← All articles

EU Finds Meta's Autoplay and Infinite Scroll Illegal Under the DSA

Oarized · 11 July 2026

What the European Commission Actually Found

On 10 July 2026, the European Commission preliminarily found Meta in breach of the Digital Services Act over the design of Instagram and Facebook. The finding names four specific mechanics: infinite scroll, autoplay, push notifications, and the platforms' highly personalised recommender systems.

The Commission's case is built on the DSA's Article 34 risk-assessment duty, which requires very large online platforms to diligently identify and assess systemic risks stemming from their design. Its conclusion: Meta did not adequately assess how these features affect the physical and mental wellbeing of users, particularly minors and vulnerable adults. The press release is explicit about the mechanism it objects to — these features "fuel the user's urge to keep scrolling and shift the brain into 'autopilot mode,' contributing to unhealthy habits and compulsive use." The Commission also says Meta disregarded evidence on how much time minors spend on the apps at night, and how Reels and Stories specifically can drive excessive use.

This is not an isolated action. The formal proceedings behind it opened on 16 May 2024, and this finding sits alongside a separate preliminary finding on Meta's under-13 age-assurance measures from 29 April 2026, plus an ongoing, distinct investigation into 'rabbit hole' effects in Facebook and Instagram's recommender systems. Commission Executive Vice-President Henna Virkkunen framed it plainly: "Protecting the physical and mental health of Europeans must be a priority for social media platforms. The Digital Services Act provides a clear framework to hold platforms accountable for the addictive design and effects of their services. We are fully committed to enforcing our legislation in Europe."

Why Meta's Existing Safeguards Didn't Count

The Commission didn't just object to the features existing — it looked at what Meta already does to soften them, and concluded none of it works well enough to satisfy the DSA's Article 35 mitigation duty.

Three specific measures get called out. First, the time-management tools on Instagram and Facebook, including those switched on by default for teen accounts, can reportedly be dismissed with a tap and don't produce a meaningful drop in usage. Second, parental controls are judged effective only for parents and guardians who already have the technical know-how and the time to configure them properly — which the Commission treats as a design failure, not a parenting failure. Third, Meta's awareness measures, such as tips and links to a separate 'safety centre' page with mental-health resources, are described as insufficient to offset the risk created by the underlying design.

The remedy the Commission is pushing for is concrete rather than cosmetic: disable autoplay and infinite scroll by default, build in screen-time breaks that actually interrupt use, and adjust the recommender system itself to be less engagement-oriented. That last point is the one worth sitting with — it's not asking for a warning label, it's asking for the ranking logic to optimise for something other than time-on-app. For any product whose growth loop depends on the same logic, that is the part of this finding that generalises.

Fines, Timeline and What Happens Next

This is a preliminary finding, not a final decision. Meta now gets to examine the Commission's investigation file and reply in writing before anything is settled, and the European Board for Digital Services will be consulted in parallel. Only if the Commission's preliminary view is ultimately confirmed can it issue a non-compliance decision.

The exposure if that happens is real. Under the DSA, a confirmed breach can trigger a fine proportionate to the nature, gravity, recurrence and duration of the infringement, capped at 6% of the provider's total worldwide annual turnover. Euronews calculated that cap at roughly $12 billion (about €11 billion), based on Meta's 2025 global revenue of around $201 billion — though that figure is illustrative of the ceiling, not a number the Commission itself has published as a target.

Worth noting for anyone tracking DSA enforcement patterns broadly: this is now the third live track the Commission is running against Meta's core apps at once — this addictive-design finding, the separate April 2026 finding on under-13 age assurance, and the still-open investigation into recommender-system 'rabbit holes.' None of them move quickly. But together they signal that Brussels is treating recommender-system design, not just content moderation, as squarely inside the DSA's systemic-risk framework.

What It Means for Clipping and Payout Platforms

The direct target here is Meta, but the legal hook is not Meta-specific. Article 34 and Article 35 apply to any platform designated a Very Large Online Platform, a status the Commission grants once a service crosses 45 million average monthly users in the EU. Facebook and Instagram carry that designation. So do TikTok and Google's properties, including YouTube. Those are the same platforms that most EU clipping and creator-payout tooling is built on top of.

That matters because payout mechanics in this industry are downstream of exactly the design elements Brussels just objected to. Clip campaigns pay out against verified view counts, and view counts on these platforms are generated substantially through autoplay chains, infinite-scroll sessions and personalised recommendation — the same three levers the Commission wants Meta to pull back on. If a 'less engagement-oriented' recommender system becomes a standing DSA compliance requirement rather than a one-off remedy against a single company, view velocity — and by extension the speed and size of clipper payouts tied to it — is a plausible knock-on effect, not just a Meta problem.

To be precise about what is and isn't established: this finding is preliminary, applies to Meta specifically, and has not been extended to TikTok or YouTube. No regulator has said their recommender systems are next. But the statutory mechanism the Commission used here — Article 34 risk assessment plus Article 35 mitigation, applied to any VLOP — now has a live, detailed enforcement template attached to it. For operators building payout logic on top of view counts from any EU-designated VLOP, that template is worth reading closely, because it is the first time the Commission has spelled out, feature by feature, what 'fix your recommender system' is actually supposed to look like in practice.