- within Energy and Natural Resources, Intellectual Property, Litigation and Mediation & Arbitration topic(s)
- with readers working within the Chemicals industries
On 17 September 2025, the Italian Senate definitively enacted Law No. 1146/2025, thereby establishing the first comprehensive national legal framework governing artificial intelligence.
This legislative instrument is embedded within the broader regulatory architecture delineated by Regulation (EU) 2024/1689 (commonly referred to as the "AI Act"), with which it is intended to be harmonized. The Italian law anticipates the adoption of domestic measures aimed at facilitating the effective implementation of the European provisions, with particular emphasis on the healthcare, justice, and labor sectors.
The enactment of Law No. 1146/2025 reflects a strategic normative choice by the Italian Republic, aimed at assuming a leadership role within the European Union. By adopting a national framework prior to the full entry into force of the AI Act, Italy positions itself as the first Member State to legislate comprehensively on artificial intelligence. The law reaffirms foundational principles such as transparency, proportionality, safety, and human oversight, while also addressing the need to adapt the European framework to national specificities—particularly in sectors where the deployment of AI may have a direct impact on fundamental rights.
Furthermore, the legislation seeks to promote innovation and attract investment by providing a clear and foreseeable regulatory environment for entities engaged in the development, testing, and deployment of AI-based technologies. In this context, Italy aims to enhance its technological and industrial competitiveness, fostering public-private partnerships throughout 2025.
Scope of application
Law No. 1146/2025 applies to:
- General-purpose AI systems and models, i.e., technologies capable of performing cross-functional tasks and adaptable to various operational contexts (e.g., language models, predictive systems, automated analysis tools);
- Public and private entities involved in the development, integration, or use of AI, including public administrations, corporations, startups, research institutions, and professionals;
- Research and experimentation activities, which remain permissible provided they comply with ethical, safety, and transparency safeguards, particularly in relation to data processing;
- Regulated sectors, such as healthcare, justice, and labor, for which implementing ministerial decrees shall define technical standards, human oversight requirements, and mandatory training pathways.
Key Innovations Introduced by the Law
Law No. 1146/2025 introduces a series of complementary measures designed to reinforce the operational framework applicable to economic operators and professionals, including:
- Scientific Research: The secondary use of personal data devoid of direct identifiers is permitted without the data subject's explicit consent, provided that a general information notice is made available;
- Intellectual Professions: Professionals are prohibited from fully delegating the performance of their services to AI systems. Such systems may only be employed for ancillary and support functions. Professionals are further required to inform clients of any use of AI, using clear and comprehensive language;
- Competent authorities:
-
- The Agency for Digital Italy (AgID) is designated as the authority responsible for AI development;
- The National Cybersecurity Agency (ACN) is entrusted with cybersecurity and inspection functions;
- The Data Protection Authority (Garante per la protezione dei dati personali) and AGCOM are tasked with oversight and coordination of digital services (Article 20 of Law No. 1146/2025);
- Civil Liability: The Government is delegated to regulate liability regimes applicable to damages caused by AI systems, including the introduction of protective mechanisms for injured parties and a potential redistribution of the burden of proof;
- Legislative Decrees: Within twelve months from the entry into force of the law, the Government shall adopt implementing legislative decrees to align domestic legislation with the AI Act and, inter alia, regulate instances of unlawful use of AI systems.
Operational Checklist for Businesses and Public Administrations
Following the entry into force of Law No. 1146/2025, businesses and public administrations are required to initiate a preliminary cycle of compliance activities, aimed at ensuring alignment with both national legislation and the European AI Act. These activities constitute the operational foundation for responsible AI governance:
- Mapping and classification of AI systems: Conduct a comprehensive inventory and classification of all AI systems currently in use or under development, identifying their purpose, risk level, regulatory compliance status, and scope of application;
- Definition of internal governance: Appoint a designated AI officer and adopt internal procedures for audit, control, and oversight;
- Review of contractual arrangements with suppliers and technology partners: Update contractual documentation to incorporate clauses addressing regulatory compliance, liability for AI-related damages, bias mitigation, and system maintenance;
- Update of privacy documentation: Revise GDPR-compliant notices and conduct enhanced Data Protection Impact Assessments (DPIAs), with particular attention to sensitive and health-related data;
- Human oversight in high-risk systems: Ensure and document human supervision in automated decision-making processes involving high-risk AI systems;
- Internal training for key personnel: Implement targeted training programs for managers, developers, legal advisors, and compliance officers;
- Periodic audits and documentation traceability: Establish technical and organizational audit mechanisms, ensuring the preservation and traceability of documentary evidence.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.