Italy's New AI Law: Pioneering National Regulation In Europe

Italy has made history by enacting Law No. 132 of September 23, 2025 — the first comprehensive national artificial intelligence legislation in the EU. Entering into force on October 10, 2025, it complements the EU AI Act, which will apply across Europe in 2026.

The law establishes a human-centric vision for AI, mandating that systems must enhance, not replace, human decision-making. Human oversight is required across critical sectors such as healthcare, justice, and employment.

It introduces multi-layered protection mechanisms: consent frameworks for minors, criminal penalties for deepfakes, copyright rules for AI-assisted works, and sector-specific safeguards. Implementation is entrusted to the Agency for Digital Italy (AgID) and the National Cybersecurity Agency (ACN), with up to €1 billion in funding allocated to stimulate domestic AI innovation.

Europe's First Comprehensive National AI Framework

I. Legal Foundation and EU Alignment

Italy's AI Law complements rather than contradicts the EU AI Act. Article 1(2) states that its provisions must align with Regulation (EU) 2024/1689, regulating areas left to Member State discretion — including criminal penalties, copyright, and national governance.

The legislative process began on May 20, 2024, with Bill No. 1146-B in the Senate. After extensive revisions based on feedback from the Italian Data Protection Authority and the European Commission, Parliament approved the bill in June 2025, followed by final Senate approval in September 2025.

II. Human-Centric Principles and Democratic Safeguards

The law's philosophical core is an anthropocentric approach placing human autonomy, dignity, and oversight at the center of AI deployment. Article 3 establishes guiding principles: respect for constitutional freedoms, transparency, security, data protection, accuracy, non-discrimination, and environmental sustainability.

AI must always operate under human control — a binding legal duty rather than an aspirational value. The law also prohibits any use of AI that could endanger democratic life, interfere with free debate, or compromise state sovereignty and citizens' fundamental rights.

III. Healthcare Sector Regulations

Article 7 applies the human-centric model concretely to healthcare. AI may support prevention, diagnosis, and treatment, but cannot make final clinical decisions — those remain the duty of medical professionals.

AI cannot create discriminatory criteria for treatment access. Patients must be informed when AI is used, including the benefits and decision-making logic involved. All healthcare AI systems and their data must be regularly verified for reliability and accuracy.

Article 8 classifies public and private non-profit AI research in healthcare as of significant public interest, providing a GDPR-compliant basis for processing sensitive data. Research projects may begin 30 days after notifying the Data Protection Authority unless objections are raised — a "silent-assent" mechanism that accelerates research while preserving safeguards.

Simplified consent rules eliminate repetitive individual consent in public-interest research, reducing bureaucracy. Authorized entities include public institutions, non-profit organizations, and private healthcare bodies collaborating with them.

IV. Justice System Limitations

AI use in the judiciary is strictly limited to protect due process and human judgment. Systems may assist in administrative case management but cannot perform legal interpretation or court decision-making. Judges and legal officers retain full autonomy, ensuring that only humans with legal training and ethical responsibility decide cases. This preserves confidentiality, defense rights, and judicial integrity.

V. Employment and Workplace Protections

The law promotes productive AI use while safeguarding workers' rights. Employers must be transparent when AI affects recruitment, evaluation, or monitoring. Employees have the right to be informed, challenge automated decisions, and request human review.

AI systems cannot discriminate based on gender, age, ethnicity, religion, or other protected characteristics. Respect for employee dignity, mental and physical well-being, and privacy is mandatory.

To monitor risks and guide training, an Observatory on AI in the Workplace is established to study algorithmic bias and promote responsible deployment.

VI. Protection of Minors through Dual-Tier Consent

Article 4 introduces a two-tier consent framework for minors. Children under 14 require parental consent to access AI systems and for related data processing. Adolescents aged 14–18 may consent independently if provided with clear, age-appropriate information.

This model reflects developmental differences while safeguarding minors from inappropriate AI interactions. Implementation requires age-verification, consent tracking, moderation, and escalation systems to ensure compliance.

VII. Copyright Protections for AI-Assisted Works

Article 25 clarifies that copyright applies only to works where human creativity predominates, even if AI tools are used. Purely AI-generated works without human contribution are not protected.

AI-enabled text and data mining are allowed only for non-copyrighted material or authorized scientific research, consistent with the EU's Digital Single Market Directive. Rights holders may prohibit AI training on their works through machine-readable opt-outs, preserving control over creative content.

VIII. Criminal Penalties for Malicious AI Use

The law introduces criminal sanctions for harmful AI use. Unlawful creation or dissemination of deepfakes causing harm may lead to prison sentences of up to five years. Penalties are increased for crimes such as fraud or identity theft facilitated by AI.

The government is also empowered to adapt criminal law to address AI-related offenses — including election interference, disinformation, and attacks on democratic institutions — reflecting Italy's commitment to protect both individual rights and democratic stability.

IX. Governance Structure and Implementation

Two main authorities oversee implementation:

• Agency for Digital Italy (AgID) – supervises compliance in public administration, promotes innovation, sets standards, and conducts conformity assessments.
• National Cybersecurity Agency (ACN) – handles market surveillance, inspections, and sanctions.

This dual-agency system mirrors the EU AI Act's recommended national supervision model. Coordination among data protection, healthcare, and justice regulators ensures consistency.

Italy will cooperate closely with EU and international partners to maintain regulatory harmony for cross-border AI. Up to €1 billion in state-backed venture capital is earmarked for investments in AI, cybersecurity, quantum technologies, and telecommunications to foster domestic innovation.

Our Mind

Italy's AI Law is both a landmark policy and a strategic turning point for NewMind AI. By embedding human-centric principles into law, it validates our long-standing commitment to ethics, transparency, and explainable AI.

From a business perspective, the legislation opens opportunities across healthtech, fintech, and edtech, where compliance requirements will be strictest. NewMind AI can support clients in aligning their systems with the new standards through compliance audits, governance design, and explainability integration.

The law's human-oversight mandate will expand demand for human-in-the-loop and human-on-the-loop systems, especially in healthcare, legal, and employment contexts. Our experience in building explainable, human-supervised AI architectures aligns precisely with this need.

Similarly, the dual-tier consent regime creates demand for secure age-verification and consent-management technologies, relevant to edtech and social platforms. Our solutions in identity verification and content moderation directly serve this market.

Transparency and explainability obligations will drive organizations to adopt Explainable AI (XAI) tools that clarify decision logic while maintaining performance. This presents a significant value proposition across industries.

Italy's leadership is likely to inspire other EU members to enact national AI laws, creating a wider need for unified compliance solutions. Within healthcare alone, human-supervised AI is projected to reach a market value of €12 billion by 2028 — a growth directly influenced by this regulation.

In the creative sector, copyright rules emphasizing human creativity will reshape production workflows. Tools optimizing human-AI collaboration can reduce costs by up to 40% while maintaining compliance, benefiting media and design companies.

At NewMind AI, we already integrate transparency and oversight principles in our systems for finance and healthcare clients. The new Italian framework strengthens this approach, guiding us to formalize compliance processes in future deployments. Our work in explainable decision-support systems already fulfills these requirements, allowing us to deliver solutions that are both effective and lawful.

These foundations position NewMind AI as a trusted partner for organizations navigating Europe's evolving regulatory landscape — advancing innovation while ensuring that AI remains accountable, ethical, and human-centered.

Key Takeaways

• Italy made history on October 10, 2025, by becoming the first EU member state with comprehensive national AI legislation through Law No. 132, acting ahead of the EU AI Act scheduled for 2026 implementation and establishing regulatory leadership in Europe.
• The law's foundation rests on an anthropocentric approach requiring that AI systems respect human autonomy, support rather than replace human decision-making, and mandate human oversight in all critical processes across sectors.
• In healthcare, AI may assist with diagnosis and treatment as a support tool, but final clinical decisions must be made by medical professionals; AI cannot establish discriminatory criteria for treatment access or replace physician judgment.
• Justice system AI use is strictly limited, with AI systems prohibited from performing interpretative legal analysis or court decision-making; their use is confined to administrative and organizational tasks only.
• Workplace protections ensure employees have rights to be informed about AI use affecting them, challenge automated decisions, and request human review; AI-based discrimination is explicitly prohibited with enforcement mechanisms.
• A dual-tier consent framework for minors requires parental consent for children under 14 to access AI systems, while adolescents aged 14–18 may provide autonomous consent if information is comprehensible and age-appropriate.
• Copyright protection is granted to AI-assisted works that result from intellectual effort, maintaining human creativity as the essential criterion; purely AI-generated content without human intervention cannot receive copyright protection.
• Criminal penalties up to five years imprisonment apply for unlawful creation or dissemination of harmful deepfakes, with enhanced penalties when AI facilitates fraud, identity theft, or other crimes.
• Dual national AI authorities consisting of AgID and ACN provide coordinated governance structure with clear division of responsibilities for standards, compliance assessment, market surveillance, and enforcement of sanctions.
• The law authorizes up to €1 billion in state-backed venture capital funding for equity investments in enterprises active in AI, cybersecurity, and quantum technologies to stimulate domestic innovation and technological advancement.

References

• Official Italian AI Law (https://www.gazzettaufficiale.it/atto/serie_generale/caricaDettaglioAtto/originario?atto.dataPubblicazioneGazzetta=2025-09-25&atto.codiceRedazionale=25G00143&elenco30giorni=false)
• Reuters - "Italy enacts AI law covering privacy, oversight and child access" (https://www.reuters.com/technology/italy-enacts-ai-law-covering-privacy-oversight-child-access-2025-09-17/)
• McDermott Will & Emery - "Italy becomes the first in Europe to set national AI rules" (https://www.mwe.com/insights/italy-becomes-the-first-in-europe-to-set-national-ai-rules/)
• Linklaters - "Italy – A pioneering national framework to complement the EU AI Act" (https://www.linklaters.com/en-us/insights/blogs/digilinks/2025/september/italy--a-pioneering-national-framework-to-complement-the-eu-ai-act)
• A&O Shearman - "Law No. 132 of September 23, 2025: Italy's leadership in national AI regulation" (https://www.aoshearman.com/en/insights/law-no-132-of-23-september-2025-italys-leadership-in-national-ai-regulation)
• Centraleyes - "Italy's AI Law Comes Into Force" (https://www.centraleyes.com/italys-ai-law-comes-into-force/)
• 360 Business Law - "Italy's AI Law: A New Era of Human-Centred Regulation" (https://www.360businesslaw.com/blog/italy-approves-landmark-ai-law/)
• Orrick, Herrington & Sutcliffe - "Italy's Comprehensive New AI Law" (https://www.jdsupra.com/legalnews/italy-s-comprehensive-new-ai-law-2932814/)
• Norton Rose Fulbright - "Italy enacts Law No. 132/2025 on Artificial Intelligence" (https://www.nortonrosefulbright.com/en/knowledge/publications/9bfedfea/italy-enacts-law-no-132-2025-on-artificial-intelligence-sector-rules-and-next-steps)
• Squire Patton Boggs - "Italian Law no. 132/2025 – The First Domestic Law in the European Union" (https://www.squirepattonboggs.com/en/insights/publications/2025/10/italian-law-no-132-2025-the-first-domestic-law-in-the-european-union-on-the-use-of-artificial-intelligence)
• Hogan Lovells - "Copyright provisions in the new Italian AI-law" (https://www.hoganlovells.com/en/publications/copyright-provisions-in-the-new-italian-ailaw-reinforcing-human-authorship-and-text-and-data-mining)
• IAPP - "Italy becomes first EU member state to pass an AI law" (https://iapp.org/news/a/italy-becomes-first-eu-member-state-to-pass-an-ai-law)
• Complete AI Training - "Italy Enacts EU's First National AI Law: Parental Consent" (https://completeaitraining.com/news/italy-enacts-eus-first-national-ai-law-parental-consent/)
• Legance - "Italy's AI Act: a step ahead in Europe" (https://www.legance.com/italys-ai-act-a-step-ahead-in-europe-an-analysis-of-the-first-national-law-to-implement-the-eu-ai-act/)
• FiscalNote - "AI Policy: Italy" (https://fiscalnote.com/blog/ai-policy-italy)
• Trademark Lawyer Magazine - "Italy's new copyright rules in the first national AI law" (https://trademarklawyermagazine.com/italys-new-copyright-rules-in-the-first-national-ai-law-by-an-eu-member-state/)

Keywords

Artificial Intelligence Regulation, Italy AI Law, EU AI Act, Human-Centric AI, AI Governance, Deepfake Regulation, Copyright and AI, Child Safety AI, AI Compliance, Sectoral AI Regulations, AgID, ACN, AI Transparency, Explainable AI, Human-in-the-Loop, AI Ethics, Employment and AI, Healthcare AI, AI Criminal Penalties, Data Protection and AI