On 5 May 2026, Ireland's Coimisiún na Meán (CnaM) opened two formal Digital Services Act (DSA) investigations into Meta, examining whether Facebook and Instagram violate Article 27 — in particular Article 27(3) on the user's right to a recommender feed that is not based on profiling — and Article 25(1) on deceptive interface design. The probes bring CnaM's active large-platform caseload to five, alongside open investigations into X, TikTok and LinkedIn. A finding against Meta could trigger administrative fines of up to 6% of global turnover, which on its 2025 revenue base of roughly $201 billion would map to a theoretical ceiling near $12 billion.
The specific allegation is narrow and operational. Article 27(3) requires very large online platforms to offer users a 'directly and easily accessible' way to switch to a recommender system that is not based on profiling. The complaint that produced this case — filed in April 2025 by EDRi, Bits of Freedom, Gesellschaft für Freiheitsrechte and Convocation Research + Design — argues that Meta's interfaces bury that toggle and surround it with friction designed to push users back to the algorithmic default. Digital Services Commissioner John Evans framed the issue plainly: users must be able to 'opt for an alternative feed at any time and that it is easily accessible.' Meta says it disagrees with the allegation and has 'introduced substantial changes to our processes and systems to meet our regulatory obligations.'
Steelmanning the regulator
The case against Meta's interface is not frivolous. Recommender systems are now the primary discovery layer for billions of people, and the DSA codifies a modest user right: if you do not want a feed tuned to inferred personal traits, you should be able to switch to a chronological or interest-based alternative in roughly the same number of taps it takes to mute a story. Where platforms make that switch hard to find, hard to keep, or hard to understand, the statutory right collapses into a paper guarantee. Article 25's dark-patterns rule exists precisely because UX teams iterate against engagement metrics that reward friction on the unprofitable choice. A regulator that cannot police interface design cannot enforce Article 27 at all.
Ireland matters here because the country hosts Meta's EU establishment and is therefore the lead supervisory authority for the company under the DSA. The historical critique — that the Irish Data Protection Commission moved too slowly on GDPR cases against the same platforms — is well-rehearsed, and CnaM has explicitly tried to differentiate itself by opening cases at pace. Five active large-platform investigations within roughly six months is, by EU standards, brisk.
Where proportionality should pull back
The pro-innovation question is not whether to enforce Article 27.3 — the right is in the statute and platforms should honour it — but how. Two design choices deserve scrutiny.
- Remedy clarity over open-ended dark-patterns review. If the operative concern is that the non-profiling toggle is too many clicks deep, a clear engineering rule — one click from the main feed, persistent across sessions, no nudge interstitial — would settle the matter faster than a multi-year investigation into 'manipulation.' Vague standards invite litigation and freeze UX iteration; bright lines invite compliance.
- Mind the asymmetric burden. A 6%-of-turnover ceiling is calibrated for very large platforms, but the dark-patterns and recommender rules cascade into the wider ecosystem. Smaller European platforms cannot absorb the legal-engineering cost of defending every micro-interaction against a 'deceives or manipulates' standard. The risk is that strict enforcement against Meta sets de facto interpretations that smaller competitors must also meet, with much less cushion.
What this case will actually decide
The substantive question CnaM has to answer is whether 'directly and easily accessible' has a teachable meaning. EDRi argues for a strict reading: any meaningful friction is a violation. Meta will argue that its current implementation — settings menus, profile-data controls, and a chronological-feed option — already satisfies the text. The Irish Times reports the probe will also weigh harm to children and young people, a sensitive overlay given separate work under Ireland's Online Safety Code and DSA Article 28 on minors.
A narrow, well-reasoned decision here would do two useful things: it would give every VLOP a replicable compliance pattern, and it would discipline national regulators that have been tempted to read Article 25 as a roving licence to second-guess product design. A sprawling decision — one that treats friction itself as deception without naming the threshold — would do the opposite, and would in practice tax product velocity across the European internet without obvious user gain.
Ireland's five open cases and the European Commission's parallel docket against TikTok, X and Shein together amount to the first real stress test of the DSA enforcement model. The legitimacy of that model will depend less on the size of any single fine than on whether the resulting rules are concrete enough for engineers to implement and narrow enough not to chill the next platform that has yet to be built.