— Edition 1.247 52 verified trackers
ES EN
Politics · Technology · Digital regulation  ·  where data speaks before headlines
Snapshot data
AML/OFAC enforcement against banks and fintech — 418 penalties documented 418 AML/OFAC penalties documented across 177 countries and 379 regula… Corporate bankruptcy and insolvency (Chapter 11) — 4 major corporate bankrup… Corporate bankruptcies hit decade highs: over 717 in the year per S&P… High-impact litigation risk index — 4 high-impact litigations… The risk index (0-100) aggregates five objective factors —procedural … Merger control: multi-jurisdiction competition … — 9 decisions and jurisdict… Merger control diverges by jurisdiction in 2026: the Trump administra… PEPs and sanctions networks · Ibero-American graph — 40 PEP/company nodes with … Ibero-American PEP→company→sanction graph (core: Mapa del Poder, 424 … Sovereign debt distress and restructurings — 5 distress/restructuring … The IMF's 6th Global Sovereign Debt Roundtable report (April 15, 2026… Forced labor in supply chains: entity lists — 4 forced-labor exposure i… Upstream exposure intelligence densifies: the UFLPA Entity List reach… EU AI Act — designation of national authorities — 3/10/14 / 27 Member States Tracker's first event: 3 states with both authorities / 10 partial / … AI Act · Notified bodies for conformity assessment — 1 body with AI-specific a… Ecosystem 'not ready' as of Mar-2026 (standards unpublished, insuffic… Scandal → conviction gap — — milestones logged +1 mirror case: Uribe — 7 years to convict, 8 weeks to reverse, open-… Technology ↔ regulation gap — 26 regulatory milestones +1: Peru closes the generative-AI gap in ~3 years (DS 115-2025-PCM), … CNMC Spain · the Digital Services Coordinator g… — 6 documented milestones The gap becomes chronic: Congress struck down the CNMC's legal empowe… Corporate data breaches: from incident to response — 11 breaches documented +1: Canvas/Instructure, the largest known education breach (≈275M rec… Migration friction in corporate and event mobility — 3 incidents and policies … The 2026 World Cup works as a live stress test: 39 countries under fu… Power and corruption in the courts in Ibero-Ame… — 29 documented cases Jun-2026 review: Uribe updated — first-instance conviction overturned… Crypto · Licenses and authorizations by jurisdi… — 40+ CASPs with full MiCA au… July 1, 2026 cliff: the transitional regime expires (ESMA, Apr 17) wi… Data breaches · Class-action settlements — 5 settlements and mass ca… 271 million dollars across four settlements approved or with deadline… Digital regulatory risk index by country — 16 countries profiled Jun-2026 review: Brazil updated on two layers (EU adequacy Jan 26, 20… Digital services taxes (DST) by country — 3 tax-map milestones docu… About half of European OECD countries have a DST announced, proposed … Global election risk 2026: democracy and digita… — 32 elections profiled 32 electoral processes of 2026 profiled by political regime and digit… ESG · Greenwashing enforcement — 3 enforcement milestones … The legal floor arrives Sep 27, 2026 (ECGT across the 27; transpositi… EU · Digital & sustainability regulatory deadli… — 6 calendar milestones doc… Next critical deadlines: Jun 23, 2026 closes the high-risk classifica… Export controls · Entity List and advanced chips — 6 regime milestones docum… The 2026 shift: licensing for H200/MI325X and equivalents to China mo… GDPR · International transfers and adequacy dec… — 6 framework milestones do… The EU-US DPF remains in force after surviving its first judicial cha… LATAM · AI bills in legislative process — 150+ bills identified 150+ count re-verified; milestones: Peru only country with a regulate… LATAM · Judicial and regulatory sanctions on pl… — $5,2M USD · fine on X Corp. i… Paradigm shift: the STF declared Art. 19 of the Marco Civil partially… Digital political ad spending 2026 — 6 country-platform observ… AdImpact's revised projection (Jun 11): $11.6bn for the 2026 cycle — … Shadow fleet · Sanctioned vessels and enablers — 632 vessels designated by t… +46 vessels in the 20th package (Reg. 2026/506/509/511) to 632; Art. … Whistleblower awards · SEC, CFTC and equivalent… — 3 program milestones docu… The SEC awarded over $60M to 48 whistleblowers in fiscal year 2025 (2… AI Act · Sanctions regime and its actual enforc… — 0 documented AI Act fines… 0 AI Act penalties issued to date: enforcement of high-risk obligatio… Beneficial ownership transparency (UBO / CTA / … — 4 transparency milestones 4 beneficial-ownership transparency milestones documented; the EU req… Crypto industry: collapses, sanctions and convi… — 13 documented cases 13 cases of collapses, sanctions and convictions in the crypto sector… AI harms in court — litigation, rulings and set… — 103 documented cases 103 AI-related harm and rights lawsuits documented; 2026 milestones: … DMA · designated gatekeepers and real compliance — 9 documented DMA acts 9 DMA compliance actions documented against gatekeepers; 2026 develop… Documented electoral disinformation 2026 — 7 documented campaigns 7 electoral disinformation campaigns or patterns documented with open… GDPR · which national authority really sanctions — 11 authorities profiled 11 GDPR enforcement country profiles and milestones documented; 2026 … LATAM · Internet shutdowns and platform blocks — 8 documented events · 202… 8 internet shutdown and blocking episodes documented in Latin America… Operational resilience & cyber (DORA / NIS2 / SEC) — 4 regulatory milestones 4 operational-resilience milestones documented; 2026 is the first rea… Digital fines actually imposed — 61 sanctions recorded 61 high-value penalties across 18 jurisdictions and 6 continents; cov… Commercial spyware: documented cases worldwide — 23 documented cases 23 spyware and surveillance cases documented across the Ibero-America… Trade compliance & forced labor (UFLPA) — 4 actions documented 4 trade-compliance actions on forced labor documented; under UFLPA ar… US · the state AI regulation patchwork — 10 laws and milestones 10 state AI laws or milestones documented in the U.S.; 2026 developme… Electoral digital integrity 2026 — 13 elections profiled 13 elections profiled by digital integrity; 5 with transparent politi… Climate: the gap between pledge and action — 12 countries assessed 12 countries assessed by the Climate Action Tracker: 10 with insuffic… Content moderation: appeals and reversals — 19 documented decisions 19 appealed and reviewed moderation decisions, with their policy, ori… Public AI spending — global government contracts — 50 documented contracts 50 public AI contracts across 15 jurisdictions on 5 continents (45 wi… Campaign promises → fulfillment — 29 term evaluations 29 terms evaluated across 25 countries on five continents EU · Consolidated DSA enforcement decisions — €120M first DSA fine · X · 5 … 5 Member States referred to CJEU for insufficient DSC implementation LATAM · Digital spending in 2026 electoral camp… — $14.794M COP · highest declared … Only 8 of 13 campaigns had reported in Cuentas Claras by mid-May Ibero-America · documented public contracts wit… — 3 contracts verified with… DC registry kickoff · ongoing monthly manual sweep RSF · Press freedom in Latin America — 144 Peru's rank (the region… AR -11 · PE -14 · SV -8 · EC -31 · USA -7 AML/OFAC enforcement against banks and fintech — 418 penalties documented 418 AML/OFAC penalties documented across 177 countries and 379 regula… Corporate bankruptcy and insolvency (Chapter 11) — 4 major corporate bankrup… Corporate bankruptcies hit decade highs: over 717 in the year per S&P… High-impact litigation risk index — 4 high-impact litigations… The risk index (0-100) aggregates five objective factors —procedural … Merger control: multi-jurisdiction competition … — 9 decisions and jurisdict… Merger control diverges by jurisdiction in 2026: the Trump administra… PEPs and sanctions networks · Ibero-American graph — 40 PEP/company nodes with … Ibero-American PEP→company→sanction graph (core: Mapa del Poder, 424 … Sovereign debt distress and restructurings — 5 distress/restructuring … The IMF's 6th Global Sovereign Debt Roundtable report (April 15, 2026… Forced labor in supply chains: entity lists — 4 forced-labor exposure i… Upstream exposure intelligence densifies: the UFLPA Entity List reach… EU AI Act — designation of national authorities — 3/10/14 / 27 Member States Tracker's first event: 3 states with both authorities / 10 partial / … AI Act · Notified bodies for conformity assessment — 1 body with AI-specific a… Ecosystem 'not ready' as of Mar-2026 (standards unpublished, insuffic… Scandal → conviction gap — — milestones logged +1 mirror case: Uribe — 7 years to convict, 8 weeks to reverse, open-… Technology ↔ regulation gap — 26 regulatory milestones +1: Peru closes the generative-AI gap in ~3 years (DS 115-2025-PCM), … CNMC Spain · the Digital Services Coordinator g… — 6 documented milestones The gap becomes chronic: Congress struck down the CNMC's legal empowe… Corporate data breaches: from incident to response — 11 breaches documented +1: Canvas/Instructure, the largest known education breach (≈275M rec… Migration friction in corporate and event mobility — 3 incidents and policies … The 2026 World Cup works as a live stress test: 39 countries under fu… Power and corruption in the courts in Ibero-Ame… — 29 documented cases Jun-2026 review: Uribe updated — first-instance conviction overturned… Crypto · Licenses and authorizations by jurisdi… — 40+ CASPs with full MiCA au… July 1, 2026 cliff: the transitional regime expires (ESMA, Apr 17) wi… Data breaches · Class-action settlements — 5 settlements and mass ca… 271 million dollars across four settlements approved or with deadline… Digital regulatory risk index by country — 16 countries profiled Jun-2026 review: Brazil updated on two layers (EU adequacy Jan 26, 20… Digital services taxes (DST) by country — 3 tax-map milestones docu… About half of European OECD countries have a DST announced, proposed … Global election risk 2026: democracy and digita… — 32 elections profiled 32 electoral processes of 2026 profiled by political regime and digit… ESG · Greenwashing enforcement — 3 enforcement milestones … The legal floor arrives Sep 27, 2026 (ECGT across the 27; transpositi… EU · Digital & sustainability regulatory deadli… — 6 calendar milestones doc… Next critical deadlines: Jun 23, 2026 closes the high-risk classifica… Export controls · Entity List and advanced chips — 6 regime milestones docum… The 2026 shift: licensing for H200/MI325X and equivalents to China mo… GDPR · International transfers and adequacy dec… — 6 framework milestones do… The EU-US DPF remains in force after surviving its first judicial cha… LATAM · AI bills in legislative process — 150+ bills identified 150+ count re-verified; milestones: Peru only country with a regulate… LATAM · Judicial and regulatory sanctions on pl… — $5,2M USD · fine on X Corp. i… Paradigm shift: the STF declared Art. 19 of the Marco Civil partially… Digital political ad spending 2026 — 6 country-platform observ… AdImpact's revised projection (Jun 11): $11.6bn for the 2026 cycle — … Shadow fleet · Sanctioned vessels and enablers — 632 vessels designated by t… +46 vessels in the 20th package (Reg. 2026/506/509/511) to 632; Art. … Whistleblower awards · SEC, CFTC and equivalent… — 3 program milestones docu… The SEC awarded over $60M to 48 whistleblowers in fiscal year 2025 (2… AI Act · Sanctions regime and its actual enforc… — 0 documented AI Act fines… 0 AI Act penalties issued to date: enforcement of high-risk obligatio… Beneficial ownership transparency (UBO / CTA / … — 4 transparency milestones 4 beneficial-ownership transparency milestones documented; the EU req… Crypto industry: collapses, sanctions and convi… — 13 documented cases 13 cases of collapses, sanctions and convictions in the crypto sector… AI harms in court — litigation, rulings and set… — 103 documented cases 103 AI-related harm and rights lawsuits documented; 2026 milestones: … DMA · designated gatekeepers and real compliance — 9 documented DMA acts 9 DMA compliance actions documented against gatekeepers; 2026 develop… Documented electoral disinformation 2026 — 7 documented campaigns 7 electoral disinformation campaigns or patterns documented with open… GDPR · which national authority really sanctions — 11 authorities profiled 11 GDPR enforcement country profiles and milestones documented; 2026 … LATAM · Internet shutdowns and platform blocks — 8 documented events · 202… 8 internet shutdown and blocking episodes documented in Latin America… Operational resilience & cyber (DORA / NIS2 / SEC) — 4 regulatory milestones 4 operational-resilience milestones documented; 2026 is the first rea… Digital fines actually imposed — 61 sanctions recorded 61 high-value penalties across 18 jurisdictions and 6 continents; cov… Commercial spyware: documented cases worldwide — 23 documented cases 23 spyware and surveillance cases documented across the Ibero-America… Trade compliance & forced labor (UFLPA) — 4 actions documented 4 trade-compliance actions on forced labor documented; under UFLPA ar… US · the state AI regulation patchwork — 10 laws and milestones 10 state AI laws or milestones documented in the U.S.; 2026 developme… Electoral digital integrity 2026 — 13 elections profiled 13 elections profiled by digital integrity; 5 with transparent politi… Climate: the gap between pledge and action — 12 countries assessed 12 countries assessed by the Climate Action Tracker: 10 with insuffic… Content moderation: appeals and reversals — 19 documented decisions 19 appealed and reviewed moderation decisions, with their policy, ori… Public AI spending — global government contracts — 50 documented contracts 50 public AI contracts across 15 jurisdictions on 5 continents (45 wi… Campaign promises → fulfillment — 29 term evaluations 29 terms evaluated across 25 countries on five continents EU · Consolidated DSA enforcement decisions — €120M first DSA fine · X · 5 … 5 Member States referred to CJEU for insufficient DSC implementation LATAM · Digital spending in 2026 electoral camp… — $14.794M COP · highest declared … Only 8 of 13 campaigns had reported in Cuentas Claras by mid-May Ibero-America · documented public contracts wit… — 3 contracts verified with… DC registry kickoff · ongoing monthly manual sweep RSF · Press freedom in Latin America — 144 Peru's rank (the region… AR -11 · PE -14 · SV -8 · EC -31 · USA -7
/ trackers / cnmc-spain-dsa-enforcement
Spain · DSA enforcement

CNMC Spain · the Digital Services Coordinator gap (DSA)

Verifiable timeline of the deployment of Spain's National Markets and Competition Commission (CNMC) as Digital Services Coordinator under Regulation (EU) 2022/2065 (DSA). The tracker measures a concrete gap: the distance between the coordinator's formal designation (January 2024) and its real enforcement. As of May 2026 that gap remains open: the legal enabling was repealed, the European Commission opened infringement proceedings against Spain, and the CNMC has still not approved its sanctioning regime nor certified trusted flaggers nor imposed its own DSA sanctions. Each record documents a milestone with its status and official source.

Snapshot · June 12, 2026
6
documented milestones
↑ The gap becomes chronic: Congress struck down the CNMC's legal empowerment (Apr 14, 2026, 174-163); designated since Jan-2024 without operating as Coordinator; Commission infringement procedure open against Spain

Evolution

Data analysis

Statistical readings derived from the attributes of each recorded case. All figures come from the documented events; amounts are computed only over cases with a sum expressed in the indicated currency, without converting between currencies.

Milestone status

The outcome of each milestone: completed, repealed, pending or under infringement proceedings.

Milestone type

The nature of each act: designation, legal enabling, sanctioning regime, supervision.

Milestones per year

Temporal distribution of the Coordinator deployment milestones in Spain.

Reading the data

Spain designated the CNMC as its Digital Services Coordinator in January 2024. Two years later, that coordinator still cannot sanction: the legal enabling was repealed, Brussels opened infringement proceedings and the sanctioning regime remains unapproved. This tracker measures that gap between having the authority named and having it operational.

YV
Yaneth Vickari S. · Digital regulation expert · Madrid
May 26, 2026 · 5 min read

The European Digital Services Act requires each member state to name a national authority —the Digital Services Coordinator— to supervise and sanction the platforms established in its territory. Spain completed the formality in January 2024: it designated the National Markets and Competition Commission, with powers to impose fines of up to 6% of large platforms' global turnover. On paper, an authority with teeth.

The problem is what happened next, and it is exactly what this tracker documents. The designation was not enough: a legal enabling was needed to expand the CNMC's powers and resources. That enabling, agreed in December 2024, lapsed weeks later when the decree containing it was not ratified. The European Commission, which monitors DSA application, opened infringement proceedings against Spain. And by April 2026 the Government was still processing a new bill to make operational a coordinator named two years earlier.

Of the six documented milestones in the Spanish DSA Coordinator's rollout, only one —the initial designation— is marked 'completed'. The rest are pending, repealed, under supervision or under European infringement proceedings. The authority exists on the org chart; enforcement, not yet.

The gap that matters for the platforms

This distinction —between a designated authority and one that sanctions— is exactly the kind of nuance a compliance team, a law firm or a platform needs, and which the headline 'Spain already has a DSA coordinator' hides. For a platform established in Spain, the operational question is not whether a coordinator exists, but whether that coordinator can open a case and fine it today. As of May 2026, the answer remains nuanced: the CNMC supervises and cooperates with Brussels —as in the Temu monitoring— but its full national sanctioning capacity is not consolidated.

What Spain illustrates is not an isolated case, but the pattern running through all of Diálogo Ciudadano's trackers: the distance between the law passed and the law applied. The DSA is among the world's most ambitious digital rules, but its force depends on each state activating its coordinator. Documenting that activation milestone by milestone —with its status and source— turns a regulatory promise into a verifiable data point of real enforcement.

Methodology note

The tracker gathers verifiable milestones in the CNMC's rollout as Digital Services Coordinator, with their status (completed, pending, repealed, under supervision, under infringement proceedings) and their source (CNMC, BOE, legal analyses, fact-checking media). It distinguishes between formal designation and real sanctioning capacity. It does not record sanctions that are not on record as final. The charts are computed from each milestone's attributes.

It is informational infrastructure, not legal advice. The rollout status updates as the legislative process advances.

Documented events (7)

April 14, 2026 ES confirmed

Congress strikes down the CNMC's legal empowerment as Digital Services Coordinator: the gap becomes chronic

On April 14, 2026, Congress's plenary rejected by 174 votes (PP, Vox and Junts) to 163 (PSOE, Sumar, Bildu, PNV, Podemos, CC and BNG), with 8 abstentions (ERC and UPN), the PSOE bill legally empowering the CNMC as Digital Services Coordinator, as the DSA requires. The context measuring the gap: the CNMC was designated by the Ministry in January 2024, but without legal empowerment it has not begun operating as Coordinator; the European Commission keeps an infringement procedure open against Spain over the delay, with possible economic sanctions; and the parallel bill (registered July 2025, also adapting the European media-freedom law) remains blocked in amendments since August 2025. Both readings, at comparable weight: for proponents, 'we cannot allow platforms to operate without control and citizens to go unprotected'; for opponents, the CNMC must first be renewed 'in a plural and independent manner' given the risk of the Government using it 'as a censorship instrument'. Spain remains Europe's case of a designated Coordinator that cannot coordinate.

April 8, 2026 ES confirmed

By April 2026 the Government processes a new bill to formally enable the CNMC

The PSOE files a bill in Congress to enable the CNMC as coordinator and provide it with staff and resources. Two years after the designation, the coordinator still does not operate with full sanctioning powers.

June 1, 2025 ES confirmed

The CNMC monitors Temu's compliance, under investigation by the European Commission

In 2025 the CNMC monitors the compliance of Temu, a platform investigated by the European Commission over the sale of illegal products affecting Spanish consumers. The action is supervisory and cooperative, with no final national sanction.

February 1, 2025 ES confirmed

The European Commission opens infringement proceedings against Spain over incomplete DSA application

After a reasoned opinion, the European Commission gives Spain two months to remedy the shortcomings in the coordinator's effective designation, under threat of taking the case to the EU Court of Justice.

January 28, 2025 ES confirmed

The CNMC's legal enabling lapses and is reintroduced via Royal Decree-law 1/2025

The CNMC's formal enabling, agreed in December 2024, lapsed when the decree containing it was not ratified. The Council of Ministers approves RDL 1/2025 on 28 January to reintroduce the powers, amid parliamentary instability.

December 1, 2024 ES confirmed

By late 2024 the CNMC has still not approved the sanctioning regime nor certified trusted flaggers

Despite the designation, the CNMC has not approved the applicable sanctioning regime nor certified trusted flaggers nor out-of-court dispute bodies: real sanctioning capacity is not operational.

January 24, 2024 ES confirmed

The Ministry for Digital Transformation designates the CNMC as Digital Services Coordinator

Spain complies with DSA Article 49.3 by designating the CNMC as national coordinating authority, with powers of supervision, investigation and sanction of up to 6% of large platforms' global turnover.

Methodology

Type
event-log
Construction
DC editorial construction
Cadence
event-driven

Sources consulted

  1. CNMC · sección Servicios Digitales (DSA) ↗ official

    Official CNMC page on its DSA role. Publishes press releases when it issues resolutions. It has no aggregated dashboard of sanctions imposed.

  2. Boletín Oficial del Estado (BOE) ↗ official

    Administrative resolutions with sanctioning effects are published in the BOE. Manual biweekly search for 'CNMC' and 'digital services'.

  3. CNMC · designación como Coordinador Servicios Digitales ↗ official

    CNMC press release of 24 January 2024 on its formal designation as DSC under Regulation (EU) 2022/2065.

  4. Real Decreto-ley 1/2025 de 28 enero · régimen sancionador DSA España ↗ official

    RDL 1/2025 introduces the DSA sanctions regime after the repeal of RDL 9/2024 by Congress in January 2025. Fines of up to 6% of the provider's annual worldwide turnover.

Related pieces