Artificial Intelligence ยท Italy
AI regulation in Italy: the EU AI Act (2026)
Italy shaded by its artificial intelligence status
AI in Italy: comprehensive law, anchored by EU AI Act (Regulation (EU) 2024/1689) as the directly-applicable baseline, plus Italy's national framework Law No. 132/2025 of 23 September 2025; competent authorities are AgID (notification/promotion) and the National Cybersecurity Agency ACN (market surveillance, sanctions)..
As an EU member state, Italy is governed first by the directly-applicable EU AI Act, whose prohibited-practice and AI-literacy rules apply since 2 February 2025 and GPAI/governance rules since 2 August 2025. Italy went further by becoming the first EU country to enact a national AI law, Law No. 132/2025 (in force 10 October 2025), which sets human-centric principles, sector rules (health, work, justice, IP), a new deepfake criminal offence, and designates national competent authorities. The law also delegates the Government to issue implementing decrees by October 2026 to build a fuller framework consistent with the EU AI Act.
The EU AI Act in Italy
In Italy, artificial intelligence is governed by the EU AI Act, the first comprehensive AI law, which applies directly as an EU regulation.
- Framework
- the EU AI Act (Regulation (EU) 2024/1689)
- Approach
- risk-based: unacceptable-risk AI is banned, high-risk AI faces strict duties, limited-risk AI has transparency rules
- General-purpose AI
- transparency duties for all GPAI models; systemic-risk models add safety and evaluation obligations
- Timeline
- phased: prohibitions from Feb 2025, GPAI rules from Aug 2025, most high-risk obligations from Aug 2026
- Maximum fine
- โฌ35 million or 7% of global annual turnover for prohibited-AI breaches
- Oversight
- national market-surveillance authorities, coordinated by the EU AI Office
The AI Act is an EU regulation applied directly in Italy; national market-surveillance authorities handle enforcement.
The EU AI Act in Italy: FAQ
Yes. As an EU member, Italy is covered by the EU AI Act (Regulation (EU) 2024/1689), which applies directly.
It uses a risk-based approach: unacceptable-risk AI is banned, high-risk AI faces strict obligations, and general-purpose AI models carry transparency duties.
It is phased: prohibitions applied from February 2025, general-purpose-AI rules from August 2025, and most high-risk obligations from August 2026.
Up to โฌ35 million or 7% of global annual turnover for breaching the prohibited-AI rules, with lower tiers for other breaches.
Key points
The risk-based EU AI Act applies directly in Italy: banned practices and AI-literacy duties since 2 Feb 2025, GPAI and governance obligations since 2 Aug 2025, with high-risk obligations phasing in to 2026-2027.
Law No. 132/2025, published in Gazzetta Ufficiale n. 223 of 25 Sept 2025 and in force from 10 Oct 2025, is the first national AI law in the EU; it sets principles (transparency, human oversight, non-discrimination, data protection) and is expressly designed to complement Regulation (EU) 2024/1689.
AgID (Agency for Digital Italy) is the notifying authority promoting AI development; the National Cybersecurity Agency (ACN) is the market-surveillance authority handling inspections, sanctions and single point of contact with EU bodies. Sector regulators (Bank of Italy, CONSOB, IVASS, Garante data-protection authority, AGCOM) keep their existing powers.
Law 132/2025 sets dedicated provisions for healthcare (no discriminatory access; data protection), employment (employers must inform workers when AI is used), justice (AI only instrumental; decisions remain with magistrates), and copyright (AI-assisted works protected only where genuine human creative contribution exists).
The law inserts Article 612-quater into the Criminal Code punishing unlawful dissemination of AI-generated/altered images, video or voice that unjustly harms a person, with imprisonment from one to five years, plus a new aggravating circumstance (art. 61 no. 11-decies) where AI is used as an insidious means.
Article 16 delegates the Government to adopt implementing decrees by 10 October 2026 establishing an organic framework for data, algorithms and AI training (rights, obligations, remedies, sanctions); the law authorizes up to โฌ1 billion of state-backed venture capital for AI, cybersecurity and telecoms firms.
Timeline - major decisions & events
Parliament gave final approval to Italy's national AI law (in force 10 October 2025), making Italy the first EU member state to legislate domestically alongside the EU AI Act, with sector rules for healthcare, the workplace, justice, copyright and minors, and designating AgID and the cybersecurity agency (ACN) as national competent authorities.
Government of Italy (programmagoverno.gov.it) โThe Italian DPA fined Luka Inc., developer of the 'Replika' companion chatbot, โฌ5 million for lacking a legal basis for processing and inadequate age verification, following its 2023 block of the service.
EDPB โThe Italian DPA imposed an urgent, definitive limitation on processing of Italian users' data by China's DeepSeek after the companies' responses on data collection and legal bases were deemed insufficient, prompting parallel probes across the EU.
Bird & Bird (reporting Garante decision) โConcluding its investigation, the Italian DPA fined OpenAI โฌ15 million for lacking a legal basis to train ChatGPT on personal data, transparency failures and weak age verification, the first GDPR fine targeting a generative-AI service, and ordered a six-month public information campaign.
Garante per la protezione dei dati personali โRegulation (EU) 2024/1689 (the AI Act) entered into force, establishing the EU-wide risk-based framework directly applicable in Italy and setting the baseline that Italy's later national law complements.
EUR-Lex โAgID released the updated Italian Strategy for Artificial Intelligence 2024-2026, refreshing the national framework on research, public administration, business adoption and skills ahead of national legislation.
AgID โThe Italian government approved a draft AI law (later presented to the Senate on 20 May 2024) intended to complement the EU AI Act, covering public administration, healthcare, the judiciary, professions, data protection and copyright, the bill that became Law 132/2025.
Portolano Cavallo (reporting Council of Ministers) โAfter OpenAI added a privacy disclosure, an age-verification option and a training-data opt-out, the Italian DPA suspended its temporary limitation, restoring ChatGPT access in Italy roughly one month after the block.
Garante per la protezione dei dati personali โThe Italian DPA ordered an immediate temporary limitation on OpenAI's processing of Italian users' data, citing no legal basis for mass training-data collection, lack of transparency, inaccurate outputs and no age checks, the world's first regulatory block of ChatGPT.
Garante per la protezione dei dati personali โThe Italian DPA issued an urgent order halting Replika's processing of Italian users' data over risks to minors and vulnerable users and absent age verification, Italy's first enforcement action against a generative-AI chatbot, foreshadowing the ChatGPT case.
TechCrunch (reporting Garante order) โItaly's ministries and the digital-transition office launched the National Strategic Programme for Artificial Intelligence, the foundational policy framework for AI research, public-sector adoption, talent and infrastructure that preceded binding regulation.
Italian Government (innovazione.gov.it) โItaly - other topics
Artificial Intelligence in other countries
Last verified 5/23/2026 ยท Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite ยท Explore the full world map โ