On September 23, 2025, the Italian legislation on synthetic intelligence (hereinafter, “Italian AI Legislation”) was signed into legislation, after receiving last approval by the Italian Senate on September 17, 2025.
The legislation consists of various provisions, together with normal ideas and focused sectoral guidelines in sure areas not lined by the EU AI Act. The Italian AI Legislation will enter into power on October 10, 2025. We offer beneath an outline of key elements of the ultimate textual content of the Italian AI Legislation. For full element, please see our earlier blogpost right here.
Relationship with the EU AI Act
The Italian AI Legislation intends to enhance the EU’s Synthetic Intelligence Act (“EU AI Act”), and ought to be interpreted and utilized in accordance with the EU AI Act’s guidelines and definitions. (Article 1(2))
Designation of Competent Authorities
The Italian AI Legislation confirms the designation of two competent authorities for AI:
- Company for Digital Italy (Agenzia per l’Italia Digitale, “AgID”), because the notifying authority, might be answerable for defining procedures and performing features regarding the notification, evaluation, accreditation, and monitoring of notified our bodies, amongst different issues; and
- Nationwide Cybersecurity Company (“ACN”), because the market surveillance authority, might be answerable for supervision and enforcement, amongst different issues. (Article 20)
Healthcare and Scientific Analysis
The Italian AI Legislation authorizes secondary use of non-public knowledge (together with particular classes of knowledge), stripped of direct identifiers, for public curiosity and not-for-profit scientific analysis functions to develop AI programs for the prevention, prognosis, remedy of ailments, growth of medication and therapies, amongst others – with out the necessity to get hold of a brand new consent from the info topic. In such circumstances, the next necessities apply:
- transparency and knowledge obligations in the direction of knowledge topics could also be met by publishing a privateness discover on the info controller’s web site; and
- the related processing actions should be communicated to the Italian knowledge safety authority (“Garante”), together with the data regarding Articles 24, 25, 32 and 35 of GDPR, and an categorical indication of any knowledge processors utilized by the controller. Processing might begin 30 days after such communication, if the Garante doesn’t difficulty a blocking measure. (Article 8)
Employment
Employers should inform staff of the usage of any AI programs and instruments within the office. Employers should additionally guarantee applicable coaching of their staff. (Article 11)
Minors
The Italian AI Legislation retains the draft proposal’s age restrictions. Specifically, parental consent is required to allow entry to AI applied sciences by minors beneath the age of 14, and associated processing of non-public knowledge; whereas minors between the age of 14 and beneath 18 can categorical their consent, insofar as the data supplied is well accessible and understandable. (Article 4(4))
Copyright
The Italian AI Legislation introduces focused amendments to present copyright legislation, specifically:
- works created “with assistance from AI instruments” could also be protected beneath copyright legislation, supplied that they’re the results of the writer’s mental work; and
- textual content and knowledge mining of works and supplies on-line or contained in databases (lawfully accessed) by way of the usage of AI fashions, together with generative AI, is permitted in accordance with copyright legislation and topic to the proprietor’s opt-out rights. (Article 25)
Key Modifications In comparison with Earlier Drafts
- No localization requirement. The Italian AI Legislation removes a previous modification, launched by the decrease chamber of Parliament, which sought to impose a localization requirement for servers of AI programs utilized by public sector our bodies. Reasonably, the ultimate model doesn’t mirror this modification, and features a advice for public sector our bodies, when selecting suppliers for his or her e-procurement platforms, to “want” options that assure localization and processing of “strategic” knowledge in knowledge facilities positioned in Italy. (Article 5(1)(d))
- No particular provision on labelling of AI-generated information and knowledge. The availability initially proposed within the draft legislation to label particularly any information or informational content material that’s generated or altered by AI, has been omitted within the last model of the legislation. Basic transparency necessities beneath the EU AI Act apply.
Delegation of Authority to the Authorities
The Italian AI Legislation delegates the Authorities to undertake additional measures, inside twelve months from its entry into power, to realize the next targets, amongst others:
- align the nationwide framework with the EU AI Act;
- assign supervisory, inspection, sanctioning and different administrative powers supplied by the EU AI Act to the designated competent authorities;
- undertake and outline complete guidelines on the usage of knowledge, algorithms, and different mathematical strategies to coach AI programs;
- set out guidelines regarding the usage of AI in investigative and policing actions; and
- replace the framework for civil and prison penalties.
***
Covington’s Information Privateness and Cybersecurity Group continues to watch developments on AI, and often advises purchasers on their most difficult regulatory and compliance points within the EU and different main markets. When you have questions concerning the Italian legislation on AI or the EU AI Act, we’re glad to help with any queries.
