Curious about today's AI digest?ai-tldr.dev

Character.AI Faces EU Fine Over AI Age Verification, Child Privacy Failures

Technology1h ago6 min read
Share
Character.AI Faces EU Fine Over AI Age Verification, Child Privacy Failures

Italy's data protection authority fined Character Technologies €158,000 for GDPR breaches and inadequate minor safeguards, signaling wider European scrutiny of AI chatbot platforms ahead of the EU AI Act's August 2026 deadline.

  • Italy's Garante fined Character Technologies €158,000 (~$181,000) on July 9 for GDPR violations tied to minor safeguards and age verification.
  • Regulators ordered the company to implement "cooling-off" periods for blocked minors, default private profiles for underage users, and report back within 120 days.
  • The enforcement lands weeks before the EU AI Act's August 2, 2026 transparency deadline, compounding compliance pressure on AI chatbot operators.

Lead

Italy's Garante — the country's data protection regulator — fined Character Technologies Inc., the operator of Character.AI, €158,000 (approximately $181,000) on July 9, 2026, for multiple violations of the EU General Data Protection Regulation. The penalty targets failures in child safety controls, inadequate AI age verification laws compliance, and procedural lapses including a delayed Data Protection Impact Assessment and the late appointment of an EU representative. Garante has given the company 120 days to demonstrate corrective action, or face further enforcement.

What Happened

The Garante found four distinct compliance failures at Character Technologies. First, the information provided to users about personal data processing was deemed insufficient — a core AI data privacy Europe requirement under GDPR's transparency principle. Second, the regulator identified material shortcomings in the platform's safeguards for minors, including the practical effectiveness of its age-gate mechanisms. Third, the authority determined that the company failed to conduct a timely Data Protection Impact Assessment, a mandatory risk-review document for high-risk data processing operations. Fourth, Character Technologies was found to have delayed appointing a formal EU representative, stripping European regulators of a local accountability contact.

Beyond the fine, Garante issued a series of operational orders. Character.AI must ensure its age verification systems function correctly, enforce so-called "cooling-off periods" that prevent newly blocked underage users from re-registering immediately, and set all minor-identified profiles to private mode by default. The company must file a compliance report detailing the measures adopted within 120 days.

Regulatory Context

The Italian enforcement action is not an isolated event. It reflects a hardening posture across European data regulators toward AI data privacy Europe obligations, particularly where minors are involved. In response to earlier legal and regulatory pressure — including pending litigation in the United States — Character.AI had already rolled out mandatory face-scan age verification in April 2026. Garante's review suggests those measures did not satisfy European standards.

The broader policy environment is accelerating. As of mid-May 2026, 23 of 27 EU member states were actively considering national AI age verification laws, with varying age thresholds and enforcement models. The European Commission has urged that at least one EU-compliant age verification solution be available in each member state by December 31, 2026, turning age checks from a policy discussion into a hard infrastructure deadline.

EU AI Act Pressure Mounts

The Character.AI regulatory scrutiny compounds timing pressure from a separate legal framework. The EU AI Act's most consequential obligations — covering high-risk AI systems, conformity assessments, and Article 50 transparency requirements — take effect on August 2, 2026. Under Article 50, conversational AI systems that interact directly with users must clearly disclose that the user is speaking with an AI. Platforms that generate synthetic text, audio, or video face mandatory labeling requirements. Fines for non-compliance can reach €15 million or 3% of global annual turnover for the most serious categories of breach.

Character Technologies operates a platform that allows users to create and interact with customizable AI-powered personas, placing it squarely within the scope of both GDPR and forthcoming AI Act transparency rules. The company reported approximately 45 million monthly active users as of 2025 and an annualized revenue run rate exceeding $30 million.

Business Stakes

The regulatory exposure arrives at a sensitive juncture for Character Technologies. In 2024, Google paid $2.7 billion for a non-exclusive license to the company's underlying language model technology and acqui-hired its two co-founders. As of early 2026, the company was reported to be evaluating a potential sale or fresh funding round, with independent estimates placing its valuation between $5 billion and $10 billion. Mounting compliance costs — both operational and legal — add to the financial calculus as the company navigates those discussions.

Tech regulation of this kind has precedent-setting potential. The Garante has previously moved against major consumer platforms, including OpenAI's ChatGPT, which faced a temporary Italian ban in 2023 before returning with enhanced disclosures. The Character.AI case establishes a new enforcement benchmark specifically targeting the adequacy of minor-protection controls, not just transparency disclosures.

Outlook

European AI data privacy enforcement is entering a more active phase. The combination of GDPR's existing child-safety provisions, national age verification legislation, and the EU AI Act's August 2026 transparency deadline creates compounding obligations for consumer-facing AI platforms. For Character.AI and its peers, the Italian fine signals that procedural lapses — delayed DPIAs, absent EU representatives, permeable age gates — carry immediate financial and reputational consequences. The 120-day remediation window will serve as a test of whether the company can satisfy regulators ahead of the broader EU AI Act compliance wave. Platforms that fail to treat AI age verification laws as core infrastructure, rather than bolt-on features, face escalating scrutiny from regulators across the bloc.

Mentioned tickers: GOOGL

Gain deeper insights from your reading