Temu is the latest platform the European Commission (EC) has fixed its regulatory gaze upon. Europe’s top consumer enforcement authority said Thursday it’s opening a formal investigation into the online retailer for enabling the sale of illegal products, including limiting the reappearance of previously suspended “rogue traders” with a history of hawking prohibited goods.
In addition to the illegal product allegation, the EC is also investigating Temu’s potentially addictive design, the platform’s systems that recommend products and data access for researchers. The alleged violations fall under the Digital Services Act (DSA), which empowers the EC to levy fines of up to six percent of Temu’s annual revenue.
In a statement to Engadget, a company spokesperson said it plans to cooperate fully. “Temu takes its obligations under the DSA seriously, continuously investing to strengthen our compliance system and safeguard consumer interests on our platform,” the Temu spokesperson wrote. “We will cooperate fully with regulators to support our shared goal of a safe, trusted marketplace for consumers.”
Temu added that it’s in discussions to join the “Memorandum of Understanding (MoU) on the sale of counterfeit goods on the internet,” a collective of online retailers (facilitated by the EC) that collaborates to prevent fake product sales in Europe.
“We can confirm that we are in discussions to join the initiative,” the Temu spokesperson told Engadget. “Counterfeiting is an industrywide challenge, and we believe that collaborative efforts are essential to advancing our shared goals of protecting consumers and rights holders.”
The EC’s formal proceedings follow a preliminary risk assessment report Temu provided the EU at the end of September, its replies to the Commission’s formal requests in June and October and info shared by third parties. As Bloomberg notes, Meta, X, AliExpress and TikTok are also facing DSA investigations.
The US, which typically lags far behind the EU in reining in Big Tech, said in September it may investigate Temu, too. Leaders of The Consumer Product Safety Commission (CPSC) ordered staff to evaluate concerns about “deadly baby and toddler products” on the platform.
Among the EC’s concerns are whether Temu’s systems are designed to prevent the reappearance of previously suspended traders and non-compliant products.
It will also look at the platform’s potentially addictive gamified reward programs and its systems to mitigate the risks from addictive design choices that could harm customers’ mental well-being.
It will investigate Temu’s parameters used to recommend goods (the Commission wants at least one “easily accessible option that is not based on profiling”) and whether the company complies with the DSA’s requirement to provide researchers with publicly accessible data.
The EC doesn’t set legal deadline for completing DSA investigations. Once concluded, the Commission will decide whether to bring the hammer down, accept voluntary commitments to remedy the problems or drop the case.
The United States, Japan and South Korea have issued a warning against North Korean threat actors, who are actively and aggressively targeting the cryptocurrency industry. In their joint advisory, the countries said threat actor groups affiliated with the Democratic People’s Republic of Korea (DPRK) continue to stage numerous cybercrime campaigns to steal cryptocurrency.
Those bad actors — including the Lazarus hacking group, which the US believes has been deploying cyber attacks all over the world since 2009 — target “exchanges, digital asset custodians and individual users.” And apparently, they stole $659 million in crypto assets in 2024 alone.
North Korean hackers have been using “well-disguised social engineering attacks” to infiltrate their targets’ systems, the countries said. They also warned that the actors could get access to systems owned by the private sector by posing as freelance IT workers.
Back in 2022, the US issued guidelines on how to identify potential workers from North Korea, such as how they’d typically log in from multiple IP addresses, transfer money to accounts based in the People’s Republic of China, ask for crypto payments, have inconsistencies with their background information and be unreachable at times during their supposed business hours.
Once the bad actors are in, they then usually deploy malware, such as keyloggers and remote access tools, to be able to steal login credentials and, ultimately, virtual currency they can control and sell. As for where the stolen funds go: The UN issued a report in 2022, revealing its investigators’ discovery that North Korea uses money stolen by affiliated threat actors for its missile programs.