SELINA.ai
Sign in

Garante's $181,000 Character.AI Fine: What Italy's Enforcement Signals for Emotional/Companion AI Privacy

On July 9, 2026, Italy's data protection authority fined Character Technologies €158,000—roughly $181,000—for privacy violations centered on minor safeguards and age verification. The amount is small. The signal is not. If you build or operate anything that resembles a companion AI, an emotional chatbot, or a persistent conversational product, this enforcement action and the one before it are drawing a regulatory blueprint you need to read as a build checklist, not a news headline.

Key Takeaways

What Did Italy's Garante Actually Fine Character.AI For?

The fine targeted multiple violations tied to minors' protections and data processing transparency. The regulator found "critical issues" in age-verification systems and in the information provided to users about how their personal data was being processed. Separately, the authority cited the company for delays in performing a data protection impact assessment and in appointing an EU representative—procedural items that might seem like paperwork but function as the regulator's litmus test for whether a company treated privacy risk seriously from the start.

Beyond the fine itself, Garante issued remedial orders. The company must set minors' profiles to private mode by default and report adopted measures within 120 days. It must also implement a cooling-off period designed to prevent a blocked minor from immediately re-registering a new account. That last item is specific to companion products—it targets the persistent, relationship-forming nature of these tools in a way you wouldn't see in an enforcement action against a search engine or a general-purpose assistant.

Why Does the Fine Amount Not Tell You What You Need to Know?

€158,000 is modest. For context, fourteen months earlier—on May 19, 2025—the same authority fined Replika's parent company Luka Inc. €5 million for GDPR violations, roughly 30 times the Character.AI penalty. Per GDPRhub's analysis, that €5 million amounted to 2% of Luka's global turnover—half the statutory maximum under GDPR. Regulators are willing to use turnover-based calculations for companion apps, not just Big Tech.

The pattern matters more than either number. Both cases turned on the same structural failures:

In the Replika case, Garante found violations of Articles 5(1)(a), 5(1)(c), 6, 12, 13, 24, and 25(1) GDPR. These are not exotic AI-specific provisions. They are baseline data protection plumbing: lawfulness, data minimization, transparency, controller responsibility, data protection by design. The Garante's core thesis in both cases is that companion-AI companies failed at fundamentals, not at some novel AI-safety standard.

If you're building in this space and you're a small or mid-size startup, the takeaway is simple: you are not too small to matter. The compliance bar is set by the pattern of violations, not by your revenue or your user count.

How Is Companion AI Being Regulated Differently from General Chatbots?

It is being treated as a distinct risk category. The enforcement actions against Character.AI and Replika target features unique to companion products—persistent user profiles, emotional engagement loops, re-registration after a minor is blocked, and the absence of friction between a user and a system designed to form ongoing relationships. General-purpose chatbot enforcement—like Italy's 2023 temporary ban on ChatGPT—focused on training data legality and opt-out mechanisms. The companion cases focus on what happens during use, especially for vulnerable users.

This distinction is now being codified in statute across multiple jurisdictions:

What Does California's SB 243 Require?

California's companion-chatbot safety law SB 243, effective January 1, 2026, requires crisis referrals when conversations touch self-harm or mental health emergencies, non-human disclosure—the chatbot must tell you it's not a person—and break reminders to interrupt extended sessions. These are product requirements, not data-handling rules. They apply to the interaction layer, not the storage layer.

What About Oregon and Washington?

Oregon's SB 1546 and Washington's HB 2225 both take effect January 1, 2027, creating a coordinated Pacific Northwest framework for transparency, mental health protections, and minor safeguards in companion-AI products. At least seven US states are actively writing AI companion laws in 2026, indicating this is a fast-moving, multi-jurisdiction compliance landscape.

What Is the EU AI Act Adding?

Transparency rules under the EU AI Act requiring a chatbot to disclose it is not a person begin to apply from August 2026—one month after this fine. For companion products, the timing is not coincidental. The regulatory apparatus is tightening around the specific features that make companion AI sticky: persistence, emotional tone, parasocial dynamics.

What Is China Doing?

China's Cyberspace Administration issued a final regulation on "anthropomorphic AI interaction services" including AI companions, taking effect July 15, 2026. This is a global pattern. If you ship a companion product to users in any major market, you are now inside a regulatory perimeter that did not exist eighteen months ago.

Why Should You Read the Remedial Order, Not Just the Fine?

Because the remedial order is a product spec. The Garante didn't just extract money—it dictated engineering changes. Private-by-default profiles for minors. A cooling-off period that prevents circumvention of age blocks. A 120-day reporting window. These are features that require backend work: account state management, re-registration detection, default privacy settings that can't be toggled by the user if the user is a minor.

The Replika case went further. Garante opened a new investigation into the methods used to train the underlying model—moving enforcement upstream from product behavior to training data. If that investigation produces findings, it will affect every companion-AI builder who fine-tunes on user conversations or user-generated content.

For founders, the implication is concrete: your compliance work is not a legal review of your privacy policy. It is an engineering project. You need to build age-assurance flows that go beyond self-attestation, implement re-registration detection for blocked accounts, default minor profiles to restrictive settings, and have a DPIA completed before your product touches real users—not after a regulator sends you a letter.

What Is a DPIA and Why Does It Keep Showing Up in These Cases?

A Data Protection Impact Assessment is required under GDPR Article 35 when processing is "likely to result in a high risk to the rights and freedoms of natural persons." Companion AI—which processes emotional disclosures, builds persistent user profiles, and is used by minors—falls squarely into that category. Both Character.AI and Replika were cited for delays in performing DPIAs.

This is the regulators' proxy metric. If you haven't done a DPIA before launch, it signals—to the regulator—that you didn't consider privacy risk as part of your product design. Whether or not you actually did, the absence of the document is treated as evidence of insufficient care. For privacy-first builders, having a completed DPIA pre-launch is now a competitive trust signal, not just a cost center. The same logic applies to appointing an EU representative if you process EU residents' data from outside the EU.

These are not complex or expensive tasks. They are easy to forget and easy to deprioritize. That's exactly why regulators treat them as tells.

How Does the FTC's Inquiry Fit Into This Picture?

In September 2025, the FTC opened an inquiry into how seven major AI companies test for and handle harms to children and teens. The inquiry is not limited to companion products, but companion products are at the center of the concern. The US enforcement posture is moving in the same direction as Europe's, just through different institutional channels—FTC Section 5 authority rather than GDPR.

The practical result for builders is the same: if your product is used by minors or could be used by minors, you need age assurance, not age attestation. You need crisis-response mechanisms. You need transparent processing disclosures. And you need them before enforcement arrives, not after.

Why Do Regulators Care About Companion AI Specifically?

The International AI Safety Report 2026 notes that heavy use of AI companions is associated with increased loneliness, emotional dependence, and reduced engagement in human social interactions. You can debate the causal direction and the quality of individual studies. Regulators are not waiting for that debate to resolve. They are acting on the precautionary principle, particularly where minors are involved.

Companion AI products are designed to form persistent relationships. That is the product. The regulatory concern is that the same features that make the product work—continuity of memory, emotional responsiveness, availability at any hour—also create dependency risks, especially for adolescents. The APA's analysis frames AI companions as reshaping emotional connection patterns, and the clinical literature on emotional AI dependency in children is growing.

Whether you agree with the regulatory framing or not, it is the framing that produces enforcement actions. Build accordingly.

What Does a Practical Compliance Checklist Look Like for Companion AI Builders?

Based on the violations cited in both the Character.AI and Replika cases, plus incoming statutory requirements in the US, EU, and China, here is a minimum set of items you should have addressed before launch:

  1. Age assurance beyond self-attestation. Both Garante cases cited this. California's SB 243 requires it. China's new regulation requires it. Self-reported birthdates are not sufficient.
  2. DPIA completed pre-launch. Not after a regulator inquiry. Before.
  3. EU representative appointed if you process EU residents' data from outside the EU. This is an Article 27 requirement. Both companies were cited for failing to do it on time.
  4. Privacy notice that actually describes your processing. Both cases cited inadequate privacy notices. If your notice is a boilerplate template that doesn't describe how companion-AI conversations are stored, processed, and used, it's a violation waiting to happen.
  5. Minor profiles set to private/restrictive by default. Garante ordered this as a remedial measure for Character.AI. Build it in from the start.
  6. Re-registration detection. The cooling-off period mandate means you need to detect when a blocked minor attempts to create a new account. This requires engineering, not just policy.
  7. Non-human disclosure. Required by California SB 243, the EU AI Act (from August 2026), and China's new regulation. The chatbot must tell the user it is not a person.
  8. Crisis referrals. If the conversation touches self-harm, suicide, or mental health emergencies, you need a mechanism to surface real-world resources. California requires it. It's good practice everywhere.
  9. Break reminders. California requires them. They interrupt extended sessions. Build the timer.

This list is not exhaustive. It is what two enforcement actions plus four jurisdictions' statutes are telling you right now.

What Does Italy's Expanding Enforcement Toolkit Mean for the Next Twelve Months?

Italy's domestic AI Act implementation is progressing. By October 2026, the Italian government is expected to adopt implementing decrees defining sanctioning powers for authorities as required by the EU AI Act. This means the Garante's toolkit is about to get larger. The current fines are issued under GDPR. Future enforcement could layer on EU AI Act penalties, which carry their own fine ceilings.

The Replika investigation into training methods is still open. If Garante concludes that using user conversations to train companion-AI models without explicit, granular consent violates GDPR, that finding would affect every company in the space that fine-tunes on user data. The practical challenge of making models "forget" specific user data is nontrivial—and regulators are beginning to ask for it.

How Does This Affect How We Build Selina?

We build a companion AI. We read these enforcement actions as a product spec, not as someone else's problem.

Our approach to memory is straightforward: content is encrypted at rest. Memory is NOT end-to-end encrypted—a slice of each request reaches a frontier provider at inference, and we state that plainly. Files and transfers via SelinaSEND are end-to-end encrypted and zero-knowledge. We don't conflate the two. We don't claim what we can't deliver.

Operational metadata is kept for a short retention window—not zero retention. The account is protected; content is encrypted. Delete means gone. Actually gone.

We route through a stack of frontier models, routed per task. We don't claim perfect memory—it's adaptive, not a transcript. We don't claim unlimited anything—credits are finite. We state the honest limits because that is part of the product, not a disclaimer bolted on after the fact.

The Garante's enforcement pattern confirms something we've operated on from the start: if you build a product that remembers people, you'd better build the privacy architecture before you build the features. Not after a regulator letter. Not after a headline. Before.

If you want to see what that looks like in practice—start a free 7-day trial, no card required.

Frequently Asked Questions

How much was Character.AI fined and for what?

Italy's Garante fined Character Technologies €158,000 (about $181,000) on July 9, 2026, for critical issues in age verification, inadequate privacy notices, and delays in performing a DPIA and appointing an EU representative.

How does this fine compare to the earlier Replika penalty?

It's much smaller—about 30 times less than the €5 million Garante fined Replika's maker Luka Inc. in May 2025, though both cases cited the same core failures: weak age verification, delayed DPIAs, missing EU representatives, and inadequate privacy notices.

What remedial actions did Garante actually order Character.AI to make?

The company must set minors' profiles to private by default, implement a cooling-off period to stop blocked minors from immediately re-registering, and report the measures it adopts within 120 days.

Is companion AI being regulated differently from general-purpose chatbots?

Yes—enforcement and new laws increasingly target features specific to companion products, like persistent profiles and emotional engagement loops, whereas general chatbot cases (like the 2023 ChatGPT action) focused mainly on training data legality and opt-outs.

What other regulations should companion-AI builders watch for?

California's SB 243 (effective January 1, 2026) requires crisis referrals, non-human disclosure, and break reminders; Oregon's SB 1546 and Washington's HB 2225 take effect January 1, 2027; the EU AI Act's transparency rules apply from August 2026; and China's anthropomorphic-AI regulation took effect July 15, 2026.

Sources & References

Michael C.

Michael C.

Founder & Principal Engineer, Selina Labs

Michael builds Selina, a privacy-first AI that remembers you across conversations. He ships security-sensitive AI in production — real attacks, real fixes, measured in minutes and dollars — and writes about privacy, security, and LLMs from that seat. Top Rated Plus and expert-verified on Upwork.

Learn more about Selina.ai