In its preliminary findings released on Friday, the Commission said Facebook, Instagram, and TikTok may have placed “burdensome procedures and tools” that make it difficult for independent researchers to examine how these platforms influence public life, health, and safety. 

It described such access as “an essential transparency obligation under the DSA, as it provides public scrutiny into the potential impact of platforms on our physical and mental health.”

Meta and TikTok both denied wrongdoing; a Meta spokesperson told Reuters, “We have introduced changes to our content reporting options, appeals process, and data access tools since the DSA came into force and are confident that these solutions match what is required under the law in the EU.” 

TikTok, however, maintained that while it supports transparency, regulatory overlaps complicate compliance. “But requirements to ease data safeguards place the DSA and GDPR in direct tension,” a company spokesperson said. 

“If it is not possible to fully comply with both, we urge regulators to provide clarity on how these obligations should be reconciled.”

The DSA, which came fully into effect in August 2023, imposes strict obligations on “Very Large Online Platforms” such as Meta and TikTok. These platforms are expected to give researchers access to public data, allow users to report illegal content like hate speech or terrorism, and disclose how their algorithms make content recommendations.

The Commission said Meta’s Facebook and Instagram failed to offer a “user-friendly and easily accessible” system for flagging harmful content, including child sexual abuse and terrorist material. It also accused Meta of using “deceptive interface designs” that could confuse or discourage users from reporting such posts. 

TikTok’s data-sharing framework was similarly criticised for being unreliable and incomplete, limiting research into online harms.

If these violations are confirmed after further consultations, both companies could face fines of up to 6% of their global annual revenue, a penalty that could cost Meta more than $7 billion based on its 2024 earnings.

Despite the serious implications, the findings are preliminary. The companies have the opportunity to respond and address the breaches before any final decision is made. The Meta spokesperson added that the company would “continue to negotiate with the Commission.”

The probe forms part of the EU’s focus on Big Tech, which has already placed X (formerly Twitter), Google, YouTube, and Amazon under investigation for issues ranging from disinformation to product safety.

Following a mystery shopping operation led by the Commission, inspectors found that a number of items sold on Temu, including baby toys and small electronics, did not meet EU safety standards. Many of these items were direct threats to users, such as choking hazards, electrocution risks, and potential exposure to toxic substances. 

These findings were supported by the European consumer watchdog BEUC, which has long raised alarms about the unchecked inflow of unsafe imports via online platforms.

The Commission concluded that Temu’s October 2024 risk assessment was both flawed and superficial. Instead of analysing data specific to its own operations, Temu allegedly relied on vague, industry-level information to justify compliance. That approach, the Commission noted, is not acceptable for a platform with the scale and influence of Temu.

“The evidence showed that there is a high risk for consumers in the EU to encounter illegal products on the platform,” the Commission stated. “Specifically, the analysis of a mystery shopping exercise found that consumers shopping on Temu are very likely to find non-compliant products among the offer, such as baby toys and small electronics.”

Temu, which is classified as a Very Large Online Platform (VLOP) under the DSA, is subject to stricter regulatory expectations, particularly around product safety, algorithm transparency, and user protections. These platforms are not only required to remove harmful content and goods quickly but must also actively mitigate systemic risks on their platforms.

If the preliminary findings are upheld, Temu could face a fine of up to 6% of its global annual turnover, a penalty that could easily exceed $1.5 billion, given the financial muscle of its parent company, PDD Holdings. This would represent one of the most forceful enforcement actions under the DSA since its implementation.

In response to the Commission’s findings, Temu in an official statement said, “We will continue to cooperate fully with the Commission.”

Before now, EU also flagged the platform’s gamified shopping experience, pointing to potentially manipulative features such as fake discounts, time-limited rewards, and addictive design patterns aimed at encouraging compulsive buying. 

These dark patterns, tactics designed to nudge users into decisions against their best interest, are being investigated for violating transparency and ethical standards under EU law.

Furthermore, regulators are probing how Temu’s recommendation systems work. The core question is whether the platform gives users the option to receive non-profiled suggestions, an essential requirement under the DSA designed to protect user privacy and prevent algorithmic exploitation.

The EU’s investigation into Temu puts it in the same regulatory spotlight as other China-based platforms such as Shein, AliExpress, and Wish, all of which have been warned for allowing the sale of unsafe products and employing manipulative design features.

In parallel, EU policymakers are also debating the removal of the €150 duty-free threshold for imported parcels. This change would hit Temu’s core business model hard, as the platform thrives on high-volume, low-cost deliveries that currently escape import taxes.

For now, Temu has a limited window to respond to the Commission’s findings before a final decision is made.