Wiki · Enforcement timeline
Catalog dashboard
Enforcement timeline
Chronologically-ordered enforcement actions linked to the instruments and topics tracked in the Policy Window catalog. Closed cases sort by their resolution year; ongoing cases sort by initiation. Each entry links to the catalog topics + the catalog instruments the case touches, and (where possible) to the best-available primary source for the action.
13 catalogued cases total · 5 match the current filter (topic = Foundation Models / GPAI) clear all.
Filters
Cases (5)
- Settlement with remedy
- Consent decree
- Withdrawn
- Ongoing
- Open arrow = ongoing (no resolution year yet)
- Consent decree
2024 · CN
CAC Doubao deep-synthesis enforcement
Enforcer: Cyberspace Administration of China (CAC)
Target: ByteDance (Doubao)
Violation alleged: Doubao deployed deepfake-generation feature without prior CAC algorithm registration; failed to embed mandatory deep-synthesis content-provenance label per Deep Synthesis Provisions Art. 16. CAC requested feature removal pending registration.
Lesson: First named CN-GENAI-2023 enforcement against a frontier-tier Chinese AI developer. Demonstrates: (1) CN registration regime applies pre-deployment + has bite even against domestic champions; (2) cross-instrument enforcement (GenAI rules + Deep Synthesis rules) is operative; (3) remediation is rapid (weeks not years) but private — no consent decree text published.
Source: http://www.cac.gov.cn/2024-01/29/c_1709169093555820.htm
- Settlement with remedy
2023 → 2024 · EU
EDPB ChatGPT Taskforce
Enforcer: European Data Protection Board (EDPB) — coordinated DPA action
Target: OpenAI
Violation alleged: Italian Garante temporarily banned ChatGPT (Mar-Apr 2023) over alleged lack of legal basis for training-data processing, missing age-verification, and inability to honour data-subject rights. EDPB convened taskforce to coordinate DPA responses.
Lesson: First EU-wide AI enforcement coordination predating the EU AIA. Established that GDPR applies fully to LLM training + deployment + that DPAs would coordinate via EDPB rather than fragment. ChatGPT resumed Italian service after age-verification + Article-15 right-of-access endpoint additions. Direct precedent for EU AIA Art. 53 implementation timeline.
- Withdrawn
2023 → 2024 · IN
MEITY deepfake takedown advisories
Enforcer: Ministry of Electronics and Information Technology (MEITY)
Target: Multiple intermediaries — Meta, YouTube/Google, X, several Indian social platforms
Violation alleged: Failure to take down political deepfake content within statutory windows (36 hours under IT Rules 2021). MEITY's Mar-2024 advisory additionally required pre-deployment-approval for AI models above unspecified capability thresholds; rescinded Apr-2024 after frontier-lab pushback.
Lesson: India's compressed legislative cycle: a sweeping pre-deployment-approval requirement (closer to CN registration than US sectoral) was rescinded within 5 weeks after industry + civil-society pushback. Demonstrates that Global South AI regulation is in active design AND that even nationally-coercive states face frontier-lab leverage. Indian regulatory approach now favours post-deployment incident reporting + IT-Rules takedown.
Source: https://www.meity.gov.in/writereaddata/files/Advisory%201%20March%202024.pdf
- Ongoing
2023 → ongoing · US
FTC investigation of OpenAI
Enforcer: Federal Trade Commission
Target: OpenAI
Violation alleged: Civil Investigative Demand alleging consumer-protection violations: misleading claims about ChatGPT capabilities, training-data privacy, and consumer harm from hallucinations.
Lesson: First US federal enforcement action against a frontier-AI developer. Establishes that pre-AI-statute consumer-protection authority (FTC §5) can be applied to AI services — supports the US 'sectoral / ex-post liability' regime (vs EU's ex-ante AIA). Action remains pending; no judgment yet.
Source: https://www.washingtonpost.com/technology/2023/07/13/ftc-openai-chatgpt-sam-altman-lina-khan/news secondary
- Ongoing
2023 → ongoing · US
New York Times v. OpenAI + Microsoft
Enforcer: New York Times Company (private civil litigation)
Target: OpenAI Inc. + Microsoft Corp.
Violation alleged: Unauthorised reproduction of NYT-copyrighted articles in GPT training corpora; output of substantially similar text on prompted query; removal of copyright-management information.
Lesson: First major frontier-foundation-model copyright lawsuit by a primary news source. Discovery has surfaced disclosure of training-data composition that the EU AIA Art. 53 transparency requirements would have surfaced ex-ante. The case is the highest-stakes ex-post-liability action testing whether US sectoral approach can substitute for ex-ante regulation on training-data rights — outcome will inform 2025-2027 regulatory debates.
Source: https://www.nytimes.com/2023/12/27/business/media/new-york-times-open-ai-microsoft-lawsuit.html
Editorial scope
This timeline reflects enforcement cases tracked in the Policy Window catalog. It is not exhaustive; coverage focuses on high-precedent matters relevant to the catalogued instruments (currently 13 cases across EU, US, UK, China, India, Italy, France). The catalog deliberately omits routine regulator letters and ongoing investigations whose materials are not public.
For the inclusion rubric (when a case enters the catalog, what level of source-defensibility is required, how jurisdictional balance is managed), see /wiki/methodology. Cases marked “ongoing” remain editorial-watch items; outcomes get backfilled as the public record settles.