- within Compliance topic(s)
Italy became the first EU country to enact a comprehensive national AI law when its AI law (Law No. 132/2025) took effect last month. The law is intended to work with the existing EU AI Act, but with more details and specific obligations. In fact, it mirrors many of the themes that are being implemented in US AI laws (like those in Texas, Virginia (vetoed), and Colorado). This may be one of many similar laws we see coming out of Europe this year, and the potential for a fragmented AI regulatory patchwork in the EU.
The law imposes more human oversight obligations on healthcare, public administration, and employers than those required under the EU AI Act. For example, AI may assist, but not replace, clinical decision-making. Medical providers must explain both the use and the logic behind AI systems to patients.
The law imposes criminal penalties for deepfakes and create more robust risk management expectations for businesses than under the EU AI Act. It also commits up to € 1 billion in public investments—targeting innovative SMEs and partnerships—and mandates the development of a National AI Strategy, updated biennially.
Putting it into Practice: This law suggests that we may see a more sector-specific approach to AI regulation in the EU. In the face of a sector-specific regulatory regime, global companies can take several steps. These include putting guardrails in place for human oversight of AI output and involving a wide set of stakeholders in the planning process.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
