Compliance Briefing — Italy’s Garante orders temporary ChatGPT suspension
Italy’s data protection authority ordered OpenAI to halt ChatGPT processing of Italian users on 31 March 2023 over GDPR transparency, lawful basis, and age verification concerns.
On 31 March 2023 Italy’s Garante per la protezione dei dati personali issued an urgent order requiring OpenAI to stop processing Italian users’ data for ChatGPT pending remedial measures. The authority cited insufficient transparency, lack of a lawful basis for training data, inaccurate personal data handling, and absence of age verification to block minors.
The order required disclosure updates, legal basis assessment, user rights mechanisms, and an age-gating plan before service restoration. The suspension highlighted growing EU regulatory scrutiny of generative AI services and the need to document data provenance, consent or legitimate interest rationales, and child-safety controls.
- Garante press release outlines the legal grounds and corrective demands.
- Formal order (Italian) details the suspension scope and compliance steps required of OpenAI.
Continue in the Compliance pillar
Return to the hub for curated research and deep-dive guides.
Latest guides
-
Third-Party Risk Oversight Playbook — Zeph Tech
Operationalize OCC, Federal Reserve, EBA, and MAS outsourcing expectations with lifecycle controls, continuous monitoring, and board reporting.
-
Compliance Operations Control Room — Zeph Tech
Implement cross-border compliance operations that satisfy Sarbanes-Oxley, DOJ guidance, EU DORA, and MAS TRM requirements with verifiable evidence flows.
-
SOX Modernization Control Playbook — Zeph Tech
Modernize Sarbanes-Oxley (SOX) compliance by aligning PCAOB AS 2201, SEC management guidance, and COSO 2013 controls with data-driven testing, automation, and board reporting.