Italy Enacts First National AI Law in Europe: What Employers and Businesses Need to Know
Insights
10.22.25
Italy just became the first European country to adopt a national framework dedicated exclusively to artificial intelligence. The new framework, in force as of October 10, complements the EU AI Act and clarifies how existing European obligations apply in specific sectors. Italy’s law does not introduce any new compliance obligations beyond those established under EU AI Act. Rather, it provides more detailed and sector-specific provisions that build upon the existing framework, particularly in compliance, transparency, accountability, and governance. What do businesses with operations in Italy need to know about this new law?
What Does Italy’s AI Law Do?
- The new legislation establishes general principles for AI, emphasizing transparency, accountability, and respect for fundamental rights.
- It further makes clear that human oversight is essential, requiring that individuals remain able to understand, monitor, and intervene throughout every stage of an AI system’s lifecycle.
- It clarifies that artificial intelligence should enhance, not replace, human decision-making and responsibility.
- The law also lays the ground for future decrees that shall be issued in the next year defining detailed procedures, liability regimes, and coordination with the European Union’s regulatory framework.
What Do Employers and Businesses Need to Know?
The law contains provisions that are particularly relevant for employers and organizations processing personal data.
- In the employment context, companies must inform workers when AI tools are used in recruitment, performance evaluation, or management. The disclosure must explain the purpose of the system, the logic behind its operation, its reliability, and the level of human supervision involved.
- From a data-protection standpoint, the statute reinforces the importance of lawful and transparent data use consistent with the GDPR. It allows, under specific safeguards, the secondary use of pseudonymized data for scientific and medical research without renewed consent, provided that controllers notify the Data Protection Authority and adopt adequate protection measures. At the same time, the law criminalizes the dissemination of AI-generated deepfakes and introduces limits on text and data mining for AI training to ensure respect for copyright and privacy.
What’s Next
Within 12 months, the Italian government must issue implementing decrees to operationalize the new framework, specify how liability will apply in practice, and align national measures with the EU AI Act. Businesses operating in Italy should monitor these developments closely, as the upcoming decrees will clarify enforcement mechanisms and compliance expectations.
What Employers Should Do Now
- Organizations using or developing AI tools in Italy should begin adapting their governance frameworks.
- Map AI usage across recruitment, HR, and data-driven processes to determine whether the new obligations apply.
- Prepare transparent disclosures for employees explaining how AI tools are used and supervised.
- Coordinate privacy and compliance teams to integrate GDPR-level safeguards, such as data protection impact assessments, into AI implementation.
- Review vendor relationships to confirm that external AI providers meet Italy’s transparency and lawful data use requirements.
- Train managers and HR staff on the limits of automation and the necessity of human oversight in employment decisions.
Conclusion
We will continue to monitor legal changes affecting multinational companies, so make sure you are subscribed to Fisher Phillips’ Insight System to receive the latest updates directly to your inbox. If you have questions, contact your Fisher Phillips attorney, the authors of this Insight, or any attorney in our International Practice Group or our AI, Data, and Analytics Practice Group.
This Insight was co-authored by Visiting Legal Professional Gustavo Almeida.