OpenAI has quietly restricted its cross-session memory capabilities for users and developers in the European Union, a move that signals growing unease over how the company stores conversational data and whether that information can be reliably erased. The change, which surfaced in updated regional documentation and was confirmed by developers who noticed inconsistent behaviour across accounts, sees memory persistence either disabled or heavily curtailed for EU-based API customers. While OpenAI has not made a formal announcement, the practical effect is clear: European users are now receiving a deliberately degraded version of one of the platform’s most-hyped features.
The decision arrives against a backdrop of intensifying questions from data protection authorities about the lawfulness of long-term storage of personal data embedded in chat histories. For OpenAI, capping memory in the EU appears to be a calculated attempt to sidestep compliance risk rather than resolve it — a strategy that is fast becoming the default playbook for large AI providers operating across the Atlantic.
What has actually changed
Cross-session memory allows a model to retain context from previous conversations, recalling user preferences, prior instructions and details without the information being re-entered each time. It is a foundational building block for more personalised assistants and a feature OpenAI has promoted aggressively to enterprise developers building on its API.
Under the new regional configuration, EU users report that persistent memory is now off by default, with limited ability to enable it, and that retained data is purged on a far shorter cycle than for US accounts. Developers integrating the API have described the experience as inconsistent and poorly documented.
“From a build perspective, it’s frustrating because you design a product assuming a capability exists, then discover it behaves differently depending on where your user happens to be sitting,” said Dr Marek Lindqvist, an applied AI researcher at the Nordic Institute for Digital Governance. “OpenAI is effectively shipping two products under one brand.”
The GDPR pressure point
At the heart of the issue is the General Data Protection Regulation’s principles of storage limitation and the right to erasure. Conversational AI data is messy: it often contains personal information volunteered by users, sometimes about third parties, and it is woven into model context in ways that make clean deletion technically difficult.
Regulators have reportedly pressed OpenAI on two specific questions — how long memory data is retained, and whether a user’s deletion request genuinely removes that data from all systems, including backups and any derived representations. Memory features, which by design accumulate and persist personal data over time, sit uncomfortably with both requirements.
“The difficulty with persistent memory is that it is the opposite of data minimisation,” said Claudia Berner, a data protection lawyer at Hartmann & Vogel in Frankfurt. “You are deliberately hoarding context to improve the service. Under GDPR, you have to justify every byte of that, and you have to be able to make it disappear on request. Many providers simply cannot demonstrate that confidently, so the safer commercial choice is to switch the feature off in Europe.”
That calculus — disable rather than defend — is increasingly common. It avoids the cost of building robust, auditable deletion pipelines and removes a potential enforcement target, but it does so by withdrawing functionality from the very users the regulation is meant to protect.
A widening transatlantic split
The episode adds to a pattern in which European users receive feature-limited versions of AI tools while American counterparts enjoy the full offering. Meta, Google and Apple have all delayed or withheld AI features in the EU over regulatory uncertainty, framing the bloc’s rules as an obstacle to innovation.
Critics argue this narrative is convenient but misleading. The features are not banned; companies are choosing degradation over compliance investment.
- For developers: fragmented capabilities complicate building products for a global user base.
- For users: a two-tier experience emerges, where geography determines quality.
- For regulators: the risk that GDPR is blamed for outcomes that are really commercial decisions.
“There’s a political danger here,” warned Dr Lindqvist. “If every degraded feature is quietly blamed on Brussels, you erode public support for data protection without anyone ever proving the rules made the feature impossible.”
What this means
OpenAI’s quiet capping of memory features is less a one-off compliance tweak than a marker of where the AI industry is heading: a bifurcated landscape in which European users trade richer functionality for stronger nominal protections, often without clear explanation. For now, EU developers must build around limitations that their US peers never encounter, and regulators face the awkward task of distinguishing genuine technical impossibility from strategic feature-withholding. Until providers demonstrate that persistent memory can coexist with verifiable deletion, the safe-but-stunted European AI experience looks set to become the norm rather than the exception.
Photo by Matheus Bertelli on Pexels
