Skip to content
World Watch/Italy/Artificial Intelligence

Artificial Intelligence ยท Italy

AI regulation in Italy: the EU AI Act (2026)

Comprehensive lawEU AI Act (Regulation (EU) 2024/1689) as the directly-applicable baseline, plus Italy's national framework Law No. 132/2025 of 23 September 2025; competent authorities are AgID (notification/promotion) and the National Cybersecurity Agency ACN (market surveillance, sanctions).Country index 93 ยท A+

Italy shaded by its artificial intelligence status

AI in Italy: comprehensive law, anchored by EU AI Act (Regulation (EU) 2024/1689) as the directly-applicable baseline, plus Italy's national framework Law No. 132/2025 of 23 September 2025; competent authorities are AgID (notification/promotion) and the National Cybersecurity Agency ACN (market surveillance, sanctions)..

As an EU member state, Italy is governed first by the directly-applicable EU AI Act, whose prohibited-practice and AI-literacy rules apply since 2 February 2025 and GPAI/governance rules since 2 August 2025. Italy went further by becoming the first EU country to enact a national AI law, Law No. 132/2025 (in force 10 October 2025), which sets human-centric principles, sector rules (health, work, justice, IP), a new deepfake criminal offence, and designates national competent authorities. The law also delegates the Government to issue implementing decrees by October 2026 to build a fuller framework consistent with the EU AI Act.

The EU AI Act in Italy

In Italy, artificial intelligence is governed by the EU AI Act, the first comprehensive AI law, which applies directly as an EU regulation.

Framework
the EU AI Act (Regulation (EU) 2024/1689)
Approach
risk-based: unacceptable-risk AI is banned, high-risk AI faces strict duties, limited-risk AI has transparency rules
General-purpose AI
transparency duties for all GPAI models; systemic-risk models add safety and evaluation obligations
Timeline
phased: prohibitions from Feb 2025, GPAI rules from Aug 2025, most high-risk obligations from Aug 2026
Maximum fine
โ‚ฌ35 million or 7% of global annual turnover for prohibited-AI breaches
Oversight
national market-surveillance authorities, coordinated by the EU AI Office

The AI Act is an EU regulation applied directly in Italy; national market-surveillance authorities handle enforcement.

The EU AI Act in Italy: FAQ

Does the EU AI Act apply in Italy?

Yes. As an EU member, Italy is covered by the EU AI Act (Regulation (EU) 2024/1689), which applies directly.

What does the EU AI Act regulate in Italy?

It uses a risk-based approach: unacceptable-risk AI is banned, high-risk AI faces strict obligations, and general-purpose AI models carry transparency duties.

When does the EU AI Act take effect in Italy?

It is phased: prohibitions applied from February 2025, general-purpose-AI rules from August 2025, and most high-risk obligations from August 2026.

What are the penalties under the EU AI Act in Italy?

Up to โ‚ฌ35 million or 7% of global annual turnover for breaching the prohibited-AI rules, with lower tiers for other breaches.

Key points

EU AI Act baseline

The risk-based EU AI Act applies directly in Italy: banned practices and AI-literacy duties since 2 Feb 2025, GPAI and governance obligations since 2 Aug 2025, with high-risk obligations phasing in to 2026-2027.

National AI law (Law 132/2025)

Law No. 132/2025, published in Gazzetta Ufficiale n. 223 of 25 Sept 2025 and in force from 10 Oct 2025, is the first national AI law in the EU; it sets principles (transparency, human oversight, non-discrimination, data protection) and is expressly designed to complement Regulation (EU) 2024/1689.

Competent authorities

AgID (Agency for Digital Italy) is the notifying authority promoting AI development; the National Cybersecurity Agency (ACN) is the market-surveillance authority handling inspections, sanctions and single point of contact with EU bodies. Sector regulators (Bank of Italy, CONSOB, IVASS, Garante data-protection authority, AGCOM) keep their existing powers.

Sector-specific rules

Law 132/2025 sets dedicated provisions for healthcare (no discriminatory access; data protection), employment (employers must inform workers when AI is used), justice (AI only instrumental; decisions remain with magistrates), and copyright (AI-assisted works protected only where genuine human creative contribution exists).

New deepfake criminal offence

The law inserts Article 612-quater into the Criminal Code punishing unlawful dissemination of AI-generated/altered images, video or voice that unjustly harms a person, with imprisonment from one to five years, plus a new aggravating circumstance (art. 61 no. 11-decies) where AI is used as an insidious means.

Delegated decrees & funding

Article 16 delegates the Government to adopt implementing decrees by 10 October 2026 establishing an organic framework for data, algorithms and AI training (rights, obligations, remedies, sanctions); the law authorizes up to โ‚ฌ1 billion of state-backed venture capital for AI, cybersecurity and telecoms firms.

Timeline - major decisions & events

Sep 17, 2025lawofficial
Italy enacts Law No. 132/2025, the EU's first national AI law

Parliament gave final approval to Italy's national AI law (in force 10 October 2025), making Italy the first EU member state to legislate domestically alongside the EU AI Act, with sector rules for healthcare, the workplace, justice, copyright and minors, and designating AgID and the cybersecurity agency (ACN) as national competent authorities.

Government of Italy (programmagoverno.gov.it) โ†—
May 19, 2025enforcementofficial
Garante fines Replika maker โ‚ฌ5 million over chatbot privacy failures

The Italian DPA fined Luka Inc., developer of the 'Replika' companion chatbot, โ‚ฌ5 million for lacking a legal basis for processing and inadequate age verification, following its 2023 block of the service.

EDPB โ†—
Jan 30, 2025enforcement
Garante blocks DeepSeek for Italian users

The Italian DPA imposed an urgent, definitive limitation on processing of Italian users' data by China's DeepSeek after the companies' responses on data collection and legal bases were deemed insufficient, prompting parallel probes across the EU.

Bird & Bird (reporting Garante decision) โ†—
Dec 20, 2024enforcementofficial
Garante fines OpenAI โ‚ฌ15 million over ChatGPT

Concluding its investigation, the Italian DPA fined OpenAI โ‚ฌ15 million for lacking a legal basis to train ChatGPT on personal data, transparency failures and weak age verification, the first GDPR fine targeting a generative-AI service, and ordered a six-month public information campaign.

Garante per la protezione dei dati personali โ†—
Aug 1, 2024lawofficial
EU AI Act enters into force (applies in Italy)

Regulation (EU) 2024/1689 (the AI Act) entered into force, establishing the EU-wide risk-based framework directly applicable in Italy and setting the baseline that Italy's later national law complements.

EUR-Lex โ†—
Jul 22, 2024guidanceofficial
Italy publishes the National AI Strategy 2024-2026

AgID released the updated Italian Strategy for Artificial Intelligence 2024-2026, refreshing the national framework on research, public administration, business adoption and skills ahead of national legislation.

AgID โ†—
Apr 23, 2024law
Council of Ministers approves the national AI bill

The Italian government approved a draft AI law (later presented to the Senate on 20 May 2024) intended to complement the EU AI Act, covering public administration, healthcare, the judiciary, professions, data protection and copyright, the bill that became Law 132/2025.

Portolano Cavallo (reporting Council of Ministers) โ†—
Apr 28, 2023decisionofficial
Garante lifts ChatGPT ban after OpenAI compliance

After OpenAI added a privacy disclosure, an age-verification option and a training-data opt-out, the Italian DPA suspended its temporary limitation, restoring ChatGPT access in Italy roughly one month after the block.

Garante per la protezione dei dati personali โ†—
Mar 30, 2023enforcementofficial
Garante temporarily blocks ChatGPT

The Italian DPA ordered an immediate temporary limitation on OpenAI's processing of Italian users' data, citing no legal basis for mass training-data collection, lack of transparency, inaccurate outputs and no age checks, the world's first regulatory block of ChatGPT.

Garante per la protezione dei dati personali โ†—
Feb 2, 2023enforcement
Garante blocks the Replika AI chatbot

The Italian DPA issued an urgent order halting Replika's processing of Italian users' data over risks to minors and vulnerable users and absent age verification, Italy's first enforcement action against a generative-AI chatbot, foreshadowing the ChatGPT case.

TechCrunch (reporting Garante order) โ†—
Nov 24, 2021guidanceofficial
Italy adopts the Strategic Programme on AI 2022-2024

Italy's ministries and the digital-transition office launched the National Strategic Programme for Artificial Intelligence, the foundational policy framework for AI research, public-sector adoption, talent and infrastructure that preceded binding regulation.

Italian Government (innovazione.gov.it) โ†—

Italy - other topics

Artificial Intelligence in other countries

Last verified 5/23/2026 ยท Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite ยท Explore the full world map โ†’