Embedded Files
Published Date : 9/10/2025
On September 23, 2025, Italy signed into law a comprehensive Artificial Intelligence (AI) law, complementing the EU AI Act and addressing various sectoral rules. This article provides an overview of the key aspects of the Italian AI Law.
On September 23, 2025, Italy signed into law a comprehensive Artificial Intelligence (AI) law, complementing the EU AI Act and addressing various sectoral rules. This article provides an overview of the key aspects of the Italian AI Law.
On September 23, 2025, the Italian law on artificial intelligence (hereinafter, “Italian AI Law”) was signed into law, following final approval by the Italian Senate on September 17, 2025. The law consists of various provisions, including general principles and targeted sectoral rules in certain areas not covered by the EU AI Act. The Italian AI Law will enter into force on October 10, 2025.
The law intends to complement the EU’s Artificial Intelligence Act (“EU AI Act”) and should be interpreted and applied in accordance with the EU AI Act’s rules and definitions. (Article 1(2))
The Italian AI Law confirms the designation of two competent authorities for AI:
- Agency for Digital Italy (Agenzia per l’Italia Digitale, “AgID”), as the notifying authority, will be responsible for defining procedures and performing functions relating to the notification, assessment, accreditation, and monitoring of notified bodies.
- National Cybersecurity Agency (“ACN”), as the market surveillance authority, will be responsible for supervision and enforcement, among other things. (Article 20)
The Italian AI Law authorizes secondary use of personal data (including special categories of data), stripped of direct identifiers, for public interest and not-for-profit scientific research purposes to develop AI systems for the prevention, diagnosis, treatment of diseases, development of drugs and therapies, among others – without the need to obtain a new consent from the data subject. In such cases, the following requirements apply:
- Transparency and information obligations towards data subjects may be met by publishing a privacy notice on the data controller’s website.
- The relevant processing activities must be communicated to the Italian data protection authority (“Garante”), along with the information relating to Articles 24, 25, 32 and 35 of GDPR, and an express indication of any data processors used by the controller. Processing may start 30 days after such communication, if the Garante does not issue a blocking measure. (Article 8)
Employers must inform workers of the use of any AI systems and tools in the workplace. Employers must also ensure appropriate training of their employees. (Article 11)
The Italian AI Law retains the draft proposal’s age restrictions. In particular, parental consent is required to enable access to AI technologies by minors below the age of 14, and related processing of personal data; while minors between the age of 14 and below 18 can express their consent, insofar as the information provided is easily accessible and comprehensible. (Article 4(4))
The Italian AI Law introduces targeted amendments to existing copyright law, namely:
- Works created “with the aid of AI tools” may be protected under copyright law, provided that they are the result of the author’s intellectual work.
- Text and data mining of works and materials online or contained in databases (lawfully accessed) through the use of AI models, including generative AI, is permitted in accordance with copyright law and subject to the owner’s opt-out rights. (Article 25)
Key changes compared to previous drafts include:
- No localization requirement. The Italian AI Law removes a prior amendment, introduced by the lower chamber of Parliament, which sought to impose a localization requirement for servers of AI systems used by public sector bodies. Rather, the final version does not reflect this amendment, and includes a recommendation for public sector bodies, when choosing suppliers for their e-procurement platforms, to “prefer” solutions that guarantee localization and processing of “strategic” data in data centers located in Italy. (Article 5(1)(d))
- No specific provision on labelling of AI-generated news and information. The provision originally proposed in the draft law to label specifically any news or informational content that is generated or altered by AI, has been omitted in the final version of the law. General transparency requirements under the EU AI Act apply.
The Italian AI Law delegates the Government to adopt further measures, within twelve months from its entry into force, to achieve the following objectives, among others:
- Align the national framework with the EU AI Act.
- Assign supervisory, inspection, sanctioning and other administrative powers provided by the EU AI Act to the designated competent authorities.
- Adopt and define comprehensive rules on the use of data, algorithms, and other mathematical methods to train AI systems.
- Set out rules concerning the use of AI in investigative and policing activities.
- Update the framework for civil and criminal penalties.
Covington’s Data Privacy and Cybersecurity Team continues to monitor developments on AI and regularly advises clients on their most challenging regulatory and compliance issues in the EU and other major markets. If you have questions about the Italian law on AI or the EU AI Act, we are happy to assist with any queries.
Frequently Asked Questions (FAQS):
Frequently Asked Questions (FAQS):
Q: What is the Italian AI Law?
A: The Italian AI Law, signed into law on September 23, 2025, complements the EU AI Act and includes various provisions for the regulation of AI in Italy, covering areas such as healthcare, employment, and copyright.
Q: When does the Italian AI Law come into effect?
A: The Italian AI Law will enter into force on October 10, 2025.
Q: Who are the designated competent authorities for AI in Italy?
A: The designated competent authorities are the Agency for Digital Italy (AgID) and the National Cybersecurity Agency (ACN). AgID is the notifying authority, and ACN is the market surveillance authority.
Q: What are the key changes in the final version of the Italian AI Law?
A: Key changes include the removal of a localization requirement for AI servers and the omission of a provision to label AI-generated news and information.
Q: How does the Italian AI Law address the use of personal data in scientific research?
A: The Italian AI Law authorizes the secondary use of personal data, stripped of direct identifiers, for public interest and not-for-profit scientific research purposes, without the need for new consent from the data subject.
More Related Topics :
More Related Topics :
Page updated
Report abuse