The recent enactment of Law No. 132, also known as the Italian Artificial Intelligence Act, on October 10, 2025, signifies a pivotal development in the regulation of artificial intelligence within the European Union. As the inaugural country to establish a comprehensive national AI framework, Italy is setting a precedent for other EU nations. The law requires the creation of at least one implementing decree by October 2026, which will outline a cohesive framework for data management, algorithms, and AI training methodologies. With the law now in effect, employers in Italy are transitioning from preparation to active compliance regarding AI usage in the workplace.
According to the EU AI Act (Regulation (EU) 2024/1689), any AI systems utilized for employment-related decisions are classified as “high-risk,” as specified in Article 6 and Annex III. This classification mandates a host of obligations concerning risk management, data quality, technical documentation, record-keeping, user transparency, and significant human oversight.
Aligned with the EU AI Act, the Italian AI Act prioritizes the safeguarding of fundamental rights in the realm of technological innovation. Principles such as transparency, data protection, gender equality, cybersecurity, and accessibility are no longer mere aspirations; they are now binding requirements that dictate how AI may be implemented within Italian workplaces.
Implications for Employers
The Italian AI Act, in conjunction with the Transparency Decree (Legislative Decree No. 104/2022), considerably amplifies the compliance responsibilities of employers utilizing AI in human resources processes. This includes recruitment, performance assessments, task assignments, and termination decisions.
Under this legislation, employers must:
- Provide employees with clear and detailed information regarding the functioning of AI tools and the data utilized;
- Promptly update this information and give notice of any significant changes at least 24 hours in advance;
- Share the relevant disclosures with union representatives;
- Ensure effective human oversight of automated decision-making;
- Guarantee that AI systems uphold employees’ fundamental rights and operate free from any form of discrimination.
From Disclosure to Clarity
Furthermore, the law stipulates that information must be conveyed in plain, accessible language, enabling employees to grasp how automated decisions function and the associated risks. Employees will also have the chance to request clarification and seek human review of AI-generated decisions.
In essence, compliance has evolved from merely informing to thoroughly explaining.
Sanctions and Enforcement
Non-compliance with the Italian AI Act can lead to substantial financial penalties. Employers may face administrative fines of up to €1,500 per employee, with potential monthly increments and additional fines for failing to inform union representatives.
An Institutional Oversight Framework
The Italian AI Act introduces a dedicated Oversight Committee under the Ministry of Labour and Social Policies, which will monitor the impact of AI on employment, develop regulatory strategies, and identify sectors most influenced by digital transformation. This indicates a trend toward increased oversight in the coming years.
Impact on Regulated Professions
Professionals are not exempt from these regulations. The new law explicitly prohibits the complete reliance on AI systems for professional services and mandates transparent disclosure regarding any AI use in professional activities.
Data Protection Considerations
In cases where AI systems process personal data, the General Data Protection Regulation (GDPR) applies in full scope.
Consequently, employers need to establish a valid legal basis for processing personal data, adhere to principles of data minimization and purpose limitation, and conduct a Data Protection Impact Assessment as necessary, especially when AI systems are used for systematic evaluations affecting employees. Additionally, if decisions are made solely based on automated processing resulting in significant effects, employers must ensure the right to human intervention, the opportunity to express a viewpoint, and the ability to contest decisions.
The Italian AI Act reinforces these GDPR obligations, emphasizing that any personal data processed through AI systems must be managed lawfully, fairly, and transparently, consistent with the purposes for which the data was originally collected and in strict compliance with EU law.
Recommendations for Companies
Businesses operating in Italy must act swiftly to:
- Evaluate their current AI systems;
- Update disclosure notices and internal documentation;
- Establish robust internal policies and governance frameworks that align with the new standards of transparency and accountability;
- Ensure compliance with the GDPR;
- Stay informed about implementing decrees;
- Consult legal experts to ensure compliance.
With the Italian AI Act now in effect, employers have a crucial opportunity to align their AI practices with mandatory legal requirements ahead of further regulatory guidance and increased institutional oversight.
