Italy Sets Workplace AI Rules: What Employers Must Do Now

Italy's AI Act makes workplace AI a rulebook, not a wish list. Employers face high-risk duties, plain English explanations, union notices, and fines up to €1,500 per worker.

AI News: Italy Sets the Rules for AI in the Workplace (20 February 2026)

Italy's Artificial Intelligence Act (Law No. 132) is in force as of 10 October 2025. It's the first comprehensive national AI framework in the EU, and it moves AI from "nice-to-have policies" to binding workplace rules.

For employers, this is the shift from prep to execution. Compliance, documentation, and day-to-day governance now decide your risk.

The Baseline: EU High-Risk + Italian Requirements

Under the EU AI Act, any AI system used for employment decisions is automatically "high-risk." That triggers obligations for risk management, data quality, technical documentation, logs, transparency to users, and meaningful human oversight.

Italy aligns with that view and centers fundamental rights. Transparency, data protection, gender equality, cybersecurity, and accessibility are mandated, not optional.

Reference texts worth bookmarking: EU AI Act (Regulation (EU) 2024/1689) and GDPR (Regulation (EU) 2016/679).

Key Requirements for HR and Workforce Management

Read together with the Transparency Decree (Legislative Decree No. 104/2022), the Italian AI Act expands what employers must do when AI supports HR and workforce decisions-recruitment, performance evaluation, task allocation, and termination.

Inform employees in advance about how AI tools work and what data they use.
Update that information and notify employees at least 24 hours before any material system change.
Share the relevant disclosures with trade union representatives.
Ensure effective human oversight over automated decision-making.
Guarantee AI systems respect fundamental rights and are free from any discrimination.

From Disclosure to Explanation

The law asks for more than a privacy notice. You must explain-in plain, accessible language-how automated decisions work, the risks involved, and the potential effects on employees.

Employees must be able to ask for clarification and request human review of AI-driven decisions. In practice, that means explainability workflows and documented escalation paths.

Sanctions You Can't Ignore

Non-compliance carries real costs. Authorities can impose administrative fines of up to €1,500 per employee, with monthly increases for ongoing issues and extra penalties if unions were not properly informed.

New Institutional Oversight

Italy created an Oversight Committee within the Ministry of Labour and Social Policies to monitor AI's impact on employment. Expect sector analyses, fresh guidance, and more scrutiny as adoption grows.

Regulated Professions: No Full Delegation to AI

Professionals cannot fully delegate services to AI systems. Any use of AI in professional activities must be disclosed in a transparent and understandable way.

Data Protection Still Rules the Stack

If AI touches personal data, GDPR fully applies. You'll need a valid legal basis, tight data minimization and purpose limitation, and (where applicable) a Data Protection Impact Assessment-especially for systematic evaluation or decisions affecting employees.

If a decision is based solely on automated processing and has legal or similarly significant effects, employees must be able to get human intervention, share their point of view, and contest the decision. The Italian AI Act reinforces these GDPR obligations and restates lawful, fair, and transparent processing that stays aligned with original purposes.

Your Near-Term Action Plan

Map all AI use in HR and operations: vendors, custom tools, features, data flows, and decision points.
Classify where AI impacts employment decisions and confirm "high-risk" obligations.
Update employee disclosures with plain-language explanations; set a 24-hour change-notification process.
Document meaningful human oversight: roles, thresholds for review, and escalation procedures.
Run DPIAs where required; record risk mitigations, testing, and monitoring schedules.
Tighten data governance: legal bases, minimization, purpose limitation, retention, and access control.
Review vendor contracts: transparency, audit rights, logs, model changes, bias testing, and incident reporting.
Engage unions early with required disclosures; keep records of notices and meetings.
Train HR, legal, IT, and managers on explainability, bias risks, and employee rights.
Stand up an AI governance framework: inventory, approvals, change control, and documentation standards.
Monitor implementing decrees due by October 2026 and adjust policies as guidance lands.
Coordinate with counsel on gray areas, especially around automated decision-making and explainability.

Timeline and What's Next

At least one implementing decree-defining an "organic framework" for data, algorithms, and AI-training methods-is due by October 2026. Use this window to tighten controls, validate explainability, and pressure-test oversight before inspections become routine.