ITALY Law and Practice Contributed by: Francesco Di Carlo and Filippo Raynaud, FIVERS Studio Legale e Tributario
8. Artificial Intelligence 8.1 Board Oversight of AI
7.2 ESG Developments Under Italian law, there is no single, comprehensive statutory framework governing ESG matters across all companies. Instead, ESG obligations arise from a combination of EU legislation, national laws and cor - porate governance principles, which generally apply only to specific categories of companies and/or sec - tors of activity and therefore have a limited scope of application. Against this background, the current global political climate has not led to a formal rollback of ESG require - ments in Italy. Rather, it has triggered a shift in how ESG is approached at governance level, moving from a broad, compliance-driven perspective to a more selective and risk-based focus on material issues: In particular, recent practice shows a tendency among boards to: • integrate ESG considerations into core business strategy and risk management, rather than treating them as standalone compliance topics; • focus on ESG factors that have a direct impact on enterprise value and operational risk; and • streamline governance structures (for example, by embedding ESG oversight into the board or risk committees or maintaining dedicated ESG commit - tees). It should be noted, however, that these developments concern primarily more structured companies, in par - ticular: • listed companies and large corporates; • entities operating in regulated sectors (such as banking, financial and insurance); and • companies subject to specific ESG-related dis - closure and governance requirements at EU or national level. For smaller or non-regulated companies, ESG con - siderations remain largely embedded in general cor - porate law duties and are typically addressed with a lower degree of formalisation.
Italian law does not provide for a fully codified sys - tem of board oversight of artificial intelligence as a standalone matter. However, a structured framework now emerges from the combined application of the EU Artificial Intelligence Act and Law No 132/2025, together with general duties of directors under the Civil Code. Law No 132/2025 introduces a set of general princi - ples governing the development and use of AI, includ - ing transparency, human oversight, non-discrimina - tion, data quality, and cybersecurity across the entire lifecycle of AI systems. These principles are expressly anthropocentric and require that AI systems remain subject to human control and responsibility. Within this framework, directors are required to ensure that the company’s organisational, administrative, and risk management structures adequately address AI- related risks. This includes the integration of AI into internal control systems, the adoption of governance policies, and the supervision of compliance with both EU and national requirements. In practice, oversight is typically allocated to the board of directors as a whole, with operational monitoring delegated to control and risk committees. The intro - duction of national principles under Law No 132/2025 further reinforces the expectation that boards actively supervise the ethical, legal, and operational use of AI, particularly where fundamental rights or high-risk applications are involved. 8.2 AI Use-Related Risks AI-related risks in Italy are governed by a layered framework combining EU regulation and national legislation. Alongside the GDPR and sector-specific rules, Law No 132/2025 establishes binding principles for AI development and use, focusing on the protec - tion of fundamental rights, transparency, accountabil - ity, and technological reliability. The most significant regulatory development remains the EU Artificial Intelligence Act, which introduces a risk-based classification of AI systems and corre -
373 CHAMBERS.COM
Powered by FlippingBook