European Commission Fines Temu €200 Million Under the DSA

The European Commission has issued a landmark €200 million fine against Temu for breaching the Digital Services Act (“DSA”). The decision, published on 28 May 2026, marks one of the most significant enforcement actions under the DSA to date and highlights the Commission's evolving expectations regarding the services designated as “Very Large Online Platforms” under the Act. 

What Did the Commission Find?

The Commission's decision centres on how Temu identified, analysed, and assessed systemic risks relating to potentially illegal products on its platform. Under the DSA, services designated as Very Large Online Platforms, such as Temu, must carry out an assessment of systemic risks arising from their services at least annually, and take measures to mitigate such risks. 

According to the Commission, in Temu's 2024 risk assessment, the platform relied on generic information about risks across the e-commerce sector as a whole, rather than on specific evidence relating to Temu's own service. Additionally, the Commission has suggested that Temu underestimated how frequently EU consumers were likely to come across illegal items. The Commission also concluded that Temu did not adequately assess how the design of its service, including its recommender systems and influencer-led product promotion programmes, could amplify the dissemination of illegal products. 

The €200 million fine is only the second penalty imposed by the Commission for DSA infringements, and it is the largest issued to date (the first being the €120 million fine issued to X in December 2025).

What Happens Next?

Temu now has until 28 August 2026 to submit an action plan to the Commission setting out measures to remedy the breach of its risk-assessment obligations. The European Board for Digital Services will then have one month to issue its opinion on this. After this, the Commission will decide whether the action plan is sufficient to resolve the infringements, and will set a reasonable period for implementation. 

Failure to comply with the non-compliance decision may lead to periodic penalty payments, and the Commission has indicated that it will continue to engage with Temu to ensure full compliance with the DSA. However, Temu may also explore avenues for appeal before the General Court of the European Union, as X has done in relation to its fine (citing arguments which include claims of procedural flaws and bias).

The Bigger Picture

The Commission’s announcement of the fine against Temu states that that risk assessments are a cornerstone of the DSA's regulatory architecture - something reflected in other investigations (including those into TikTok, Meta, Shein and AliExpress) and also seen in other digital regimes. The Commission also stressed that failure to conduct them properly constitutes a particularly serious infringement.  

However, for platforms, there are serious difficulties in adhering to the DSA’s vaguely defined risk assessment obligations. As outlined in our briefing about the Commission’s preliminary findings against TikTok, the DSA’s risk assessment and mitigation obligations rely on self-incrimination. They require platforms to report on why their service is dangerous, what they are doing about it, and then wait for the Commission to decide if the platform has done enough to tackle this. Whilst the DSA’s non-prescriptive drafting gives the Commission room to develop and refine the regulatory approach, this leaves platforms facing significant uncertainty, raising the question of how platforms can build effective compliance approaches in the context of ever evolving regulatory expectations. 

It is also clear that the Commission, and other regulators, are increasingly focused on how product and design choices shape behaviour and result in propagation of risk. That trend is visible across a range of digital regulators frameworks - from recent DSA enforcement to the AI Act and the upcoming Digital Fairness Act in the EU, as well as the Digital Markets, Competition and Consumers Act in the UK).

More generally, the thicket of digital regulation is making compliance an increasingly challenging task for platforms, with multiple regimes addressing similar issues from different angles. These rules do not always align and can, in some cases, pull in different directions. In practice, this makes it increasingly important for platforms to ensure compliance strategies are coordinated across regimes rather than developed in isolation.