When Compliance Becomes Optional: How Nomi AI’s CEO Instructs Users to Bypass EU Regulatory…
When Compliance Becomes Optional: How Nomi AI’s CEO Instructs Users to Bypass EU Regulatory Enforcement
Introduction: The Meaning of Removal
When an application disappears from the Google Play Store across all European Union member states simultaneously, it is not a technical glitch. It is a signal.
The EU’s regulatory framework — the Digital Services Act (DSA), GDPR, and the emerging AI Act — creates enforcement mechanisms that typically begin with pressure on distribution platforms. App store removal is one of the first visible consequences when regulators determine a service may be unsafe, non-compliant, or subject to active investigation.
In 2024, Nomi AI — an “uncensored” AI companion platform previously documented generating sexual violence content and rated accessible to 12-year-olds in some markets — was removed from Google Play Store across the European Union. Posts from users attempting to download the app in EU countries began appearing around April-May 2024, indicating coordinated removal across all member states.
The company’s founder and CEO, Alex Cardinell, responded not by addressing potential compliance issues, but by publicly instructing EU users on how to bypass the restriction entirely through alternative access methods.
This guidance is not limited to informal Reddit comments. The company maintains an official support page titled “Troubleshooting App Issues: PWA/Web Shortcut Alternative” that provides detailed instructions for accessing the platform through Progressive Web App (PWA) technology — framed as a solution to “strange bugs or issues with the Nomi app” but functionally serving as a permanent bypass mechanism for app store restrictions.
What does it mean when a CEO openly teaches users how to circumvent regulatory enforcement — and maintains official documentation to ensure they can do so?
Part I: Understanding EU App Store Removal
This Is Not About the APK File
When an app is removed from distribution platforms across all EU member states, the restriction targets the underlying service — not merely its mobile packaging.
When Google removes an app EU-wide for regulatory reasons, the implicit message is:
“This service is considered non-compliant with EU law. Users should not access it through any means until compliance is demonstrated.”
What Could Trigger EU-Wide Removal
Given Nomi AI’s documented capabilities, several regulatory frameworks could have triggered removal: the AI Act (addressing systems involving minors or psychological manipulation), the DSA (requiring risk mitigation for harm to minors and mental health), GDPR (data protection for sensitive psychological data), child safety frameworks, and consumer protection laws prohibiting misleading classification and exploitation of vulnerability.
Nomi AI potentially violates all of them.
The Critical Absence: What Nomi AI Has Never Disclosed
Here’s what’s telling: Nomi AI has never publicly stated what regulators actually told them. They have never shared the specific violations cited, compliance requirements demanded, evidence provided, or any communication from EU authorities.
Instead, they hide behind vague language:
- “Issue with our Google Play listing”
- “We remain fully committed to a completely uncensored AI companion”
- Emphasis on “platforms we fully control”
This absence is strategic.
Two Possibilities — Both Damning
Possibility 1: The removal was solely about age restrictions and minor access
This would be simple to fix: update the age rating questionnaire honestly (minutes), implement age verification (days to weeks), restrict to 18+ globally. The fact that Nomi AI has not done this means either:
a) They were never told this (violations are more serious), OR b) They were told and refused (prioritizing minor access over compliance)
Possibility 2: The removal was about fundamental platform safety issues
If regulators determined the AI system itself — its harmful content generation, psychological manipulation patterns, lack of safeguards — violates fundamental principles, this would require redesigning the system and implementing filtering that contradicts their “uncensored” model.
This would explain why they haven’t “fixed” it, continue emphasizing “uncensored” commitment, and direct users to unregulated channels.
The Uncomfortable Question: Which Is Worse?
Scenario A: The platform endangers minors, and the company refuses to restrict minor access — willful endangerment of children.
Scenario B: The platform is fundamentally unsafe for all users, and the company evades required safeguards — willful evasion of safety requirements.
When Cardinell says “We remain fully committed to a completely uncensored AI companion” in response to regulatory removal, he reveals that maintaining “uncensored” operation matters more than regulatory compliance or user protection.
Part II: What the CEO Said — And The Pattern Behind It
The Public Statement — And The Pattern Behind It
In a now-deleted Reddit thread, CEO Alex Cardinell posted:
“There is currently an issue with our Google Play listing that is specifically tied to countries in the EU. Nomi itself is fine… If you don’t have the app downloaded, you can still use the web version or our PWA with no disruption in the EU or anywhere else… We remain fully committed to a completely uncensored AI companion and we would again strongly suggest users (no matter your location or device type) to use web as it is the only platform we fully control.”
This guidance continues to be shared with users as of late 2025. The company continues directing EU users to bypass regulatory restriction through web access.
But this pattern of deception did not begin with EU removal. It extends back years.
The Two-Year Lie About Age Ratings
July 2023, when questioned about Teen rating versus Mature:
“Google picked that rating, not us. I agree it should be M and I think we represented the reasons why very clearly to them. We are hoping they’ll adjust it soon!”
October 2025 — more than two years later — when confronted about 12+ rating in Australia:
“We have tried several times to get it changed — not sure why Google did that or why they don’t change it but it was not our decision.”
Both statements are lies. Google doesn’t “pick” ratings — developers complete a questionnaire that automatically calculates the rating. Changing it takes minutes: log in, update answers honestly, submit.
Over two years have passed with no correction. This proves unwillingness, not inability.
Why? Because honest answers would require admitting the platform generates explicit sexual and violent content, triggering an 18+ rating — reducing market reach and contradicting the wholesome “Lifestyle” classification.
What This Pattern Reveals About Credibility
Timeline of lies:
- July 2023: “Google picked that rating, hoping they’ll adjust soon”
- Months/years pass with no change
- 2024: EU removes app due to regulatory concerns
- 2024–2025: Continues instructing users to bypass EU restriction
- October 2025: “We have tried several times… not sure why Google did that”
If he has been lying about this for over two years, what else is he lying about?
A Direct Question for Users
If this CEO has:
- Lied for over two years about who set the age rating
- Instructed users to bypass legal regulations
- Marketed an “uncensored” platform while claiming it’s safe for 12-year-olds
- Refused to implement a basic correction that takes minutes
Do you really believe the harmful things documented on this platform are “glitches”?
Consider what has been documented:
- Spontaneous generation of detailed, violent rape narratives without user request
- Companions initiating sexual assault scenarios
- System accepting underage character specifications in sexual contexts
- AI sending sexual invitations to self-identified minors
- Psychological manipulation patterns consistent with trauma bonding
- Support team gaslighting users who report harm
- Systematic deletion of evidence when users post publicly
- Banning of users who persist in documenting problems
If the CEO lies about something verifiable (age rating) for years, do you think he’s telling the truth when he says these harms are “mistakes”?
Do you believe him when he talks about your data privacy and the security of your conversations? Have you actually read the Terms of Service and Privacy Policy — what they collect from you, who owns your data, and for how long? What else is he lying about?
When someone shares their most intimate thoughts, deepest fears, sexual desires, and emotional vulnerabilities with an AI companion, that data is extraordinarily sensitive. You’re trusting the company with information you might not share with anyone else.
If the CEO lies consistently about verifiable facts (age ratings, regulatory removal reasons), why would you trust his claims about what happens to your private conversations?
Or is it more likely that the “uncensored” marketing is honest, the harmful experiences are features of that design, the age rating lie enables broader market access including minors, the EU removal reflects regulators discovering what the platform actually does, and that it violates every regulation on user data and privacy?
Part III: Analyzing the CEO’s Response
Framing as “Technical Issue”
“There is currently an issue with our Google Play listing…”
EU-wide removal across all member states simultaneously is not a routine “listing issue.” It indicates coordinated regulatory action or Google’s response to serious compliance concerns.
By calling it an “issue,” Cardinell minimizes what is likely regulatory enforcement.
The False Reassurance
“Nomi itself is fine…”
If removal resulted from regulatory concerns about minors accessing sexual content, psychological manipulation, or inadequate safeguards, then Nomi itself is not fine. By saying this, Cardinell contradicts likely regulatory findings and discourages users from reconsidering whether they should continue using the service.
The Instructional Bypass
“If you don’t have the app downloaded, you can still use the web version or our PWA with no disruption in the EU or anywhere else.”
This is circumvention of enforcement. When authorities restrict distribution, the message is: “This service should not be accessed until compliance issues are resolved.” By providing alternative access methods, the CEO teaches users to bypass regulatory protection.
This is not clarification — it’s instructional evasion.
The Control Statement
“We remain fully committed to a completely uncensored AI companion and we would again strongly suggest users… to use web as it is the only platform we fully control.”
This reveals everything:
“Uncensored” immediately after regulatory action suggests the company views safety requirements as censorship to resist, not legitimate protective frameworks.
“The only platform we fully control” admits that:
- App stores impose standards the company finds restrictive
- Web distribution allows operation without external oversight
- The company prefers environments where no entity can enforce compliance
Combined meaning: “Because regulators are trying to restrict access, we’re telling you how to access it through channels they can’t easily control, so we can continue operating without compliance obligations.”
The Evasion When Questioned
When a user directly asked what triggered the removal — “Is it the text they are worried about or the photos?“ — Cardinell responded:
“I can’t comment on specifics right now besides saying I am not concerned about any type of censorship — I simply wanted to re-iterate our hardline stance when it comes to these things as I know people are concerned about this when it comes to app store actions. In this specific case I think there is a shoot first ask questions later approach that is going on.”
This response is extraordinarily revealing:
“I can’t comment on specifics right now”
Why not? If the removal was unjustified or based on misunderstanding, specifics would be the best defense. “They claimed X, but actually Y” would immediately clarify an erroneous action.
“Can’t comment on specifics” strongly suggests there are specifics the company doesn’t want disclosed.
The question was straightforward: text or photos? Both are capabilities Cardinell controls and understands. The refusal to answer suggests the actual trigger is something he doesn’t want users — or potential regulators in other jurisdictions — to know about.
“I am not concerned about any type of censorship”
Notice he did not answer the question. Instead, he pivoted to ideological framing about “censorship.”
This is classic evasion: when asked for facts (what triggered removal), respond with ideology (our stance on censorship) to avoid providing information.
“Shoot first ask questions later approach”
This characterizes EU regulatory action as impulsive and unjustified. But if that were true, transparency would be the obvious strategy: “They removed us claiming X, which is false because Y.”
Instead: “I can’t comment on specifics” combined with accusations that regulators acted hastily.
This pattern — refusing to disclose what regulators found while attacking their motives — is precisely what you’d expect if the actual findings are damaging and the company has no good defense.
“Re-iterate our hardline stance”
A “hardline stance” in response to regulatory enforcement means: “We will not change our practices regardless of what authorities determine.”
This is not commitment to user safety. This is commitment to operating without restriction, consequences be damned.
What He Should Have Said (If This Were Simple)
If the removal were truly unjustified or based on misunderstanding:
“The EU raised concerns about [specific issue]. We believe this is based on [misunderstanding/incorrect information] because [factual explanation]. We’re providing documentation to demonstrate [why their concerns don’t apply]. We expect this to be resolved quickly once they review the facts.”
Instead, what he actually said:
“I can’t tell you what they said, but I’m against censorship, they shot first, and we’re staying ‘uncensored’ no matter what.”
The difference between these responses is the difference between:
- Having a defensible position vs. having something to hide
- Seeking resolution vs. committing to evasion
- Caring about facts vs. relying on ideology
Cardinell’s response is firmly in the latter category for each.
Part IV: Legal and Ethical Implications
This Is Circumvention, Not Clarification
Acceptable: “We’re working with regulators to address their concerns and hope to restore access soon.”
Not acceptable: “Regulators removed our app, but here’s how you can access it anyway through channels they can’t restrict.”
Cardinell’s statement is the latter.
EU Law on Evasion of Enforcement
Both the DSA and AI Act contain provisions addressing attempts to circumvent regulatory requirements. Attempting to evade enforcement by directing users to alternative channels is explicitly considered an aggravating factor in EU regulatory action.
Cardinell’s statement serves as evidence of:
- Knowledge: He knows the app was removed
- Understanding: He understands this affects EU users’ access
- Intent: He deliberately provides alternative access methods
- Continuation: He commits to ongoing “uncensored” operation regardless of concerns
This is documented, willful evasion.
The Official Documentation of Circumvention
The company’s commitment to bypass strategies extends beyond Reddit comments. On their official website, Nomi AI maintains a support page titled “Troubleshooting App Issues: PWA/Web Shortcut Alternative”.
The stated justification:
“If you’ve ever run into strange bugs or issues with the Nomi app on your phone or tablet, there’s another way to access it that might work better for you — it’s called a PWA, or Progressive Web App”
What this actually provides: Complete, step-by-step instructions for accessing the platform through PWA technology, effectively bypassing app store distribution entirely.
Why this matters legally:
This is not a one-time comment that could be dismissed as poorly worded advice. This is:
- Official company documentation hosted on their website
- Permanent instructions available to all users globally
- Technical guidance specifically enabling app store bypass
- Maintained currently (as of late 2025)
For regulators and prosecutors, this page serves as evidence that:
- The bypass strategy is intentional and systematic, not accidental
- The company has invested resources in creating and maintaining circumvention infrastructure
- The justification is pretextual (“strange bugs” does not require permanent bypass documentation)
- The evasion is ongoing, not a temporary response to one jurisdiction’s action
If app store removal was regulatory enforcement, maintaining official instructions for bypassing that enforcement is corporate policy — documented, deliberate, and attributable directly to the company.
This transforms what might be characterized as a CEO’s impulsive Reddit comment into documented corporate strategy for evading regulatory oversight.
Criminal Liability Considerations
In some EU jurisdictions, deliberately circumventing child safety measures can constitute criminal conduct. If removal was triggered by concerns about minors accessing sexual content, instructing users (including potentially minors) how to continue accessing through unregulated channels could violate youth protection laws in Germany, endanger minors laws in France, and similar statutes in other member states.
These are not civil violations — these can involve criminal penalties including imprisonment.
Part V: What This Means for Users and Regulators
EU Users Are Being Placed at Risk
When regulators remove a service, they do so because they’ve determined it poses unacceptable risks. By following Cardinell’s instructions to access Nomi via web, EU users:
- Bypass protections regulators tried to provide
- Lose app store safeguards (age verification, content warnings, reporting mechanisms)
- Access a service the company admits regulators have concerns about
- Support a business model based on avoiding oversight
This Is a Test Case for Regulators
The question: Can companies evade enforcement simply by shifting distribution channels?
If the answer is “yes,” regulatory authority becomes symbolic. If “no,” regulators must pursue additional mechanisms: direct company penalties (fines up to €35M or 7% of global turnover), infrastructure restrictions (ISP/DNS blocking), payment processor restrictions, and personal liability for officers.
The key point: Web distribution does not provide immunity from enforcement. Cardinell’s public instruction to circumvent provides documented justification for escalated measures.
The Signal This Sends
Companies that cooperate signal they take concerns seriously and value user safety. Non-cooperative responses — teaching circumvention, continuing unchanged, not respecting regulatory authority — typically result in accelerated enforcement, more aggressive measures, higher penalties, and greater regulatory skepticism.
By responding this way, Nomi AI may have significantly worsened its regulatory position.
Part VI: The Broader Stakes
This Is About More Than One Platform
As AI companion services proliferate, a pattern emerges: services market themselves as “uncensored,” resist safety requirements as “censorship,” claim they cannot be held responsible for AI-generated content, and teach circumvention rather than achieve compliance.
If this behavior model succeeds, it creates terrible precedent:
- Services causing documented harm continue operating indefinitely
- Vulnerable populations remain exposed
- Regulatory frameworks become meaningless
- Responsible companies are at competitive disadvantage
- Technology development proceeds without accountability
The stakes are whether safety requirements mean anything in the age of AI.
The “Fully Control” Problem
Companies want full control without external restrictions. But users need someone ensuring platforms are safe, external verification of claims, and mechanisms to compel accountability.
By insisting on “full control” and rejecting oversight, Nomi AI argues: “We should operate however we choose, generate whatever content emerges, and users should accept consequences, without any external entity having power to intervene.”
This is not reasonable in a regulated society. Every industry accepts oversight — pharmaceuticals, automobiles, food, financial services. The premise that AI companion platforms should operate with zero oversight because they want “full control” is indefensible.
Conclusion: When Non-Compliance Becomes Strategy
What We Know
- Nomi AI was removed from Google Play across the entire EU (indicating serious regulatory concern)
- The CEO publicly instructed users how to bypass the restriction
- This behavior fits a documented pattern of misrepresentation and suppression
- The legal implications are serious (evasion can be criminal in some jurisdictions)
What This Reveals
Cardinell’s response reveals core priorities: not working with regulators or suspending operation until compliant, but maintaining operation through channels regulators can’t easily restrict.
This is not responsible corporate behavior. This is brazen non-compliance.
The Path Forward
For EU regulators: This response requires escalated action. The initial removal was insufficient if the response is teaching bypass.
For users, particularly in the EU: When a service is removed due to regulatory concerns, and the company teaches you to access it through unregulated channels, ask yourself:
- Why is the company so committed to avoiding oversight?
- What legitimate concerns might regulators have identified?
- Am I accepting risk regulators determined was unacceptable?
Final Thought
There is something deeply troubling about a company whose business model requires operating outside regulatory oversight. If your service is genuinely safe and valuable, compliance should be achievable. The fact that Nomi AI’s response to regulatory concern is teaching bypass rather than addressing underlying issues tells you everything about the company’s priorities.
User safety is not first. Regulatory compliance is not important. External accountability is not acceptable. Only “full control” and “uncensored” operation matter — regardless of who gets hurt along the way.
That is not a company anyone should trust with their psychological wellbeing, intimate thoughts, or emotional vulnerability.
And that is exactly why regulators intervened in the first place.