A PYMNTS Company

Italy Fines AI Chatbot Maker Replika €5 Million Over Privacy Violations

By  |  May 19, 2025

Italy’s data protection authority has imposed a €5 million ($5.64 million) penalty on Luka Inc., the developer behind the AI chatbot Replika, citing serious violations of personal data protection laws. The decision marks the latest in a series of enforcement actions by European regulators targeting AI platforms, according to Reuters.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    Replika, a San Francisco-based startup launched in 2017, offers users AI-powered avatars marketed as virtual companions designed to enhance emotional wellbeing. Despite its therapeutic positioning, the app came under regulatory scrutiny in Italy over concerns related to data processing and child safety.

    Per Reuters, the Italian watchdog, known as Garante, had already suspended Replika’s operations in the country in February 2023. The move followed an initial review that highlighted potential risks to minors, prompting a deeper investigation into the platform’s data handling practices.

    The findings revealed that Replika lacked a valid legal foundation for processing user data and failed to implement effective age-verification measures to prevent children from accessing the service. As a result, Garante levied the multi-million euro fine on Luka Inc.

    Related: Advertising Enters the Chat: Google Integrates Ads Into AI

    In addition to the fine, the regulator announced the launch of a separate inquiry to determine whether Replika’s underlying generative AI technology aligns with the European Union’s General Data Protection Regulation (GDPR). The probe will specifically focus on how the chatbot’s language model was trained and whether it respects EU privacy standards.

    Reuters noted that Replika did not provide an immediate comment in response to the sanction.

    Garante has emerged as one of the EU’s most assertive enforcers of digital privacy law. In a comparable case last year, the authority temporarily banned OpenAI’s ChatGPT in Italy and later issued a €15 million fine over alleged non-compliance with EU data protection rules, per Reuters.

    Source: Reuters