Regulatory  ·  2026-07-12

Italian Garante Fines Character.AI Owner €158,000 Over Age-Verification and Data Protection Failures

RegulatoryMedium impactItaly
Italy's data protection authority (Garante per la protezione dei dati personali) fined Character Technologies Inc., the U.S.-based owner of generative AI companion platform Character.AI, €158,000 for multiple GDPR violations. The Garante found inadequate information provided to users about personal data processing, insufficient age-verification safeguards for minors (including failures in the 'cooling-off' period preventing repeat registration attempts by blocked minors), late completion of a Data Protection Impact Assessment (DPIA), and delay in appointing an EU representative. The order requires Character Technologies to fix age-verification systems, strengthen anti-re-registration mechanisms for blocked minors, and set minor user profiles to private by default, with compliance deadlines (reported as within 120 days).
This is a concrete GDPR enforcement action specifically targeting a generative AI companion/chatbot service's child-safety and data-processing practices, continuing the Garante's track record as one of Europe's most active AI regulators (it previously banned ChatGPT in 2023). It signals that EU data protection authorities are actively enforcing age-verification and DPIA obligations against AI companion apps, a growing enforcement vector distinct from the EU AI Act itself, with direct implications for any generative AI service with EU users, especially those accessible to minors.
AI companion/chatbot providers operating in the EU should audit age-verification effectiveness, ensure DPIAs are completed before processing that involves minors, appoint an EU representative where required under GDPR Art. 27, and set default-private profiles for minor users. Character Technologies must implement Garante-ordered fixes within the compliance deadline.
ReutersOECD.AI Incidents MonitorFederprivacy (Garante statement digest)
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →