Transparency Center

Report March 2025

Submitted

Commitment 16

Relevant Signatories commit to operate channels of exchange between their relevant teams in order to proactively share information about cross-platform influence operations, foreign interference in information space and relevant incidents that emerge on their respective services, with the aim of preventing dissemination and resurgence on other services, in full compliance with privacy legislation and with due consideration for security and human rights risks.

We signed up to the following measures of this commitment

Measure 16.1 Measure 16.2

In line with this commitment, did you deploy new implementation measures (e.g. changes to your terms of service, new tools, new policies, etc)?

If yes, list these implementation measures here

As mentioned in our baseline report, a key part of our strategy to prevent interference is working with government authorities, law enforcement, security experts, civil society and other tech companies through direct communication, sharing knowledge and collaboration.

Do you plan to put further implementation measures in place in the next 6 months to substantially improve the maturity of the implementation of this commitment?

If yes, which further implementation measures do you plan to put in place in the next 6 months?

As mentioned in our baseline report, our policies are based on years of experience and expertise in safety combined with external input from experts around the world. We are continuously working to protect the integrity of our platforms and adjusting our policies, tools, and processes to combat disinformation.

Measure 16.1

Relevant Signatories will share relevant information about cross-platform information manipulation, foreign interference in information space and incidents that emerge on their respective services for instance via a dedicated sub-group of the permanent Task-force or via existing fora for exchanging such information.

Instagram

QRE 16.1.1

Relevant Signatories will disclose the fora they use for information sharing as well as information about learnings derived from this sharing.

As mentioned in our baseline report, a key part of our strategy to prevent interference is working with government authorities, law enforcement, security experts, civil society and other tech companies to stop emerging threats by establishing a direct line of communication, sharing knowledge and identifying opportunities for collaboration.

In December 2024 and February 2025, we shared our Quarterly Adversarial Threat reports (Q3 2024 and Q4 2024) with information on threat research into new covert influence operations that we took down. We detected and removed these campaigns before they were able to build authentic audiences on our apps.

Global enforcements: Russia remains the number one source of global CIB networks we’ve disrupted to date since 2017, with 39 covert influence operations. The next most frequent sources of foreign interference are Iran, with 31 CIB networks, and China, with 12. This year, our teams have taken down around 20 new covert influence operations around the world, including in the Middle East, Asia, Europe and the US.

Moldova:
We removed 7 Facebook accounts, 23 Pages, one Group and 20 accounts on Instagram for violating our policy against coordinated inauthentic behavior. This network originated primarily in the Transnistria region of Moldova, and targeted Russian-speaking audiences in Moldova.
They posted original content, including cartoons, about news and geopolitical events concerning Moldova. It included criticism of President Sandu, pro-EU politicians, and close ties between Moldova and Romania.

We removed this campaign before they were able to build authentic audiences on our apps.

Benin:

We removed 16 Facebook accounts and 6 Pages for violating our coordinated inauthentic behavior policy. This network originated in Benin, and targeted primarily France.

First, the people behind this operation created Pages which posed as French and posted about politics in France, but were run by authentic users in Benin. We quickly took down this activity on our apps. In response to enforcement, they changed tactics. Instead of using authentic accounts, the operators created a network of fake and compromised accounts, and used TOR and proxy IP infrastructure to conceal their origin and appear to be in France. Our automated systems and expert investigators continued to detect and take them down on a rolling basis.

This effort targeted primarily France with posts in French about news and politics, including criticism of President Macron and NATO; supportive commentary about Marine Le Pen and her party; and calls for reduced support for Ukraine.

Our quarterly reports also included further updates and analysis on Doppelganger.

SLI 16.1.1

Number of actions taken as a result of the collaboration and information sharing between signatories. Where they have such information, they will specify which Member States that were affected (including information about the content being detected and acted upon due to this collaboration).

We found a CIB network as a result of our internal investigation and linked it to an Iranian threat actor, Cotton Sandstorm, which Microsoft previously connected to Iran's Islamic Revolutionary Guard Corps or IRGC.