Curious about today's AI digest?ai-tldr.dev

Character.AI Italy Crackdown: €158,000 GDPR Fine

Markets1h ago6 min read
Share
Character.AI Italy Crackdown: €158,000 GDPR Fine

Italy's Garante fined Character.AI parent Character Technologies €158,000 for age-check and privacy failures, ordering mandatory minor-protection measures within 120 days under tightening EU AI safety regulation.

  • Italy's Garante levied a €158,000 ($181,000) fine on Character Technologies on July 9, 2026, for GDPR and child-protection violations.
  • The regulator ordered Character.AI to enforce stronger age-verification, block repeat registrations by previously removed minors, and set under-age profiles to private by default.
  • The action reflects a broader Italy crackdown on consumer AI platforms and aligns with the country's September 2025 national AI law requiring strict safeguards for users under 17.

Lead

Italy's data protection authority, the Garante, on July 9, 2026, fined Character Technologies—the U.S.-based parent of the AI companion platform Character.AI—€158,000 for a cluster of GDPR violations centered on inadequate age-verification systems and insufficient privacy disclosures. The regulator simultaneously issued a remediation order with a 120-day compliance deadline, placing one of the most widely used generative AI chatbot services under binding structural requirements for the first time in the European Union.

What Happened

The Garante's ruling identified four distinct failures. First, Character Technologies' age-verification mechanisms were found to be inadequate, permitting minors to access a platform whose content and interaction patterns regulators determined posed material risks to younger users. Second, the company had provided users with weak disclosures about how personal data is processed. Third, Character Technologies was late in conducting a required Data Protection Impact Assessment. Fourth, the company failed to appoint an EU representative within the mandated timeframe, a procedural shortfall that complicated the regulator's ability to engage the company directly.

The remediation order is consequential in its operational specificity. Character Technologies must redesign its age-verification stack so that minors previously blocked from the platform cannot re-register via new accounts—a loophole regulators said undermined prior enforcement. The company must also automatically switch the profiles of underage users to private mode upon registration. Character Technologies has 120 days from receipt of the order to report on the measures it has adopted.

AI Safety Regulation in Context

The Character.AI Italy crackdown does not emerge in isolation. Italy has developed a consistent enforcement posture toward consumer AI platforms touching minors. In 2023, the Garante issued a temporary ban on OpenAI's ChatGPT over analogous age-check and data-collection concerns—the first such ban by an EU member-state authority—before later issuing a formal fine against the company. It also penalized the developer of Replika, another AI companion service, over similar child-safety failures.

Italy formalized this posture into statute with Law No. 132, enacted September 23, 2025—the first comprehensive national AI law in the EU. The law bans or severely restricts minors' access to social chatbots and generative AI tools absent robust age-verification and, for users under 14, explicit parental consent. Implementing decrees aligned with the EU AI Act are expected by October 2026, at which point sanctioning powers will be more precisely defined and penalties could scale significantly beyond the current fine.

Tech Industry Legal Pressure on Character.AI

The Garante's action compounds a period of intensifying tech industry legal pressure on Character Technologies. In January 2026, the company and Alphabet unit Google agreed to settle a series of lawsuits filed by the families of teenagers who died by suicide, with plaintiffs alleging the AI chatbot fostered harmful emotional dependency and lacked adequate safeguards. A U.S. federal court in Florida had declined in May 2025 to dismiss Google, along with Character.AI founders Noam Shazeer and Daniel De Freitas, from one such case—the first ruling of its kind on chatbot liability.

Google entered the Character.AI ecosystem through a $2.7 billion licensing agreement in August 2024, under which it hired Shazeer and De Freitas. The arrangement does not give Google direct operational control over Character.AI's platform, but the legal exposure has drawn the technology giant into the AI ethics and safety debate surrounding the product.

Character Technologies announced in October 2024 that it would restrict users under 18 from engaging in free-ranging chats—including romantic and therapeutic interactions—with its chatbots. The Garante's findings suggest those voluntary measures did not satisfy EU legal standards for age verification or data governance.

AI Ethics and Safety: Structural Implications

The fine itself is modest relative to GDPR's theoretical maximum of 4% of global annual turnover. Its regulatory significance, however, lies in the behavioral remediation it mandates and the precedent it establishes. Consumer AI platforms operating in the EU—particularly those with social, companion, or emotional-engagement features—are on notice that existing GDPR obligations apply in full, regardless of the novelty of the underlying technology.

The Garante's approach demonstrates that AI safety regulation in Europe is not waiting for the EU AI Act's full implementation timeline. Data protection law, applied through existing supervisory channels, is already functioning as a de facto AI governance instrument, especially where minors are involved.

Outlook

Character Technologies faces a 120-day window to demonstrate compliance with the Garante's order or risk follow-on enforcement. The Garante's pattern—initial fine followed by escalating scrutiny if remediation proves insufficient—suggests the regulatory relationship is entering a sustained phase rather than a one-time settlement. With Italy's AI law implementing decrees due by October 2026 and the broader EU AI Act framework tightening, consumer AI platforms will face mounting pressure to build enforceable age-verification and data-governance infrastructure rather than relying on voluntary commitments. For the AI safety regulation landscape across the EU, the Character.AI Italy crackdown is likely a floor, not a ceiling.

Mentioned tickers: GOOGL, GOOG

Analysis }}

Gain deeper insights from your reading