Beyond the penalty: What Temu's Breach of the Digital Services Act Reveals About Digital Governance

The Cost of Moving Fast

The fine of €200 million on Temu for violating the Digital Services Act (DSA) is one of the largest penalties imposed so far under the EU law, which is designed to ensure that digital platforms are fit for purpose. The European Commission's fine of €200 million on Temu for violating the Digital Services Act (DSA) is one of the most substantial penalties awarded to date under the EU law aimed at ensuring digital platforms are "fit for purpose. The penalty was not imposed just because illegal or unsafe products were found on the platform, but because regulators believe that Temu did not adequately identify, evaluate and mitigate the systemic risk posed by those products. The Commission said the company's risk assessments were not sufficiently representative of consumers' exposure to illegal products, the company used generic information from the industry instead of specific data from the platform, and they did not consider the impact of the platform's features on the risks, including its recommendation systems and influencer programmes.

However, the importance of the case is beyond just Temu. It represents a broader trend in digital regulation in which platforms are now being made responsible for negative consequences, and at the same time for shortcomings in the governance framework that is supposed to prevent such consequences.

Understanding Temu's DSA Breach

The Digital Services Act imposes particular duties on Very Large Online Platforms (VLOPs) for identifying and managing the risks that they can cause. These commitments extend beyond the point of its appearance and involve platforms actively evaluating their systems, designs, and business practices and how they can promote harm. Temu's risk assessment did not meet the requirements of the European Commission in several aspects in 2024. That assessment was heavily dependent on generic information about risks in the wider e-commerce industry, rather than evidence about risks to Temu's own platform, regulators found. It was also revealed that the company understated the number of European consumers who could be exposed to illegal or unsafe products significantly. In addition, the Commission presented the case that the Commission had not sufficiently considered the potential of recommendation systems and promotion events run by influencers for wider spreading of illegal products. They were all deficiencies that contributed to the Commission's non-compliance determination and highlight the importance of risk assessment within the DSA: it is not a mere formal element of the process, but part and parcel of the platform's accountability.

The Real Issue Was Not Just Illegal Products

The discussion around the case has been mainly about the presence of unsafe or illegal products on Temu's marketplace. Some investigations mentioned products which did not meet basic safety standards, such as electronic chargers or children's toys with alleged health and safety hazards. These were important, but not the most important of the Commission's findings.

A key distinction in this case was that the Commission believed that Temu did not adequately identify and assess the system risks of its platform. The company's assessments were heavily based on the general e-commerce risks, not specific to its marketplace, according to regulators. In addition, it also underestimated the number of occasions on which consumers in Europe might be expected to come into contact with illegal or unsafe products. This is important because it is a fundamental shift in the interpretation of digital accountability. Instead of focusing on individual breaches, regulators now seek to know if platforms have the self-assuredness to identify and reduce potential harms. The question is no longer whether there is content or product that causes problems, it's just about what it is and how can it be fixed. Whether platforms are aware of the conditions under which those issues thrive.

The Governance Gap in Digital Platforms

The case of Temu represents a trend that can be called as a governance vacuum in the digital economy. Platforms today run at unprecedented scale, processing millions of transactions, recommendations and interactions every day. However, the systems of governance are often unable to effectively keep up with this growth.

This is not only an issue with eCommerce. Similarly, social media platforms have been accused of not being able to predict the social impacts of their recommendation systems. Ride-sharing companies have been faced with backlash for their labor practices as they expanded internationally. The risks associated with the rapid deployment of powerful technologies are increasingly on the agenda of artificial intelligence companies.

Misconduct is not always the common theme; it's the failure of governance systems to keep up with their growth. Digital platforms spend a lot of money to acquire users, enhance products and optimize them. But the process of risk assessment is often viewed as a compliance activity and not as a strategic process. This leads to a familiar scenario: organizations identify problems when regulators, the press, researchers or consumers do.

Why Algorithms Are Becoming a Regulatory Concern

One of the most notable aspects of the Commission's findings was its focus on platform design. Regulators argued that Temu did not adequately assess how recommendation systems and influencer-driven promotional programs could contribute to the dissemination of illegal products. This is indicative of a wider regulatory concern, not just for e-commerce. Algorithms are not just about structuring information; they effect its visibility. They decide what products, posts or services are noticed and what is not. As a result, they influence users' actions and the outcomes of the market. Algorithms that are taught to optimize engagement, visibility or sales can unintentionally exacerbate risks, particularly if the harm is not given enough weight to the optimization metric. But the debate over regulation is increasingly moving from content moderation to system design. There is a growing interest among authorities in exploring whether platforms have considered the possible impact of their own processes on adverse outcomes. This is an important step because it shifts the responsibility from users or sellers of a platform to that of the platform itself.

A New Standard of Accountability

Historically, many digital companies viewed compliance as a reactive process. Regulators identified violations, companies responded, and enforcement followed. Emerging frameworks such as the Digital Services Act are challenging this model by introducing expectations of proactive responsibility. Under this approach, platforms are expected to understand their risks before those risks materialize into widespread harm. Risk assessments are no longer administrative documents prepared for regulators; they are becoming central governance tools that influence how platforms design products, manage users, and monitor emerging threats. This shift has implications far beyond Temu. It signals a future in which companies may be judged not only on the harms that occur, but on whether they took reasonable steps to anticipate them. For digital platforms operating at global scale, governance is increasingly becoming a core business function rather than a peripheral compliance requirement.

Looking Beyond Temu

The impact of the Temu case goes beyond the amount of the penalty, as well as the products that were found during the investigation. It's significant because of what it tells us about the evolving balance between technology, regulation and responsibility. While digital platforms keep growing in their reach in commerce, communication and public life, regulators are shifting to a model that requires more foresight. This is not just expecting to 'respond' when problems arise. It is to comprehend how platform systems can either cause or worsen those issues or completely avoid them. The big shift is obvious: In the digital economy, success is no longer measured solely in terms of growth. A growing ability to control that growth may become as significant. In terms of this, the Temu decision could be viewed as a warning shot for a single company, but rather a glimpse into the future of digital governance.