Diritto al Digitale
Diritto al Digitale is the must-listen podcast on innovation law, brought to you by Giulio Coraggio, data and technology lawyer at the global law firm DLA Piper. Each episode explores the cutting-edge legal challenges shaping our digital world—from data privacy and artificial intelligence to the Internet of Things, outsourcing, e-commerce, and intellectual property.
Join us as we illuminate the legal frameworks behind today’s breakthroughs and provide insider insights on how innovation is transforming the future of business and society.
You can contact us at the details available on dlapiper.com
Diritto al Digitale
Italy's New AI Law: What the Decrees Mean for Your Business
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Italy just became the first EU country to pass a comprehensive national AI law — and the real game-changer is what comes next.
In the time it takes to finish your coffee, Giulio Coraggio, location head of the Italian Intellectual Property and Technology department at the global law firm DLA Piper, and journalist Antonio Ravenna break down how Italy's Law No. 132/2025 plugs into the EU AI Act, and why the upcoming implementing decrees could reshape compliance for anyone building or deploying AI in Italy.
No 40-page memos. No jargon. Just the essentials — in one coffee break. ☕
In this episode:
🇮🇹 Why Italy moved first in Europe — and what Law No. 132/2025 actually changes
⚖️ How the Italian framework is designed to sit inside the EU AI Act (not on top of it)
📜 The implementing decrees coming by October 2026 — and what they'll cover
🏥 Sector hotspots: healthcare, employment, professional services, justice & deepfakes
🚨 The compliance traps companies need to watch now
Whether you're in-house counsel, a compliance lead, or a founder shipping AI products, this is the short briefing you didn't know you needed.
🎧 Follow The Legal Break wherever you listen — new episodes unpack the legal topics that matter, one coffee at a time.
💬 Got a topic you want us to cover? Let us know.
⭐ Enjoying the show? Leave a rating and review — it helps more listeners find us.
📌 You can find our contacts 👉 www.dlapiper.com
Welcome everyone. I'm Giulio Coraggio, a technology and data lawyer at the Global Affirm DLA Piper.
SPEAKER_01And I'm Antonio Ravenna, a journalist.
SPEAKER_00We're here to discuss a very interesting development when it comes to AI compliance.
SPEAKER_01And we're gonna make it during the time of a coffee break. So, Giulio, Italy's Council of Ministers approved two implementing decrees on artificial intelligence. But why does it matter beyond Italy?
SPEAKER_00First of all, it's worth it to say that Italy is the first country that has adopted a legislation that integrates the UAI Act. The UAI Act is a regulation, so it's directly applicable, but it leaves to each single EU member state some grey areas where local laws can be can be added. And Italy was the first one to do that, speeding up the process of creating a legal framework on artificial intelligence during a time where basically some of the provisions of the UAI Act are already in place. So it's kind of puzzling the fact that the legislation became applicable before, for instance, the authorities in charge of supervising the compliance with the obligations were kind of uh identified.
SPEAKER_01What do the decree say about AI driven decisions in the workplace?
SPEAKER_00This is one of the most tricky elements of the decree. We are seeing that AI systems are shifting from pure pilot projects to the usage in the operational companies and in large organizations, especially. We see that AI-driven decisions are coming more frequently than in the past. The risk is then that um there is a dismissal of an individual just based on uh analytical decisions made by machine, and this is exactly what um the Italian degrees try to address. They specifically ban this kind of dismissals, declaring that they are newly and void, but this leads to the next question: what shall companies do to avoid this kind of challenge? Uh well, it's always a question of accountability and being able to document the process that is in place. Because it is true that with the AI, the business of a company is more and more data-driven, and um, with AI, there is a risk of monitoring of uh individuals whose performance, whose behavior could be better tracked, even though, as we know, monitoring uh through a train systems of uh employees' behavior is specifically prohibited under Italian law. So the problem arises when the AI reaches the conclusion that a person misbehaved or is an underperformer. In that case, it's not enough to say that the process is adopted or is provided by an internal policy to review the assessment based by the machine, but the all assessment process from the outcome generated by the machine to the final decision should be carefully documented and used then in a potential dispute, or at least companies should have it ready to be used in a potential dispute. So, in a way, this provision puts an additional burden on companies and an additional tool in the hands of employees to start a potential dispute in case of dismissals.
SPEAKER_01And Giulio, Italy also has introduced new criminal liability for AI failures, its first. What does that mean concretely?
SPEAKER_00Well, it introduced not only a criminal liability regime but also a civil liability regime. This move from Italy was the result of the decision by the European Union not to move forward with the directive on the liability arising from the usage of AI systems. Basically, what Italy did is what uh the European Union decided not to do. It introduced a sort of a presumption of liability in case of damage is caused by AI systems. So basically, the company that is the uh provider, the deployer of a solution should prove that potential damages were not caused by the AI system. So the burden proof is reversed on the company putting on the market using that technology. On top of that, for high-risk AI systems, there is a criminal liability not only of the individual that made the decision but also of the company in case of lack of implementation of adequate security measures. So if there is a damage to an individual, there would be two layers of liability, or actually I would say three, because uh there would be the potential sanction under the UAI Act, there would be a civil liability in case of claims from the victim of um they suffered the damages, and then there will be also a potential criminal liability if we are within the perimeter of applicability of this criminal liability regime against again both the company and the individual, the company would uh basically face an additional fine. In order to avoid that, it will have to put in place what is called a corporate criminal liability model. In Italian, we call it 231 model, uh, because of uh the law 231 that is the one introducing the corporate criminality regime that shifts away from the company the potential liability, obviously, if it's properly put in place.
SPEAKER_01And so, Giulio, what is the single most important thing that a company should do right now?
SPEAKER_00This is all happening uh during a period where, with the digital omnibus, some of the deadlines of the UAI Act were postponed. These degrees will move forward and probably will be adopted before the coming into force of some relevant provisions of the UAI Act. Companies need to put in place an internal AI governance model that is crucial in order to map what uh your employees are doing with the AI systems and make sure that the safeguards provided by the UAI Act but also by the other types of legislation applicable to the specific AI solution are in place in order to avoid any sort of liability. There is no way of avoiding any possible damage or risk, but the companies need to prove to have done what they were required to do in order to avoid sanctions, to avoid civil liability, and to avoid now also a potential criminal liability.
SPEAKER_01So we can conclude that the AA Act is no longer a distant Europe legislation.
SPEAKER_00No, I mean uh we should be operating, we as businesses, and uh that extends also to law firms. We should be operating as if all the obligations of the UAI Act are already in place. Because um the time window available to businesses is very short because it's not just a question of implementing a policy that needs to change the DNA of a company, the way a company is actually operating in relation to a technology that is evolving so quickly that uh no one basically can keep pace with that.
SPEAKER_01Thank you, Julio.
SPEAKER_00Thank you, everyone. Arrivedercies.