Ana Filipa Ribeiro (master’s student in European Union Law at the School of Law of University of Minho and ENDE Research Grant Holder – ref. UMINHO/BIM/2026/33) and Renan Bendel Vaughan (master’s student in European Union Law at the School of Law of University of Minho and ENDE Research Grant Holder – ref. UMINHO/BIM/2026/40)

Setting the scene: a first fine and an open question

On 28 May 2026, the European Commission adopted a non-compliance decision against Temu, imposing a fine of 200 million euros for breach of its obligations under the Digital Services Act (DSA).[1] The decision is significant for several reasons. It is the first major fine imposed on an electronic commerce platform under that instrument and confirms that the public enforcement mechanism of the DSA is fully operational. It is important, however, to bear in mind that the procedure is not closed: under Article 75 DSA, Temu has until 28 August 2026 to submit an action plan to the Commission aimed at remedying the infringement, following which the European Board for Digital Services issues an opinion. The decision remains open to challenge before the Union courts.[2] 

What Temu was fined for

The decision concerns Temu’s failure to properly identify, analyse and assess systemic risks linked to the dissemination of illegal products through its online marketplaces.[3] In October 2024, the Commission opened a formal investigative procedure; in July 2025, it adopted preliminary findings of infringement; and in May 2026, it confirmed those findings in a non-compliance decision.[4]

The Commission’s findings are detailed. The risk assessment conducted by Temu for the 2024 exercise was based on generic information about the electronic commerce sector, rather than on specific evidence concerning the service itself; it seriously underestimated the frequency with which Union consumers encounter illegal products on the platform; and it failed to consider the manner in which its recommendation systems and promotion by digital influencers could amplify the dissemination of hazardous products.[5] An independent mystery shopping exercise, carried out in the scope of the investigation, confirmed that a markedly elevated proportion of the tested chargers failed basic electrical safety assessments, and that a significant proportion of baby toys posed medium to high risks.[6] The fine of 200 million euros was calculated by reference to the nature, gravity and duration of the infringement.[7]

Continue reading “When a fine is not enough: Temu, the Digital Services Act, and the problem of redress” →

Renan Bendel Vaughan (master’s student in European Union Law at the School of Law of University of Minho and ENDE Research Grant Holder – UMINHO/BIM/2026/40)

Setting the scene: eight days in April, one contradiction

In April 2026, two events gave rise to a situation that European Union law has not yet addressed in its entirety. On the 21st, the Court of Justice of the European Union (CJEU), sitting as a full court, delivered its judgment in Commission v. Hungary (C-769/22) and recognised for the first time an autonomous and self-sufficient violation of Article 2 of the Treaty on European Union (TEU): the Hungarian legislation stigmatising and marginalising LGBTI+ people was held to be contrary to “the very identity of the Union as a common legal order in a society in which pluralism prevails.”[1] Article 2 TEU thereby acquired the status of a justiciable provision with genuine normative force, capable of constituting an autonomous ground of infringement in its own right, provided that the violation is manifest and particularly serious – a threshold the Court held to be crossed in the Hungarian case on account of the cumulative and coordinated character of the breaches of Articles 1, 7, 11, and 21 of the Charter of Fundamental Rights of European Union (CFREU).[2]

Eight days later, on the 29th, the European Parliament adopted a resolution which examined the European Commission’s 2025 Rule of Law Report, and noted that 93% of the Commission’s recommendations are repeats from previous years, with only 6% having been fully implemented; furthermore, it condemned the use of spyware as a persistent and systematic threat to the rule of law, requiring binding response mechanisms.[3]

Read together, these two instruments reveal a contradiction that is constitutionally precise. Article 2 TEU acquired, in April 2026, an operative density that goes beyond declaratory commitment. The Parliament confirmed, at that same moment, that one of the most elementary structural conditions of the rule of law – judicial independence – remains exposed to a threat that Union law has yet to address: the clandestine surveillance of members of the judiciary by spyware tools operated by the Member States themselves. The legal basis for imposing a positive obligation has just been consolidated, yet the very problem that would call for such imposition remains without an articulated legal response. This text argues that construction is already possible – and that the time has come to undertake it.

Continue reading “Surveillance of the judicial function by the EU Member States themselves” →

Ana Filipa Ribeiro [master’s student in European Union Law at the School of Law of University of Minho and ENDE Research Grant Holder (ref. UMINHO/BIM/2026/33)]

On 1 July 2026, the transitional period provided for under the Markets in Crypto-Assets Regulation (MiCAR)[1] will expire across the European Union,[2] meaning that providers wishing to continue serving EU clients must either hold a MiCAR authorisation, benefit from another entitlement recognised under the Regulation,[3] or cease the provision of those services.[4] This date marks a decisive moment in the legal ordering of crypto-asset markets, since it is the point at which Regulation (EU) 2023/1114 becomes a concrete legal condition for access to the European market. More specifically, it is the moment at which national authorisation begins to operate as a Union-wide market-access decision with consequences for providers, competitors, users and host Member States across the internal market.

The legal significance of this transition lies in the regulatory architecture chosen by MiCAR. The Regulation seeks to overcome the previous fragmentation of national regimes by establishing uniform rules on authorisation, governance, conduct, prudential requirements, supervision and client protection.[5] Yet, it does so through a model in which authorisation is granted by national competent authorities,[6] while the effects of that authorisation may extend throughout the internal market by means of the European passport.[7] National administrative decisions, thus, acquire a Union-wide market-access function, insofar as an authorisation granted by one competent authority may determine the ability of a crypto-asset service provider to operate across several Member States.

That structure gives rise to a central tension in the legal ordering of EU crypto-asset markets. MiCAR presupposes that decentralised authorisation can coexist with integrated market access, provided that national supervisory practices remain sufficiently convergent.[8] The expiry of the transitional period places that assumption under practical scrutiny. If national authorities apply authorisation requirements with materially different levels of intensity, speed or interpretative strictness, operators subject to the same Regulation may enter the internal market under unequal supervisory conditions.[9] Hence, the concern extends beyond administrative coordination and reaches the conditions of competitive neutrality within the market framework that MiCAR is intended to create.

Continue reading “After the crypto deadline: who gets to enter Europe’s digital finance market?” →

Helder Matos (master’s student in Human Rights at the School of Law of the University of Minho)

Introduction

In March 2024, the European Data Protection Supervisor (EDPS) revealed that the European Commission, the institution assuming the role of global vanguard in the matter of digital rights, violated the EU’s own data protection regulation due to its structural dependency on the Microsoft 365 ecosystem.[1]

Although the EDPS closed the case in July 2025 after the Commission updated its licensing agreements with Microsoft, this episode brings to the surface the underlying problem that this article proposes to address.[2]

Even as it received the green light to proceed with business-as-usual, the European Commission admitted its deep concerns regarding the crippling dependence on a non-European company for the digital platforms needed for normal day-to-day functioning.[3] The European Union (EU) does not control the technological infrastructure it runs on, as it is forced to negotiate the terms of its own data security with foreign corporations.

Continue reading “Quo Vadis, Imperium? EU technological sovereignty as the sine qua non for democratic survival against the techno-authoritarian drift” →

Vitória Menezes Sanhudo (master’s student in European Union Law at the School of Law of University of Minho)

The harmonisation of corporate sustainability disclosure criteria has become increasingly relevant as a guarantee of a level playing field among companies and for the efficiency of the Internal Market. In this context, Directive (EU) 2022/2464 (CSRD) amends previous provisions, aiming to promote a more standardised sustainability reporting obligation, using the double materiality principle (DMP). It is deemed as necessary to analyse the conceptual evolution of materiality, from its origin in accounting to double materiality (enshrined in the CSRD Directive), its enforcement in the Directive under consideration, to evaluate the benefits and challenges of this dual perspective from a theoretical approach and, subsequently, to assess it from a more practical viewpoint, taking into account conclusions that can already be drawn from its introduction in the CSRD Directive.

The research question is as follows: in what way does the evolution of materiality in sustainability reporting prove to be positive, particularly with the incorporation of the DMP in the CSRD?

The concept of materiality

For a complete understanding of the CSRD Directive and the DMP, firstly, it is crucial to establish the conceptual basis that underpins them: materiality as a legal principle. The concept of material information emerged in the field of accounting at the beginning of the 20^th century, and its importance and scope have expanded over the years. In the EU, the Accounting Directive[1] is the central instrument for corporate financial reporting. Generally, all definitions formulated imply that information is material when its omission or misrepresentation can influence the economic decisions of the users that this concept aims to inform and benefit. Naturally, the definition of materiality varies according to the objective pursued by the reporting.[2]

Continue reading “The double materiality principle in the context of sustainability reporting – a positive development? (Some insights on the Corporate Sustainability Reporting Directive 2022/2464 – CSRD)” →

Renan Bendel Vaughan (master’s student in European Union Law at the School of Law of University of Minho and ENDE Research Grant Holder – UMINHO/BIM/2026/40)

Setting the scene: a political moment and a legal gap

The concept of hybrid threats has become one of the most frequently invoked analytical categories in contemporary European discourse in matters of security. Since its consolidation in the institutional vocabulary of the EU in sequence of the Joint Framework of 2016,[1] the expression migrated progressively from the strategic-military domain to the field of Union law, informing legislative instruments in matters of cybersecurity, critical infrastructures’ resilience and protection of the democratic institutions. However, its legal operability remains uncertain, given that the concept is invoked with increasing frequency in soft-law instruments and in policy frameworks, without this invocation being accompanied by a legal definition sufficiently precise to underpin the normative requirements placed upon it.

The Conclusions of the Council of the EU of 16 March 2026 on advancing the European Union’s capacity to counter hybrid threats constitutes the most recent institutional moment in this evolutive framework.[2] The Council of EU condemned the persistent hybrid threats of state and non-state actors aimed at compromising the security and stability of the Union and its Member States, specifically identifying the sabotage on critical infrastructures, the malicious cyber activities, the foreign information manipulation and interference (FIMI), the election interference, and instrumentalisation of migration. It called for the utmost implementation of the Directives NIS2 and CER, it highlighted the importance of the Cyber Blueprint as a mechanism of collective response and drew attention to the malicious use of emerging technologies, including AI and quantic technologies.

Continue reading “Hybrid threats in the EU: conceptual foundations and a new institutional moment” →

Ana Cardoso (PhD candidate & Master’s in European Union Law at the School of Law of University of Minho. FCT research scholarship holder – 2025.06747.BD.)

I.

On March 23, 2026 the European Commission took the final procedural step required for provisional application of the EU-Mercosur interim Trade Agreement (“iTA”), by notifying the Mercosur countries with a “note verbale”.[1] This means that as of May 1, 2026, the iTA has started being provisionally applied, despite the European Parliament’s decision to ask for the European Court of Justice’s (“CJEU”) opinion on whether the EU-Mercosur Free Trade Agreement (“EMTA”) is in conformity with the Treaties.[2]

This was possible because the EMTA is divided into two main documents: (i) the iTA covering trade liberalisation and (ii) a broader comprehensive Partnership Agreement; the first can take effect while the second faces the hurdles of full ratification.[3]

Given this somewhat unprecedented decision by the Commission – which ignores a long-standing gentleman’s agreement of institutional respect between the Commission and the Parliament – it is worth questioning if this provisional application might end up jeopardising the EU’s ambitious climate and environmental goals or if, on the other hand, the internal legal framework in this area is strong enough to prevent indirect backtracking.

Continue reading “Appreciating the value of the self? Some environmental concerns relating to the provisional application of the EU-Mercosur interim Trade Agreement” →