GPDP provisional order on ChatGPT — compliance prescriptions and deadlines (April 2023)

Press release — ChatGPT: the GPDP may lift the temporary processing limitation if OpenAI complies with the prescribed measures by 30 April 2023

I. Regulatory Summary

Operationally significant for generative AI providers processing personal data in Italy: requires immediate transparency, age safeguards, reassessment of legal basis for training, and accessible rights-handling (including for non‑users), with staged deadlines and public communications.

II. Full Description

## Nature of the instrument GPDP press release describing compliance prescriptions linked to a provisional limitation measure affecting ChatGPT. ## Key deadlines in the document - 30 April 2023: implement prescribed measures for the authority to lift the provisional limitation. - 15 May 2023: public awareness campaign. - 31 May 2023: submit age verification plan. - 30 September 2023: implement age verification. ## Scope Focuses on data protection compliance of the ChatGPT service, including training-related processing, transparency, and child protection.

III. Scope & Application

Press release describing a set of prescriptions addressed to OpenAI following the GPDP’s provisional measure temporarily limiting processing of personal data of Italian users in connection with ChatGPT. It sets a compliance deadline (30 April 2023) after which the authority may suspend (lift) the provisional limitation if measures are implemented. The prescriptions cover transparency notices, age gating, legal basis for processing (including training), facilitation of data subject rights (including for non‑users), and a staged plan for age verification and user awareness.

IV. Policy Impact Assessment

Primary Focus: gdpr_enforcement_on_ai_services