EU Advertising Transparency

One continent
keeps the receipt.

In the European Union, every ad a platform runs is logged, kept, and made searchable — who paid, who it targeted, how far it reached. The evidence survives the campaign. That's the law.

~1 yr
Ads kept after
they stop running
€320M
DSA fines
issued so far
27
EU countries
covered
The guarantee

A landmark law

The world's first rulebook that made the internet show its receipts.

The EU's Digital Services Act — in force since 2022 and fully applicable to every platform since 17 February 2024 — did what no government had managed before: it turned the principle that what is illegal offline is illegal online into binding, enforceable law across a whole continent. For the very largest platforms it goes further still, forcing open the machinery of online advertising that had, until then, been a black box by design.

2024
Fully applicable to all platforms across the Union
~450M
People in the EU protected by the same transparency rules
Up to 6%
Of global annual turnover — the maximum DSA fine
Art. 39
The clause that puts every ad on the public record

What the glass box guarantees

Every ad. On the record. Kept for a year.

Under the EU's Digital Services Act, the largest platforms must publish a searchable repository of every ad they carry — and leave it standing long after the campaign ends. Here is what that means, obligation by obligation.

🗄️
A public ad repository
Every Very Large Online Platform must run a searchable library of the ads it presents — commercial ads included, not just political ones. Journalists, regulators and citizens can query it directly.
DSA Art. 39
On the record
The obligation is written into Article 39 of the Digital Services Act, which requires each VLOP to keep a public, searchable repository of the advertisements it has presented. EUR-Lex · DSA Art. 39
🧾
Who paid — on every ad
The repository must name the advertiser and, where different, the person or entity who paid for the ad. No more anonymous money buying a million impressions.
Payer disclosed
Enforced
When the Commission fined X in Dec 2025, one confirmed breach was that its ad repository failed to let users search reliably for who ran and paid for ads — proof the "who paid" duty has teeth. European Commission
🎯
How it was targeted
Platforms must disclose the main targeting parameters used to place each ad, and the audience it was aimed at — the machinery of micro-targeting, made visible.
Targeting shown
Enforced
The Commission's binding commitments from TikTok (Dec 2025) require the repository to show full ad content including URLs, targeting criteria, and updates within 24 hours, with added search filters. European Commission
📈
How far it reached
The repository must record how many people the ad reached, broken down where relevant by Member State — so an ad's real scale is a matter of public record, not a platform secret.
Reach recorded
On the record
Article 39 requires the repository to include, for each ad, the total number of recipients reached and, where applicable, aggregate numbers per Member State. EUR-Lex · DSA Art. 39
🗓️
Kept for a full year
The ad doesn't vanish when the campaign ends. The repository must retain it for one year after the advertisement was last presented — the exact window a black-box system erases.
1-year retention
On the record
Article 39 sets the retention period at one year after the advertisement was presented for the last time on the platform. EUR-Lex · DSA Art. 39
🔬
Vetted-researcher access
Beyond the public library, the DSA gives vetted researchers a right to platform data to study systemic risks — so fraud and influence operations can actually be investigated after the fact.
DSA Art. 40
Enforced
The €120M X decision confirmed a breach of Art. 40(12) researcher data access, and the Commission has pressed both Meta and TikTok over burdensome researcher-access tools — the access right is being actively enforced. European Commission

The law itself

Article 39, in full.

The public ad archive isn't a platform's courtesy — it is a legal obligation, spelled out in Article 39 of the Digital Services Act. Here is what the article actually requires, clause by clause, in the law's own words and in plain English.

DSA · Article 39(1) — the obligation

“Providers of very large online platforms … that present advertisements on their online interfaces shall compile and make publicly available … through a searchable and reliable tool that allows multicriteria queries and through application programming interfaces, a repository containing the information referred to in paragraph 2, for the entire period during which they present an advertisement and until one year after the advertisement was presented for the last time …”

Art. 39(1)

A public, searchable repository — kept for a year

Every Very Large Online Platform and search engine must run a public ad library. It has to be searchable by multiple criteria and accessible through an API, so researchers and journalists can query it at scale — and every ad must stay in it for a full year after it last ran.

Art. 39(2)(a)

The content of the ad

The actual creative — what was shown, and what product, service or brand it was for — is on the record, not just a reference to it.

Art. 39(2)(b)

On whose behalf it ran

The advertiser must be named. No more anonymous brands buying reach behind a blank profile.

Art. 39(2)(c)

Who actually paid

Where the payer differs from the advertiser, both are disclosed — closing the loophole where the money behind a campaign hides behind an agency or front.

Art. 39(2)(d)

When it ran

The exact window the ad was live — so a campaign's timing can be reconstructed after the fact.

Art. 39(2)(e)

How it was targeted

The targeting parameters — who the ad was aimed at, and crucially who was deliberately excluded — become public. The machinery of micro-targeting is made visible.

Art. 39(2)(g)

How far it reached

An ad's real scale — how many people it reached, broken down per country — is a matter of public record, not a platform secret.

Art. 39(1) & (3)

Accurate — but never at the cost of your privacy

The archive names the advertisers and the money — not the ordinary people who saw the ad. Transparency points up at power, not down at users.

Full text: Regulation (EU) 2022/2065 (Digital Services Act), Article 39 · EUR-Lex

Anatomy of an accountable ad

24 hours. 1 million people.
And a permanent record.

The same campaign that vanishes in a black-box market leaves a full paper trail in the EU — this is what the DSA makes happen, step by step.

Hour 0 — Ad goes live

It runs — and it's logged from the first impression.

An advertiser launches a campaign. The moment it starts serving, it must appear in the platform's public ad repository, with the advertiser's identity attached — searchable by anyone, right now.

Hours 1 – 24 — Mass delivery

Served to real people — and the reach is counted.

The algorithm delivers the ad to its targeted audience. Whether it reaches 50,000 people or 5 million, the repository records the totals — broken down per Member State where applicable.

📈 Reach: recorded & public

Hour 24 — Campaign ends

The campaign stops. The record does not.

The ad stops serving. In a black-box market this is where the evidence disappears. Under the DSA, this is where the retention clock starts.

Hour 25 → one year later — On the record

The receipt survives the campaign.

Content, advertiser, who paid, targeting parameters and reach stay in the repository for a full year after the last impression. A journalist can find it. A researcher can study it. A regulator can act. A defrauded citizen can trace the product back to the ad.

Content: kept Reach: kept Targeting: kept
1 yr
that the ad's content, payer, targeting and reach remain public after it stops running in the EU — the exact window a black-box system leaves empty.

On the record

This isn't theory. It's enforced.

Every case below is a documented action by the European Commission — a fine, a binding commitment, or a formal proceeding on the public record. This is the DSA's ad-transparency regime working, with dates and sources.

€120MFirst DSA fine

X fined — and the ad repository was one of the breaches

On 5 December 2025 the Commission issued its first-ever DSA non-compliance decision, fining X €120 million. Three breaches were confirmed: the deceptive "Blue check" design (Art. 25), the advertising repository (Art. 39), and researcher data access (Art. 40(12)). X was given 60/90 working days to remedy.

€200MLargest DSA fine

Temu fined €200M over illegal, unsafe products

On 28 May 2026 the Commission fined Temu €200 million — the largest DSA fine to date — for an inadequate risk assessment on illegal products, with evidence including unsafe chargers and hazardous baby toys. Temu must submit an action plan by 28 Aug 2026. The regime reaches marketplaces, not just social feeds.

≤24hRepository refresh

TikTok's binding commitments fixed its ad library

On 5 December 2025 the Commission accepted binding Article 71 commitments from TikTok that close the advertising-transparency strand of its case: full ad content including URLs, repository updates within 24 hours, targeting criteria disclosed, and added search filters. A preliminary finding in May 2025 had held TikTok's repository non-compliant — the fix is now enforceable.

5.9Mads removed

One trusted flagger, 5.9 million ads pulled from Meta

In 2025 a single DSA "trusted flagger" filed reports that led to 5.9 million ads removed from Meta — a takedown rate of about 99.8%. The mechanism only works because the ads are visible and reportable in the first place: transparency with teeth.

BindingAliExpress

AliExpress locked into ad & recommender transparency

On 18 June 2025 the Commission made binding AliExpress's commitments on advertising and recommender transparency, researcher data access, and trader traceability — overseen by an independent Monitoring Trustee — while pressing a separate open track on illegal products. Voluntary promises turned into enforceable obligations.

The whole argument, in one row

The same scam ad. One continent keeps the receipt — the other burns it.

🇪🇺 European Union

The ad is archived for a full year under DSA Article 39 — content, who paid, targeting parameters, and reach broken down per country — searchable by anyone. This is exactly the data trail that let the Commission fine X €120M and force TikTok's ad repository into compliance.

🇺🇸 United States

A counterfeit-product or crypto-scam ad runs, reaches millions, and ends. It is removed from the ad library. No content, no reach, no targeting, no payer is kept. A journalist, a regulator, or a defrauded parent trying to trace it hits a dead end.

The gap, reversed

Same platforms. Different rules.

The EU's Digital Services Act mandates transparency. The US has no federal ad-transparency law to match it.

🇪🇺
European Union
Digital Services Act (DSA) enforced
All ads archived for 1 year after last shown (Art. 39)
Reach data recorded — including per Member State
Targeting criteria and audience disclosed
Vetted researchers can investigate fraud & influence ops (Art. 40)
All major platforms must comply — including TikTok
Payer and beneficiary info required on every ad
🇺🇸
United States
No federal ad transparency law
No archive of commercial ads after they stop running
No reach or impression data — ever
No targeting criteria disclosed
No way to investigate fraud or influence ops retroactively
TikTok has no US ad library at all
No payer or beneficiary information

The US contrast is documented in The Black Box: a Reuters investigation found Meta internally projected roughly $16B (~10%) of 2024 revenue from scam, illegal-gambling and prohibited-goods ads — almost none of it archived where the public can see it. Reuters

Platform by platform

What each VLOP must now disclose in the EU.

Platform
European Union (DSA)
United States
Meta
All ads archived 1 year. Reach, targeting, payer & beneficiary data. 5.9M ads pulled in 2025 after trusted-flagger reports. Transparent
Active ads only. No archive, no reach, no targeting for commercial ads — gone when it ends. Black box
X
Ad repository required. Commission fined X €120M in Dec 2025 — the ad repository was one of the confirmed breaches; X ordered to fix it. Enforced
No commercial ad archive after a campaign ends. Black box
TikTok
Full ad repository required. After a non-compliance finding, binding commitments now force full content, ≤24h updates, targeting & search filters. Enforced
No transparency library exists. Nothing. Void
Google & YouTube
1-year ad repository, reach and targeting disclosures under Art. 39, plus researcher data-access duties. Transparent
Shows advertiser & payer identity, but reach, targeting and full history stay electoral-only. Grey box
€120M
The EU's first-ever DSA fine, issued to X in Dec 2025 — a confirmed breach was its advertising repository (Art. 39).
€200M
The largest DSA fine to date, issued to Temu in May 2026 over illegal, unsafe products including hazardous baby toys.
TikTok
Binding commitments (Dec 2025) fixed its ad repository — full content, ≤24h updates, targeting & search filters.

TV advertising has always been public.

There is no good reason why online advertising — which can micro-target millions of specific people with any message — should operate in the dark. In the EU, it no longer does.

The same ad that vanishes in a black-box market is, in the EU, logged, kept for a year, and searchable by anyone — its content, its payer, its targeting, and its reach. The receipt survives the campaign.
Explore the platform transparency data →