Understanding the Implications of the New Italian AI Law for Personal Data Protection and Governance

On October 10, 2025, Italy introduced its first national law regulating artificial intelligence (AI), marking a significant step in Europe’s approach to AI governance. This law aligns closely with the European AI Act, ensuring compatibility without adding extra obligations. It sets out clear principles and sector-specific rules to promote responsible AI use while safeguarding citizens' rights, especially regarding personal data.

The Framework of the New Italian AI Law

The law consists of 28 articles that emphasize an anthropocentric approach to AI. This means AI systems should serve people’s well-being, respecting constitutional rights and European Union regulations. The law targets specific sectors such as healthcare, employment, and public administration, where AI’s impact is most significant.

Key principles include:

• Transparency in AI system operations

• Accountability for AI developers and users

• Risk management to prevent harm

• Promotion of AI to improve quality of life

  
  

These principles create a foundation for AI governance that balances innovation with protection.

Personal Data Protection Under the New Law

One of the most critical parts of the law is Section 4, which addresses the processing of personal data by AI systems. It highlights the need for clear, accessible information about how AI handles data, ensuring users understand what happens to their information.

Protection of Minors’ Data

The law introduces stricter rules for processing minors' personal data:

• Children under 14 require parental consent to access AI technologies.

• Those aged 14 to 18 can consent independently, following GDPR guidelines.

  
  

This approach recognizes minors as vulnerable individuals needing extra protection. It aims to prevent unauthorized data use and ensure that AI systems respect minors' rights.

Media and Information Principles

AI use in media must respect:

• Freedom and pluralism of information

• Freedom of expression

• Objectivity, completeness, impartiality, and fairness

  
  

These principles ensure AI-driven media content remains trustworthy and balanced, preventing misinformation or bias.

Practical Implications for Organisations and Users

Organisations deploying AI in Italy must carefully review their data processing practices to comply with the new law. This includes:

• Updating privacy policies to clearly explain AI data use

• Implementing consent mechanisms for minors

• Training staff on AI transparency and ethical use

• Conducting risk assessments focused on personal data protection

  
  

For example, a healthcare provider using AI diagnostics must ensure patient data is handled transparently and securely, with special attention to minors’ consent where applicable.

Users should be aware of their rights under this law, including the ability to:

• Receive clear information about AI data processing

• Object to unfair or biased AI decisions

• Exercise control over personal data, especially for minors

  
  

How the Law Supports Responsible AI Development

The Italian AI law encourages developers to build AI systems that are:

• Transparent: Users can understand how AI works and how data is used.

• Accountable: Developers and users are responsible for AI outcomes.

• Human-centered: AI serves people’s needs without compromising rights.

  
  

By setting these standards, the law aims to foster trust in AI technologies and encourage innovation that respects ethical boundaries.

Challenges and Considerations

While the law provides a clear framework, challenges remain:

• Ensuring consistent interpretation across sectors

• Balancing innovation with strict data protection

• Educating the public and organizations about new obligations

  
  

For instance, small businesses may struggle to implement complex consent mechanisms for minors, requiring support and guidance.

Looking Ahead: The Future of AI Governance in Italy

The new Italian AI law sets a precedent for national AI regulation in Europe. Its alignment with the EU AI Act ensures coherence while addressing local needs. As AI technologies evolve, ongoing updates and enforcement will be crucial to maintain effective governance.

Organisations should monitor regulatory developments and adapt their AI strategies accordingly. Users can expect stronger protections and clearer rights regarding AI and personal data. (Written and edited by, The Decision Maker Technology editors)