The standards are based on a three pillar structure that aims to reduce opacity in algorithmically targeted political messaging in electoral contexts.
April 10th, 2026 – The new Implementing Regulation (EU) 2026/818 , which primarily will affect publishers of online political advertising subject to the Political Advertising Regulation, has established the detailed mechanisms required to build and operate the European repository of online political advertisements.
The repository, which the parent Regulation requires to be publicly accessible and machine-readable, will aggregate transparency notices from publishers of online political ads throughout the EU. This Regulation also defines the three technical pillars that operate the repository, which include a common data structure and a standarised metadata schema, a standarised authentication system, and a common application programming interface (API).
On data structure and metadata, the Regulation specifies that the repository must be built on controlled, published vocabularies to ensure consistency and interoperability. Furthermore, each political ad record in the repository must include four categories of metadata, including information identifying the ad, its URL where available, the language of the metadata elements, and the transparency notice elements in accordance with the Regulation that establishes the format of political ad transparency labels.
Each metadata element must have a unique value domain, expressed as a date, character string, or code derived from international standards, and all metadata must also use UTF-8 enconding to support multilingual interoperability. This Regulation also explicitly requires interoperability with the DSA ad repositories maintained by Very Large Online Platforms, under Article 39 of Reg. 2022/2065. This is to enable cross-referencing between the European repository and platform-level transparency records.
On authentication, access to the repository operates in two stages, first, through EU Login, the Commission’s centralised identity service, followed by an onboarding process that will identify and authorise users. Onboarded users will be the only ones allowed to submit data to the repository, with each receiving unique API credentials.
On the API itself, the Regulation allows transmission using XML, JSON, or JSON-LD formats over SOAP or REST protocols. However, transmissions must use HTTPS with the latest supported version of TLS, and authentication must use JSON Web Tokens. Each data submission receives a unique identifier, with corrections handled through versioned updates using the same base identifier.
The first version of the repository must be compatible with existing Commission IT systems, and its launch date must be announced on the repository’s public portal in advance to allow publishers to prepare. The regulation is technologically neutral, and does not mandate specific technology choices beyond the baseline interoperability requirements.
