The Cost of Non-Compliance
Compliance is no longer a soft legal concern. It is a financial, operational, and strategic risk surface that grows larger with every new EU regulation. These are real cases, real fines, and real consequences — and they are only the beginning.
5.88B+
Cumulative GDPR fines to date
84%
E-commerce imports failing EU checks (2026)
4,137
Dangerous products flagged — record high (2024)
5%
Max fine as % of worldwide turnover (CSDDD)
Three layers of risk
Non-compliance creates compounding exposure across financial, operational, and strategic dimensions.
Financial Risk
- Regulatory fines up to 5% of global turnover
- Product recall and remediation costs
- Criminal liability (up to 3 years — Battery Regulation)
- Delayed product launches
- Lost revenue from blocked shipments
- Insurance and liability exposure
Market Access & Operational Risk
- Products blocked at customs via DPP Registry checks
- EU market entry denied or restricted
- Retailer and marketplace delisting
- Public procurement disqualification
- Inability to prove compliance on demand
- Supply chain friction and delays
Reputational & Strategic Risk
- Public enforcement actions (published by regulators)
- Loss of customer and partner trust
- ESG rating downgrades and investor concern
- Negative press and permanent public records
- Competitive disadvantage in circular economy
- Exclusion from sustainable supply chains
Enforcement is not hypothetical
These are real companies, real regulatory actions, and real financial consequences. Every case is source-backed.
Shein
French DGCCRF conducted an 11-month investigation finding Shein used deceptive commercial practices including misleading environmental sustainability claims and fake discounts.
Consequence: Largest greenwashing fine in EU to date. Direct preview of EmpCo Directive enforcement starting September 2026 — the same anti-greenwashing rules will apply to all companies making environmental claims.
Shein
Italian AGCM found Shein made unsubstantiated environmental claims about products being 'eco-friendly' and 'sustainable' without adequate evidence.
Consequence: Second EU country to fine Shein in the same year. Pattern: multiple member states enforcing simultaneously against the same company — a preview of coordinated EU enforcement.
TikTok
TikTok transferred European user data to China without adequate data protection safeguards, violating GDPR's cross-border transfer rules.
Consequence: Largest GDPR fine ever at the time of issuance. EU enforcement appetite continues to grow — cumulative GDPR fines now exceed 5.88 billion across all cases.
X (formerly Twitter)
First-ever DSA non-compliance decision. European Commission found X failed to meet transparency obligations, provided misleading information about its advertising repository, and restricted researcher data access.
Consequence: First DSA fine signals EU is now enforcing its newest digital regulations. Precedent: EU adopts regulation, then enforces it. The same trajectory will apply to ESPR, DPP, and product regulations.
Multiple e-commerce imports (EU-wide)
Large-scale EU customs control action in January 2026 found that 84% of tested third-country e-commerce goods did not comply with EU product safety requirements. 75% of customs refusals originated from China.
Consequence: Products seized, destroyed, or refused entry. When DPP Registry goes live (July 2026), customs will have digital verification — making this kind of enforcement faster and more systematic.
4,137 products flagged (EU-wide)
EU Safety Gate system recorded an all-time high of 4,137 dangerous product alerts in 2024, with over 4,200 follow-up enforcement actions. Toys, electronics, and motor vehicles were the top flagged categories.
Consequence: Products withdrawn, recalled, and banned across all member states. 80% of online marketplace toys tested failed EU standards. With DPP, this surveillance becomes digital and automated.
Volkswagen Group
Installed defeat devices in 11 million vehicles to cheat emissions tests, misrepresenting environmental compliance across EU and US markets.
Consequence: Criminal convictions, massive product recalls, management prosecutions, and regulatory overhaul of vehicle emissions oversight across the EU.
Amazon Europe
Processing personal data in violation of GDPR requirements, specifically around advertising targeting and consent mechanisms.
Consequence: Largest GDPR fine issued at the time. Demonstrated that EU regulators will apply maximum pressure to major market participants.
Meta Platforms (Instagram)
Instagram processed children's personal data unlawfully, including making teen accounts public by default and exposing contact details.
Consequence: Record GDPR fine against Meta. EU signaled that data protection enforcement is accelerating, not slowing — a pattern that will carry into product compliance enforcement.
IKEA (Inter IKEA Group)
Investigation into sourcing timber from Ukrainian forests with allegations of illegal logging in protected areas, raising due diligence concerns under the EU Timber Regulation.
Consequence: Reputational damage, supply chain audit requirements, and increased scrutiny on forest-risk commodity sourcing — foreshadowing EUDR enforcement.
Samsung SDI
Battery defects in Galaxy Note 7 caused fires and explosions, leading to a global product recall and flight bans.
Consequence: Full product discontinuation, global recall of 2.5 million devices, airline bans, and long-term damage to Samsung's battery business credibility.
H&M Group
Misleading environmental sustainability claims on products through the 'Conscious Collection' marketing, misrepresenting environmental scorecards. Dutch ACM also found H&M's sustainability claims misleading.
Consequence: Class action lawsuits, regulatory investigations in Netherlands (ACM), forced withdrawal of environmental marketing claims. Preview of what EmpCo enforcement will look like from September 2026.
Decathlon
French regulator found Decathlon's environmental product ratings lacked transparency and used non-standardised methodology to claim products were 'eco-designed'.
Consequence: Forced to revise product labelling methodology and remove unsubstantiated environmental claims. Precedent for EmpCo enforcement starting September 2026.
Multiple companies (EU-wide)
EU-wide coordinated enforcement project (REF-10) found 28% of inspected products contained restricted substances above legal limits, with SVHCs undisclosed.
Consequence: Product withdrawals, import blocks, and fines across member states. Demonstrated systemic non-compliance in chemical substance reporting — the same data now required in DPPs.
Over 2,000 products flagged (EU-wide)
The EU Safety Gate (formerly RAPEX) system reported over 2,000 dangerous product alerts in 2024, with toys, electronics, and textiles as top categories. Many flagged products lacked proper documentation.
Consequence: Products withdrawn from market, import bans, and mandatory recalls across member states. With DPP, regulators will have digital verification capability — non-compliant products will be caught faster.
Wish (ContextLogic)
French regulators found 95% of tested electrical products and 62% of tested toys sold via Wish failed EU safety standards.
Consequence: France directed search engines and app stores to delist Wish from search results — effectively removing its market access in France. A warning for any platform selling non-compliant products.
BMW AG
European Commission found BMW colluded with other German automakers to limit the rollout of emissions cleaning technology, restricting competition on emission reduction.
Consequence: EU antitrust fine. Part of a broader pattern showing EU willingness to enforce environmental compliance through competition law as well as product regulation.
TikTok
TikTok processed children's data without adequate protections, failed to provide transparent privacy information, and used dark patterns in age verification.
Consequence: Major GDPR fine demonstrating EU enforcement against platforms regardless of origin. Pattern: EU sets high compliance bar, then enforces decisively.
What these cases reveal
Patterns emerging from enforcement actions across EU markets.
Enforcement is becoming more visible. EU regulators are increasingly publishing enforcement actions, making non-compliance a matter of public record — not a quiet internal matter.
Traceability expectations are rising. From plot-level GPS coordinates under EUDR to substance-level disclosure under REACH, regulators now expect granular, verifiable data — not self-declarations.
Lack of documentation creates operational vulnerability. Companies that cannot produce compliance evidence on demand face delays, holds, and presumption of non-compliance at customs and market surveillance checkpoints.
Compliance is shifting from paperwork to infrastructure. Digital Product Passports, registries, and traceable supply chain data are becoming the operational backbone of market access — not just a legal checkbox.
The risk is growing — here is why
The cases above happened under the old regulatory framework — before ESPR, before mandatory DPPs, before the EU's digital enforcement infrastructure was built. What is coming is structurally different.
Starting July 2026, the ESPR DPP Registry goes live — giving customs and market surveillance authorities the ability to digitally verify product compliance at the border, in real time. Products without a valid DPP registration will be flagged, held, or blocked before they enter the EU market.
By February 2027, the first mandatory Digital Product Passport — the Battery Passport — goes live. By 2028, textiles follow. By 2030, toys, detergents, and electronics. The scope only expands.
Each new delegated act under ESPR adds product categories. Each adds enforcement mechanisms. The combined effect is a compliance surface that grows every year — and with it, the risk of non-compliance.
Digital enforcement infrastructure
The DPP Registry (July 2026) creates a machine-readable compliance checkpoint. Customs can query a product's DPP status before it clears the border. No more relying on paper declarations.
Turnover-based penalties
New regulations specify penalties as a percentage of turnover — 4% (EUDR), 5% (CSDDD), 3% (IED). These are not flat fines. For a company doing 1B in revenue, a 4% penalty is 40M. The math changes everything.
Compounding regulation overlap
A single product can fall under ESPR, REACH, Battery Regulation, PPWR, EUDR, and EmpCo simultaneously. Non-compliance in one triggers scrutiny across all. One failure cascades.
What each regulation can cost you
Maximum penalties defined by EU regulation — these are the legal ceilings, not theoretical scenarios.
Why this will not slow down
Every regulation discussed on this page is part of a larger, interconnected framework. Understanding the bigger picture helps explain why compliance pressure will only increase — and why early preparation is a strategic advantage, not just a legal necessity.
European Green Deal and Net Zero 2050
The EU has set a legally binding target to reach net-zero greenhouse gas emissions by 2050, enshrined in the European Climate Law (Regulation (EU) 2021/1119). This is not a policy aspiration — it is law.
Every product regulation — ESPR, Battery Regulation, CBAM, PPWR — is an implementation mechanism for this target. DPPs are how the EU measures and enforces product-level progress toward net zero. As 2050 approaches, enforcement will tighten, scope will expand, and scrutiny will increase.
Circular Economy Action Plan
The EU's Circular Economy Action Plan (CEAP, adopted March 2020) is the strategic blueprint that created the ESPR and the DPP concept. Its stated goal: make sustainable products the norm in the EU.
The plan mandates that products placed on the EU market must be designed for durability, reuse, repair, and recycling. The DPP is the information infrastructure that makes this verifiable. Without product-level data on materials, carbon footprint, and recyclability, the circular economy cannot function.
The full circle
The logic connects: the European Climate Law sets the 2050 net-zero target. The European Green Deal provides the policy framework. The Circular Economy Action Plan translates this into product-level requirements. The ESPR creates the legal instrument. Digital Product Passports provide the data layer. And each product-specific regulation — batteries, textiles, construction, packaging — implements this for specific industries.
This is not a single regulation you can work around. It is a systemic transformation of how products enter, exist in, and leave the EU market. Companies that build compliance infrastructure now are not just avoiding fines — they are positioning themselves for the only version of the EU market that will exist.
Sources: European Climate Law (EU) 2021/1119 — EUR-Lex; Circular Economy Action Plan COM(2020) 98 — European Commission; European Green Deal COM(2019) 640 — European Commission
Understand your exposure
The companies that build compliance infrastructure before enforcement reaches them will carry a structural advantage in every market they operate in.
Or explore: All Regulations & Timeline · Digital Product Passports · ESPR Deep Dive