Insights

  • Home
  • Insights
  • Italy’s AI Compliance Push Enters a New Phase

Share

Italy’s AI Compliance Push Enters a New Phase

Italy's draft implementing decrees signal a practical shift in AI Act compliance: Companies may soon need stronger evidence of how AI systems are classified, supervised, documented, and controlled.

June 2026 Alert

Italy has taken another step toward making EU Regulation 2024/1689 (the "AI Act") operational on the ground. On June 10, 2026, the Italian government granted preliminary approval to two draft legislative decrees designed to implement Italian Law No. 132/2025 and align Italian law with the AI Act. The first builds the national enforcement framework, addressing authorities, supervision, sanctions, regulatory sandboxes, training, and employment safeguards. The second focuses on law-enforcement use of AI and introduces targeted civil and criminal liability rules. The texts are not yet final, but the trajectory is clear: AI governance in Italy is becoming more structured, documented, and subject to review.

 

For businesses, the central concern is evidentiary readiness. The Agency for Digital Italy (Agenzia per l'Italia Digitale) and the Italian Agency for National Cybersecurity (Agenzia per la Cybersicurezza Nazionale) are expected to anchor the implementation framework, with sector regulators retaining oversight in banking, finance, insurance, data protection, and other regulated markets. Going forward, regulators, courts, employees, counterparties, and insurers will likely demand more than the existence of an AI policy—they will want to see that the company can demonstrate how AI systems are inventoried, classified, tested, monitored, updated, and supervised.

 

Employment use cases deserve particular attention. Decisions affecting hiring, role changes, termination, discipline, or other employment matters should not be delegated entirely to automated processing. Human review must be meaningful, and employers may be required to explain—through documented human intervention—the AI system's role in the decision and the principal parameters it considered.

 

Technology providers and deployers should also scrutinize biometric and law-enforcement tools, high-risk AI system classifications, vendor contracts, insurance coverage, trade-secret protections, and litigation preparedness. The next practical steps are straightforward: Map current AI use, confirm AI Act risk classifications, assign accountable owners, strengthen HR and vendor controls, and maintain records demonstrating human oversight and effective risk management.

Insights by Jones Day should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request permission to reprint or reuse any of our Insights, please use our “Contact Us” form, which can be found on our website at www.jonesday.com. This Insight is not intended to create, and neither publication nor receipt of it constitutes, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.
Contributors
You May Also Be Interested In

June 24, 2026 Firm Hosted

Women in IP Speaker Series: A View From the Top – Mentoring in the Age of AI

June 11, 2026 Commentary

Draft EU Guidelines Clarify When AI Systems Are High-Risk Under the AI Act

June 04, 2026 Commentary

Driverless Vehicles on British Roads: Operating Under the Self-Driving Pilot Scheme

June 03, 2026 Alert

Dutch Government Blocks U.S. Acquisition of Cloud Provider, Signaling Heightened Focus on EU Digital Sovereignty

Before sending, please note:

Information on www.jonesday.com is for general use and is not legal advice. The mailing of this email is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.