,

The DSA gets down to product design

X must rebuild advertising and research access under European supervision.

The DSA gets down to product design
Summary
  • X has six months to implement a corrective plan covering advertising records and researcher access.
  • Required changes include additional search tools, an API, fuller advert records, and free access for eligible researchers.
  • Independent auditing will test whether Digital Services Act enforcement produces functioning transparency systems.

The European Commission has accepted a corrective plan from X that will require the platform to rebuild parts of its advertising repository and change how researchers obtain public data, providing one of the clearest examples yet of the Digital Services Act reaching into everyday product engineering.

The European Commission has given X six months to implement the measures after identifying shortcomings in advertising transparency and data access. The company will remain under enhanced supervision and must commission an independent audit of the completed work.

The required changes include additional advertising search filters, results displayed within the repository rather than through separate spreadsheets, faster response times, fuller records of advert content and destination links, and access through an application programming interface.

For researchers, X must revise its application screening, give eligible users access without charge, shorten processing times, provide suitable data volumes, and amend its terms so approved researchers are not contractually prohibited from collecting publicly available information. The Commission’s implementation notice sets out the requirements.

Transparency becomes an engineering requirement

Platform regulation is often described through fines, harmful content, and broad legal duties, whereas the X plan reads more like an operational specification. Search speed, interface design, API availability, data fields, application workflows, and contractual terms must all change if the service is to comply.

An advertising repository offers little transparency when users cannot interrogate it effectively. A database that responds slowly, omits destination links, or relies on awkward exports can satisfy the appearance of disclosure while making meaningful examination impractical.

Researchers face similar constraints when studying coordinated manipulation, advertising practices, recommender systems, election risks, or harmful material. Cost, processing times, and data volumes can determine whether independent scrutiny is possible, particularly for universities and civil-society groups without the resources available to platforms and regulators.

Acceptance of the action plan does not resolve every concern surrounding X. The European Board for Digital Services considered the original proposal inadequate in several areas, leading the Commission to clarify its expectations. Implementation, auditing, and any subsequent enforcement will determine whether the commitments produce useful systems.

Compliance moves into the product backlog

Other large platforms will be watching closely because the process illustrates the technical and administrative work created by the DSA. Services need systems that retain accurate advertising records, validate researcher eligibility, provide secure access, document decisions, and generate evidence for supervisors.

Legal teams cannot complete that work after a product has been launched when regulators are examining the underlying interface, data pipeline, repository, and application process. Compliance becomes part of product planning, information architecture, software development, and operational support.

Access obligations must still coexist with privacy, cybersecurity, intellectual-property, and misuse controls. An inadequately protected API could expose personal information or enable hostile collection, while excessively restrictive controls can preserve the information imbalance that the regulation was intended to reduce.

The independent audit will carry considerable weight because adding promised features does not demonstrate that the system works. Auditors will need to assess whether eligible researchers can obtain useful data reliably, whether the repository contains complete records, and whether X has addressed weaknesses identified during the review.

European platform regulation has sometimes been criticised for creating broad obligations that enforcement could struggle to translate into technical change. The X plan offers measurable tests: search performance, API availability, application processing, data completeness, and contract wording can all be examined directly.

Successful implementation would show how European regulation can alter the infrastructure through which a global platform is scrutinised. Failure would leave the Commission deciding what penalties or further design requirements are needed when an accepted plan does not produce meaningful transparency.