Artificial Intelligence Act

13 march 2024

The regulation, agreed in negotiations with member states in December 2023, was endorsed by MEPs with 523 votes in favour, 46 against and 49 abstentions.

It aims to protect fundamental rights, democracy, the rule of law and environmental sustainability from high-risk AI, while boosting innovation and establishing Europe as a leader in the field. The regulation establishes obligations for AI based on its potential risks and level of impact.

Banned applications 

The new rules ban certain AI applications that threaten citizens’ rights, including biometric categorisation systems based on sensitive characteristics and untargeted scraping of facial images from the internet or CCTV footage to create facial recognition databases. Emotion recognition in the workplace and schools, social scoring, predictive policing (when it is based solely on profiling a person or assessing their characteristics), and AI that manipulates human behaviour or exploits people’s vulnerabilities will also be forbidden.

Law enforcement exemptions 

The use of biometric identification systems (RBI) by law enforcement is prohibited in principle, except in exhaustively listed and narrowly defined situations. “Real-time” RBI can only be deployed if strict safeguards are met, e.g. its use is limited in time and geographic scope and subject to specific prior judicial or administrative authorisation. Such uses may include, for example, a targeted search of a missing person or preventing a terrorist attack. Using such systems post-facto (“post-remote RBI”) is considered a high-risk use case, requiring judicial authorisation being linked to a criminal offence.

Obligations for high-risk systems

Clear obligations are also foreseen for other high-risk AI systems (due to their significant potential harm to health, safety, fundamental rights, environment, democracy and the rule of law). Examples of high-risk AI uses include critical infrastructure, education and vocational training, employment, essential private and public services (e.g. healthcare, banking), certain systems in law enforcement, migration and border management, justice and democratic processes (e.g. influencing elections). Such systems must assess and reduce risks, maintain use logs, be transparent and accurate, and ensure human oversight. Citizens will have a right to submit complaints about AI systems and receive explanations about decisions based on high-risk AI systems that affect their rights.


Transparency requirements 

General-purpose AI (GPAI) systems, and the GPAI models they are based on, must meet certain transparency requirements, including compliance with EU copyright law and publishing detailed summaries of the content used for training. The more powerful GPAI models that could pose systemic risks will face additional requirements, including performing model evaluations, assessing and mitigating systemic risks, and reporting on incidents.

Additionally, artificial or manipulated images, audio or video content (“deepfakes”) need to be clearly labelled as such.

Measures to support innovation and SMEs

Regulatory sandboxes and real-world testing will have to be established at the national level, and made accessible to SMEs and start-ups, to develop and train innovative AI before its placement on the market.

News archive

 

Firm news

set26

26/09/2025

Definizione della controversia tra Iliad Italia S.p.A. e Hera S.p.A. ai sensi del Regolamento di cui alla delibera n. 449/16/CONS

Con la delibera n. 33/25/CIR viene definita la controversia promossa Iliad Italia S.p.A. e Hera S.p.A., difesa dagli Avv.ti Fabrizio Cugia di Sant'Orsola e Silvia Giampaolo ai sensi del Regolamento di

set26

26/09/2025

Diritto di accesso, il Garante privacy sanziona una banca per 100mila euro Cliente può accedere ai propri dati contenuti nelle registrazioni degli ordini telefonici

Il Garante privacy ha comminato una sanzione di 100mila euro a una banca per non aver risposto in modo esaustivo a un cliente che aveva fatto richiesta di accesso ai propri dati personali

set26

26/09/2025

Privacy ed Intelligenza Artificiale

Il 23 settembre e’stata pubblicata in G.U. la Legge 23 settembre 2025 n. 132, Disposizioni e deleghe al Governo in materia di intelligenza artificiale (Gazz. Uff. 25 settembre 2025, n. 223), che

Lawyer News

ott13

13/10/2025

Sharenting e baby influencer: in Senato un Ddl per proteggere i minori

Apertura di account social solo dopo i

ott13

13/10/2025

Abusi su parti comuni: rispondono direttamente i singoli condòmini

Illegittimo l’ordine di demolizione notificato