How transparent will political advertising become?

Very transparent. Every political ad will be labelled, linked to a transparency notice with detailed information, and online ads will be searchable in a central European repository.

What role does the European Cooperation Network on Elections play?

The Network coordinates election-related cooperation between member states. National contact points for TTPA enforcement should be members of this network where possible.

How will the TTPA affect election campaigns?

Election campaigns will need to ensure all paid advertising includes proper labels and transparency notices. Sponsors must be prepared to provide required information to all service providers.

What platforms have opted out of political advertising?

Several major platforms currently do not allow paid political advertising, including some large social networks. This limits where political actors can place paid online advertisements.

When does the TTPA apply from?

The TTPA applies from 10 October 2025. Member States had until 10 April 2025 to designate competent authorities, and the Commission must provide label templates by 10 July 2025.

What if a publisher cannot verify sponsor information?

Publishers must ensure completeness and accuracy of certain information but are not required to verify all sponsor claims. They must correct manifestly erroneous information when they become aware of it.

Can multiple entities be publishers of the same ad?

Yes. When a hosting provider and a website both display an ad, both are considered publishers with responsibility for their specific services. Contracts should clarify how they share compliance duties.

What if a publisher removes a political ad?

If a publisher removes or disables access to a political ad due to illegality or terms violations, they must still provide access to the transparency information for the full seven-year retention period.

Risk Assessment

A risk assessment is a systematic process organizations use to identify, evaluate, and prioritize potential threats and vulnerabilities that could harm their operations, assets, or people. In the context of TTPA compliance, it means examining how your political advertising services might be misused or create transparency risks, then deciding which safeguards to implement first based on the severity and likelihood of each risk.

Legal Basis

While Regulation 2024/900 does not explicitly mandate "risk assessment" as a formal process, the due diligence and transparency obligations throughout the regulation implicitly require providers to assess risks:

"Providers of political advertising services shall ensure that political advertising is clearly and unambiguously distinguishable as such, and that the transparency notice is available to the public."

— Article 3, Regulation (EU) 2024/900

Organizations must assess the risk of non-compliance with transparency requirements, targeting restrictions, and record-keeping obligations to implement appropriate safeguards.

Why It Matters

Risk assessments help providers of political advertising services understand where their systems, processes, or partnerships might fall short of TTPA requirements before enforcement actions occur. For online platforms, advertising agencies, influencers, and publishers, conducting regular risk assessments means examining every stage of the political advertising lifecycle—from sponsor verification to ad delivery and record retention—to spot gaps in compliance.

Organizations that skip this step face higher exposure to fines, reputational damage, and operational disruptions. A thorough risk assessment allows you to allocate compliance resources efficiently, prioritizing high-impact vulnerabilities like inadequate sponsor identity verification or missing transparency labels. It also provides evidence of good-faith efforts to comply, which supervisory authorities may consider when determining penalties.

Risk assessment is not a one-time exercise. As your advertising services evolve, as new targeting technologies emerge, or as political campaigns intensify ahead of elections, your risk profile changes. Regular reassessment—at least annually and before major electoral periods—ensures your safeguards remain effective and proportionate to the actual threats your organization faces.

Key Points

Identify vulnerabilities: Map every point where political advertising enters, moves through, or exits your service to find where transparency, targeting, or record-keeping requirements might be breached.
Evaluate likelihood and impact: Not every risk deserves equal attention—prioritize risks that are both likely to occur and would cause significant harm (regulatory penalties, loss of trust, or election integrity concerns).
Document your findings: Keep written records of identified risks, your evaluation criteria, and the mitigation measures you implemented; supervisory authorities may request this documentation.
Review regularly: Conduct risk assessments at least annually, after significant service changes, and in the lead-up to elections when political advertising activity surges.
Involve cross-functional teams: Effective risk assessment requires input from legal, compliance, technical, sales, and content moderation teams who understand different aspects of your service.
Consider third-party risks: If you work with data brokers, ad networks, or influencers, assess whether their practices could expose you to TTPA violations even when your own systems comply.

Risk Assessment vs. Compliance Audit

Risk assessment and compliance audits are complementary but distinct activities. A risk assessment is forward-looking and preventive: it asks "What could go wrong, and how do we stop it?" before problems arise. You conduct risk assessments to identify potential compliance gaps, vulnerabilities in your systems, and scenarios where your political advertising processes might fail to meet TTPA requirements.

A compliance audit, by contrast, is backward-looking and evaluative: it asks "Are we meeting our obligations right now?" Audits test whether your existing controls, policies, and processes actually comply with the regulation as written. They typically occur on a schedule (annually, for example) or in response to specific triggers like regulatory inquiries or major service changes.

In practice, risk assessments inform what you audit and how often. If your risk assessment identifies weak sponsor verification as a high-priority vulnerability, your next audit should closely examine those verification processes. Conversely, audit findings—such as discovering that transparency labels fail to appear on mobile devices—feed back into your risk register as newly confirmed vulnerabilities requiring mitigation.

Related Terms

Compliance Management System
Due Diligence
Transparency Notice
Provider of Political Advertising Services
Sponsor
Targeting Techniques
Record-Keeping
Supervisory Authority
Political Actor
Internal Controls