers should not overstate it. A transparency notice does not let the regulator dictate a platform's moderation policy or compel the removal of specific lawful content; it compels accurate reporting on the steps the platform is taking. The penalty in the X case flowed from inadequate reporting, not from any finding that X's moderation outcomes were themselves unlawful. That distinction is what makes transparency enforcement such a useful early indicator for brands: it surfaces the gap between a platform's public messaging and its willingness to be measured, often years before any substantive content-policy finding. A platform confident in its moderation has little reason to resist a reporting notice; sustained resistance, litigated through appeal, is the signal worth weighting. The same logic explains why regulators in multiple jurisdictions have chosen disclosure obligations as their primary lever — they are administrable, measurable, and hard to contest on the merits. To understand the EU equivalent see the European Union DSA compliance guide , and to track transparency-driven enforcement see the Policy Change Tracker .

Does this ruling change X's advertising policies, and what is the real risk for advertisers?

The ruling does not directly change X's advertising policies — it is a transparency-enforcement action, not an ad-policy update — but it carries real, indirect risk for advertisers because it bears on brand safety, on the reliability of platform safety assurances, and on the regulatory pressure that ultimately reshapes ad-adjacency controls. There is no new ad-format restriction, no new prohibited-category rule, and no new disclosure obligation for advertisers that flows automatically from the A$650,000 penalty. What the ruling does is confirm, through a court finding upheld on appeal, that a regulator concluded X failed to adequately disclose how it handles the most serious harmful-content category. For a brand-safety team the relevance is threefold. First, adjacency risk: if a platform's moderation of harmful content is contested by a regulator, the probability that branded ads appear near content a brand would never choose to sponsor is elevated, and that probability cannot be assessed from platform marketing alone. Second, the reliability of assurances: when a platform's public safety claims diverge from what it is willing to disclose under legal compulsion, an advertiser should weight independent verification more heavily than platform-supplied brand-safety guarantees. Third, forward regulatory pressure: transparency enforcement is typically a precursor to more prescriptive obligations, so advertisers should expect the controls available to them — exclusion lists, sensitivity settings, third-party verification — to be tightened or scrutinised over time. The defensible posture is to treat the ruling as a prompt to audit your own placement controls rather than as a reason to either exit or ignore the platform. Run live creative and targeting through an automated review to confirm your own compliance posture using the AI Compliance Audit , confirm exclusion and sensitivity settings on every X campaign, and document the brand-safety configuration you rely on. For the platform's stated rules see the X Ads policy guide . The indirect nature of the risk is exactly why it is easy to underestimate. Because no ad rule changed, a media team scanning for new prohibited categories or format restrictions will find nothing to action and may conclude the ruling is irrelevant — which is the error. The risk lives in the assumptions a brand makes when it relies on platform-supplied brand-safety guarantees rather than on independent measurement. This matters more in 2026 because industry-wide brand-safety coordination weakened after the Global Alliance for Responsible Media wound down its activities in 2024, shifting responsibility onto individual advertisers and their verification partners. A transparency-enforcement action is a prompt to revisit those assumptions: to ask whether the adjacency controls in place are verified rather than asserted, whether sensitivity settings are actually applied, and whether the brand has documentation of the safeguards it relies on. None of that requires exiting the platform; it requires treating platform assurances as a starting point to be tested. The accurate framing is that the fine changes the risk environment, not the rulebook, and the right response is verification and documentation rather than assumption.

What brand-safety controls should advertisers verify on X after this ruling?

After the X ruling, advertisers should verify the full stack of brand-safety controls available on the platform — inventory and adjacency settings, content-category exclusions, sensitivity controls, keyword and topic exclusions, and third-party verification — and should document the configuration they rely on, because the ruling signals that platform safety assurances warrant independent confirmation. Start with inventory controls: confirm where your ads can appear (in-feed, alongside which content surfaces) and set the most conservative adjacency setting consistent with your campaign goals, recognising that the default is rarely the safest option. Next, apply content-category exclusions for the harm categories most damaging to your brand, and pair them with keyword and topic exclusions tuned to your specific risk profile rather than a generic list. Where the platform offers sensitivity or content-control tiers, choose the tier that matches your brand's risk tolerance and verify it is actually applied at the campaign and account level, not merely selected once and forgotten. Engage third-party brand-safety and verification partners where available, because independent measurement is more credible than platform-supplied adjacency reporting — and the ruling is a direct illustration of why independent verification matters when a platform's disclosure is contested. Audit your creative and landing pages too: a brand-safety failure is not only about adjacency but about your own ad content meeting the platform's quality and prohibited-content rules, so run creative through an automated check. Finally, document everything: keep a record of the brand-safety settings, exclusion lists, and verification arrangements in place for each campaign, with dates, so that if an adjacency incident occurs you can demonstrate the controls you applied. To audit creative and targeting against platform rules use the AI Compliance Audit , to check ad copy against risky language use the Keyword Risk Checker , and for the platform's rules see the X Ads policy guide . A useful way to sequence the work is to treat the controls as tiers and to lock the higher tiers first. The account-level configuration — overall sensitivity tier, default inventory and adjacency posture, and global exclusion lists — should be set conservatively once and audited, because it governs every campaign and is the cheapest place to reduce risk broadly. Below that, campaign-level controls — bespoke keyword and topic exclusions, format choices, and placement targeting — should be tuned to each campaign's specific audience and risk profile. Layered on top, independent verification provides the measurement that platform reporting cannot credibly supply on its own. The reason to invest in all three tiers rather than relying on a single setting is that automated enforcement and volatile moderation states mean no one control is durable: a surface that is safe this month may not be next month, so the configuration has to be defensive in depth and reviewed on a cadence. The practical takeaway is that the controls exist, but after a transparency-enforcement action against the platform the burden of verification sits with the advertiser, and a documented, conservative configuration is the defensible posture.

Should advertisers pause spend on X because of the eSafety penalty?

A transparency penalty against X is not, on its own, a reason to pause spend — the right response is a documented brand-safety review and a decision matched to your own risk tolerance, not a reflexive exit or a reflexive dismissal — because the ruling changes the risk environment rather than rendering the platform unusable. The case for not pausing is that the penalty concerns disclosure obligations under Australia's Online Safety Act, not a finding that every ad placement on X is unsafe, and that the platform continues to offer brand-safety controls advertisers can configure. The case for caution is that a regulator litigated for years over X's willingness to disclose how it moderates the most serious harmful content, that this lands amid wider scrutiny of X's trust-and-safety posture in the EU and UK, and that brand-safety assurances from a platform whose disclosure has been contested deserve more independent verification. The resolution is a structured decision rather than a binary one. First, define your brand's risk tolerance explicitly — a regulated-industry advertiser, a children's brand, or a public-sector account will weight adjacency risk far more heavily than a B2B software brand. Second, verify and tighten the controls described above, and confirm with third-party verification rather than platform reporting. Third, run a bounded test: maintain or adjust spend with conservative settings, measure adjacency and outcomes with independent tooling, and review on a fixed cadence. Fourth, document the decision and its basis, so the choice to continue, reduce, or pause is defensible to internal stakeholders. For most advertisers the outcome will be continued spend with tighter, documented controls; for the highest-sensitivity brands a reduction or pause pending improved transparency may be justified. The decision should also account for cross-jurisdiction exposure, since a campaign running in the EU and UK faces those regimes' transparency requirements as well. To track the regulatory trajectory that informs this decision see the Policy Change Tracker , and to audit your placements use the AI Compliance Audit . It also helps to name the failure modes the decision is guarding against, because they are asymmetric. The cost of over-reacting — pausing a performing platform on a headline — is measurable and recoverable: lost reach for a defined period. The cost of under-reacting — continuing with unverified controls and suffering a high-profile adjacency to violent or exploitative content — is reputational, hard to quantify, and slow to repair, and it can trigger internal and client escalations that dwarf the media value at stake. Because the downside is skewed toward the under-reaction case, the rational bias for sensitive brands is toward conservative settings and independent verification, even at some cost to reach. For lower-sensitivity brands the calculus tilts the other way, which is why a single blanket answer is wrong. The discipline is to make the trade-off explicitly, with the brand's risk tolerance written down, rather than defaulting to inertia or to panic. The organizing principle is proportionality: match the response to your risk profile, verify independently, and document the decision rather than reacting on headline alone.

X eSafety Fine: Australia Online Safety Act Ruling 2026

Quick Answer

On May 21, 2026 the Federal Court of Australia ordered X Corp to pay a A$650,000 (about US$465,000) civil penalty for failing to fully answer a transparency notice issued by the eSafety Commissioner under the Online Safety Act 2021. The notice, issued on February 22, 2023, asked X how it detects and removes child sexual exploitation material; X's response, due March 29, 2023, left required questions unanswered. Justice Michael Wheelahan found in the Commissioner's favour in October 2024, the Full Federal Court upheld that finding in July 2025, and the May 2026 ruling set the penalty plus A$100,000 in costs payable within 45 days. eSafety Commissioner Julie Inman Grant framed the case around transparency: 'Meaningful transparency is critical to holding technology companies to account.' For advertisers the ruling is not about ad policy directly — it is a platform-accountability signal. It confirms that regulators will litigate for years over a platform's willingness to disclose how it moderates harmful content, and it lands while X's trust-and-safety transparency is already under scrutiny in the EU under the Digital Services Act and in the UK under the Online Safety Act 2023. Brand-safety teams running on X should treat transparency-enforcement actions as a leading indicator of adjacency risk and verify their own ad placements, exclusion controls, and disclosure posture rather than relying on platform assurances. Track regulator actions on the <a href="/policy-tracker">Policy Change Tracker</a>.

X's $650K eSafety Fine 2026: What Australia's Transparency Ruling Means for Advertisers

Why X's Australian Fine Matters Beyond Australia

On May 21, 2026 the Federal Court of Australia ordered X Corp to pay a A$650,000 civil penalty — roughly US$465,000 — for failing to fully answer a transparency notice issued by the eSafety Commissioner under the Online Safety Act 2021. The notice, issued back in February 2023, asked X to explain how it detects and removes child sexual exploitation material. The case took more than three years, a trial, and an appeal to resolve. For advertisers, the headline figure is less important than what the case represents: a regulator was willing to litigate for years over a platform's willingness to disclose how it moderates the most serious category of harmful content.

This is a platform-accountability story, not an ad-policy change. No new ad format is restricted, no new prohibited category is created, and no new advertiser disclosure rule flows automatically from the penalty. But brand-safety teams should treat transparency-enforcement actions as a leading indicator. When a platform's public safety messaging diverges from what it is willing to put on the record under legal compulsion, the reliability of its brand-safety assurances is exactly what an advertiser needs to question.

"Meaningful transparency is critical to holding technology companies to account.
— Julie Inman Grant, eSafety Commissioner (Australia), May 2026"

This guide covers what the Federal Court decided, how Australia's transparency-notice regime works, what the Basic Online Safety Expectations require, why a transparency gap is a brand-safety signal, how the ruling fits the EU and UK enforcement wave, and what advertisers on X should do now. To track regulator actions against platforms see the Policy Change Tracker.

The A$650,000 Ruling: What the Federal Court Decided

The case was about disclosure, not content. The eSafety Commissioner concluded that X's response to a transparency notice left mandatory questions unanswered or inadequately answered, and the court agreed.

The Timeline

Event	Date
eSafety transparency notice issued to X	February 22, 2023
X's response due	March 29, 2023
Justice Wheelahan finds for the Commissioner	October 2024
Full Federal Court upholds the finding on appeal	July 2025
Penalty handed down: A$650,000 + A$100,000 costs (within 45 days)	May 21, 2026

The notice asked X how it detects, removes, and prevents child sexual exploitation material, how quickly it responds to user reports, and how it staffs trust-and-safety functions. X's answers were found wanting on several points. Justice Michael Wheelahan ruled in the Commissioner's favour in October 2024; X appealed; the Full Federal Court upheld the finding in July 2025; and the financial penalty followed in May 2026. The figure is in Australian dollars — advertisers reading aggregated enforcement data should not conflate A$650,000 with a larger US-dollar number, as the equivalent is approximately US$465,000.

Australia's Online Safety Act and Transparency Notices

The Online Safety Act 2021 came into force in January 2022 and gave the eSafety Commissioner a broad set of powers. The transparency mechanism at the heart of the X case is one of the most consequential for platforms.

How the Notice Power Works

Two reporting mechanisms: Periodic reporting notices require regular reporting over a window; non-periodic notices are one-off requests on specified matters.
Tied to expectations: Notices require providers to report on the reasonable steps they take to meet the Basic Online Safety Expectations.
Broad reach: Social media services, messaging services, search engines, app distribution services, and hosting providers can all receive notices.
Penalties for non-compliance: Failing to respond, responding late, or responding incompletely or inaccurately is a contravention that can attract civil penalties and court-imposed fines.

Critically, a transparency notice is not a content-removal order. It is a disclosure demand that forces a platform to put on the record how it actually moderates harmful content — with what tools, what staffing, and at what speed. The EU's Digital Services Act and the UK's Online Safety Act 2023 contain parallel disclosure obligations. For the EU equivalent see the European Union DSA compliance guide.

Basic Online Safety Expectations and Platform Accountability

The Basic Online Safety Expectations (BOSE) are the standard the transparency notices measure against. They set out what the Australian government expects services to do to keep users safe, and they are the benchmark a platform's disclosure is judged by.

What the Expectations Cover

Expectation area	What it asks of platforms
Proactive minimisation of harm	Take reasonable steps to prevent unlawful and harmful material, including CSEM and pro-terror content
Reporting and complaints	Provide accessible mechanisms for users to report harmful content and complaints
Transparency	Be able to report to eSafety on the steps taken, tools used, and response times
Cooperation	Respond to lawful requests for information accurately and on time

The X case turned on the transparency and cooperation elements: the platform was found not to have reported adequately on the steps it takes against the most serious harm category. For advertisers, the accountability principle is what matters — a platform that cannot or will not demonstrate how it meets these expectations is a platform whose brand-safety assurances should be independently verified. To check your own ad placements against platform rules, the AI Compliance Audit provides an automated review.

What a Transparency Gap Means for Brand Safety on X

A transparency-enforcement action does not directly restrict any ad, but it reshapes the risk environment in three ways advertisers should weigh.

Three Risk Vectors

Adjacency risk: If a regulator contests how a platform moderates harmful content, the probability that branded ads appear near content a brand would never sponsor is elevated — and it cannot be assessed from platform marketing alone.
Reliability of assurances: When public safety claims diverge from what a platform will disclose under legal compulsion, independent verification should be weighted more heavily than platform-supplied brand-safety guarantees.
Forward regulatory pressure: Transparency enforcement typically precedes more prescriptive obligations, so the controls available to advertisers should be expected to tighten or face scrutiny over time.

This is compounded by the wider context. Industry brand-safety coordination weakened after the Global Alliance for Responsible Media wound down its activities in 2024, leaving advertisers more reliant on platform-level and third-party controls. X's trust-and-safety posture has been under scrutiny in the EU under the Digital Services Act and in the UK under the Online Safety Act 2023. The Australian penalty is one more data point that platform assurances should be tested rather than assumed. To check ad copy against risky language use the Keyword Risk Checker.

The Global Transparency-Enforcement Wave: EU, UK, Australia

The Australian penalty is not an isolated event. Three jurisdictions are independently using transparency and disclosure obligations as the primary lever to hold platforms accountable.

Three Regimes, One Direction

Jurisdiction	Instrument	Transparency mechanism
Australia	Online Safety Act 2021	eSafety transparency / reporting notices tied to BOSE; civil penalties for non-compliance
European Union	Digital Services Act	Transparency reports, statements of reasons to the DSA Transparency Database, VLOP audits and data access
United Kingdom	Online Safety Act 2023	Ofcom information-gathering powers, transparency reports, significant penalties

The common thread is that disclosure is now a regulated obligation in its own right, enforced independently in each jurisdiction. For advertisers, brand-safety assessment can no longer be a single-market exercise: a platform's transparency posture in Australia, its DSA compliance in the EU, and its Ofcom reporting in the UK collectively describe how reliably it moderates harmful content, and a failure in one jurisdiction is informative about risk in the others. A cross-market campaign is exposed to the strictest applicable regime. To follow enforcement across jurisdictions see the Policy Change Tracker.

What Advertisers on X Should Do Now

The ruling changes the risk environment, not the rulebook. The right response is verification and documentation, matched to your brand's risk tolerance — not a reflexive exit or a reflexive dismissal.

A Structured Response

Define risk tolerance explicitly: A regulated-industry advertiser, a children's brand, or a public-sector account weights adjacency risk far more heavily than a B2B software brand. Write this down before deciding anything.
Verify and tighten controls: Confirm inventory and adjacency settings, content-category exclusions, sensitivity tiers, and keyword and topic exclusions on every campaign — defaults are rarely the safest option.
Use independent verification: Engage third-party brand-safety partners where available; independent measurement is more credible than platform-supplied adjacency reporting.
Audit your own creative: A brand-safety failure is not only adjacency — your own ad content must meet the platform's quality and prohibited-content rules.
Document everything: Keep a dated record of the brand-safety settings, exclusion lists, and verification arrangements per campaign, so any incident can be answered with the controls you applied.

For most advertisers the outcome will be continued spend with tighter, documented controls; for the highest-sensitivity brands a reduction or pause pending improved transparency may be justified. To audit creative and targeting use the AI Compliance Audit and for the platform's stated rules see the X Ads policy guide.

Advertiser Brand-Safety Checklist for X in 2026

[ ] Risk tolerance defined and documented for the brand / account
[ ] Inventory and adjacency settings reviewed and set conservatively on every campaign
[ ] Content-category exclusions applied for the most damaging harm categories
[ ] Keyword and topic exclusions tuned to the brand's specific profile (not a generic list)
[ ] Sensitivity / content-control tier confirmed applied at campaign and account level
[ ] Third-party brand-safety verification engaged where available
[ ] Own creative and landing pages audited against platform quality / prohibited-content rules
[ ] Brand-safety configuration documented with dates for each campaign
[ ] Cross-market exposure (EU DSA, UK OSA) accounted for in the decision
[ ] Review cadence set; regulator enforcement monitored on the Policy Change Tracker

For multi-jurisdiction stress-testing of a campaign use the Legal Compliance Scan and for related platform-accountability coverage see the UK Ofcom Online Safety Act enforcement analysis.

Don't miss the next policy change.

Create a free account — track every policy change across 8 platforms, get instant alerts, and access every free compliance tool. Or try our Keyword Risk Checker first.

Create Free Account

Report Keywords — Run AI Compliance Audit

#X Ads#Brand Safety#eSafety Commissioner#Online Safety Act#Transparency#Content Moderation#Australia#Platform Accountability#Advertisers#Compliance Guide 2026

Share This Report

Tweet Share

X's $650K eSafety Fine 2026: What Australia's Transparency Ruling Means for Advertisers

Why X's Australian Fine Matters Beyond Australia

The A$650,000 Ruling: What the Federal Court Decided

The Timeline

Australia's Online Safety Act and Transparency Notices

How the Notice Power Works

Basic Online Safety Expectations and Platform Accountability

What the Expectations Cover

What a Transparency Gap Means for Brand Safety on X

Three Risk Vectors

The Global Transparency-Enforcement Wave: EU, UK, Australia

Three Regimes, One Direction

What Advertisers on X Should Do Now

A Structured Response

Advertiser Brand-Safety Checklist for X in 2026

Don't miss the next policy change.

Report Keywords — Run AI Compliance Audit

Share This Report

Related Posts

The TAKE IT DOWN Act Is Now Enforced: Platform NCII Duties and FTC Penalties in 2026

X Live Audio Compliance 2026: When a Real-Time Conversation Becomes an Endorsement

EU DSA Article 26 — Political Advertising Transparency: First-Year Implementation Data Across 27 Member States

Related Resources

All Tools

Platform Guides

Knowledge Hub

Policy Tracker