Wiki · Enforcement timeline

Catalog dashboard

Enforcement timeline

Chronologically-ordered enforcement actions linked to the instruments and topics tracked in the Policy Window catalog. Closed cases sort by their resolution year; ongoing cases sort by initiation. Each entry links to the catalog topics + the catalog instruments the case touches, and (where possible) to the best-available primary source for the action.

13 catalogued cases total · 5 match the current filter (year = 2022) clear all.

Filters

By year

Topic + instrument filters are link-based (?topic=biometric_id, ?instrument=EU-AIA-2024). See “Related catalog rows” on each case below to apply a filter without typing.

Cases (5)

Settlement with remedy
Fine imposed
Consent decree
Open arrow = ongoing (no resolution year yet)

2022 → 2023 · CN
CN CAC algorithm-recommendation rectification campaign
Consent decree
Enforcer: Cyberspace Administration of China (CAC)
Target: Multiple platforms: Douyin, Kuaishou, Xiaohongshu, Weibo, Taobao (named in CAC public action)
Violation alleged: Unregistered or non-compliant algorithm-recommendation systems. Failure to provide opt-out mechanisms. Failure to register algorithms with CAC under the Algorithm Recommendation Provisions.
Lesson: First operational implementation of pre-deployment AI registration regime. Demonstrated that CAC has enforcement bandwidth + technical capability to audit recommender algorithms at scale. Platforms responded by significantly altering algorithm transparency + opt-out flows. Cited as the working counter-example to the 'registration regimes are unenforceable' claim.
Topics:Transparency Obligations [filter],Individual Redress [filter],Deepfakes / Synthetic Content [filter]
Instruments:Interim Measures for Generative AI Service Management [filter]
Source: http://www.cac.gov.cn/2022-03/01/c_1647248428128290.htm
2022 → 2023 · US
EEOC v. iTutorGroup, Inc.
EEOC v. iTutorGroup (AI age-discrimination consent decree)
Consent decree
E.D.N.Y. · No. 1:22-cv-02565
Enforcer: Equal Employment Opportunity Commission (EEOC)
Target: iTutorGroup, Inc.
Violation alleged: iTutorGroup's recruiting software automatically rejected female applicants aged 55 and older, and male applicants aged 60 and older, regardless of qualifications.
Lesson: First US EEOC-as-party suit against an AI-mediated hiring tool resolved by consent decree ($365,000 settlement + 5-year monitoring; required revised non-discriminatory application processes; mandatory anti-discrimination training; right to re-apply for rejected applicants). Establishes that pre-AI civil-rights statutes (ADEA, Title VII, ADA) can be applied to algorithmic hiring outputs without requiring a dedicated AI statute — the load-bearing precedent for the US 'sectoral / ex-post liability' regime in employment AI.
Topics:AI in Employment [filter],Individual Redress [filter],Transparency Obligations [filter]
Instruments:Executive Order 14110 on Safe, Secure, Trustworthy AI [filter],NYC Local Law 144 of 2021 (Automated Employment Decision Tools)[filter]
Source: https://www.eeoc.gov/newsroom/itutorgroup-pay-365000-settle-eeoc-discriminatory-hiring-suitregulator landing
2022 → 2023 · UK
UK ICO live-facial-recognition post-mortem
Settlement with remedy
Enforcer: Information Commissioner's Office (ICO)
Target: South Wales Police + Metropolitan Police (cross-force assessment)
Violation alleged: Live facial recognition deployments in public spaces without adequate proportionality assessment, transparency, or appeal mechanisms. Disparate accuracy across demographic groups.
Lesson: Mandatory pre-deployment data-protection-impact-assessment + ongoing accuracy reporting for police LFR. Demonstrated that principles-based UK regime can produce binding outcomes via sector-regulator action — but slowly (action initiated 2019, settled 2023). Cited as evidence FOR the principles-based regime (operationally adapts to context) AND AGAINST it (slow + uneven coverage).
Topics:Biometric Identification [filter],AI in Criminal Justice [filter],Individual Redress [filter]
Instruments:UK Pro-Innovation Approach to AI Regulation (White Paper)[filter]
Source: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/06/ico-publishes-position-on-the-use-of-live-facial-recognition/
2018 → 2022 · US
HUD / DOJ v. Facebook (ad-targeting Fair Housing Act)
Settlement with remedy
Enforcer: US Department of Housing and Urban Development (HUD) + Department of Justice (DOJ)
Target: Meta Platforms, Inc. (Facebook)
Violation alleged: Facebook's ad-delivery and ad-targeting tools (including 'Special Ad Audience' / Lookalike Audiences) allowed advertisers to exclude users on the basis of protected classes (race, colour, religion, sex, familial status, national origin, disability), and the platform's algorithmic delivery further skewed ad reach.
Lesson: First major US federal settlement holding a platform liable for discriminatory algorithmic delivery under a pre-AI civil-rights statute. DOJ settlement (June 2022) required Meta to develop a new 'Variance Reduction System' to redress racially-skewed ad delivery + sunset the Special Ad Audience tool. Establishes that algorithmic-delivery discrimination — not just user-facing targeting options — is reachable under FHA. Subsequently cited as the template for analogous reasoning under ECOA (lending) and ADEA (employment).
Topics:Individual Redress [filter],Transparency Obligations [filter]
Instruments:Executive Order 14110 on Safe, Secure, Trustworthy AI [filter]
Source: https://www.justice.gov/opa/pr/justice-department-secures-groundbreaking-settlement-agreement-meta-platforms-formerly-knownregulator landing
2021 → 2022 · EU
Italian DPA — Clearview AI
Fine imposed
Enforcer: Garante per la protezione dei dati personali (Italian DPA)
Target: Clearview AI Inc.
Violation alleged: Mass scraping of publicly-available facial images + biometric processing without legal basis under GDPR. Provision of services to Italian users without GDPR-compliant data-processing arrangements.
Lesson: €20M fine + mandatory deletion of Italian-resident facial-recognition data. Established that GDPR provides binding enforcement authority for biometric-AI applications even where no AI-specific instrument exists. Replicated in France (2022) + UK (2022) + Greece (2022) — the only successful cross-jurisdictional AI enforcement so far.
Topics:Biometric Identification [filter],Training-Data Rights [filter],Individual Redress [filter]
Instruments:EU AI Act [filter],Council of Europe Framework Convention on AI [filter]
Source: https://www.gpdp.it/web/guest/home/docweb/-/docweb-display/docweb/9751362

Editorial scope

This timeline reflects enforcement cases tracked in the Policy Window catalog. It is not exhaustive; coverage focuses on high-precedent matters relevant to the catalogued instruments (currently 13 cases across EU, US, UK, China, India, Italy, France). The catalog deliberately omits routine regulator letters and ongoing investigations whose materials are not public.

For the inclusion rubric (when a case enters the catalog, what level of source-defensibility is required, how jurisdictional balance is managed), see /wiki/methodology. Cases marked “ongoing” remain editorial-watch items; outcomes get backfilled as the public record settles.

Enforcement timeline

13 catalogued cases total · 5 match the current filter (year = 2022) clear all.

Cases (5)

Settlement with remedy
Fine imposed
Consent decree
Open arrow = ongoing (no resolution year yet)

2022 → 2023 · CN

CN CAC algorithm-recommendation rectification campaign

Consent decree

Enforcer: Cyberspace Administration of China (CAC)

Target: Multiple platforms: Douyin, Kuaishou, Xiaohongshu, Weibo, Taobao (named in CAC public action)

Violation alleged: Unregistered or non-compliant algorithm-recommendation systems. Failure to provide opt-out mechanisms. Failure to register algorithms with CAC under the Algorithm Recommendation Provisions.

Lesson: First operational implementation of pre-deployment AI registration regime. Demonstrated that CAC has enforcement bandwidth + technical capability to audit recommender algorithms at scale. Platforms responded by significantly altering algorithm transparency + opt-out flows. Cited as the working counter-example to the 'registration regimes are unenforceable' claim.

Topics:Transparency Obligations [filter],Individual Redress [filter],Deepfakes / Synthetic Content [filter]

Instruments:Interim Measures for Generative AI Service Management [filter]

Source: http://www.cac.gov.cn/2022-03/01/c_1647248428128290.htm

2022 → 2023 · US

EEOC v. iTutorGroup, Inc.

EEOC v. iTutorGroup (AI age-discrimination consent decree)

Consent decree

E.D.N.Y. · No. 1:22-cv-02565

Enforcer: Equal Employment Opportunity Commission (EEOC)

Target: iTutorGroup, Inc.

Violation alleged: iTutorGroup's recruiting software automatically rejected female applicants aged 55 and older, and male applicants aged 60 and older, regardless of qualifications.

Lesson: First US EEOC-as-party suit against an AI-mediated hiring tool resolved by consent decree ($365,000 settlement + 5-year monitoring; required revised non-discriminatory application processes; mandatory anti-discrimination training; right to re-apply for rejected applicants). Establishes that pre-AI civil-rights statutes (ADEA, Title VII, ADA) can be applied to algorithmic hiring outputs without requiring a dedicated AI statute — the load-bearing precedent for the US 'sectoral / ex-post liability' regime in employment AI.

Topics:AI in Employment [filter],Individual Redress [filter],Transparency Obligations [filter]

Instruments:Executive Order 14110 on Safe, Secure, Trustworthy AI [filter],NYC Local Law 144 of 2021 (Automated Employment Decision Tools)[filter]

Source: https://www.eeoc.gov/newsroom/itutorgroup-pay-365000-settle-eeoc-discriminatory-hiring-suitregulator landing

2022 → 2023 · UK

UK ICO live-facial-recognition post-mortem

Settlement with remedy

Enforcer: Information Commissioner's Office (ICO)

Target: South Wales Police + Metropolitan Police (cross-force assessment)

Violation alleged: Live facial recognition deployments in public spaces without adequate proportionality assessment, transparency, or appeal mechanisms. Disparate accuracy across demographic groups.

Lesson: Mandatory pre-deployment data-protection-impact-assessment + ongoing accuracy reporting for police LFR. Demonstrated that principles-based UK regime can produce binding outcomes via sector-regulator action — but slowly (action initiated 2019, settled 2023). Cited as evidence FOR the principles-based regime (operationally adapts to context) AND AGAINST it (slow + uneven coverage).

Topics:Biometric Identification [filter],AI in Criminal Justice [filter],Individual Redress [filter]

Instruments:UK Pro-Innovation Approach to AI Regulation (White Paper)[filter]

Source: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/06/ico-publishes-position-on-the-use-of-live-facial-recognition/

2018 → 2022 · US

HUD / DOJ v. Facebook (ad-targeting Fair Housing Act)

Settlement with remedy

Enforcer: US Department of Housing and Urban Development (HUD) + Department of Justice (DOJ)

Target: Meta Platforms, Inc. (Facebook)

Violation alleged: Facebook's ad-delivery and ad-targeting tools (including 'Special Ad Audience' / Lookalike Audiences) allowed advertisers to exclude users on the basis of protected classes (race, colour, religion, sex, familial status, national origin, disability), and the platform's algorithmic delivery further skewed ad reach.

Lesson: First major US federal settlement holding a platform liable for discriminatory algorithmic delivery under a pre-AI civil-rights statute. DOJ settlement (June 2022) required Meta to develop a new 'Variance Reduction System' to redress racially-skewed ad delivery + sunset the Special Ad Audience tool. Establishes that algorithmic-delivery discrimination — not just user-facing targeting options — is reachable under FHA. Subsequently cited as the template for analogous reasoning under ECOA (lending) and ADEA (employment).

Topics:Individual Redress [filter],Transparency Obligations [filter]

Instruments:Executive Order 14110 on Safe, Secure, Trustworthy AI [filter]

Source: https://www.justice.gov/opa/pr/justice-department-secures-groundbreaking-settlement-agreement-meta-platforms-formerly-knownregulator landing

2021 → 2022 · EU

Italian DPA — Clearview AI

Fine imposed

Enforcer: Garante per la protezione dei dati personali (Italian DPA)

Target: Clearview AI Inc.

Violation alleged: Mass scraping of publicly-available facial images + biometric processing without legal basis under GDPR. Provision of services to Italian users without GDPR-compliant data-processing arrangements.

Lesson: €20M fine + mandatory deletion of Italian-resident facial-recognition data. Established that GDPR provides binding enforcement authority for biometric-AI applications even where no AI-specific instrument exists. Replicated in France (2022) + UK (2022) + Greece (2022) — the only successful cross-jurisdictional AI enforcement so far.

Topics:Biometric Identification [filter],Training-Data Rights [filter],Individual Redress [filter]

Instruments:EU AI Act [filter],Council of Europe Framework Convention on AI [filter]

Source: https://www.gpdp.it/web/guest/home/docweb/-/docweb-display/docweb/9751362