The Senate approved the Italian law on Artificial Intelligence. It is the first national regulatory law in Europe and aligned with the European AI Act.

The law is based on important principles of human centrity and safe use of AI, with particular attention to innovation, cybersecurity, accessibility, and privacy protection. In particular, it establishing guarantees of traceability, human responsibility, and the centrality of the final decision by a natural person.

What it is important to to know is that the law designates the National Cybersecurity Agency (ACN) and the Agency for Digital Italy (AgID) as national competent authorities:

  • ACN oversees — with inspection powers — the adequacy and security of AI systems;
  • AgID manages notifications and promotes safe use cases for citizens and businesses, within a stable inter-institutional coordination framework.

The National AI Strategy will be prepared and updated every two years by the Department for Digital Transformation of the Presidency of the Council, with the support of ACN and AgID. Annual reporting to Parliament is provided to ensure transparency.

The law launches a €1-billion investment program in support of startups and SMEs in the fields of AI, cybersecurity and emerging technologies, fostering technology transfer and strategic value chains.

Key points of the law

Principles contained in the law are: human-centric and safe use; transparency, accessibility and data protection.

Application sectors:

  • Healthcare: central role of physicians, data use for research.
  • Workplace: observatory and protection of worker dignity.
  • Public administration and justice: traceable decision-support systems.
  • Education and sports: training and inclusion.

New rules on governance and criminal law
The law establishes Italy’s governance framework for artificial intelligence. The National Cybersecurity Agency and the Agency for Digital Italy will serve as the main national AI authorities, responsible for applying and implementing EU and national AI legislation. Their roles do not override the specific powers of the Bank of Italy, Consob, or Ivass, and they will need to coordinate with independent regulators such as the Data Protection Authority and the Communications Regulatory Authority.

The reform also impacts criminal law. It introduces new aggravating circumstances when AI is used to commit certain offenses and creates a new crime related to deepfakes. This new offense penalizes the unlawful distribution of content generated or altered through artificial intelligence.

Although the initiative is commendable, there are numerous critical issues—first and foremost, the lack of an overarching view and the overlap with parallel regulations, such as those on privacy and the protection of minors. Moreover, this is clearly a Europe-wide problem, but it is certainly an early piece of legislation that will inevitably require adjustments and judicial interpretation.