Compliance Risk

Compliance risk is the potential for financial loss, legal penalties, or reputational damage that an organisation faces if it fails to meet legal, regulatory, or ethical obligations. In the context of political advertising, compliance risk arises when sponsors, publishers, or providers of advertising services do not meet their transparency, targeting, or due diligence obligations under EU Regulation 2024/900.

Legal Basis

While Regulation 2024/900 does not define "compliance risk" explicitly, the regulation establishes obligations whose non-compliance creates such risks:

"Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate and dissuasive."

— Article 20, Regulation (EU) 2024/900

Why It Matters

Compliance risk matters to every actor in the political advertising ecosystem. Sponsors, publishers, and providers of political advertising services all face potential consequences if they fail to label advertisements correctly, provide transparency notices, maintain required records, or respect restrictions on targeting techniques and third-country sponsorship.

For platforms and publishers, compliance risk extends beyond direct financial penalties. Failure to comply with transparency obligations can damage trust with users, attract regulatory scrutiny, and create liability under multiple legal frameworks including data protection law, the Digital Services Act, and national electoral rules. Small and medium-sized providers may find compliance risk particularly challenging due to limited legal and technical resources.

Proactive compliance risk management—through clear internal policies, staff training, regular audits, and engagement with regulators—helps organisations avoid penalties, protect their reputation, and demonstrate good faith efforts to uphold democratic principles and fundamental rights in political advertising.

Key Points

Compliance risk arises from failure to meet legal obligations under Regulation 2024/900, including transparency labelling, due diligence, record-keeping, and targeting restrictions
Penalties must be effective, proportionate, and dissuasive according to the regulation, meaning serious violations can result in significant financial and reputational consequences
Multiple actors share compliance obligations: sponsors must provide accurate information, publishers must ensure labelling and transparency notices, and providers must respect targeting rules
Data protection compliance is closely linked: violations of targeting restrictions often constitute data protection breaches, triggering GDPR penalties in addition to political advertising sanctions
Risk varies by role and size: platforms face different risks than individual influencers; micro and small enterprises may struggle more with compliance costs
Mitigation requires proactive measures: internal controls, training, audits, legal review, and responsive complaint-handling systems all reduce compliance risk

Compliance Risk vs. Regulatory Risk

While often used interchangeably, compliance risk and regulatory risk have distinct meanings. Compliance risk refers to the specific risk of failing to meet existing legal obligations and suffering the resulting penalties. Regulatory risk refers to the broader uncertainty created by potential future changes in laws and regulations that may affect business operations.

For political advertising providers, compliance risk means ensuring current adherence to Regulation 2024/900's transparency and targeting rules. Regulatory risk means preparing for potential future changes—such as stricter targeting bans, shorter third-country restriction periods, or new national implementing measures—that could require operational changes.

Aspect	Compliance Risk	Regulatory Risk
Source	Existing legal obligations	Potential future regulatory changes
Timeframe	Present	Future
Focus	Meeting current requirements	Adapting to changing requirements
Management	Policies, training, audits	Monitoring, scenario planning, flexibility

Related Terms

Very transparent. Every political ad will be labelled, linked to a transparency notice with detailed information, and online ads will be searchable in a central European repository.

The Network coordinates election-related cooperation between member states. National contact points for TTPA enforcement should be members of this network where possible.

Election campaigns will need to ensure all paid advertising includes proper labels and transparency notices. Sponsors must be prepared to provide required information to all service providers.

Several major platforms currently do not allow paid political advertising, including some large social networks. This limits where political actors can place paid online advertisements.

The TTPA applies from 10 October 2025. Member States had until 10 April 2025 to designate competent authorities, and the Commission must provide label templates by 10 July 2025.

Publishers must ensure completeness and accuracy of certain information but are not required to verify all sponsor claims. They must correct manifestly erroneous information when they become aware of it.

Yes. When a hosting provider and a website both display an ad, both are considered publishers with responsibility for their specific services. Contracts should clarify how they share compliance duties.

If a publisher removes or disables access to a political ad due to illegality or terms violations, they must still provide access to the transparency information for the full seven-year retention period.