ITALY Law and Practice Contributed by: Giovanni F Casucci, Matteo Casucci, Serena Spadavecchia and Alice Niccoli, GA-Alliance
Consequently, when combining these two sets of regulations, if a trade secret is substantially embod - ied in software, it is not possible to prevent reverse engineering by a licensee or a contractual partner, and any contractual rule prohibiting such activity will be considered invalid. It is worth noting that the intersection between trade secret protection and computer programs embedded with artificial intelligence (AI) functionalities has gained increasing regulatory relevance: the obligations of technical documentation and transparency imposed by Regulation (EU) 2024/1689 (the “AI Act”) require providers of high-risk AI systems to prepare detailed documentation concerning system architecture, train - ing data and the general logic of the model. In cer - tain circumstances, such requirements may entail the disclosure of information that overlaps with elements typically protected as trade secrets, such as algorith - mic logic or model design, thereby creating a potential interaction with the limitations on reverse engineering discussed previously. 1.8 Computer Software, Artificial Intelligence and Technology In Italy, civil law does not provide separate and spe - cific protection for trade secrets concerning computer software and technology; instead, these are covered by the general principles of trade secret protection derived from the CPI. Consequently, there is no addi - tional, distinct legislation offering a specialised suite of protections in this area. It is worth noting that, due to the limitations on soft - ware protection (which is primarily through copyright for the “expression” of the code and preparatory works), trade secrets are frequently used to protect aspects of software excluded from copyright, particu - larly algorithms. This approach can offer a broader scope of protection than copyright and may serve as a viable alternative to pursuing a patent application for computer-related inventions. Patent applications would become publicly available upon publication, potentially exposing them to the risk of nullity pro - ceedings due to the prohibition outlined in Article 52.2 (c) of the European Patent Convention.
However, two directly applicable EU Regulations now interact with this framework. First, the AI Act, appli - cable to high-risk AI systems from 2 August 2026, introduces documentation, transparency and compli - ance requirements for providers and deployers of AI systems. Although the AI Act contains safeguards for confidential information, its obligations may in prac - tice require the disclosure of elements that overlap with trade secrets, such as algorithmic logic or model architecture. Second, Regulation (EU) 2023/2854 (the “Data Act”), applicable from 12 September 2025, establishes mandatory data access and sharing obligations con - cerning data generated by connected products and related services. The interaction between such obliga - tions and the protection afforded by Articles 98 and 99 of the CPI will require a case-by-case assessment. Where disclosure is ordered by a competent authority or court, the trade secret holder may seek the adop - tion of appropriate confidentiality measures, including those provided for under Article 121-ter of the CPI. 1.9 Duration of Protection for Trade Secrets In Italy, trade secret protection lasts for as long as the information is kept confidential. Once a trade secret is revealed and made available to the public, it loses its protected status, and this applies whether disclosures are intentional or accidental. On the other hand, controlled disclosure includes sharing the information under NDAs or other form, as long as confidentiality is maintained. To mitigate the impact of any disclosure, whether accidental or controlled, owners should implement robust security measures, use NDAs with all relevant parties, and ensure that there are clear internal protocols for han - dling sensitive information. In the event of accidental or unauthorised disclosure, owners should act promptly to isolate the incident by retrieving disclosed property, enforcing confidentiality covenants with involved parties, and enforcing legal steps as needed to prevent ongoing misuse. One way to detect potential vulnerabilities is by tracking who accessed the trade secret and what the conditions were under which they did so.
89
CHAMBERS.COM
Powered by FlippingBook