On 10 October 2025, Italy enters a historic turning point in the world of work with the entry into force of Law No. 132/2025, the first comprehensive regulatory framework governing the use of Artificial Intelligence (AI) in professional environments.
The main goal is clear: ensure an AI deployment that boosts productivity without compromising work quality, workers’ physical and psychological safety, or dignity—fully in line with European legal principles. At the heart of the regulation lies the concept of AI transparency at work, a true cornerstone for ethical and safe adoption of new technologies.
Table of Contents
Article 11: Key Principles of Law 132/2025
Article 11 defines three fundamental directives for the use of AI in the workplace. First, technologies must improve working conditions and support organizational efficiency. Second, they must comply with principles of transparency, safety, and traceability, ensuring data confidentiality and prohibiting any form of covert surveillance or automated decisions that undermine workers’ dignity.
Finally, the article establishes a strict non-discrimination requirement, excluding any bias based on sex, age, ethnic origin, religion, sexual orientation, or other personal characteristics.
This regulation aligns with the broader European framework, particularly EU Regulation 2024/1689 (AI Act), which classifies HR-related AI systems as high-risk, and EU Directive 2024/2831 on digital platform work.
How to Comply: Mapping, Training, and Operational Procedures
Companies and consultants must adopt an integrated approach to comply with AI transparency at work, involving HR, IT, Legal, and the DPO. The first step is mapping all AI systems, identifying every software and algorithm affecting HR processes, and documenting purpose, logic, data used, and existing human oversight.
Next, employers must update worker information notices and establish clear procedures to respond to data-access requests within 30 days.
The law also requires involvement of trade unions, with mandatory disclosure to RSA, RSU, or territorial organizations. Periodic checks on accuracy, robustness, and bias are essential, ensuring meaningful human intervention for any contestable automated decision.
Sanctions and Responsibilities
Penalties for non-compliance with the new obligations are severe. Failure to meet disclosure requirements triggers administrative sanctions ranging from €250 to €1,500 per employee, with an additional surcharge of up to €750 for each month of missing or incomplete information.
Similar penalties apply for omissions toward trade union representatives, with fines between €400 and €1,500. The National Labor Inspectorate is responsible for issuing sanctions, while companies may also face liability for data-processing violations under GDPR.
