EU DSA Enforcement Tracker

Every formal proceeding the European Commission has opened against a designated platform under the Digital Services Act, with a step-by-step timeline of each case and the fines issued so far.

Proceedings
12
Platforms
8
Fines issued
2
Total fined
€320M
XPartially resolvedFined €120M

Illegal content, transparency & deceptive design

Notice-and-action, systemic-risk management, the "Blue check" deceptive design, the ad repository, and researcher data access. First-ever DSA formal proceedings.

  • Art. 16
  • Art. 25(1)
  • Art. 34
  • Art. 35
  • Art. 39
  • Art. 40(12)
  1. Request for information

    RFI on the spread of illegal content and disinformation around the Hamas attacks on Israel, and on the crisis-response protocol. Source ↗

  2. Formal proceedings opened

    The first-ever DSA formal proceedings — covering notice-and-action, risk management, deceptive design, ad transparency and data access. Source ↗

  3. Preliminary findings

    First-ever DSA preliminary findings: the Blue-checkmark design deceives users (Art. 25), the ad repository is not searchable/reliable (Art. 39) and researcher data access is obstructed (Art. 40). Source ↗

  4. Additional investigatory measures

    RFI on X’s recommender systems plus a retention order preserving documents on algorithm changes, and a request for access to X’s commercial API. Source ↗

  5. €120M fine

    First DSA non-compliance decision and fine, for the Art. 25(1), 39 and 40(12) breaches. X given 60/90 working days to remedy; further non-compliance can trigger periodic penalty payments. Source ↗

First DSA non-compliance decision. Confirmed breaches of Art. 25(1) (Blue checkmark), Art. 39 (ad repository) and Art. 40(12) (researcher data access). The illegal-content and information-manipulation (Community Notes) strands remain open.

XOpen

Grok & recommender systems

A new investigation into risks from deploying the Grok AI into X (incl. manipulated sexual imagery / possible CSAM, gender-based violence) and an extension of the 2023 case to X’s recommender systems.

  • Art. 34
  • Art. 35
  • Art. 42(2)
  1. Request for information (Grok)

    RFI on Grok, including the antisemitic content generated by @grok in mid-2025. Source ↗

  2. New proceeding opened + 2023 case extended

    A new investigation into Grok’s deployment risks, and an extension of the December 2023 proceeding to X’s recommender systems (incl. the planned switch to a Grok-based recommender). Source ↗

TikTokPartially resolved

Minors, addictive design, ads & data access

Addictive "rabbit-hole" recommender effects, protection of minors, the advertising repository and researcher data access.

  • Art. 28
  • Art. 34
  • Art. 35
  • Art. 39
  • Art. 40
  1. Formal proceedings opened

    Covering addictive design and the "rabbit hole" effect, minors’ safety and default settings, the ad repository and researcher data access. Source ↗

  2. Preliminary finding — ad repository

    TikTok’s ad repository preliminarily breaches Art. 39: missing content/targeting/funding data and not comprehensively searchable. Source ↗

  3. Preliminary finding — data access

    TikTok (alongside Meta) preliminarily in breach of Art. 40: burdensome procedures and tools for researcher access to public data. Source ↗

  4. Commitments accepted — ad transparency

    Binding Art. 71 commitments close the advertising-transparency strand: full ad content incl. URLs, ≤24h repository updates, targeting criteria and added search filters. Source ↗

  5. Preliminary finding — addictive design

    TikTok preliminarily in breach over addictive design (infinite scroll, autoplay, push notifications); the Commission says it must change the basic design, e.g. disable infinite scroll over time. Source ↗

TikTokClosed

TikTok Lite "Task and Reward"

The TikTok Lite rewards programme launched in France and Spain without a prior risk assessment — suspected addictive-design harm, especially to minors. The first DSA case ever closed.

  • Art. 34
  • Art. 35
  1. Request for information (by decision)

    The Commission compelled TikTok to deliver the TikTok Lite risk assessment; TikTok failed to deliver by the deadline. Source ↗

  2. Proceedings opened + intent to suspend

    Second TikTok proceeding opened, with an announced intention to impose interim measures suspending the Lite rewards programme EU-wide. Source ↗

  3. TikTok suspends the rewards feature

    TikTok voluntarily suspended the TikTok Lite rewards feature in the EU, pre-empting a formal interim-measures decision.

  4. Commitments binding — case closed

    The Commission made binding TikTok’s commitment to permanently withdraw the Lite Rewards programme from the EU — the first DSA case ever closed (Case DSA.100121). Source ↗

TikTokOpen

Election integrity (Romania)

TikTok’s management of systemic risks to election integrity and civic discourse, in the context of the annulled Romanian presidential election — recommender systems, coordinated inauthentic manipulation and political-ads policy.

  • Art. 34
  • Art. 35
  1. Request for information

    RFI to TikTok on election risks after the annulled Romanian presidential first round. Source ↗

  2. Retention order

    The Commission ordered TikTok to retain data relating to the Romanian elections. Source ↗

  3. Formal proceedings opened

    On TikTok’s management of election risks under the DSA. Source ↗

Meta (Facebook & Instagram)Open

Elections, advertising & data access

Deceptive/political advertising and disinformation, the lack of an effective real-time election-monitoring tool (CrowdTangle deprecation), notice-and-action, and researcher data access.

  • Art. 16
  • Art. 34
  • Art. 35
  • Art. 39
  • Art. 40
  1. Formal proceedings opened

    On Facebook & Instagram: deceptive advertising and political content, the CrowdTangle deprecation ahead of EU elections, notice-and-action and researcher data access. Source ↗

  2. Preliminary findings

    Meta preliminarily in breach of transparency obligations: inadequate researcher data access (Art. 40) and a notice-and-action/appeal mechanism using "dark patterns" (Art. 16). Announced jointly with the TikTok findings. Source ↗

Meta (Facebook & Instagram)Open

Protection of minors

Addictive "rabbit-hole" design exploiting minors, the effectiveness of age assurance, and prevention of under-13 access.

  • Art. 28
  • Art. 34
  • Art. 35
  1. Formal proceedings opened

    Whether Meta assessed and mitigated risks from Facebook & Instagram interface design causing addictive behaviour, and the effectiveness of its age-verification tools. Source ↗

  2. Preliminary findings — under-13s

    Meta preliminarily in breach for failing to prevent under-13s from accessing the services: false birth dates accepted with no effective controls, and an ineffective reporting tool for minors’ accounts. Source ↗

AliExpressPartially resolved

Illegal products & platform transparency

Illegal/non-compliant products and hidden links to them, complaint handling, trader traceability, ad and recommender transparency, and researcher data access. Split into a commitments track (closed) and an illegal-products track (open).

  • Art. 16
  • Art. 20
  • Art. 26
  • Art. 27
  • Art. 30
  • Art. 34
  • Art. 35
  • Art. 40
  1. Formal proceedings opened

    On illegal products, hidden links, complaint handling, trader traceability, ad/recommender transparency and researcher data access. Source ↗

  2. Commitments binding + preliminary findings

    The Commission made binding AliExpress’s commitments on ad/recommender transparency, data access and trader traceability (with an independent Monitoring Trustee) — while separately issuing preliminary findings that it breaches Art. 34–35 on illegal products. That track continues. Source ↗

SheinOpen

Illegal products, addictive design & recommenders

Systems to limit the sale of illegal products (incl. content that could constitute CSAM, e.g. child-like sex dolls), addictive design (engagement points/rewards) and recommender-system transparency.

  • Art. 27
  • Art. 34
  • Art. 35
  1. Request for information

    RFI on notice-and-takedown, illegal content/products and protection of minors. Source ↗

  2. Request for information

    RFI on compliance with the DSA (illegal products and the recommender system). Source ↗

  3. Request for information

    Further RFI on illegal products and the recommender system. Source ↗

  4. Formal proceedings opened

    On illegal products (incl. potential CSAM), addictive design and recommender-system transparency incl. a non-profiling option. Source ↗

TemuPartially resolvedFined €200M

Illegal products, addictive design & recommenders

Systemic-risk assessment of illegal products, addictive design, recommender-system transparency and researcher data access. Carries the largest DSA fine to date.

  • Art. 27
  • Art. 34
  • Art. 38
  • Art. 40
  1. Designated a VLOP

    Temu designated a Very Large Online Platform (>45M EU monthly users).

  2. Request for information

    First formal RFI.

  3. Request for information

    Second formal RFI.

  4. Formal proceedings opened

    Four strands: illegal products, addictive design, recommender systems and researcher data access. Source ↗

  5. Preliminary findings

    Temu preliminarily in breach of Art. 34 — an inadequate risk assessment of illegal products that relied on generic e-commerce information rather than Temu-specific evidence. Source ↗

  6. €200M fine

    Non-compliance decision and fine for the Art. 34 illegal-products risk-assessment breach — the largest DSA fine so far. Other strands remain under investigation. Source ↗

The largest DSA fine to date, for the Art. 34 risk-assessment breach on illegal products (evidence incl. unsafe chargers and hazardous baby toys). Temu must submit an action plan by 28 Aug 2026. The addictive-design, recommender and data-access strands remain open.

Pornhub, Stripchat, XVideos & XNXXOpen

Protection of minors (age assurance)

A coordinated proceeding against four adult platforms over failure to protect minors — deficient risk assessment and reliance on self-declaration ("I am 18") with no effective age verification.

  • Art. 28
  • Art. 34
  • Art. 35
  1. VLOP designations

    Pornhub, Stripchat and XVideos designated VLOPs (the second set). Source ↗

  2. XNXX designated a VLOP

    XNXX designated a VLOP, with compliance required by mid-November 2024. Source ↗

  3. Formal proceedings opened

    Against all four platforms over minors’ protection and the absence of effective age verification; Member States concurrently coordinate action against smaller sites. Source ↗

  4. Preliminary findings

    All four preliminarily in breach — deficient (business-centric) risk assessment and reliance on a single self-declaration click; blurring and content warnings deemed ineffective. Source ↗

SnapchatOpen

Protection of minors

Child safety, privacy and security: age assurance via self-declaration, default minor-account settings, and content moderation against illegal-goods signposting (drugs, vapes, alcohol). Run jointly with the Dutch DSC (ACM).

  • Art. 28
  • Art. 34
  • Art. 35
  1. Formal proceedings opened

    On age assurance, default minor-account settings and content moderation — opened the same day as the adult-platform preliminary findings, jointly with the Dutch DSC. Source ↗

Source: European Commission press releases (DSA enforcement). Preliminary findings are not a final decision. Last reviewed 7 July 2026.