Back to Blog

GDPR · One-Stop-Shop · AI Enforcement

Establish, Then Escape

The Court of Rome annulled the Garante's €15 million fine against OpenAI. Not on the merits, not on proportionality: on a jurisdictional question that turns entirely on the interpretation of a single paragraph of soft law. And one that opens a gap.

The GDPR one-stop-shop and the transfer of jurisdiction between authorities

When one of the most significant fines ever imposed in Europe on a provider of generative artificial intelligence collapses entirely, you would expect the merits to be what gave way: the legal basis for training, transparency toward users, age verification. That is not what happened. Ruling no. 4153/2026 of the Court of Rome annuls the Garante's decision without ruling on any of those questions. The file was not closed: it merely changed desks, from Rome to Dublin. And the way it did so says a great deal about the weak point of the European one-stop-shop.

The ruling at a glance

AuthorityCourt of Rome, ruling 18 March 2026, no. 4153/2026 (R.G. 4785/2025)
SubjectOpposition to Garante decision no. 755 of 2 November 2024
Sanction€15 million + a six-month institutional information campaign (art. 166, para. 7, Privacy Code)
OutcomeDecision annulled in full. The surety declared ineffective. Costs offset given the novelty of the questions
GroundThe first of the ten grounds of appeal upheld — the Garante's lack of jurisdiction — absorbing all the others
NormsArts. 55–56, 60–61, 66 GDPR; EDPB Opinion 8/2019

01 / The fact — Fifteen million euros felled by a single word

With decision no. 755 of 2 November 2024 the Garante had charged OpenAI with a cluster of violations: failure to notify a data breach, absence of an adequate legal basis for training the models, information shortcomings, lack of adequate age verification systems, non-compliance with earlier prescriptions. These charges were followed by the €15 million fine and — for the first time in the use of that power — the order of a six-month institutional communication campaign on radio, TV, the press and the internet.

OpenAI challenged the decision on ten grounds. The Court stopped at the first, declaring it well-founded and absorbing all the others: the Italian Garante was no longer competent to adopt the final decision. Everything else — the lawfulness of the processing, the proportionality of the amount, the merits of the violations — stays outside the ruling. The judge did not say that OpenAI complied with the GDPR. He said that the one doing the speaking was the wrong authority.

02 / The timeline — The timeline is the case

The whole affair turns on the dates. The contested conduct matures between 2022 and 2023, when OpenAI has no establishment in the Union. The establishment arrives later, with the proceeding already under way. It is this sequence that makes the difference.

  • 30 Nov 2022Public launch of ChatGPT.
  • 20 Mar 2023The data breach the Garante will later charge as unnotified.
  • 24 Mar 2023Incorporation of OpenAI Ireland Limited.
  • 26 Jan 2024The Garante opens the sanctioning proceeding — when no recognised EU establishment yet exists.
  • 15 Feb 2024The Irish DPC formally recognises OpenAI Ireland as the single establishment in the EEA. From here, the lead authority is the Irish one.
  • 2 Nov 2024The Garante adopts the final decision — with the establishment recognised for over eight months.
  • 21 Mar 2025The Court suspends the fine on an interim basis.
  • 18 Mar 2026Annulment. Jurisdiction, the judge says, should have been transferred to Dublin.

The breaking point is 15 February 2024. From that day until the 2 November decision, the proceeding remained pending before an authority that — according to the Court — had by then lost ownership of the case.

03 / The mechanism — Arts. 55-56 and the one-stop-shop

For cross-border processing the GDPR concentrates competence in a single authority: that of the controller's main or single establishment, acting as lead authority through the one-stop-shop mechanism. It is a design meant to prevent fragmentation: one controller, one interlocutor, one procedure coordinated among all the authorities concerned under arts. 60 and 61.

The Court acknowledged that the Garante's proceeding had been launched lawfully: in January 2024 no lead authority existed, because OpenAI had no EU establishment. But once the Irish establishment was recognised, competence shifted. And since no final decision had yet been taken, the file should have been transferred to the DPC, triggering cooperation among authorities. The judge also ruled out the escape valves that would have let the Garante proceed alone: the processing did not concern Italian data subjects only, and the conditions for the urgent measures under art. 66 were not met.

04 / The pivot — §16 of Opinion 8/2019 and the word «mainly»

The entire decision revolves around the scope of a single paragraph of soft law. The reference is EDPB Opinion 8/2019, devoted precisely to the competence of a supervisory authority in case of a change in circumstances relating to the main or single establishment. While acknowledging its non-binding nature, the Court attributes to it a decisive interpretive function in ensuring a uniform application of the GDPR.

The crux is paragraph 16, in the section delimiting the opinion's scope: the situations examined, it reads, concern mainly continuing violations. The Garante read into that “mainly” an operational distinction: violations already exhausted remain with the authority that opened the proceeding, only those still ongoing follow the establishment. The Court rejected the distinction as devoid of any legal basis: the opinion introduces no such limit and identifies in the adoption of the final decision — not in the timing or nature of the conduct — the event that crystallises competence.

It does not matter when or how the violation took place. What matters is whether, at the recognition of the establishment, a final decision had already been adopted.

To reinforce the reading, the Court recalls the Court of Cassation (Section I, order no. 27189/2023 and judgment no. 3952/2022): the sanctioning power of the Italian authority presupposes the presence on the territory of a company or a stable organisation of the controller — here absent at the time of the decision.

05 / The distinction that matters — What the Court did not decide

Everything stays open

The ruling is not an acquittal on the merits. The charges that fed the investigation remain unprejudiced and will presumably be addressed by the Irish DPC:

  • ·legal basis for training the models
  • ·transparency and adequacy of the privacy notice
  • ·age verification and protection of minors
  • ·notification of the data breach
  • ·execution of the corrective measures already imposed

It is the most important reading, and the one that press headlines tend to miss. “Fine annulled” sounds like a substantive victory; it is not. The underlying question — whether a model can be trained on personal data without a clear legal basis — received no answer. It changed courtroom.

06 / The gap — «Establish, then escape»

Here lies the structural problem the ruling lays bare. The one-stop-shop was created to simplify; but the criterion crystallised by the Court is purely temporal, not substantive. As long as a non-EU provider operates without a recognised establishment, every national authority is potentially competent — with the risk of parallel proceedings. From the formal recognition of the establishment onward, however, the one-stop-shop activates even mid-investigation, and the file must migrate to the lead authority, unless a final decision has already been adopted.

From this comes a window: between the opening of the proceeding and the final decision, a controller who establishes (or has recognised) a single establishment can shift competence toward the authority of its chosen forum. To establish, and by doing so escape the authority that was investigating. It is not evasion in the technical sense — it is how the system works, read literally. But the incentive it generates is evident, and all the more sensitive when the “destination” lead authority is notoriously the most solicited and the least swift on the continent.

07 / Operational — What changes for those who build or use AI

The EU seat is a strategic lever, not a corporate detail. For providers with a European presence, where to establish — and how promptly to obtain formal recognition — is a first-order risk-management choice, with direct effects on the competent authority.

Before recognition, diffuse exposure. Without a recognised EU establishment, the risk is not zero: it is plural. Several authorities can act in parallel, each on its own territory.

The criterion is the final decision. Competence is fixed only when the final measure is adopted. Until then, a change of establishment can redraw the map.

For business users, nothing changes in practice. An audit of an SME looks at the DPA, the record of processing activities, internal policies and transfer documentation — not at the outcome of litigation between the Garante and OpenAI.

Regulatory attention has not decreased. The case moves, it does not close. And the same reasoning will have to be tested as enforcement migrates from the GDPR to the AI Act.

The Garante could appeal to the Court of Cassation, and the Court itself, offsetting costs, acknowledged the novelty of the questions. The reading the EDPB will give of its own 2019 opinion also remains open. For now the fact is this: a fifteen-million-euro fine fell not because OpenAI was right on the merits, but because a single word in a non-binding document rewrote the geography of competence. It is a correct outcome on the systematic level and a disquieting one on the level of effectiveness. The one-stop-shop, designed to unite, can become the point from which one slips away.

This article is for informational and educational purposes and does not constitute legal advice, nor does it replace professional consultancy calibrated to the specific case. The positions expressed reflect Tomato Blue RegTech's analysis. © 2026 Tomato Blue.

Does your establishment structure hold up to cross-border enforcement?

Tomato Blue designs architectures in which corporate structure and compliance are a single load-bearing frame: from mapping competence among supervisory authorities to alignment with GDPR, AI Act, MiCAR, NIS2 and DORA. From gap analysis to operational data governance.

Request a Gap Analysis →

Sources

Court of Rome, ruling 18 March 2026, no. 4153 (R.G. 4785/2025); Italian Data Protection Authority (Garante) decision no. 755 of 2 November 2024; arts. 55, 56, 60, 61, 66 Reg. EU 2016/679 (GDPR); EDPB, Opinion 8/2019 of 9 July 2019 on the competence of a supervisory authority in case of a change in circumstances relating to the main or single establishment; Court of Cassation, Section I, order 22 September 2023, no. 27189 and judgment 8 February 2022, no. 3952. Editorial cue: European Law Blog, «Establish, Then Escape? How the Court of Rome, the One-Stop-Shop and a Single Word Opened an AI Enforcement Gap».