ITALY Law and Practice Contributed by: Francesco Di Carlo and Filippo Raynaud, FIVERS Studio Legale e Tributario
sponding compliance obligations. Law No 132/2025 complements this framework by reinforcing key safe - guards, including human oversight, prevention of dis - criminatory outcomes, data governance standards, and system security. From a governance perspective, AI risk management is typically structured across multiple corporate func - tions. Senior management is responsible for imple - mentation, while the board retains overall responsi - bility for supervision and strategic direction. Risk and audit committees are increasingly tasked with over - seeing AI-related risks, particularly in relation to inter - nal controls and compliance. The Italian framework also places increasing emphasis on reputational and ethical risks, requiring companies to ensure that AI systems are explainable, reliable, and aligned with constitutional principles. As a result, many organisations are adopting internal AI govern - ance frameworks, including risk classification models, human oversight procedures, and internal validation processes. 8.3 Liability Exposures Arising From AI Use The use of AI systems exposes directors and officers to liability under both general corporate law and the emerging AI-specific framework. Law No 132/2025 strengthens this exposure by explicitly linking AI use to the protection of fundamental rights and by intro - ducing additional areas of civil and criminal liability. Key liability risks include unlawful data processing, discriminatory or biased outputs, lack of transparency, unsafe or unreliable AI systems, and failures in human oversight. The law also introduces specific attention to issues such as deepfakes, misuse of AI-generated content, and professional obligations to inform users or clients about the use of AI systems. Directors may be held liable where they fail to imple - ment adequate governance structures or to ensure compliance with applicable AI principles. This includes failures to adopt appropriate risk management sys - tems, inadequate supervision of high-risk AI applica - tions, or omission of necessary corrective actions.
Enforcement may occur through civil claims by the company, shareholders, creditors, or third parties, as well as through regulatory sanctions. In certain cases, criminal liability may arise under the provisions intro - duced or reinforced by Law No 132/2025, particularly where AI is used in a way that harms individuals or infringes legally protected interests. 8.4 Key Disclosure Requirements for AI Use Italian law does not yet impose a comprehensive, standalone disclosure regime specifically dedicated to AI. However, disclosure obligations arise indirectly from multiple sources, including corporate reporting rules, sustainability reporting frameworks, and the principles introduced by Law No 132/2025. Under this law, transparency is a core requirement: individuals must be informed when interacting with AI systems, and companies must ensure that the func - tioning and risks of such systems are understandable and accessible. This principle is likely to influence corporate disclosure practices, particularly in relation to customer-facing AI and decision-making systems. Listed companies are required to disclose mate - rial risks, governance structures, and internal control systems. Where AI systems materially impact busi - ness operations or risk exposure, related information should be included in annual reports and corporate governance disclosures. In addition, under the CSRD, companies may be required to disclose information on digital govern - ance, risk management, and technological impacts, including AI where relevant. The combined effect of EU and national rules is leading to a gradual increase in transparency expectations, particularly regarding AI governance, risk mitigation measures, and account - ability frameworks.
374 CHAMBERS.COM
Powered by FlippingBook