The European Commission has fined Temu €200 million for breaching the Digital Services Act (DSA), marking a significant enforcement step against failures to assess the risk of illegal products on major online platforms.
The decision follows an investigation opened in 2024 and preliminary findings issued in July 2025. The Commission found that Temu failed to identify, analyse and assess properly the systemic risks of illegal products being offered on its platform and the resulting harm to EU consumers, with evidence suggesting that users in the EU were very likely to encounter illegal items on the service.
According to the Commission, Temu's 2024 risk assessment fell short of the DSA because:
- It relied on general information about risks in the e-commerce sector, rather than evidence specific to Temu's own service, including public reports and testing.
- It seriously underestimated how often EU consumers were likely to encounter illegal items. The Commission's mystery shopping exercise found that many selected chargers failed basic safety tests and that many tested baby toys posed medium to high safety risks, including excessive chemicals and detachable parts that created suffocation hazards.
- It did not properly assess how features of the service, including recommender systems and affiliated influencer promotion, could amplify the spread of illegal products.
Under the DSA, designated Very Large Online Platforms must assess systemic risks linked to their services with care and adopt corresponding mitigation measures.
In setting the fine, the Commission took account of the nature, gravity and duration of the infringement, describing failures to conduct proper risk assessments as a particularly serious breach because risk assessment is one of the cornerstones of the DSA framework.
What happens now?
Temu has until 28 August 2026 to submit an action plan to the Commission under Article 75 of the DSA, setting out how it will remedy the breach of its risk-assessment obligations. The European Board for Digital Services will then have one month to issue an opinion, after which the Commission will have a further month to adopt its final decision and set a period for implementation. Failure to comply may lead to periodic penalty payments.
More broadly, the case emphasises that DSA risk assessments must be evidence-based, platform-specific and sufficiently robust to address how a service's design may contribute to consumer harm.
