The Case
On June 9, 2026, Ireland's High Court opened a three-day hearing before Justice Barry O'Donnell that may settle a foundational question of EU platform law: when a regulator investigates a platform under the Digital Services Act, must it confine its action to the designated EU entity — or can it extend accountability to parent companies and even individual controlling shareholders?
X's senior counsel Declan McGrath told the court that Elon Musk and X Holdings Corp are Texas-based entities with no contractual relationship with EU users. The actual EU provider, he argued, is X Internet Unlimited Company (XIUC), the Dublin-registered subsidiary. "The addressee of the commission's original investigation is not them, it is XIUC," McGrath submitted. The regulator had exceeded its jurisdiction, he contended, by expanding the investigation without first establishing that anyone beyond XIUC qualified as a "relevant intermediary service provider" under the DSA.
Coimisiún na Meán countered that Musk's "decisive influence" over the X group as a whole brings him and X Holdings Corp within the DSA's regulatory perimeter. Notably, two separate judicial review challenges were filed — one by Musk and X Holdings Corp, and a second by XIUC itself raising concerns about legal certainty and fair procedures — suggesting that even the entity that accepts it is the EU provider believes the investigation's mandate was procedurally flawed from the outset.
What the Investigation Is Actually About
The underlying probe deserves its own examination. Coimisiún na Meán launched the formal investigation on November 12, 2025, under Article 20 of the DSA, which requires very large online platforms — those exceeding 45 million monthly EU active users — to operate effective, accessible, and user-friendly internal complaint-handling systems. Users must be able to appeal content moderation decisions, receive reasoned outcome notifications, and be directed toward further dispute resolution options. Critically, decisions under Article 20 must involve human oversight and cannot be handled solely by automated systems.
The investigation was triggered by Coimisiún na Meán's Platform Supervision Team, information supplied by NGO HateAid, and direct user complaints. Digital Services Commissioner John Evans put the issue plainly: "The right to appeal a decision is an essential right and a cornerstone of the DSA."
The strongest case for the investigation is not hard to state. X processes millions of content moderation decisions affecting EU users every day. If HateAid and user complainants are correct that a meaningful proportion of those users cannot access a coherent appeals process, the DSA's Article 20 framework — designed precisely to prevent this — is being ignored. That substantive case may be strong. Where it becomes complicated is in the regulator's decision to name Musk and X Holdings Corp alongside XIUC as investigation subjects.
A Novel Jurisdiction Theory
The "decisive influence" concept has a well-established home in EU competition law. Under the Akzo Nobel doctrine, parent companies can be held jointly liable for subsidiary violations where they exercise decisive influence over the subsidiary's commercial conduct. This presumption arises when a parent holds near-total ownership. It is a principle embedded in Article 101 TFEU enforcement.
What Coimisiún na Meán appears to be doing is importing this theory into the DSA provider definition — treating Musk and X Holdings Corp as co-providers because they control the entity that actually delivers the service. This is legally novel. The DSA's jurisdiction provisions focus on where the legal entity is established, not on who controls it. XIUC is established in Dublin; that establishment is the precise basis on which Coimisiún na Meán holds jurisdiction at all. Extending that jurisdiction up the corporate chain, absent explicit DSA textual authority, requires the court to read into the regulation a liability concept that belongs to an adjacent — but distinct — area of EU law.
X's counsel also raised the due process dimension correctly. Potential sanctions of up to 6% of annual turnover carry what McGrath characterised as "criminal character" for procedural purposes. Investigations that carry quasi-criminal consequences require clear legal footing for who the proper subjects are. "Setting off on the wrong footing" can contaminate an otherwise valid enforcement process.
The EU Commission Set a Different Precedent
When the European Commission issued the first DSA non-compliance fine on December 5, 2025 — a €120 million penalty against X for failures related to blue checkmark deceptive design, advertising repository opacity, and researcher data access restrictions — it targeted X as the platform entity. The Commission did not attempt to extend liability to Musk personally or to the US holding company.
That distinction is relevant. The Commission's action addressed Articles 25, 39, and 40.12 — VLOP-level obligations that fall under the Commission's direct enforcement competence. Coimisiún na Meán's investigation addresses Article 20, which under the DSA's hybrid enforcement architecture falls to national Digital Services Coordinators for platforms established in their jurisdiction. Ireland holds that role because XIUC is Dublin-based — the same jurisdictional logic that positions Ireland's Data Protection Commission as lead supervisory authority for GDPR enforcement against US tech firms operating through Irish entities.
That design is intentional: route regulatory accountability through the EU-registered entity so there is a clear, identifiable target. The Commission's enforcement practice in December 2025 respected this structure. The Irish regulator's extension of liability to the US parent and its controlling shareholder departs from it.
Why the Ruling Matters Beyond Dublin
If Justice O'Donnell upholds the "decisive influence" theory, regulators across the EU gain a significant new tool. National Digital Services Coordinators — and potentially the Commission — could pursue parent entities and individual shareholders alongside designated EU providers, raising accountability for people who direct platform policy from outside the Union. The risk is that this creates overlapping, legally uncertain liability more likely to generate years of litigation than meaningful compliance.
If the court sides with Musk and X Holdings Corp, Article 20 enforcement will be clearly confined to the designated EU entity. Parent companies retain their jurisdictional shield unless the DSA text is amended — a result that is legally tidy but frustrating for regulators facing platforms whose actual policy decisions are made far from Dublin.
The cleaner outcome — for legal certainty and for the DSA's long-term credibility — is a clear ruling rather than a procedural settlement. If X's Article 20 complaint mechanism is genuinely inadequate, that case should be made on the merits against XIUC, with full rigour. Using novel jurisdiction theories as a shortcut, even against bad actors, risks making the enforcement framework harder to operate for every regulator and every platform. The Dublin hearing is generating exactly the precedent DSA enforcement needs — just make sure the precedent is grounded in the text.