The Record Fine and What Triggered It
On May 28, 2026, the European Commission fined Temu €200 million under the Digital Services Act — the largest penalty issued under the regulation to date, surpassing the €120 million fine levied against X in December 2025 for transparency failures. The decision concluded a formal investigation opened on October 31, 2024, which examined four strands: illegal product risk assessment, addictive design, recommender system transparency, and researcher data access. The May 2026 fine covers only the first strand; the other three proceedings remain open.
The violation at issue was Temu's failure to fulfill the Article 34 risk assessment obligations required of Very Large Online Platforms. Under the DSA, VLOPs must diligently identify, analyze, and assess systemic risks arising from their service design — including risks to consumer safety. The Commission found Temu's 2024 risk assessment inadequate on multiple grounds: it relied on generic eCommerce sector data rather than platform-specific evidence, underestimated how frequently EU consumers encounter illegal listings, and — most consequentially — failed to model how Temu's own recommender algorithms and influencer affiliate programs amplify the reach of unsafe products.
What Mystery Shopping Revealed
The Commission's evidence base included a mystery-shopping investigation: investigators purchased chargers and baby toys directly from the platform and had them independently tested against EU safety standards. A very high percentage of the chargers failed basic electrical safety tests. A high percentage of the baby toys posed medium-to-high severity safety risks, either because they contained chemicals above legal limits or because they included small detachable parts presenting suffocation hazards to infants.
These were not hypothetical risk scenarios — they were products Temu's systems surfaced, sold, and delivered to EU consumers. Independent testing by BEUC, the European consumer organization, reinforced this picture: its February 2025 study found phthalates — hormone-disrupting chemicals — in Temu toys at up to 240 times the legal limit, alongside illegal concentrations of borates capable of damaging the reproductive system.
The Regulatory Logic — Fairly Stated
The strongest case for this enforcement action is also the simplest: documented physical harms to real consumers, including children, created by a platform that failed to assess the risk of those harms at scale. The DSA's risk assessment obligations exist precisely because platforms with algorithmic reach cannot passively profit from that scale while treating product safety as the individual seller's problem alone.
Executive Vice President Henna Virkkunen framed the Commission's position directly: "Risk assessments are not box-ticking exercises — they are the backbone of the DSA." Temu's assessment reportedly underestimated concrete risks, lacked specificity, and was not grounded in evidence drawn from its own platform dynamics. That critique has merit. A platform processing millions of EU consumer orders should be expected to know what its recommendation engine is surfacing.
Where the Regulatory Theory Becomes Contested
The most significant — and most contestable — aspect of the decision is its identification of influencer affiliate programs as a risk factor under Article 34(1)(a). As legal scholar Catalina Goanta noted in analysis of the decision, this marks the first time the Commission has formally held that influencer marketing constitutes a structural risk vector in the DSA's meaning.
That is a consequential step. Performance-based creator and affiliate programs are standard monetization architecture across virtually every major e-commerce and social platform. If recruiting influencers to promote products makes a platform structurally more liable for what those influencers recommend — because it "amplifies dissemination" of potentially illegal listings — then every platform running performance-based content incentives must now model influencer reach into its Article 34 risk assessments.
The concern is not that accountability is misplaced. The concern is causality. Temu's recommender algorithm may surface a dangerous charger; it also surfaces millions of compliant ones. Holding a platform financially responsible for failing to anticipate the precise distribution of harm across algorithmic product listings is a demanding standard. The practical compliance obligation — that risk assessments must be specific, platform-grounded, and model amplification vectors — will stretch even well-resourced legal teams. The three pending proceedings on addictive design and recommender transparency will test whether this logic extends further still.
Proportionality and What the Fine Actually Accomplishes
On proportionality: the DSA caps fines at 6% of global annual turnover, and Temu's parent PDD Holdings operates at a global scale that puts €200 million well within that ceiling. Temu has stated it considers the fine disproportionate — a challenge before the Court of Justice of the EU seems likely.
The more constructive element of the decision is mandatory remediation. Under DSA Article 75, Temu must submit an action plan to the Commission by August 28, 2026, detailing how it will fix its risk assessment failures. A fine without a structural pathway to compliance is a hollow outcome; the action plan requirement is what transforms a penalty into a policy instrument.
Precedents for Every VLOP Operating in the EU
The Temu decision establishes three precedents that will shape DSA compliance strategy for every platform designated as a VLOP. First, risk assessments must be platform-specific: sector-level benchmarks will not satisfy Article 34. Second, recommender systems and influencer programs must be modeled as amplification vectors for illegal content, not treated as neutral infrastructure. Third, mystery shopping — actual purchases and third-party product testing — is now a validated investigative tool the Commission has demonstrated it will deploy.
The DSA was designed to hold large platforms accountable without collapsing the open-marketplace model that benefits both consumers and sellers. Whether this fine advances that goal depends on what Temu's August 2026 action plan actually delivers. If the result is algorithmic changes that measurably reduce unsafe product exposure for EU consumers, the regulatory theory will have proven itself in practice. If the outcome is protracted litigation while dangerous products continue to circulate, the enforcement model needs examination too. The internet's open marketplace doesn't have to choose between consumer safety and commercial openness — but that balance requires both regulators and platforms to be honest about what algorithmic amplification actually does.