Elon Musk’s social media giant X Corp has been ordered to pay a total of $750,000 in penalties and legal costs after being found in breach of Australian online safety regulations for failing to respond to a regulator’s inquiry into measures targeting child sexual exploitation material. The case, which stretched more than two years, has set a clear precedent for global technology companies that even large platforms cannot ignore national regulatory requirements when operating in foreign markets.
The story dates back to early 2023, when Australia’s eSafety Commissioner Julie Inman Grant issued a mandatory transparency notice to Twitter, alongside other major social platforms, seeking detailed information on what steps each platform was taking to detect and remove illegal child sexual exploitation content from their services. Just weeks after the notice was issued, Elon Musk completed his $44 billion acquisition of Twitter and rebranded the company as X Corp, merging the original Twitter entity into the new corporate structure.
X Corp missed the original March 29, 2023 deadline to submit a complete, adequate response to the regulator’s questions. The company only addressed the gaps identified by eSafety in a follow-up submission on May 5 of that year. When eSafety brought legal action over the missed deadline, X Corp mounted a legal challenge, arguing that the notice had been issued to the original Twitter entity which no longer existed, so the new corporation had no legal obligation to comply.
That challenge was first rejected by Federal Court Justice Michael Wheelahan in early 2024, and the ruling was later upheld by the full bench of the Federal Court in July 2024. On Thursday, Justice Wheelahan handed down the final penalty at a hearing in Melbourne: X Corp must pay a $650,000 civil penalty for the contravention, and cover $100,000 of eSafety’s legal costs stemming from the court action.
In his written judgment, Justice Wheelahan emphasized that Australia’s Online Safety Act, which grants eSafety the power to issue such information notices, is designed explicitly to protect Australian internet users. “The reporting requirements under the Act are an essential aspect of enforcing those expectations,” he wrote. “Accordingly, where the operator of a large social media platform has failed to comply with those reporting requirements, the public has an interest in the Commissioner seeking and obtaining a public declaration of contravention, which will contribute to a deterrent effect.”
In a post-ruling statement, eSafety Commissioner Inman Grant said the penalty sends an unambiguous message to all technology companies that offer services to Australian users: they are bound by Australian laws, regardless of their size or ownership structure. “Meaningful transparency is critical to holding technology companies to account,” she said. “This is not only a key part of our work as Australia’s online safety regulator, it also provides the Australian public with important information about how these companies are tackling the worst-of-the-worst content on their platforms.”
The ruling comes amid broader global momentum for stricter online child safety regulation, driven in part by News Corp Australia’s high-profile “Let Them Be Kids” campaign. The campaign spent 18 months documenting the widespread harm social media use causes to Australian children’s mental and physical health, including sharing testimonies from families who lost children to suicide linked to harmful online content. Its advocacy helped push Australia to become the first country in the world to pass legislation requiring a minimum age of 16 for social media access, a law set to go into effect in December 2025. To date, 52 other countries have announced they are considering adopting similar age restriction regulations.