Australia Fines X Corp $465K for Online Safety Breach

Sydney, May 21: When Australia slapped X Corp with a penalty of AUD 610,500 last week, most people outside the country barely blinked. A fine worth roughly USD 465,000 or about INR 3.3 crore against a company backed by one of the world’s richest men does not, on paper, sound like a consequential moment. But it is. And here is why.

The Australian eSafety Commissioner did not fine X for hosting violent videos or spreading misinformation. It fined the company for something far more basic: refusing to file paperwork. Specifically, X Corp failed to submit mandatory reports explaining what it was doing about child sexual abuse material (CSAM) and violent extremist content on its platform. That is the part that should concern everyone not least policymakers sitting in New Delhi.

The Rule X Chose to Ignore

Australia’s Online Safety Act 2021 is not a particularly radical piece of legislation. It does not ask platforms to solve the internet. It asks them to be transparent. Under the Act, large platforms operating in Australia must periodically submit what are called Basic Online Safety Expectations (BOSE) compliance reports. These are structured documents think of them as annual health disclosures that tell the regulator how many pieces of harmful content were detected, how many were removed, and how many were reported to law enforcement. It is, in other words, the minimum standard of accountability any serious platform should welcome.

X Corp did not file them. According to The Guardian Australia, the company also failed to respond adequately when the eSafety Commissioner followed up with direct requests for compliance information. That double refusal ignoring both the original obligation and the follow-up is what triggered the civil penalty. The Commissioner, Julie Inman Grant, did not mince words. Platforms operating in Australia, she made clear, do not get to decide which rules apply to them.

This Was Not a One-Off

Anyone who has followed X Corp since Elon Musk took over in October 2022 will not be surprised by this outcome. The company has spent the better part of three years picking fights with regulators on multiple continents, and Australia has been one of the more eventful battlegrounds.

In April 2024, a teenager stabbed a bishop during a church service in Wakeley, Sydney, and the footage spread rapidly on X. The eSafety Commissioner issued a formal notice demanding the content be taken down. X’s response was to go to court.

The company argued, with some legal creativity, that the Commissioner’s jurisdiction did not extend to content being viewed by users outside Australia. The Federal Court proceedings drew international attention. X eventually geo-blocked the footage for Australian users but continued contesting the broader principle. The Commissioner ultimately withdrew the notice, though the legal question of how far Australian law reaches into a global platform’s content decisions remains very much open, as per The Australian Financial Review.

That dispute was about content removal. The current fine is about something different documentation but the underlying dynamic is identical. X, under Musk, has consistently treated regulatory requests as opening positions in a negotiation rather than legal obligations requiring compliance. That posture has consequences. Not always immediately, but eventually.

A Fine That Is Small but Not Meaningless

Let us be honest about what AUD 610,500 means to X Corp: very little, financially. Musk’s company is valued at figures that make this penalty look like a rounding error on a quarterly balance sheet. But money is not the only thing a court penalty does.

A civil finding of non-compliance creates a legal record. It makes it significantly harder for the company to claim good faith in future disputes before Australian courts. It also gives the eSafety Commissioner a stronger basis for escalating enforcement including injunctions and larger penalties if X continues to treat its transparency obligations as optional. Think of it less as a punishment and more as a marker being placed on the board.

Europe Went Much Further

If Australia represents a measured response, the European Union represents what happens when regulators decide the time for measured responses is over. The EU’s Digital Services Act (DSA), which came into full force for major platforms in early 2024, is a different animal entirely. It requires platforms to conduct annual risk assessments, submit to independent audits, maintain publicly accessible advertising repositories, and actively cooperate with regulators across all 27 member states.

The penalty structure is designed to hurt: non-compliance can attract fines of up to 6% of global annual revenue. For a company the size of X, that is a number with real weight. The European Commission has already opened formal DSA proceedings against X on several grounds algorithmic transparency, risk assessment failures, and how the platform handles misleading content during elections, according to Reuters. Those cases are ongoing.

Elsewhere, Brazil suspended X entirely for a stretch in 2024 after the company refused to appoint a local legal representative as required by Brazilian law. The ban lasted long enough to be an embarrassment and a commercial disruption. Canada is pushing its Online Harms Act through parliament. The United Kingdom’s Online Safety Act 2023 is being phased in by Ofcom, with particular emphasis on protecting children from harmful content. The pattern is clear. Country after country, jurisdiction after jurisdiction, governments are deciding that social media platforms are not exempt from the basic accountability standards that apply to every other industry.

What Musk Did to X’s Safety Teams

To understand why X keeps ending up in these situations, it helps to understand what happened inside the company after the acquisition. By most credible accounts including detailed reporting by Reuters and The New York Times, drawing on interviews with former employees X cut its global trust and safety workforce by roughly 80% in the months after Musk took over. Teams that had spent years building systems to detect CSAM, track terrorist networks, and monitor election-related disinformation were either dissolved outright or reduced to skeleton crews. Musk framed these cuts as a purge of ideological bias and bureaucratic excess. Former employees described losing institutional knowledge that had taken years to build.

Regulators noticed. The European Commission cited the staffing reductions explicitly in its DSA risk assessment of X. Child protection organisations including the Internet Watch Foundation reported changes in the volume and quality of referrals coming from the platform. The eSafety Commissioner’s observations about X’s reporting failures sit within this broader context of a company that, structurally, has fewer people doing less work on safety than it did three years ago.

Why India Is Watching

The Australian fine is a foreign story. But it has a direct Indian address. X is one of the largest social media platforms operating in India. Under the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, any platform with more than five million registered Indian users is classified as a Significant Social Media Intermediary (SSMI). X clears that threshold by a significant margin.

SSMI status is not ceremonial. It requires the platform to appoint a resident Grievance Officer, a Chief Compliance Officer, and a Nodal Contact Person based in India. It also requires monthly transparency reports on content complaints and moderation actions. These are not suggestions. Non-compliance, in principle, strips the platform of its safe harbour protections under the IT Act, 2000 meaning X could be held directly liable for content posted by its users.

MeitY has previously flagged X for delayed and incomplete responses to takedown orders under Section 69A of the IT Act. X, characteristically, has complied with some orders while simultaneously challenging others in court. The company has filed a writ petition before the Karnataka High Court contesting the constitutional validity of certain Section 69A directives, arguing the process lacks adequate safeguards and judicial oversight. That case is still pending.

The Australian case is relevant here for a specific reason. It demonstrates that a regulator does not need to wait for content disputes to be resolved before enforcing transparency obligations. The two tracks what content gets removed, and whether the company is being open about how it manages content can be pursued independently.

India’s enforcement approach has so far leaned heavily on advisory notices and informal pressure. The Australian model suggests a more formalised penalty regime for reporting failures is both legally viable and practically effective, even against a company with significant resources and appetite for litigation.

The Bigger Point About Transparency

There is a tendency to treat transparency reports as bureaucratic tedium forms that lawyers file and regulators archive. That framing understates their purpose considerably.

Australian court upholds $465000 fine against Elon Musk's X

When X does not disclose how many CSAM reports it has filed with the National Center for Missing and Exploited Children (NCMEC), investigators and child protection agencies lose a key data point. When the company does not publish consistent information about how it handles extremist content referrals, counter-terrorism researchers and law enforcement agencies work with a gap in their picture.

Meta, Google, and Microsoft each publish detailed transparency disclosures on a regular basis. These documents are imperfect and self-reported, but they are at least auditable and comparable over time. X’s reporting has been inconsistent and, in certain periods since the acquisition, essentially absent, according to assessments published by the Electronic Frontier Foundation and Access Now. Australia’s enforcement action is a statement that this informational silence is not acceptable. Regulators cannot do their jobs if platforms will not tell them what is happening inside their systems.

Where Things Go From Here

X Corp had not issued a formal public response to the Australian penalty at the time of writing. Given the company’s track record, it will likely either ignore the fine, absorb it, or challenge it in court. All three options have precedents. The eSafety Commissioner, for its part, has made clear that monitoring of X’s compliance will continue. Further proceedings remain possible if violations persist.

Globally, the trajectory only moves in one direction. More regulation, more enforcement, larger penalties. The question for X and for platforms operating in India is not whether accountability frameworks are coming. They are already here.

For India specifically, the Australian case is a reminder that regulatory will matters as much as regulatory architecture. The legal tools to hold platforms accountable largely exist. What determines outcomes is whether institutions choose to use them, consistently and without being worn down by prolonged litigation. That, ultimately, is the harder challenge.

Stay ahead with Hindustan Herald — bringing you trusted news, sharp analysis, and stories that matter across Politics, Business, Technology, Sports, Entertainment, Lifestyle, and more.
Connect with us on Facebook, Instagram, X (Twitter), LinkedIn, YouTube, and join our Telegram community @hindustanherald for real-time updates.