The editorial argues the Commission's core charge is structural: Temu's systems were incapable of knowing whether illegal products were being sold, not merely that bad products slipped through. This shifts DSA compliance from a documentation exercise to a technical obligation that platform engineers must build into marketplace systems.
The editorial notes the fine sits at roughly 1% of global turnover, well below the DSA's 6% ceiling, signaling that Brussels is messaging rather than maximizing. A repeat finding would not be so restrained, framing this as a deliberate first-strike to put VLOPs on notice.
The BBC report, surfaced on HN with 263 points, frames this as the first headline-grabbing DSA penalty against a major non-EU marketplace. Until now the regime produced mostly transparency reports and procedural proceedings; a €200M number against a VLOP with 92M EU users marks the shift to substantive enforcement.
On 28 May 2026, the European Commission announced a €200M fine against PDD-owned Temu under the Digital Services Act (DSA), the first headline-grabbing penalty against a major non-EU marketplace under the new regime. The Commission's preliminary findings, first reported by the BBC, conclude that Temu failed to properly assess the risk of illegal products being sold to EU consumers, and that the risk assessment it did produce relied on 'generic industry information rather than specifics about its own marketplace.'
In a mystery-shopper exercise the Commission ran across Temu's EU storefront, a majority of sampled products — including baby toys and small electronics — were found to be non-compliant with EU product safety rules. Items flagged ranged from toys with detachable small parts that breach the EN 71 toy safety standard, to consumer electronics lacking valid CE marking, to cosmetics with banned ingredients. The Commission's core charge is not that Temu sold bad products; it's that Temu's systems were structurally incapable of knowing it was doing so.
Temu, which says it has around 92 million monthly active users in the EU and is therefore designated a Very Large Online Platform (VLOP), now has the right to respond before a final decision. The €200M figure is calibrated to roughly 1% of global turnover — well under the DSA's 6% ceiling — which suggests Brussels is signaling rather than maximizing. A repeat finding would not be so restrained.
The DSA has been on the books since 2022 and in force for VLOPs since August 2023, but until now it has mostly produced information requests, transparency reports, and the occasional formal proceeding. This is the first time the headline number has been large enough to make a procurement committee read the regulation. For platform engineers, the practical message is that the EU is now treating 'inadequate risk assessment' as a fineable engineering failure, not a paperwork failure.
Compare the posture to US Section 230, under which marketplaces have spent two decades arguing they are conduits, not retailers. The DSA explicitly rejects that framing for VLOPs. Article 30 requires traceability of traders (KYC for sellers). Article 31 requires 'compliance by design' in the listing interface. Article 34 requires annual systemic risk assessments grounded in the platform's own data. The Commission's complaint about Temu using 'generic industry information' is a direct hit on Article 34 — and it's the part most marketplaces have been quietly hand-waving.
The contrast with Shein is instructive. Shein was designated a VLOP a month after Temu and is under a parallel DSA investigation opened in February 2025, but has so far escaped a headline fine. The differentiator appears to be Shein's faster cooperation on trader verification and listing takedowns — both of which are, fundamentally, backend engineering problems. Temu is being fined not because its catalog is worse than Amazon's or Shein's, but because its compliance plumbing is thinner.
It's also worth naming what this is not. It is not a tariff fight, not a China-specific industrial policy move, and not a content moderation case in the speech sense. It is a product safety case dressed in platform regulation. That matters because the same legal machinery applies to any marketplace — Etsy, Reverb, Discogs, Backmarket, even a Shopify-hosted multi-vendor store — once it crosses the VLOP threshold or attracts a national-level investigation. The Commission has been explicit that it sees the DSA as horizontally applicable.
If you build or operate a marketplace that touches EU users, three pipeline questions are now compliance questions:
Seller onboarding. Article 30 requires you to collect and verify trader identity, address, payment account, and a self-declaration of compliance with EU product law — and to make a best effort to verify it via 'freely accessible official online databases.' If your seller-signup flow is still 'email + Stripe Connect,' you are out of compliance. The fix is unglamorous: VIES VAT validation, EORI lookup for non-EU sellers, sanctions-list screening, and storage of the verification artifacts for audit.
Listing moderation. Generic ML classifiers trained on 'spam' or 'NSFW' labels will not satisfy a DSA auditor. You need category-aware checks tied to the actual regulatory regimes — CE marking presence for electronics, age-grading for toys, ingredient screening for cosmetics, EU energy label for white goods. Open-source helpers exist (the EU's Safety Gate API publishes recall data you can hash-match against; the OECD's Global Recalls Portal is similar) but most teams will end up wiring their own rules engine on top of category metadata.
Systemic risk assessment. This is the part most teams are getting wrong. The Commission wants a document grounded in your platform's telemetry — takedown rates by category, repeat-offender seller distributions, complaint-to-resolution latency, the percentage of GMV flowing through unverified traders. If your data team can't produce that on demand, you don't have a risk assessment; you have a brochure. Treat the annual DSA report as a data product, not a policy document — owned by engineering, reviewed by legal, signed by the DPO.
Expect the next 12 months to bring at least one more VLOP marketplace fine (AliExpress is the obvious candidate, already under formal proceedings) and a wave of national-level cases against mid-sized platforms once the precedent is concrete. The smart move for engineering leaders is to stop treating DSA work as a Q4 legal sprint and start treating seller verification, listing-time compliance checks, and risk telemetry as first-class subsystems with on-call rotations. The platforms that survive the next regulatory cycle will be the ones whose compliance posture is observable from a Grafana dashboard, not a PDF.
> Evidence from a mystery shopping exercise included in the Commission's investigation shows that a very high percentage of the selected chargers failed basic safety tests, while a high percentage of tested baby toys posed safety risks of medium to high severity, as they contain chemicals ex
Interesting - I've been testing a few free tier tools lately. How does SerpSpur's backlink freshness compare to something like Ubersuggest or the free version of Ahrefs?
Temu and Aliexpress do seem to have this covered to an extent. I have noticed significant geoblocking from both companies, mostly in searches and advertisements. I know for instance that Aliexpress has a ton of non compliant (for Australia) toy guns, they send me target ads and everything. But if I
Also discussed here: https://news.ycombinator.com/item?id=48307237
Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.
Say what you may of Temu, and I do think more vetting of certain goods is a good idea, but they fill a very real need. In the part of Europe where I live, the choice is only between intermediaries for the same products coming from China. The local intermediaries sell a very limited picking at stagge