Transparency Center

Report March 2026

Submitted

Commitment 14

In order to limit impermissible manipulative behaviours and practices across their services, Relevant Signatories commit to put in place or further bolster policies to address both misinformation and disinformation across their services, and to agree on a cross-service understanding of manipulative behaviours, actors and practices not permitted on their services. Such behaviours and practices include: The creation and use of fake accounts, account takeovers and bot-driven amplification, Hack-and-leak operations, Impersonation, Malicious deep fakes, The purchase of fake engagements, Non-transparent paid messages or promotion by influencers, The creation and use of accounts that participate in coordinated inauthentic behaviour, User conduct aimed at artificially amplifying the reach or perceived public support for disinformation.

We signed up to the following measures of this commitment

Measure 14.1 Measure 14.2 Measure 14.3

In line with this commitment, did you deploy new implementation measures (e.g. changes to your terms of service, new tools, new policies, etc)?

Yes

If yes, list these implementation measures here

We continue to enforce and report publicly on our policies to tackle inauthentic behaviour. Our approach to Inauthentic Behavior, and covert Influence Operations (IO) more broadly, is grounded in behavior- and actor-based enforcement. This means that we are looking for specific violating behaviors exhibited by violating actors, rather than violating content (which is predicated on other specific violations of our Community Standards, such as misinformation and hate speech).

Fake accounts: In order to maintain a safe environment, we restrict or remove fake accounts that violate our Terms of Service. Our goal is to remove as many fake accounts on Facebook as we can. We prioritize enforcement against fake accounts that seek to cause harm. Many of these accounts are used in spam campaigns and are financially motivated. We expect the number of accounts we action to vary over time due to the unpredictable nature of adversarial account creation. We actioned 692M accounts against our fake accounts policy in Q3 2025 and 1.1B fake accounts in Q4 2025 on Facebook globally.

Inauthentic behaviour: We continue to investigate and take down coordinated adversarial networks of accounts, Pages and Groups on Facebook that attempt to deceive Meta or our community or to evade enforcement under the Community Standards. In 2025. We updated our inauthentic behavior policy to simplify and refine our policy language and to help uninvolved authentic communities, Pages and Groups that are targeted, managed, or co-opted by CIB operations to remain on our services. . We also work to scale our enforcement by feeding the insights we learn from investigating these networks globally into automated detection systems to help us find bad actors engaged in these and similar violating behaviours, including networks that attempt to come back after we had taken them down.

In July 2024, we stopped removing content solely on the basis of our manipulated video policy. We will continue to remove content if it violates our Community Standards, regardless of whether it is created by AI or not.

We also continue to update our inauthentic behavior policy to improve our ability to counter new tactics and more quickly act against the spectrum of deceptive practices – both Coordinated Inauthentic Behavior and other inauthentic tactics (often used by financially motivated actors) we see on our platforms - whether foreign or domestic, state or non-state.

Cybersecurity:
We know that bad actors often target people’s accounts to compromise them, including as part of covert influence operations. To build the most efficient security tools, we apply adversarial design to how we build account security measures.

We continue to work on and roll out new security features to help keep people’s accounts safe and build out our support to help if they lose access. As a result, we’ve helped eight times more people a day on average get back into their Facebook account than last year when they didn’t have access to their listed contact points. We’re also running global in-app prompts across Facebook reminding people to confirm their contact points.

Do you plan to put further implementation measures in place in the next 6 months to substantially improve the maturity of the implementation of this commitment?

If yes, which further implementation measures do you plan to put in place in the next 6 months?

N/A

Measure 14.1

Relevant Signatories will adopt, reinforce and implement clear policies regarding impermissible manipulative behaviours and practices on their services, based on the latest evidence on the conducts and tactics, techniques and procedures (TTPs) employed by malicious actors, such as the AMITT Disinformation Tactics, Techniques and Procedures Framework.

Instagram

QRE 14.1.1

Relevant Signatories will list relevant policies and clarify how they relate to the threats mentioned above as well as to other Disinformation threats.

Depending on the context, the actor, and the activity, several TTPs can be combined and are covered by several of our policies. We have highlighted some examples below:

Inauthentic Behaviour - Our Inauthentic Behaviour policy is targeted at addressing deceptive behaviours. In line with our commitment to authentic interactions, we do not allow people to misrepresent themselves on Instagram.

CIB Policy - Our policy on Coordinated Inauthentic Behaviour (CIB) addresses covert influence operations (IO). Defined as “particularly sophisticated forms of Inauthentic Behavior where inauthentic accounts are central to the operation,” the policy informs how we find, identify and remove IO networks on our platforms.

CIB refers to coordinated efforts to manipulate public debate for a strategic goal that centrally relies on fake accounts. This is distinctly different from misinformation, which is content that is false or misleading. When we remove networks for violating CIB or other inauthentic behavior policies, it is based on their behavior, not the content they posted. For a comprehensive overview of our approach, see here.

We rely on both expert investigators to find and take down more sophisticated and emerging adversarial behaviors, as well as on scaled solutions to help detect and remove networks engaged in inauthentic behaviors. As part of this effort and because we know that these bad actors rarely target only one single platform, we have partnered with civil society, our industry partners, researchers, and governments to strengthen our collective defenses.

CIB can include a variety of different TTPs depending on the actors, context, and operation. Having said that, we often see (1) creation of inauthentic accounts; (2) the use of fake / inauthentic reactions (e.g., likes, upvotes, comments); (3) the use of fake followers or subscribers; (4) the creation of inauthentic groups, and domains; (5) inauthentic coordination of content creation or amplification; (6) account hijacking or impersonation; and (7) inauthentic coordination.

We also remove millions of fake accounts every day under our policy on Account Integrity and Authentic Identity. However, no enforcement framework can guarantee complete elimination of inauthentic behaviour in real time, precisely because adversarial actors are incentivised to find and exploit gaps in any system. This necessitates continuous investment in both proactive and reactive enforcement capabilities.

Cybersecurity - Attempts to gather sensitive personal information or engage in unauthorised access by deceptive or invasive methods are harmful to the authentic, open and safe atmosphere that we want to foster. Therefore, we do not allow attempts to gather sensitive user information or engage in unauthorised access through the abuse of our platform, products, or services.

Spam - We work hard to limit the spread of spam because we do not want to allow content that is designed to deceive, or that attempts to mislead users, to increase viewership. We also aim to prevent people from abusing our platform, products or features to artificially increase viewership or distribute content en masse for commercial gain. This can be pertinent for several TTPs depending on the context including (1) creation of inauthentic accounts (2) the use of fake / inauthentic reactions (e.g., likes, upvotes, comments), (3) the use of fake followers or subscribers (4) the creation of inauthentic chat groups, fora, or domains and (5) the use of deceptive practices.

Branded Content Policies - Branded content may only be posted with the use of the branded content tool, and creators must use the branded content tool to tag the featured third-party product, brand, or business partner with their prior permission. Branded content may only be posted by Instagram accounts with access to the branded content tool. This is pertinent to non-transparent promotional messages.

Privacy - We remove content that shares, offers or solicits personally identifiable information or other private information that could lead to physical or financial harm, including financial, residential, and medical information, as well as private information obtained from illegal sources.

QRE 14.1.2

Signatories will report on their proactive efforts to detect impermissible content, behaviours, TTPs and practices relevant to this commitment.

Our approach to Coordinated Inauthentic Behaviour (CIB) more broadly is grounded on behaviour-based enforcement. This means that we are looking for specific violating behaviours, rather than violating content (which is predicated on other specific violations of our Community Standards, such as misinformation and hate speech). Therefore, when CIB networks are taken down, it is based on their behaviour, not the content they posted.

In addition to expert investigations against CIB, we also work to tackle inauthentic behaviour by fake accounts at scale. We work to stop fake accounts abusing our platforms in three distinct ways:
- Blocking accounts from being created. Our systems look for a number of different signals that indicate if accounts are created en masse from one location. A simple example is blocking certain IP addresses altogether so that they can’t access our systems and thus can’t create accounts.
- Removing accounts when they sign-up. We try to spot signs of malicious behavior through a combination of signals such as patterns of using suspicious email addresses, suspicious actions, or other signals previously associated with other fake accounts we’ve removed. Most of the accounts we currently remove are blocked within minutes of their creation before they can do any harm.
- Removing existing accounts. Some accounts may get past the above two defenses and still make it onto the platform. Often, this is because they don’t readily show signals of being fake or malicious at first. We find these accounts when our detection systems identify inauthentic behavior or if users report them to us. We use a number of signals about how the account was created and is being used to determine whether it has a high probability of being fake and disable those that are.

Pages and Groups that violate our CIB policy are removed. Automatically, as these accounts are taken down, posts published by these accounts go down as well. Taking this behavior-based approach essentially allows us to address the problem at the source.

We monitor for efforts to re-establish a presence on Instagram by networks we previously removed. After each takedown, we feed the data about the network into our automated detection systems to block the network from operating on our platforms again, as well as explore ways to make our platforms more resilient and difficult to exploit. Using both automated and manual detection, we continuously remove accounts, Pages and Groups connected to networks we took down in the past.

For a comprehensive overview of our approach, see Meta’s threat disruptions.