The European Commission has imposed a €200 million fine on Temu for breaching its obligations under the Digital Services Act (DSA), marking one of the most significant enforcement actions under the new European digital regulatory framework.
At first glance, the case may appear to concern unsafe products sold online. In reality, however, the Commission’s decision focuses on something much broader: the failure to properly identify, assess and mitigate systemic risks associated with the operation of an online platform.
What is the DSA?
The Digital Services Act is the EU’s flagship regulation governing online intermediary services, including online marketplaces, social media platforms, app stores, hosting providers and search engines.
Its purpose is to create a safer digital environment by imposing transparency, accountability and risk-management obligations on digital service providers operating in the European Union.
While certain obligations apply to all intermediary services, the strictest requirements apply to Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs), such as Temu, Amazon, TikTok, Meta, Google and others.
What are companies required to do?
For VLOPs, compliance goes far beyond removing illegal content upon notification.
They must proactively:
- identify and assess systemic risks arising from their services;
- evaluate how their platform design, recommendation systems and commercial practices may contribute to those risks;
- implement effective mitigation measures;
- document and regularly update their risk assessments;
- cooperate with regulators and provide access to relevant information.
In short, the DSA requires companies to understand how their own systems create risks and to actively manage those risks before harm occurs.
What went wrong in Temu’s case?
According to the Commission, Temu’s risk assessment failed to meet DSA standards because it relied largely on generic information about the e-commerce sector rather than evidence relating to Temu’s own platform.
The Commission also found that Temu underestimated the likelihood that EU consumers would encounter illegal or unsafe products. Independent testing reportedly revealed serious safety concerns regarding certain chargers and baby toys sold through the platform.
In addition, the Commission considered that Temu did not adequately assess whether its recommendation systems and influencer-driven promotion mechanisms could amplify the visibility and dissemination of illegal products.
Why does this matter?
The decision sends a clear message: under the DSA, compliance is not limited to reacting when problems arise.
Companies must continuously evaluate how their technology, algorithms, business models and platform design affect users and society.
The Temu case illustrates the shift introduced by the DSA from a reactive compliance model to a proactive risk-management model. Regulators increasingly expect platforms to anticipate risks, document their analysis and demonstrate that appropriate safeguards are in place.
For digital businesses operating in the EU, the question is no longer whether risks exist, but whether they can prove that those risks have been properly assessed and mitigated.
