Skip to main content
NOPE
In Effect Regulation AI Safety

IT Garante AI

Italy Garante AI Enforcement Actions

Italian DPA (Garante) is most aggressive EU enforcer on AI. Precedent-setting enforcement against ChatGPT and Replika. Enforcement theory: companion AI processes special category health data.

Jurisdiction

Italy

Enacted

Mar 31, 2023

Effective

Mar 31, 2023

Enforcement

Garante per la protezione dei dati personali

Ongoing enforcement actions since ChatGPT ban (March 2023). €15M fine issued December 2024.

Garante Italy

Why It Matters

Italy sets enforcement precedent for all EU DPAs. Replika case establishes companion AI = health data. Other DPAs will follow.

At a Glance

Applies to

General ChatbotAI Companion

Requires

Transparency

Who Must Comply

  • AI chatbot operators serving Italian users

Obligations fall on:

Safety Provisions

  • Replika emergency block (Feb 2023): Lack of age verification
  • Replika fine (May 2025, decision Apr 2025): €5M for processing mental health data without lawful basis
  • ChatGPT fine (Dec 20, 2024): €15M for transparency failures, no age verification
  • Required: Robust age verification (self-declaration insufficient)
  • Required: Consent mechanisms specific to mental health data

Compliance & Enforcement

Penalties

€20M or 4% revenue (whichever higher)

View on map

Italy

Focus Areas

Mental health & crisis
Child safety
Active safeguards required

Compliance Help

Requires robust age verification; explicit consent for emotional data; content moderation preventing harmful outputs to minors.

See how NOPE helps

Cite This

APA

Italy. (2023). Italy Garante AI Enforcement Actions.

Related Regulations

In Effect AT

Digital Austria 2.0

Austria's digital sovereignty framework establishing Sovereignty Compass for AI audits and mandatory Digi-Check for all legislation.

In Effect NL

Netherlands Algorithmic Framework

Netherlands' algorithmic risk assessment framework specifically addressing mental health chatbots in risk reports and requiring Fundamental Rights Impact Assessment (FRIA).

In Effect AT

Austria AI Service Center

Austria's national AI authority established within RTR (Rundfunk und Telekom Regulierungs-GmbH) for EU AI Act market surveillance coordination.

In Effect CH

Switzerland FADP

Switzerland's revised data protection law with Article 21 automated decision transparency requirements, human review rights, and fines up to CHF 250,000.

In Effect PT

Portugal Digital Rights Charter

Portugal's Charter of Digital Rights with Article 9 requiring AI to respect fundamental rights and establishing algorithmic auditability principles.

In Effect RS

Serbia PDP Law

Serbia's GDPR-aligned data protection law with profiling safeguards and DPIA requirements.

All regulations Check if this applies to you

Last updated February 17, 2026. Verify against primary sources before relying on this information.