Italian Authority blocks Clothoff for serious GDPR violations related to the use of artificial intelligence to create non-consensual intimate images Deep nude AI has come under the spotlight
Italian Authority blocks Clothoff for serious GDPR violations related to the use of artificial intelligence to create non-consensual intimate images
Deep nude AI has come under the spotlight of European data protection authorities. On October 1st, 2025, the Italian Data Protection Authority (Garante per la protezione dei dati personali) issued an urgent interim ruling against AI/Robotics Venture Strategy 3 Ltd., the company behind Clothoff. This artificial intelligence tool is capable of generating nudified images of real people without their consent. The Authority’s intervention imposed an immediate ban on processing personal data of Italian users, identifying serious violations of European privacy regulations. The decision is based on key GDPR articles relating to the principles of fairness, accountability, and data protection by design and by default. This case represents an important precedent in the regulation of generative artificial intelligence and raises crucial questions about the future of responsible technological development in the European Union.
October 1st, 2025 marks an important date in the fight against the misuse of artificial intelligence. The Italian Data Protection Authority issued an urgent ruling against AI/Robotics Venture Strategy 3 Ltd., the company behind Clothoff. This deep nude AI allows the creation of fake intimate images of real people by manipulating photographs through advanced algorithms.
Following a thorough investigation, the Authority ordered the immediate restriction of processing personal data relating to individuals located in Italy. The decision is based on Articles 5(1)(a), 5(2), and 25 of the General Data Protection Regulation, which concern the principles of fairness, accountability, and data protection by design and by default.
The ruling took effect immediately and prevents Clothoff from processing any Italian users’ data while the investigation continues. Potential consequences include significant administrative fines and referrals to criminal authorities if further violations of European regulations are confirmed.
The Authority’s investigation revealed that Clothoff presented serious shortcomings in managing sensitive data. Despite dealing with highly sensitive visual information, the platform did not guarantee sufficient transparency to users. The individuals involved were not adequately informed about the risks associated with using the deep nude AI tool, nor did they have effective control over the manipulated content concerning them.
Furthermore, the service did not implement watermarking mechanisms or detection systems to prevent misuse of generated images. This lack represents a substantial violation of personal data protection regulations, as individuals can be easily identified or harmed through nudified content generated by artificial intelligence, even without direct identifiers.
An aggravating factor was the company’s behavior during the investigation. AI/Robotics Venture Strategy 3 Ltd. refused to fully cooperate with the Authority’s requests regarding documentation and legal justifications for their operations. This conduct violated the accountability obligations under GDPR and justified the use of the Authority’s emergency powers under Article 58(2)(f), which allows temporary bans to prevent serious privacy risks.
One of the fundamental pillars of GDPR is the concept of privacy by design and by default, enshrined in Article 25. This principle requires that data protection be integrated from the design phase of any technological system. In the case of Clothoff’s deep nude AI, this fundamental rule was completely ignored.
The platform was developed without considering the impact on the rights and freedoms of people whose images could be manipulated. No preventive controls were implemented to prevent harmful uses, nor were technical safeguards provided to protect individuals’ identity and dignity. This absence of design measures made the system inherently incompatible with European data protection requirements.
The Authority emphasized that artificial intelligence developers cannot simply create powerful technologies without taking responsibility for the consequences. Privacy must be incorporated into the DNA of every digital tool, especially when it manipulates biometric data or personal images. As already highlighted in other cases of artificial intelligence and GDPR, compliance with European regulations is fundamental for responsible technology development.
The Clothoff case raises fundamental questions about the boundary between technological innovation and respect for fundamental rights. Deepfakes, and particularly deep nude AI applications, represent a concrete threat to personal dignity and image rights. The ability to create fake intimate content without the consent of the people involved constitutes not only a privacy violation but also a potential tool for abuse and blackmail.
GDPR requires that the processing of personal data be lawful, fair, and transparent. In the context of deepfakes, these principles take on an even more stringent meaning. Technologies that enable non-consensual manipulation of personal images violate the fundamental right to informational self-determination and can cause psychological, social, and professional harm to victims.
The Italian Authority’s intervention demonstrates that European authorities are willing to use their powers to counter artificial intelligence applications that put fundamental rights at risk. The protection of human dignity prevails over freedom of technological development when the latter translates into tools of abuse.
The ruling against Clothoff marks a turning point in the regulation of generative artificial intelligence and synthetic media in the European Union. The message sent to developers is clear: it is not possible to bypass data protection obligations when designing systems capable of manipulating personal images.
The case establishes an important precedent on how regulatory authorities might respond to artificial intelligence applications that facilitate non-consensual image manipulation or the creation of sexualized deepfakes. Developers must now consider the following priorities with greater attention:
These priorities are not mere recommendations but legal obligations that companies must comply with to operate in the European market. The artificial intelligence sector must quickly adapt to this new regulatory scenario to avoid sanctions and ensure the development of ethically responsible technologies.
The Italian ruling also underscores the need for closer cooperation between national data protection authorities and artificial intelligence platforms. The deep nude AI phenomenon knows no national borders and requires coordinated responses at the European and international levels.
The Italian Authority’s action could influence upcoming enforcement initiatives in other European Union member states. Data protection authorities are developing a shared understanding of the risks posed by generative artificial intelligence and are refining legal tools to effectively counter them.
In the context of the AI Act, the new European regulation on artificial intelligence, cases like Clothoff take on particular value. They demonstrate the concrete application of the principles of accountability, transparency, and respect for fundamental rights that will be at the center of future artificial intelligence governance in Europe. Developers must prepare for an increasingly rigorous regulatory environment, where technological innovation must necessarily balance with the protection of people’s rights.
The Italian Data Protection Authority’s action against Clothoff’s deep nude AI marks a crucial moment in digital privacy protection. This case shows that European regulators are ready to act decisively when artificial intelligence threatens fundamental rights. The ban sends a clear message: technology companies cannot create tools that violate dignity and privacy without facing serious consequences.
If you’re concerned about your digital privacy, start by checking your online presence regularly. Use reverse image search tools to see where your photos appear, and be cautious about sharing personal images on platforms with unclear privacy policies. Enable privacy settings on social media and consider watermarking important personal photos.
Remember, the fight for digital rights is ongoing, but you’re not alone. Authorities across Europe are working to protect citizens from harmful AI applications. Stay informed about your rights under GDPR, and don’t hesitate to report suspicious activities to your national data protection authority. Your privacy matters, and the law is on your side.
