Curious about today's AI digest?ai-tldr.dev

Italy Fines Character.AI for AI Age Verification Failure

Policy & Regulation1h ago5 min read
Share
Italy Fines Character.AI for AI Age Verification Failure

Italy's data protection authority levied a €158,000 penalty against Character Technologies on July 9, 2026, citing critical gaps in AI age verification and child privacy safeguards on its Character.AI platform.

  • Italy's Garante fined Character Technologies €158,000 (~$180,500) for GDPR violations tied to AI age verification failures.
  • The watchdog ordered the company to fix age-check systems, block re-registration by previously barred minors, and default minor profiles to private.
  • Character Technologies also violated GDPR by delaying its Data Protection Impact Assessment and failing to appoint an EU representative on time.

Lead

Italy's data protection authority, the Garante per la protezione dei dati personali, fined Character Technologies — the U.S.-based parent of AI chatbot platform Character.AI — €158,000 (approximately $180,500) on July 9, 2026. The penalty targets failures in AI age verification and the protection of minors under the European Union's General Data Protection Regulation, marking the Garante's latest enforcement action against a generative AI company operating in the Italian market.

What Happened

The Garante concluded that Character.AI's platform carried "critical issues" in its AI privacy regulation compliance framework, specifically in mechanisms designed to prevent underage users from accessing the service. Investigators found that minors who had been blocked from the platform could circumvent restrictions by creating new accounts — a structural flaw the authority deemed unacceptable under GDPR's heightened protections for children.

Beyond the Character.AI legal exposure on age gating, the Garante identified further procedural failures. Character Technologies submitted its mandatory Data Protection Impact Assessment — a formal risk evaluation required before processing sensitive user data at scale — later than GDPR timelines require. The company also failed to designate an EU representative within the prescribed period, a compliance obligation for non-EU companies offering services to European consumers.

The authority additionally cited deficiencies in how the platform communicates with users about personal data processing, including insufficient transparency disclosures.

Remedial Orders

Alongside the financial penalty, the Garante issued binding corrective orders. Character Technologies must deploy age-verification systems robust enough to prevent previously blocked minors from re-registering. The company must also set accounts belonging to minors to private mode by default — a structural change designed to limit exposure to adult or inappropriate content and third-party contact.

Regulatory Context

The Garante has positioned itself as one of Europe's most assertive AI privacy regulators. In 2023, it temporarily banned OpenAI's ChatGPT over comparable age-check and data collection concerns, restoring access only after OpenAI implemented remedial measures. The Character.AI action follows a similar enforcement pattern.

The broader regulatory environment reinforces the Garante's posture. The EU AI Act, now in full enforcement for 2026, classifies AI systems that interact with children as high-risk, mandating additional transparency requirements, safety testing, and governance controls. The Digital Services Act independently obliges large online platforms to implement elevated protections for minors, rendering self-declared age attestation legally insufficient as a compliance mechanism across EU member states.

Italy sets the digital age of consent at 14, broadly consistent with the GDPR floor that ranges from 13 to 16 across EU member states, with processing of data belonging to younger users requiring verified parental consent.

What Comes Next

Character Technologies faces a defined remediation timeline: the Garante's corrective orders carry enforcement weight, and non-compliance can trigger escalated penalties under GDPR's upper thresholds — up to 4% of global annual turnover. The Italy Character.AI fine also signals to peer regulators across the EU that AI chatbot platforms catering to broad consumer audiences, including teenagers, face intensifying scrutiny on AI age verification infrastructure.

The action is likely to accelerate industry-wide investment in compliant age assurance technologies as companies weigh the cost of retrofitting systems against the regulatory and reputational risk of enforcement.

Outlook

The €158,000 penalty against Character Technologies underscores Italy's role as a front-line enforcer of AI privacy regulation for consumer-facing AI products, particularly those accessible to minors. With the EU AI Act now fully operative and the DSA embedding child safety obligations across platforms, the compliance bar for AI age verification has risen materially. Character.AI's path forward in the European market depends on the credibility and speed of its technical remediation — a standard the Garante will monitor closely.

Mentioned tickers: N/A

Gain deeper insights from your reading