Artificial Intelligence · Italy
AI regulation in Italy (2026)
Italy shaded by its artificial intelligence status
As an EU member state, Italy is governed first by the directly-applicable EU AI Act, whose prohibited-practice and AI-literacy rules apply since 2 February 2025 and GPAI/governance rules since 2 August 2025. Italy went further by becoming the first EU country to enact a national AI law, Law No. 132/2025 (in force 10 October 2025), which sets human-centric principles, sector rules (health, work, justice, IP), a new deepfake criminal offence, and designates national competent authorities. The law also delegates the Government to issue implementing decrees by October 2026 to build a fuller framework consistent with the EU AI Act.
Key points
The risk-based EU AI Act applies directly in Italy: banned practices and AI-literacy duties since 2 Feb 2025, GPAI and governance obligations since 2 Aug 2025, with high-risk obligations phasing in to 2026-2027.
Law No. 132/2025, published in Gazzetta Ufficiale n. 223 of 25 Sept 2025 and in force from 10 Oct 2025, is the first national AI law in the EU; it sets principles (transparency, human oversight, non-discrimination, data protection) and is expressly designed to complement Regulation (EU) 2024/1689.
AgID (Agency for Digital Italy) is the notifying authority promoting AI development; the National Cybersecurity Agency (ACN) is the market-surveillance authority handling inspections, sanctions and single point of contact with EU bodies. Sector regulators (Bank of Italy, CONSOB, IVASS, Garante data-protection authority, AGCOM) keep their existing powers.
Law 132/2025 sets dedicated provisions for healthcare (no discriminatory access; data protection), employment (employers must inform workers when AI is used), justice (AI only instrumental; decisions remain with magistrates), and copyright (AI-assisted works protected only where genuine human creative contribution exists).
The law inserts Article 612-quater into the Criminal Code punishing unlawful dissemination of AI-generated/altered images, video or voice that unjustly harms a person, with imprisonment from one to five years, plus a new aggravating circumstance (art. 61 no. 11-decies) where AI is used as an insidious means.
Article 16 delegates the Government to adopt implementing decrees by 10 October 2026 establishing an organic framework for data, algorithms and AI training (rights, obligations, remedies, sanctions); the law authorizes up to €1 billion of state-backed venture capital for AI, cybersecurity and telecoms firms.
Timeline - major decisions & events
Parliament gave final approval to Italy's national AI law (in force 10 October 2025), making Italy the first EU member state to legislate domestically alongside the EU AI Act, with sector rules for healthcare, the workplace, justice, copyright and minors, and designating AgID and the cybersecurity agency (ACN) as national competent authorities.
Government of Italy (programmagoverno.gov.it) ↗The Italian DPA fined Luka Inc., developer of the 'Replika' companion chatbot, €5 million for lacking a legal basis for processing and inadequate age verification, following its 2023 block of the service.
EDPB ↗The Italian DPA imposed an urgent, definitive limitation on processing of Italian users' data by China's DeepSeek after the companies' responses on data collection and legal bases were deemed insufficient, prompting parallel probes across the EU.
Bird & Bird (reporting Garante decision) ↗Concluding its investigation, the Italian DPA fined OpenAI €15 million for lacking a legal basis to train ChatGPT on personal data, transparency failures and weak age verification — the first GDPR fine targeting a generative-AI service — and ordered a six-month public information campaign.
Garante per la protezione dei dati personali ↗Regulation (EU) 2024/1689 (the AI Act) entered into force, establishing the EU-wide risk-based framework directly applicable in Italy and setting the baseline that Italy's later national law complements.
EUR-Lex ↗AgID released the updated Italian Strategy for Artificial Intelligence 2024-2026, refreshing the national framework on research, public administration, business adoption and skills ahead of national legislation.
AgID ↗The Italian government approved a draft AI law (later presented to the Senate on 20 May 2024) intended to complement the EU AI Act, covering public administration, healthcare, the judiciary, professions, data protection and copyright — the bill that became Law 132/2025.
Portolano Cavallo (reporting Council of Ministers) ↗After OpenAI added a privacy disclosure, an age-verification option and a training-data opt-out, the Italian DPA suspended its temporary limitation, restoring ChatGPT access in Italy roughly one month after the block.
Garante per la protezione dei dati personali ↗The Italian DPA ordered an immediate temporary limitation on OpenAI's processing of Italian users' data, citing no legal basis for mass training-data collection, lack of transparency, inaccurate outputs and no age checks — the world's first regulatory block of ChatGPT.
Garante per la protezione dei dati personali ↗The Italian DPA issued an urgent order halting Replika's processing of Italian users' data over risks to minors and vulnerable users and absent age verification — Italy's first enforcement action against a generative-AI chatbot, foreshadowing the ChatGPT case.
TechCrunch (reporting Garante order) ↗Italy's ministries and the digital-transition office launched the National Strategic Programme for Artificial Intelligence, the foundational policy framework for AI research, public-sector adoption, talent and infrastructure that preceded binding regulation.
Italian Government (innovazione.gov.it) ↗Italy - other topics
Last verified 5/23/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →