Enhancing the EU's Digital Platform Oversight Approach: The curious case of Temu

The European Commission (EC) recently imposed a fine of EUR 200,000 on Temu under the Digital Services Act (DSA) as one of the largest DSA enforcement actions so far. This was because Temu had not evaluated and mitigated the systemic risks arising from the sale of illegal products on its platform, thereby giving European consumers access to unsafe and illegal products.

The case has garnered much discussion, particularly about the shortcomings of Temu and implications for platform accountability. Yet another question has been posed in the case: how to ensure that regulators can detect and respond to emerging systemic risks in the growing complexness of digital platforms before those risks become an everyday reality for all?

Digital platforms will continue to expand in size and impact, and the task of enforcing compliance is no longer limited to this. It's also about building the ability to recognize new risks in the world of swift technological evolution, algorithm-based decision making, and international e-business.

The increasing complexity of platform monitoring

New digital platforms run at levels of scale that were unknown just 10 years ago. Millions of products, users, transactions and interactions are handled every day, many times across various jurisdictions and regulatory environments. In contrast to markets, digital platforms are dynamic environments where the visibility, interaction and consumption patterns are increasingly determined by algorithms and automated recommendation systems.

This poses considerable problems for regulators. Keeping track of all products, promotions and all kinds of recommendations is impossible. Regulators must decide if the platforms' risk assessments reflect the truth and reality of the platform's operation and the risks to users, even if they are submitted.

The case of Temu is a perfect illustration of the challenge in this regard. The European Commission estimated that the company's risk assessment was based on information from the e-commerce industry in general, not specific to its platform, and did not adequately assess the probability of consumers being exposed to illegal products. Most importantly, the assessment did not adequately consider the potential role of platform features, such as recommender systems and promotion programmes through influencers, in spreading illegal products. The results show one of the larger issues in digital risk-getting a full view of digital risk can't be done in compliance documents alone. Continual evaluation of the actual functioning of platforms is needed.

Commission determined that this was the breach

An extraordinary part of the Temu investigation was the way the Commission determined compliance. In addition to using information from the platform, regulators used a more holistic approach by looking at several pieces of evidence.

The investigation was based on Temu's risk assessment reports, answers to formal information requests, information submitted by third parties, the results of an independent mystery shopping visit and information from customs and market surveillance authorities. When combined, these sources gave a better amount of the risks on the platform.

The mystery shopping exercise was of special importance. Independent testing revealed that a significant number of chargers selected were not safe for children to use and two baby toys had medium to high safety risks, either from high levels of chemicals or possible choking hazards. This information ran counter to the company's own assessment of consumer exposure to products that are illegal and unsafe.

The Commission's efforts illustrate the need for evidence-based oversight. Increasingly, regulators are looking to outside verification to see if platforms are correctly identifying and managing risks and not simply taking corporate risk assessments on faith.

Traditional Regulatory Approaches Limits

The Temu investigation is a welcome reminder that while it is a huge success for enforcers, it highlights some of the challenges regulators have in regulating large digital platforms. First, regulatory responses tend to be reactive. Frequently investigations are initiated following consumer complaints, media reporting, external research, or market failures. By the time it's formally actioned, potentially dangerous products or practices could have reached many users.

Secondly, there are limitations on the resources available to regulators. The amount of data created from digital platforms is enormous and it is difficult if not impossible to monitor all aspects of the activity on the platform. The difficulty is multiplied when facing cross-border platforms which are multilingual, multijurisdictional and multi legal systems.

Thirdly, there are specific oversight challenges with algorithmic systems. Recommendation systems, rankings, and promotions are continuously evolving, depending on user actions and platform objectives. Technical capabilities are needed to understand the impact of these systems beyond traditional regulatory tools in assessing their impact on risk exposure.

However, these restrictions are not to detract from the importance of regulation. Instead, they point to the need to adopt complementary tools to complement the digital governance ecosystem.

The role of Independent Research and Civil Society

More cooperation among regulators, research and civil society organizations, as well as free thinkers and researchers will be needed to solve these problems. External parties can often be the first to see emerging risks that are not systemic.

Independent research groups could play a role in providing platform assessments, in analysing algorithmic impacts, in tracking emerging trends and in producing evidence-based analysis and insights to help inform regulatory action. They can also be useful for uncovering areas of non-compliance that are not detected under the existing compliance framework.

Digital governance, information integrity and technology policy organisations can be important intermediaries between regulators, platforms and the public. Their work can help to give early warnings on emerging threats, create independent evidence and contribute to the public understanding of a complex digital issue.

As platforms continue to spread to different sectors and technologies, this role is gaining more significance. It's not feasible for regulators to track all new risks. A broader stakeholder ecosystem will be needed to produce timely and credible insights, which will be necessary for effective oversight.

An approach to digital governance that promotes collaboration

The Temu case shows that enforcement is still a key aspect of digital governance. But it also shows that regulation is not going to solve the challenges for the platform ecosystems of today. Oversight of the platforms will rely not just on more robust enforcement, but also more robust detection. Independent research, technical expertise and timely evidence that can be used to better assess risks and prevent them from becoming widespread harms is needed.

This vision is towards a more collaborative approach to governance, where regulators, researchers, civil society organizations, academic institutions, and tech experts all collaborate to bolster accountability throughout the digital landscape. The Digital Services Act has introduced new platforms' responsibility mechanisms. The next challenge is to ensure that regulators have the tools, partnerships and knowledge to do so effectively in a digital world that is becoming increasingly complex.

Finally, the Temu case shouldn't be seen as a typical tale of regulatory enforcement. It should also be interpreted as a call to action to raise the collective capacity to identify risks that can become systemic before causing harm to the citizens.