Skip to main content
NOPE
In Effect Regulation AI Safety

IT Garante AI

Italy Garante AI Enforcement Actions

Italian DPA (Garante) is most aggressive EU enforcer on AI. Precedent-setting enforcement against ChatGPT and Replika. Enforcement theory: companion AI processes special category health data.

Jurisdiction

Italy

Enacted

Mar 31, 2023

Effective

Mar 31, 2023

Enforcement

Garante per la protezione dei dati personali

Ongoing enforcement actions since ChatGPT ban (March 2023). €15M fine issued December 2024.

Garante Italy

Why It Matters

Italy sets enforcement precedent for all EU DPAs. Replika case establishes companion AI = health data. Other DPAs will follow.

At a Glance

Applies to

General ChatbotAI Companion

Requires

Transparency

Who Must Comply

  • AI chatbot operators serving Italian users

Obligations fall on:

Safety Provisions

  • Replika emergency block (Feb 2023): Lack of age verification
  • Replika fine (May 2025, decision Apr 2025): €5M for processing mental health data without lawful basis
  • ChatGPT fine (Dec 20, 2024): €15M for transparency failures, no age verification
  • Required: Robust age verification (self-declaration insufficient)
  • Required: Consent mechanisms specific to mental health data

Compliance & Enforcement

Penalties

€20M or 4% revenue (whichever higher)

View on map

Italy

Focus Areas

Mental health & crisis
Child safety
Active safeguards required

Cite This

APA

Italy. (2023). Italy Garante AI Enforcement Actions.

Related Regulations

In Effect IT

Italy AI Act

First EU member state comprehensive national AI law complementing the EU AI Act. 28 articles covering AI governance principles, sector-specific rules for healthcare, employment, justice, and public administration, criminal provisions, copyright protections, and a EUR 1 billion AI investment fund.

In Effect AT

Digital Austria 2.0

Austria's digital sovereignty framework establishing Sovereignty Compass for AI audits and mandatory Digi-Check for all legislation.

In Effect EE

Estonia Kratt Plan

Estonia's €85M AI and Data Action Plan establishing safety testing framework and human-centered AI deployment principles.

In Effect CH

Switzerland FADP

Switzerland's revised data protection law with Article 21 automated decision transparency requirements, human review rights, and fines up to CHF 250,000.

In Effect PT

Portugal Digital Rights Charter

Portugal's Charter of Digital Rights with Article 9 requiring AI to respect fundamental rights and establishing algorithmic auditability principles.

In Effect RS

Serbia PDP Law

Serbia's GDPR-aligned data protection law with profiling safeguards and DPIA requirements.

All regulations Check if this applies to you

Last updated February 17, 2026. Verify against primary sources before relying on this information.