The European Commission has fined Temu EUR 200 million for breaching its risk-assessment obligations under the Digital Services Act.
The non-compliance decision centres on the company's failure to adequately identify, analyse, and assess systemic risks relating to the dissemination of illegal products on its platform.
The Commission's investigation, which was formally opened on 31 October 2024, found that Temu's 2024 risk assessment fell significantly short of the standards required under the DSA. Preliminary findings were adopted in July 2025, with the non-compliance decision finalised this month.
Risk assessment found to be insufficient
Under the DSA, designated Very Large Online Platforms (VLOPs) are required to conduct thorough assessments of systemic risks linked to their services and to implement corresponding mitigation measures. The Commission concluded that Temu's risk assessment relied on general information about the ecommerce sector as a whole, rather than on evidence specific to its own platform.
Crucially, the assessment underestimated the likelihood of EU consumers encountering illegal products. A mystery shopping exercise, conducted by an independent testing organisation on behalf of the Commission, found that a high proportion of chargers sampled failed basic safety tests. A separate assessment of baby toys found that a significant share posed safety risks ranging from medium to high severity, owing to chemical levels exceeding legal limits or the presence of detachable parts that constitute suffocation hazards.
The Commission also found that Temu's assessment did not adequately account for the role of its own platform design (including recommender systems and influencer-led product promotion programmes) in potentially amplifying the spread of illegal products to EU consumers.
The investigation drew on Temu's 2024 and interim 2025 risk assessment reports, formal information requests issued on 28 June 2024 and 11 October 2024, third-party submissions, and data from EU customs and market surveillance authorities. The latter revealed high non-compliance rates among products sold on Temu across the categories tested.
Next steps and compliance timeline
Temu has until 28 August 2026 to submit an action plan to the Commission under Article 75 of the DSA, outlining measures to remedy its risk-assessment failures. The European Board for Digital Services will have one month from receipt of the plan to issue its opinion, after which the Commission will have a further month to adopt a final decision and set an implementation deadline.
Should Temu fail to comply with the non-compliance decision, the Commission may impose periodic penalty payments. The Commission has indicated it will continue to engage with Temu to monitor adherence to the decision and broader compliance with the DSA.
The fine reflects the Commission's assessment of the nature, gravity, and duration of the infringement, as well as the scale of affected EU users. Regulators have indicated that failing to conduct adequate risk assessments represents a particularly serious breach of the DSA framework, which relies on platform self-assessment as a foundational mechanism for consumer protection across the single market.
