- EN English
Ombudswoman regrets Commission’s handling of access request for X’s assessment of its compliance with EU digital rules
News - Date Monday | 11 May 2026
Case 1746/2024/MIG - Opened on Friday | 27 September 2024 - Recommendation on Monday | 03 November 2025 - Decision on Thursday | 07 May 2026 - Institution concerned European Commission ( Maladministration found ) - Country Austria
Complaint submitted
19/09/2024Analysis of the complaint
20/09/2024Inquiry ongoing
27/09/2024Preliminary outcome
03/11/2025Inquiry outcome
19/02/2026
The Ombudswoman regrets that the European Commission did not follow her recommendation to assess for disclosure a report by social media platform X on its compliance with EU digital rules. The Ombudswoman’s recommendation had stated that the Commission should assess the report in the interest of granting the widest possible public access.
In her decision concluding the inquiry, the Ombudswoman indicated her disagreement with the Commission’s argument that a general presumption of non-disclosure could be applied to risk assessment reports drawn up under the Digital Services Act (DSA). She stressed that, since DSA rules state that the risk assessment report is ultimately meant to be made public, only information that could reasonably be regarded as sensitive may be withheld from the public.
The Ombudswoman also took issue with two new arguments made by the Commission in response to her recommendation. The Commission stated that it could not itself assess whether the report contained commercially sensitive information and that the complainant was pursuing a private rather than public interest in seeking the report’s disclosure.
The Ombudswoman underlined that assessing commercially sensitive information is part of the Commission’s obligations under the EU access to documents law (Regulation 1049/2001). She also noted that, as the services offered by very large online platforms could lead to serious fundamental rights violations such as identify theft and sexual violence, scrutinising platforms’ compliance with the DSA cannot be considered a solely private interest.
As a result, the Ombudswoman maintained her earlier finding of maladministration.
Background
The Digital Services Act requires providers of very large online platforms to assess certain risks of their services related to, for example, the dissemination of illegal content, the negative effects on fundamental rights, or on the protection of minors. The annual reports on these risk assessments are shared with the Commission which monitors and enforces the compliance of these platforms with their obligations under the DSA.
The Commission received the report on X’s first annual risk assessment following the entry into force of the DSA in September 2023.