IT Get in touch

AI: Italy's implementing decrees for Law 132/2025 — governance, training, biometrics and liability

Italy's Council of Ministers gave preliminary approval to two decrees implementing Law 132/2025: AgID and ACN as national authorities, mandatory training across sectors, police biometrics, civil liability and the new Article 437-bis of the criminal code. What changes for companies, public bodies and professionals.

AIComplianceGovernance
AIComplianceGovernance AIComplianceGovernanceLegge 132/2025EU AI Act
Contents
  1. What happened
  2. Where they come from: Law 132/2025
  3. Governance falls into place
  4. Training: an obligation across the board
  5. Policing and biometrics: a tight perimeter
  6. Civil liability: the balance shifts toward the injured party
  7. Article 437-bis: criminal law reaches high-risk systems
  8. What this means in practice
Artificial Intelligence

Artificial Intelligence

EU AI Act consulting: system classification, policies, AI governance, training.

Discover →

What happened

On 10 June 2026 the Italian Council of Ministers (meeting no. 177) gave preliminary approval to two legislative decrees implementing Law 132/2025, Italy’s national AI law. The first covers the powers of the national authorities and the use of AI in education and training; the second covers the use of AI systems for policing and civil and criminal liability. Both align the national legal framework with Regulation (EU) 2024/1689 — the AI Act — without introducing an alternative regime: they are its national completion.

The qualification that matters: preliminary approval does not mean in force. The two drafts now go to the parliamentary committees, the Conference with the regions and the competent authorities for their opinions, then return to the Council of Ministers for final adoption. The texts can still change. The window is tight, though: the delegation in Law 132/2025 must be exercised within twelve months of the law’s entry into force, i.e. by October 2026.

Where they come from: Law 132/2025

Law no. 132 of 23 September 2025 — in force since 10 October 2025 — was the first comprehensive national AI law in an EU country. It designated the national authorities required by the AI Act (a designation Italy, like most Member States, had not completed by the EU deadline of 2 August 2025), introduced provisions already in effect on healthcare, labour, professions and copyright, created the offence of unlawful deepfakes (Article 612-quater of the criminal code) and authorised up to €1 billion of venture capital investment in AI, cybersecurity, quantum technologies and telecommunications. Above all, it delegated the Government to align the national framework with the EU regulation: the decrees of 10 June are the exercise of that delegation.

Governance falls into place

The first decree confirms and details the institutional architecture:

  • AgID is the notifying authority (it accredits and oversees conformity assessment bodies);
  • ACN — the National Cybersecurity Agency — is the market surveillance authority and the single point of contact with the EU institutions;
  • Banca d’Italia, CONSOB and IVASS supervise high-risk systems used by financial intermediaries;
  • the data protection authority (Garante) intervenes on high-risk systems in sensitive areas: law enforcement, border management, justice, democratic processes.

Coordination runs through the Department for Digital Transformation at the Presidency of the Council. On penalties, the framework is graduated and calibrated to each actor’s role along the supply chain, and Italy uses the option granted by the AI Act to set maximum fines below the European ceilings: the amounts are not yet known — the press release does not quantify them, so we will need the texts.

Training: an obligation across the board

The largest part of the first decree brings AI into the training requirements of nearly every sector. In short:

  • Schools — AI in curricula and civic education, STEAM skills, €100 million for teacher training, with a focus on digital risks and dependencies affecting minors.
  • Universities, arts academies and ITS Academies — training on the safe and informed use of AI systems: how they work, how to interpret outputs, legal aspects, cybersecurity; quality monitored by ANVUR.
  • Public administration — three tiers: basic literacy for all public employees, specialist reskilling, and advanced training for managers and digital transition officers, in coordination with the National School of Administration.
  • Healthcare — mandatory AI training within the continuing medical education (ECM) programme with a dedicated quota, managerial training for health executives and the national “MIA” platform (NRRP-funded, being piloted by Agenas).
  • Professions — technical, legal and ethical AI literacy and duties to inform clients; professional bodies have six months to update their rules and twelve months to integrate the fair compensation parameters, scaled to the risk class of the AI system used.
  • Justice — training for judges entrusted to the School for the Judiciary, with one principle restated: AI does not replace the judge’s decision.

On labour, the decree provides that decisions on establishing, changing or terminating an employment relationship — including dismissals and disciplinary measures — cannot be taken solely on the basis of automated processing: a dismissal decided in breach of this rule is void.

Policing and biometrics: a tight perimeter

The second decree regulates police use of AI while explicitly ruling out mass surveillance. Real-time remote biometric identification requires prior authorisation by the judicial authority, is limited to exhaustively listed purposes (specific, serious threats to security and public order; searching for missing persons and for victims of kidnapping, trafficking or sexual exploitation) and lasts at most fifteen days, renewable by reasoned order. Biometric databases built through untargeted scraping of the web are banned.

Post-event facial recognition is allowed only after a crime, to identify persons already under investigation on the basis of objective, verifiable elements. The data controller is the Ministry of the Interior; data are deleted after seven days, while tamper-proof logs are kept for five years. No adverse decision may rely solely on the system’s output: the final decision remains human.

Civil liability: the balance shifts toward the injured party

If you develop, integrate or professionally deploy AI systems, this is the part to read twice. The decree introduces four tools in favour of the injured party:

  1. access to the technical documentation of the system;
  2. a presumption of the causal link where the damage stems from a breach of AI Act obligations, easing the burden of proof;
  3. an alternative venue before the court of the place of residence of the injured natural person;
  4. a direct action against the liable party’s insurer.

The operational consequence is sharp: conformity documentation stops being a formal exercise and becomes the first line of defence in court. Whoever complies with the EU regulation’s obligations neutralises the presumption; whoever doesn’t starts at an evidentiary disadvantage.

Article 437-bis: criminal law reaches high-risk systems

The decree adds a new Article 437-bis to the criminal code, punishing the failure to adopt security measures — technical and human-oversight — in high-risk AI systems, and their unlawful alteration, where this creates a concrete danger to life, public safety or State security. The press release does not quantify the penalties; according to early reconstructions of the draft texts, the failure to adopt security measures would carry 1 to 5 years of imprisonment — 2 to 8 where the danger concerns public safety or State security — and unlawful alteration 2 to 6 years, up to 10 in the most serious cases. Liability hinges on concrete danger and, for the negligent form, on gross negligence.

The point that directly concerns companies: liability extends to legal entities under Legislative Decree 231/2001. Organisational models will need updating to cover the design, training, placing on the market and professional use of high-risk systems.

What this means in practice

  • Nothing is in force yet. The texts can change during the opinion phase; but the direction — ACN/AgID governance, mandatory training, strengthened liability — is set, and final adoption is expected within the October 2026 delegation deadline.
  • The compass is still the AI Act. The decrees implement the regulation, they don’t replace it. The European deadlines run in parallel: as we wrote about the Digital Omnibus, the high-risk postponement is still a provisional agreement, and the transparency obligations remain on the 2026 calendar.
  • Technical documentation becomes a defensive asset on three fronts: graduated administrative fines, the civil presumption, and criminal exposure under 437-bis. Treat it accordingly, not as paperwork.
  • Plan training now. For public bodies, healthcare and professional orders the decrees set obligations with hard deadlines, which will start running upon final adoption; for companies, AI literacy was already due under Article 4 of the AI Act.
  • Insurance: the direct action against insurers will raise the weight of AI-risk policies, on both the developer and the deployer side.

In the European picture, Italy is moving early: as of today only Denmark, Italy and Finland have national AI Act implementation laws in force — Malta proceeded through secondary legislation — and Italy’s is the only comprehensive one; Spain has its agency AESIA up and running, but its law is still in Parliament. For a general overview of the EU obligations, see our piece on what changes with the AI Act; on integrating GDPR and the AI Act, see automated compliance for the DPO.

Links: Council of Ministers press release no. 177 — 10 June 2026 · Law no. 132 of 23 September 2025 — Normattiva

Need support? Under attack? Service Status
Need support? Under attack? Service Status