After Temu: why every non-EU seller now needs a GPSR Responsible Person, not just a marketplace listing.

The Temu fine wasn’t a VAT case. It was a product safety case dressed up in the language of platform governance. And every non-EU seller listed on a European marketplace just inherited a new compliance reality.

The mechanism the Temu fine triggered.

The €200 million decision against Temu found, in essence, that the platform had not done enough to identify and prevent the sale of unsafe products. The Commission’s mystery shopping exercise produced unsafe chargers and dangerous baby toys. The platform’s risk assessment had not surfaced those categories of risk. The fine followed.

Marketplaces will not absorb this risk twice. The pattern is consistent across previous EU enforcement waves: liability propagates downstream from the platform to the seller through changes to seller agreements, listing audits, and verification requirements. The DSA gave marketplaces the legal exposure. The marketplaces will give the sellers the operational burden.

What sellers will see between now and the end of Q3 2026:

• Pre-listing technical documentation review (CE markings, declaration of conformity, test certificates)
• Mandatory EU Responsible Person verification under Article 4 of GPSR Regulation 2023/988
• Re-audit of existing listings where the Responsible Person appointment is expired, transferred, or insufficiently documented
• Tighter Safety Gate notification flow-through, with marketplace automatic de-listing on EU-level alerts
• Contractual indemnification language shifting product safety liability to the seller

What the GPSR Responsible Person actually does (and why a marketplace listing alone won’t cover it).

Under EU Regulation 2023/988, in force since 13 December 2024, every non-EU economic operator placing physical consumer products on the EU market must designate an EU-established Responsible Person. The appointment must be in writing. The Responsible Person must be identifiable on the product or its packaging. The role is not optional.

What the Responsible Person actually does under Article 4(3) of GPSR:

1. Verifies that the EU Declaration of Conformity and technical documentation have been drawn up and retained, and holds the documentation for ten years from the date the product was placed on the market
2. Cooperates with EU market surveillance authorities at their request, in the language they require
3. Provides authorities with information and documentation to demonstrate product conformity
4. Informs authorities if there is reason to believe a product presents a risk
5. Takes corrective action where products do not conform, up to and including withdrawal and recall

A marketplace listing is not a Responsible Person appointment. Amazon, eBay, Shopify, TikTok Shop, Zalando, Cdiscount and Bol.com are not the Responsible Persons for the products sold through them; they are the distribution channels. The legal designation has to sit with a specific EU-established legal entity that can be contacted, audited, and held accountable by the market surveillance authority.

What happens when you don’t have one.

Three failure modes, in order of how quickly they hit your business.

Listing removal.

Marketplaces verify Responsible Person designation through their compliance APIs. Listings without a verifiable EU Responsible Person are either blocked at upload or de-listed during periodic audits. After the Temu decision, that audit cadence is tightening.

Customs interception.

Italian customs (Agenzia delle Dogane) and equivalent EU national authorities are now cross-referencing customs declarations against the EU Safety Gate database. Products entering the EU without verifiable Responsible Person designation can be detained, sampled, and where non-conformities are identified, refused entry. The cost of a held container in the Port of Genova or Antwerp is non-trivial.

Direct enforcement action.

Market surveillance authorities under Article 9 of GPSR can require corrective action, issue fines, mandate product recalls, and publish their enforcement decisions. In Italy, the consumer protection function of the Ministero delle Imprese e del Made in Italy publishes its enforcement decisions to a public register. Reputational consequences are durable.

What CiDATax actually does as your Responsible Person.

The appointment is the legal substrate. Around it, the work that matters in an audit is:

• Technical documentation custody. We hold your EU Declaration of Conformity and technical file for the statutory ten years, indexed against the directives applicable to your product categories (LVD, EMC, RoHS, Toy Safety Directive 2009/48/EC, Personal Protective Equipment Regulation 2016/425, depending on category)
• Marketplace listings audit. Periodic verification that listings on Amazon, eBay, Shopify, TikTok Shop, Cdiscount, Bol.com, Allegro, Otto, Zalando and ManoMano carry accurate Responsible Person identification
• Safety Gate monitoring. Weekly review of Safety Gate notifications affecting your product categories or competitor products, flagging where your supply chain may carry similar exposure
• Authority correspondence. Direct response to Italian and EU market surveillance authorities in Italian, English, and on case-by-case basis other EU languages, on Article 4 documentation requests
• 24-hour incident response. Defined SLA for the Article 9(3) serious-risk notification window

The cost calculation, plainly.

The cost of proper Responsible Person service for a single non-EU brand operating across the EU is materially less than the cost of one held container, one mass de-listing event, or one Safety Gate notification with corrective action.

The Temu case made the upper bound of non-compliance visible: €200 million for a marketplace operator. For an individual seller the upper bound is smaller in absolute terms but identical in proportional terms, plus the cost of losing access to the EU market entirely.

Compliance is the leverage. The Temu case made it visible. The marketplaces are about to make it operational.