— Edition 1.247 52 verified trackers
ES EN
Politics · Technology · Digital regulation  ·  where data speaks before headlines
Snapshot data
AML/OFAC enforcement against banks and fintech — 418 penalties documented 418 AML/OFAC penalties documented across 177 countries and 379 regula… Corporate bankruptcy and insolvency (Chapter 11) — 4 major corporate bankrup… Corporate bankruptcies hit decade highs: over 717 in the year per S&P… High-impact litigation risk index — 4 high-impact litigations… The risk index (0-100) aggregates five objective factors —procedural … Merger control: multi-jurisdiction competition … — 9 decisions and jurisdict… Merger control diverges by jurisdiction in 2026: the Trump administra… PEPs and sanctions networks · Ibero-American graph — 40 PEP/company nodes with … Ibero-American PEP→company→sanction graph (core: Mapa del Poder, 424 … Sovereign debt distress and restructurings — 5 distress/restructuring … The IMF's 6th Global Sovereign Debt Roundtable report (April 15, 2026… Forced labor in supply chains: entity lists — 4 forced-labor exposure i… Upstream exposure intelligence densifies: the UFLPA Entity List reach… EU AI Act — designation of national authorities — 3/10/14 / 27 Member States Tracker's first event: 3 states with both authorities / 10 partial / … AI Act · Notified bodies for conformity assessment — 1 body with AI-specific a… Ecosystem 'not ready' as of Mar-2026 (standards unpublished, insuffic… Scandal → conviction gap — — milestones logged +1 mirror case: Uribe — 7 years to convict, 8 weeks to reverse, open-… Technology ↔ regulation gap — 26 regulatory milestones +1: Peru closes the generative-AI gap in ~3 years (DS 115-2025-PCM), … CNMC Spain · the Digital Services Coordinator g… — 6 documented milestones The gap becomes chronic: Congress struck down the CNMC's legal empowe… Corporate data breaches: from incident to response — 11 breaches documented +1: Canvas/Instructure, the largest known education breach (≈275M rec… Migration friction in corporate and event mobility — 3 incidents and policies … The 2026 World Cup works as a live stress test: 39 countries under fu… Power and corruption in the courts in Ibero-Ame… — 29 documented cases Jun-2026 review: Uribe updated — first-instance conviction overturned… Crypto · Licenses and authorizations by jurisdi… — 40+ CASPs with full MiCA au… July 1, 2026 cliff: the transitional regime expires (ESMA, Apr 17) wi… Data breaches · Class-action settlements — 5 settlements and mass ca… 271 million dollars across four settlements approved or with deadline… Digital regulatory risk index by country — 16 countries profiled Jun-2026 review: Brazil updated on two layers (EU adequacy Jan 26, 20… Digital services taxes (DST) by country — 3 tax-map milestones docu… About half of European OECD countries have a DST announced, proposed … Global election risk 2026: democracy and digita… — 32 elections profiled 32 electoral processes of 2026 profiled by political regime and digit… ESG · Greenwashing enforcement — 3 enforcement milestones … The legal floor arrives Sep 27, 2026 (ECGT across the 27; transpositi… EU · Digital & sustainability regulatory deadli… — 6 calendar milestones doc… Next critical deadlines: Jun 23, 2026 closes the high-risk classifica… Export controls · Entity List and advanced chips — 6 regime milestones docum… The 2026 shift: licensing for H200/MI325X and equivalents to China mo… GDPR · International transfers and adequacy dec… — 6 framework milestones do… The EU-US DPF remains in force after surviving its first judicial cha… LATAM · AI bills in legislative process — 150+ bills identified 150+ count re-verified; milestones: Peru only country with a regulate… LATAM · Judicial and regulatory sanctions on pl… — $5,2M USD · fine on X Corp. i… Paradigm shift: the STF declared Art. 19 of the Marco Civil partially… Digital political ad spending 2026 — 6 country-platform observ… AdImpact's revised projection (Jun 11): $11.6bn for the 2026 cycle — … Shadow fleet · Sanctioned vessels and enablers — 632 vessels designated by t… +46 vessels in the 20th package (Reg. 2026/506/509/511) to 632; Art. … Whistleblower awards · SEC, CFTC and equivalent… — 3 program milestones docu… The SEC awarded over $60M to 48 whistleblowers in fiscal year 2025 (2… AI Act · Sanctions regime and its actual enforc… — 0 documented AI Act fines… 0 AI Act penalties issued to date: enforcement of high-risk obligatio… Beneficial ownership transparency (UBO / CTA / … — 4 transparency milestones 4 beneficial-ownership transparency milestones documented; the EU req… Crypto industry: collapses, sanctions and convi… — 13 documented cases 13 cases of collapses, sanctions and convictions in the crypto sector… AI harms in court — litigation, rulings and set… — 103 documented cases 103 AI-related harm and rights lawsuits documented; 2026 milestones: … DMA · designated gatekeepers and real compliance — 9 documented DMA acts 9 DMA compliance actions documented against gatekeepers; 2026 develop… Documented electoral disinformation 2026 — 7 documented campaigns 7 electoral disinformation campaigns or patterns documented with open… GDPR · which national authority really sanctions — 11 authorities profiled 11 GDPR enforcement country profiles and milestones documented; 2026 … LATAM · Internet shutdowns and platform blocks — 8 documented events · 202… 8 internet shutdown and blocking episodes documented in Latin America… Operational resilience & cyber (DORA / NIS2 / SEC) — 4 regulatory milestones 4 operational-resilience milestones documented; 2026 is the first rea… Digital fines actually imposed — 61 sanctions recorded 61 high-value penalties across 18 jurisdictions and 6 continents; cov… Commercial spyware: documented cases worldwide — 23 documented cases 23 spyware and surveillance cases documented across the Ibero-America… Trade compliance & forced labor (UFLPA) — 4 actions documented 4 trade-compliance actions on forced labor documented; under UFLPA ar… US · the state AI regulation patchwork — 10 laws and milestones 10 state AI laws or milestones documented in the U.S.; 2026 developme… Electoral digital integrity 2026 — 13 elections profiled 13 elections profiled by digital integrity; 5 with transparent politi… Climate: the gap between pledge and action — 12 countries assessed 12 countries assessed by the Climate Action Tracker: 10 with insuffic… Content moderation: appeals and reversals — 19 documented decisions 19 appealed and reviewed moderation decisions, with their policy, ori… Public AI spending — global government contracts — 50 documented contracts 50 public AI contracts across 15 jurisdictions on 5 continents (45 wi… Campaign promises → fulfillment — 29 term evaluations 29 terms evaluated across 25 countries on five continents EU · Consolidated DSA enforcement decisions — €120M first DSA fine · X · 5 … 5 Member States referred to CJEU for insufficient DSC implementation LATAM · Digital spending in 2026 electoral camp… — $14.794M COP · highest declared … Only 8 of 13 campaigns had reported in Cuentas Claras by mid-May Ibero-America · documented public contracts wit… — 3 contracts verified with… DC registry kickoff · ongoing monthly manual sweep RSF · Press freedom in Latin America — 144 Peru's rank (the region… AR -11 · PE -14 · SV -8 · EC -31 · USA -7 AML/OFAC enforcement against banks and fintech — 418 penalties documented 418 AML/OFAC penalties documented across 177 countries and 379 regula… Corporate bankruptcy and insolvency (Chapter 11) — 4 major corporate bankrup… Corporate bankruptcies hit decade highs: over 717 in the year per S&P… High-impact litigation risk index — 4 high-impact litigations… The risk index (0-100) aggregates five objective factors —procedural … Merger control: multi-jurisdiction competition … — 9 decisions and jurisdict… Merger control diverges by jurisdiction in 2026: the Trump administra… PEPs and sanctions networks · Ibero-American graph — 40 PEP/company nodes with … Ibero-American PEP→company→sanction graph (core: Mapa del Poder, 424 … Sovereign debt distress and restructurings — 5 distress/restructuring … The IMF's 6th Global Sovereign Debt Roundtable report (April 15, 2026… Forced labor in supply chains: entity lists — 4 forced-labor exposure i… Upstream exposure intelligence densifies: the UFLPA Entity List reach… EU AI Act — designation of national authorities — 3/10/14 / 27 Member States Tracker's first event: 3 states with both authorities / 10 partial / … AI Act · Notified bodies for conformity assessment — 1 body with AI-specific a… Ecosystem 'not ready' as of Mar-2026 (standards unpublished, insuffic… Scandal → conviction gap — — milestones logged +1 mirror case: Uribe — 7 years to convict, 8 weeks to reverse, open-… Technology ↔ regulation gap — 26 regulatory milestones +1: Peru closes the generative-AI gap in ~3 years (DS 115-2025-PCM), … CNMC Spain · the Digital Services Coordinator g… — 6 documented milestones The gap becomes chronic: Congress struck down the CNMC's legal empowe… Corporate data breaches: from incident to response — 11 breaches documented +1: Canvas/Instructure, the largest known education breach (≈275M rec… Migration friction in corporate and event mobility — 3 incidents and policies … The 2026 World Cup works as a live stress test: 39 countries under fu… Power and corruption in the courts in Ibero-Ame… — 29 documented cases Jun-2026 review: Uribe updated — first-instance conviction overturned… Crypto · Licenses and authorizations by jurisdi… — 40+ CASPs with full MiCA au… July 1, 2026 cliff: the transitional regime expires (ESMA, Apr 17) wi… Data breaches · Class-action settlements — 5 settlements and mass ca… 271 million dollars across four settlements approved or with deadline… Digital regulatory risk index by country — 16 countries profiled Jun-2026 review: Brazil updated on two layers (EU adequacy Jan 26, 20… Digital services taxes (DST) by country — 3 tax-map milestones docu… About half of European OECD countries have a DST announced, proposed … Global election risk 2026: democracy and digita… — 32 elections profiled 32 electoral processes of 2026 profiled by political regime and digit… ESG · Greenwashing enforcement — 3 enforcement milestones … The legal floor arrives Sep 27, 2026 (ECGT across the 27; transpositi… EU · Digital & sustainability regulatory deadli… — 6 calendar milestones doc… Next critical deadlines: Jun 23, 2026 closes the high-risk classifica… Export controls · Entity List and advanced chips — 6 regime milestones docum… The 2026 shift: licensing for H200/MI325X and equivalents to China mo… GDPR · International transfers and adequacy dec… — 6 framework milestones do… The EU-US DPF remains in force after surviving its first judicial cha… LATAM · AI bills in legislative process — 150+ bills identified 150+ count re-verified; milestones: Peru only country with a regulate… LATAM · Judicial and regulatory sanctions on pl… — $5,2M USD · fine on X Corp. i… Paradigm shift: the STF declared Art. 19 of the Marco Civil partially… Digital political ad spending 2026 — 6 country-platform observ… AdImpact's revised projection (Jun 11): $11.6bn for the 2026 cycle — … Shadow fleet · Sanctioned vessels and enablers — 632 vessels designated by t… +46 vessels in the 20th package (Reg. 2026/506/509/511) to 632; Art. … Whistleblower awards · SEC, CFTC and equivalent… — 3 program milestones docu… The SEC awarded over $60M to 48 whistleblowers in fiscal year 2025 (2… AI Act · Sanctions regime and its actual enforc… — 0 documented AI Act fines… 0 AI Act penalties issued to date: enforcement of high-risk obligatio… Beneficial ownership transparency (UBO / CTA / … — 4 transparency milestones 4 beneficial-ownership transparency milestones documented; the EU req… Crypto industry: collapses, sanctions and convi… — 13 documented cases 13 cases of collapses, sanctions and convictions in the crypto sector… AI harms in court — litigation, rulings and set… — 103 documented cases 103 AI-related harm and rights lawsuits documented; 2026 milestones: … DMA · designated gatekeepers and real compliance — 9 documented DMA acts 9 DMA compliance actions documented against gatekeepers; 2026 develop… Documented electoral disinformation 2026 — 7 documented campaigns 7 electoral disinformation campaigns or patterns documented with open… GDPR · which national authority really sanctions — 11 authorities profiled 11 GDPR enforcement country profiles and milestones documented; 2026 … LATAM · Internet shutdowns and platform blocks — 8 documented events · 202… 8 internet shutdown and blocking episodes documented in Latin America… Operational resilience & cyber (DORA / NIS2 / SEC) — 4 regulatory milestones 4 operational-resilience milestones documented; 2026 is the first rea… Digital fines actually imposed — 61 sanctions recorded 61 high-value penalties across 18 jurisdictions and 6 continents; cov… Commercial spyware: documented cases worldwide — 23 documented cases 23 spyware and surveillance cases documented across the Ibero-America… Trade compliance & forced labor (UFLPA) — 4 actions documented 4 trade-compliance actions on forced labor documented; under UFLPA ar… US · the state AI regulation patchwork — 10 laws and milestones 10 state AI laws or milestones documented in the U.S.; 2026 developme… Electoral digital integrity 2026 — 13 elections profiled 13 elections profiled by digital integrity; 5 with transparent politi… Climate: the gap between pledge and action — 12 countries assessed 12 countries assessed by the Climate Action Tracker: 10 with insuffic… Content moderation: appeals and reversals — 19 documented decisions 19 appealed and reviewed moderation decisions, with their policy, ori… Public AI spending — global government contracts — 50 documented contracts 50 public AI contracts across 15 jurisdictions on 5 continents (45 wi… Campaign promises → fulfillment — 29 term evaluations 29 terms evaluated across 25 countries on five continents EU · Consolidated DSA enforcement decisions — €120M first DSA fine · X · 5 … 5 Member States referred to CJEU for insufficient DSC implementation LATAM · Digital spending in 2026 electoral camp… — $14.794M COP · highest declared … Only 8 of 13 campaigns had reported in Cuentas Claras by mid-May Ibero-America · documented public contracts wit… — 3 contracts verified with… DC registry kickoff · ongoing monthly manual sweep RSF · Press freedom in Latin America — 144 Peru's rank (the region… AR -11 · PE -14 · SV -8 · EC -31 · USA -7
/ trackers / eu-dsa-enforcement-consolidated
EU · DSA enforcement · Commission + 27 DSC

EU · Consolidated DSA enforcement decisions

Consolidated registry of administrative decisions and fines under Regulation (EU) 2022/2065 (Digital Services Act), issued by the European Commission (competent for Very Large Online Platforms and Very Large Online Search Engines) and the national Digital Services Coordinators (competent for other intermediary services established in their territory). Each decision includes the legal basis invoked, sanctioned platform or Member State, monetary amount, and source URL. The tracker also covers infringement procedures against Member States for insufficient DSA implementation. Diálogo Ciudadano logs only decisions with verifiable publication.

Snapshot · May 21, 2026
€120M
first DSA fine · X · 5 Dec 2025
↑ 5 Member States referred to CJEU for insufficient DSC implementation

Evolution

Data analysis

Statistical readings derived from the attributes of each recorded case. All figures come from the documented events; amounts are computed only over cases with a sum expressed in the indicated currency, without converting between currencies.

Actions by platform type

Classification of entities subject to DSA action (VLOP, platform, etc.). Complements the by-authority and by-decision charts.

Actions per year

Temporal distribution of consolidated DSA enforcement.

Outcome of the actions

Status or result of each DSA enforcement action (binding commitments, response pending, appeal filed, etc.).

Reading the data

Thirteen actions under the EU's Digital Services Act show a regime barely getting started: three years after it took effect, only one final fine has been imposed —€120 million— and most cases against X, TikTok or Meta remain open or have already escalated to the courts.

YV
Yaneth Vickari S. · Digital regulation expert · Madrid
May 30, 2026 · 4 min read

The Digital Services Act (DSA) was to be the tool with which Europe would discipline Big Tech platforms. This tracker consolidates its first thirteen actions —formal proceedings, infringement letters, preliminary findings, one fine and even a procedural defeat for the Commission itself— and the portrait is of a regime running in rather than at cruising speed.

The European Commission, competent over very large online platforms (VLOPs), signs ten of the thirteen actions. But only one has ended in a final fine: the €120 million of a non-compliance decision. The rest divide among four open formal proceedings, two infringement letters, preliminary findings, commitments accepted without a fine, and referrals to the EU Court of Justice.

X Corp. is the most recurrent subject, with three actions, followed by TikTok with two. But concentration in a few names does not equal collected sanctions: several actions are already appealed before the EU General Court, and one of the Commission's own decisions was annulled in a procedural setback.

Why the outcome matters, not the announcement

As in the digital-fines tracker, the decisive data point here is the outcome field, not the opening of the case. Launching a formal proceeding generates headlines; closing it with a final, collected sanction is another matter, and much slower. The legal bases invoked sketch the regulator's priorities: protection of minors (Art. 28), systemic-risk management (Arts. 34-35), advertising transparency (Art. 39) and researcher data access (Art. 40) are the most cited.

Three years of the DSA leave a provisional lesson: the rule has teeth on paper, but its real enforcement is a long administrative and judicial process in which platforms litigate every step. This tracker focuses on the EU because the DSA is a single, consolidated regime; measuring its effectiveness requires following each case to its resolution, not stopping at the initial announcement.

Methodology note

Each action is recorded with the subject, the authority, the type of decision, the DSA legal basis invoked, the amount (where any) and the verifiable outcome. The consolidated amount reflects only final fines. Assessments are attributed to the European Commission or the relevant court, never to this outlet.

Documented events (13)

February 13, 2026 EU confirmed

X appeals €120M fine before the EU General Court

X files an appeal before the EU General Court against the €120 million fine imposed by the Commission in December 2025. X's Global Government Affairs team argues the decision "resulted from an incomplete and superficial investigation, grave procedural errors, a tortured interpretation of the obligations under the DSA, and systematic breaches of rights of defence and basic due process requirements suggesting prosecutorial bias". First substantive appeal against a DSA non-compliance decision.

December 5, 2025 EU confirmed

First DSA fine: €120 million on X (formerly Twitter)

The European Commission imposes a €120 million fine on X for violating DSA in three transparency areas: (1) blue checkmark deceives users — anyone can obtain verified status by paying, and X does not verify holder identity (dark pattern under Art. 25); (2) advertising repository is dysfunctional and conceals advertiser information (Art. 39 breach); (3) X does not allow effective researcher access to study the recommendation algorithm (Art. 40(12) breach). First formal fine under Regulation (EU) 2022/2065. X has 60 working days to present measures on the verification system and 90 days on the ad repository and researcher access. The same day, the Commission accepted legally binding commitments from TikTok on its ad repository with no fine.

December 5, 2025 EU confirmed

Commission accepts TikTok commitments on advertising repository (no fine)

The same day it fined X, the Commission accepted legally binding commitments from TikTok to make its advertising repository functional. No financial penalty associated. The procedure against TikTok opened in February 2024 also included systemic risk management and minor protection, where the investigation continues. The Commission's official narrative is that the DSA aims to achieve compliance, not collect fines.

October 24, 2025 EU confirmed

Commission issues preliminary findings against Meta and TikTok for blocking researcher access

The European Commission issues preliminary non-compliance findings against Meta (Facebook + Instagram) and TikTok for burdensome procedures that limit researcher access to platform public data, a key requirement under Art. 40 DSA. The Commission specifically points to Meta's CrowdTangle shutdown without adequate replacement. If the Commission confirms its findings, fines could reach 6% of global annual turnover — approximately USD 9.9B for Meta (based on 2024 revenue of USD 164.5B) and USD 9.3B for ByteDance (reported 2024 revenue ~USD 155B).

September 10, 2025 EU confirmed

General Court annuls 2023 DSA supervisory fee decisions against Meta and TikTok

The EU General Court annuls the Commission's 2023 decisions on DSA supervisory fees that Meta and TikTok were required to pay, on the basis of a methodology calculation error. The court did not annul the obligation to pay the fee itself, but the procedure — the Commission has 12 months to reissue the decisions with corrected methodology. Meta calculated it will be asked to pay €11M in 2024 supervisory fees.

May 26, 2025 EU confirmed

Coordinated CPC action against SHEIN over unlawful commercial practices

The Commission and national consumer protection authorities from Belgium, France, Ireland, and Netherlands, through the Consumer Protection Cooperation (CPC) network, formally urge SHEIN to comply with EU consumer protection law. Following an EU-level coordinated investigation, the authorities identified several unlawful commercial practices on the platform. SHEIN has one month to respond and propose corrective measures. If the response is unsatisfactory, national authorities may impose fines based on the company's EU turnover.

May 27, 2025 EU confirmed

Commission opens formal investigations into Pornhub, Stripchat, XNXX and XVideos

The Commission launches formal investigations against four pornographic platforms for possible DSA breaches on minor protection. The inquiry focuses on whether they have effective age-verification systems and other measures ensuring children's privacy, safety, and well-being. Simultaneously, the Commission withdraws Stripchat's VLOP status after finding its EU user base is below the 45 million monthly threshold.

May 7, 2025 EU confirmed

Commission refers Czechia, Spain, Cyprus, Poland, Portugal to CJEU on DSA

The Commission decides to refer to the EU Court of Justice five Member States — Czechia (INFR(2024)2039), Spain (INFR(2024)2165), Cyprus (INFR(2024)2016), Poland (INFR(2024)2041), and Portugal (INFR(2024)2038) — for failing to effectively implement the DSA. Czechia, Cyprus, Spain, and Portugal have designated DSCs but have not granted them sufficient powers. Poland has neither designated nor empowered a DSC. None has adopted the required national penalty framework. The same day, the Commission sends a reasoned opinion to Bulgaria (INFR(2024)2241).

July 25, 2024 EU confirmed

Second wave of infringement proceedings against 6 MS on DSA implementation

The Commission sends letters of formal notice to Belgium (INFR(2024)2164), Spain (INFR(2024)2165), Croatia (INFR(2024)2166), Luxembourg (INFR(2024)2168), Netherlands (INFR(2024)2163), and Sweden (INFR(2024)2169) for failing to designate competent authorities or empower them to perform DSA tasks. Spain appears in this second wave despite having designated CNMC as DSC in January 2024 — the problem is insufficient effective empowerment.

April 30, 2024 EU confirmed

Commission opens formal proceedings against Meta (Facebook + Instagram)

Formal DSA proceedings against Meta for alleged non-compliance regarding deceptive advertising, political content, illegal content notification mechanisms, researcher access, and Meta's decision to shut down CrowdTangle without an adequate replacement, limiting researchers' and journalists' ability to track viral content and electoral disinformation.

April 24, 2024 EU confirmed

Commission opens infringement proceedings against 6 MS for failing to designate DSC

The Commission sends letters of formal notice to Cyprus (INFR(2024)2016), Czechia (INFR(2024)2039), Estonia (INFR(2024)2040), Poland (INFR(2024)2041), Portugal (INFR(2024)2038), and Slovakia (INFR(2024)2042) for failing to designate their Digital Services Coordinator or empower it with the necessary powers under the DSA, including sanctioning capability. The designation deadline was 17 February 2024.

December 18, 2023 EU confirmed

Commission opens formal proceedings against X under DSA

The European Commission initiates the first formal DSA proceedings against X (formerly Twitter) to investigate possible non-compliance regarding systemic risk management, dark patterns, content moderation, data access for researchers, and advertising transparency. First formal investigation opened under Regulation (EU) 2022/2065 against a designated VLOP.

Methodology

Type
event-log
Construction
DC editorial construction
Cadence
biweekly

Sources consulted

  1. European Commission · DG CONNECT · Digital Services Act ↗ official

    Official Commission page on the DSA. Publishes non-compliance decisions against VLOPs/VLOSEs. Decisions are announced via press release and formally published in the EU Official Journal where applicable.

  2. European Commission · Digital Services Coordinators ↗ official

    Official page listing the DSCs designated by each member state and the implementation status.

  3. EDRi · Digital Services Coordinators Database ↗ civil-society

    Semi-public database by European Digital Rights compiling enforcement actions by the 27 DSCs and the Commission. Launched in February 2025. Reference civil-society source for DSA tracking.

  4. eucrim · Overview of DSA Developments ↗ academic

    Academic publication documenting a timeline of DSA developments. Maintained by the Max Planck Institute for the Study of Crime, Security and Law.

  5. DSA Observatory · IViR · University of Amsterdam ↗ academic

    Academic observatory of the Institute for Information Law (IViR) at the University of Amsterdam. Independent technical-legal analysis.

  6. Court of Justice of the European Union · Curia ↗ official

    General Court and Court of Justice. Rule on appeals against Commission decisions and referrals against member states.