Published 24 October 2025, the European Commission said it found both organisations in breach of their obligation to grant researchers “adequate access to public data” as part of the Digital Services Act (DSA).

It was also found that Meta, for both Instagram and Facebook, has reportedly failed to provide users simple mechanisms to notify illegal content and enable content moderation decisions to be challenged, the Commission said.

The result, according to the Commission, is that researchers are left with partial or unreliable data, which impacts their ability to conduct research over users – particularly younger users – being exposed to harmful content.

“Our democracies depend on trust. That means platforms must empower users, respect their rights and open their systems to scrutiny. The DSA makes this a duty, not a choice,” commented Henna Virkkunen, executive vice-president for tech sovereignty, security and democracy at the European Commission.

“With today’s actions, we have now issued preliminary findings on researchers’ access to data to four platforms. We are making sure platforms are accountable for their services, as ensured by EU law, towards users and society.”

Enabling researchers to access platform data is a critical transparency obligation under the DSA, the Commission said in its findings. Such data is made public so as to consider the impact of platforms on people’s physical and mental health.

The Commission also said its findings relate to Meta’s reporting tool, dark patterns and complaint mechanism and cite that the confusion of these processes could mean its mechanisms to remove illegal content could be effective.

The organisation stressed, however, that these are preliminary findings.

Facebook, Instagram and TikTok now have the opportunity to examine European Commission documents and respond to the findings. A spokesperson at Meta told Reuters the company disagreed that it had breached the DSA.

According to The Guardian, TikTok said it was not possible to fully share data without breaking GDPR data protection rules.

The conversation around online safety has ramped up this year across Europe, particularly surrounding the AI boom and continued cyber threats to leading organisations. It has led to government proposals like the Online Safety Act in the UK and comprehensive legislation like the DSA, which holds online platforms accountable for illegal content and user safety.

RELATED STORIES

Ofcom unveils AI strategy with focus on telecoms and digital safety

Outage, outrage and no plan B, AWS failure shows Europe is flying without a safety net

Capacity Europe 2025: Nokia to build high-capacity network for GBI across EMEA