Innovation Law Insights

Podcast

Generative AI & Copyright: EU vs US Legal Battle for the Future

In this episode of Diritto al Digitale, Giulio Coraggio unpacks the landmark Like Company v Google Ireland case and contrasts the EU’s strict framework with the more flexible – yet unpredictable – American approach with regard to copyright and generative AI training. What will this mean for platforms like ChatGPT, Gemini, and Claude? Tune in to find out. You can listen to the episode on Apple Podcasts, Spotify, and Audible.

 

Data Protection and Cybersecurity

Privacy Fine in Italy to Use Private Chats in Disciplinary Actions on the Workplace

The Italian Data Protection Authority (Garante) has fined a company USD420,000 for violating privacy laws in the workplace. The decision centers on the employer’s use of content from Facebook, WhatsApp, and Messenger—shared from the employee’s personal accounts—for disciplinary purposes.

This ruling will have serious repercussions for any employer operating in Italy, especially those dealing with internal investigations that touch on social media or private messaging platforms.

The Garante’s message is clear: even in the workplace, privacy must be respected, and breaching it can result in heavy fines.

The Case: Private Isn’t Public—Even at Work

The case began when an employee filed a complaint, challenging the lawfulness of two disciplinary measures taken against her. The employer had cited:

• Posts published on her closed Facebook profile;
• Private messages exchanged on Messenger with a third party;
• WhatsApp messages shared with colleagues.

The content hadn’t been actively monitored or scraped by the company. Instead, it was voluntarily forwarded to management by co-workers and others involved in the conversations. The company claimed it had no “active role” in collecting the data and justified its use under the GDPR’s legitimate interest basis.

But according to the Garante, this passive reception of data did not exempt the company from privacy compliance obligations.

The Garante’s Key Findings

The Garante Privacy Authority took a firm stance:

1. Using content—even when received passively—is still data processing. Once the employer decided to use the messages and posts in disciplinary procedures, it engaged in full processing under GDPR.
2. A closed Facebook profile implies a reasonable expectation of privacy. Content shared only with “friends” cannot be considered public. Therefore, the company should have assessed whether using that data respected the employee’s rights.
3. Messenger and WhatsApp are protected forms of communication. Even if content is forwarded by a participant in the conversation, this does not authorize an employer to use it unless a proper legal basis exists.

Why the Legitimate Interest Argument Failed

The company attempted to rely on Article 6(1)(f) GDPR—legitimate interest—to justify the processing. However, the Garante highlighted several shortcomings:

• No documented balancing test was provided;
• The company didn’t show that the disciplinary goals could not be achieved without infringing on privacy;
• The employee had no reasonable way to expect her private conversations would be used against her at work.

Moreover, the Garante emphasized that in Italy, employment-related data processing is subject not only to the GDPR but also to Article 113 of the Italian Privacy Code, which strengthens protections for employees. It prohibits the use of personal opinions, beliefs, or information unrelated to professional aptitude for workplace assessments or investigations.

The Broader Impact on Employers in Italy

This decision sends a strong message: workplace privacy is not optional, even in the face of disciplinary concerns.

Employers must now:

• Think twice before using personal communications in internal proceedings against employees, even if those communications are handed over by others;
• Conduct and document a detailed balancing test if relying on legitimate interest;
• Avoid using private messaging data or social media posts unless they are clearly relevant, proportionate, and legally justifiable;
• Align internal policies—such as social media and IT use policies—with GDPR and national law;
• Respect the boundaries between employee conduct and private expression, especially when expressed on platforms like WhatsApp or Facebook.

A Warning Shot: USD420,000 Fine and Public Sanction

The company was ultimately found to have breached Articles 5, 6, and 88 of the GDPR and Article 113 of the Italian Privacy Code. The fine of USD420,000 reflects the Garante’s view that the violations were not minor.

In addition to the financial penalty, the Garante ordered the publication of the decision on its website, amplifying the reputational impact of the case.

This dual penalty—economic and reputational—should be a wake-up call for any company operating in Italy or managing employees whose private digital behavior might intersect with corporate compliance.

Final Takeaways

The case is a clear signal that the privacy of employees in the workplace remains protected, even when messages and social media content circulate beyond their original audience.

Companies must remember:

• A forwarded message is not a license to investigate.
• Personal posts—unless clearly public—are not fair game.
• Italy takes employee privacy seriously, and the fines will match the offense.

If you’re unsure whether your internal disciplinary processes align with GDPR and national law, now is the time to review your policies. Because in today’s digital workplace, privacy breaches don’t go unnoticed—and they don’t go unpunished.

Author: Giulio Coraggio

 

ENISA Guidelines on Compliance with the NIS2 Directive

On June 26, the European Union Agency for Cybersecurity (ENISA) published two sets of guidelines to help businesses ensure their organizational compliance with the NIS2 Directive. The aim of the guidelines is to support companies in understanding how legal requirements translate into operational activities, particularly regarding (i) roles and skills for professionals within essential and important entities, and (ii) technical measures aimed at ensuring the security and resilience of IT systems.

• Guidelines on “Cybersecurity Roles and Skills for NIS2 Essential and Important Entities”

As established under Article 21 of the NIS2 Directive, essential and important entities must adopt appropriate cybersecurity risk management measures. These measures are not limited to technical protections of systems, but also include proportionate organizational measures designed to ensure the resilience and overall protection of digital assets.

Such organizational measures require the implementation of a structured compliance system which – starting from the mapping and identification of the tasks required by the Directive and its national implementations – includes the definition of clear roles and the selection of competent professionals to carry them out.

To this end, the Guidelines present two specific use cases focused on medium-sized organizations, which may face certain limitations in terms of human resources and budget. While each organization must structure its roles according to its specific needs – which may vary depending on regulatory obligations and its cybersecurity maturity level – the examples provided by ENISA serve as a practical starting point.

In the first scenario, ENISA recommends appointing a Cybersecurity Manager (potentially overlapping with the role of the CISO), who plays a strategic role in defining and implementing security policies, as well as managing technical remediation plans. In parallel, ENISA highlights the importance of identifying a Cyber Legal, Policy and Compliance Officer, responsible for supporting compliance activities related to cybersecurity.

Beyond identifying these key roles, ENISA encourages targeted training for existing internal roles – such as IT department members and System Administrators – to enhance cross-functional cybersecurity expertise. Additionally, outsourcing specific services, such as incident response, cyber threat intelligence, and digital forensics, is viewed positively. However, the internal roles remain ultimately responsible, with third-party providers playing only a support role without strategic decision-making authority.

The second scenario focuses on incident response management and the related notification obligations under Article 23 of the NIS2 Directive. Here, ENISA suggests implementing a structured process involving the CISO, a so-called Cybersecurity Implementer (typically a system administrator with incident response skills), the Cyber Legal, Policy and Compliance Officer, and – if necessary – a third-party service provider.

Establishing a team with clearly defined roles and responsibilities, composed of both internal and external resources, allows the organization to meet the stringent notification requirements of the NIS2 Directive while ensuring a responsive and effective incident handling approach. This structured, collaborative setup is fundamental not only for regulatory compliance, but also for strengthening the organization’s overall cybersecurity posture.

The Guidelines also provide a comprehensive mapping of roles, including detailed descriptions of responsibilities, tasks, expected outcomes, and potential collaborations for each role profile in relation to the requirements of the NIS2 Directive. Furthermore, they highlight the benefits of this approach, showing how clear role structures enhance operational transparency, process efficiency, and workforce planning.

While ENISA acknowledges the need to tailor each organizational model to the specific context of the entity subject to the NIS2 Directive, these Guidelines undoubtedly represent a solid starting point for defining an internal structure aligned with the directive’s stringent compliance requirements.

• Guidelines on “Technical Implementation Guidance”

ENISA’s Technical Guidance is designed to support entities falling under the scope of Implementing Regulation (EU) 2024/2690 of 17 October 2024 – including DNS service providers, top-level domain name registries, cloud computing service providers, data center service providers, content delivery network providers, managed service providers, managed security service providers, online marketplace providers, online search engine providers, social networking platform providers, and trust service providers – in implementing the technical and methodological requirements of the NIS2 Directive’s security measures.

In addition to its targeted support for entities covered by the regulation, the Technical Guidance provides detailed and practical information on the risk management measures required by the NIS2 Directive, making it a useful resource for a broader audience of essential and important entities.

Initially released in draft form in January 2025, the final version introduced no significant changes.

The finalization of this document provides organizations with another concrete tool for implementing the NIS2 Directive. Although primarily intended for a specific category of entities, the methodological principles and technical requirements outlined serve as a strong reference point for all organizations subject to NIS2, offering practical and detailed support for implementing an effective cyber compliance system.

Authors: Giulia Zappaterra e Maria Chiara Meneghetti

 

Blockchain and Cryptocurrency

ESMA Bars Broker-Dealer Crypto Operations and Order Book Pooling with Non-EU Entities Under MiCAR

Through Q&A No. 2579 published on June 20, 2025 (hereinafter, the Q&A), the European Securities and Markets Authority (hereinafter, ESMA or Authority) definitively clarifies the incompatibility between the regime of Regulation (EU) 2023/1114 on Markets for Crypto-Assets (hereinafter, MiCAR) and the sharing of order books between authorized Crypto-Asset Service Providers (hereinafter, CASP) and non-EU third parties. Having already severely restricted in its Public Statement of July 31, 2024 (hereinafter, the Public Statement) the admissibility of the broker-dealer model, which provides for the systematic routing of orders to non-EU trading platforms belonging to the same group, the Authority reiterates that any entity involved in the operation of a multilateral trading system must be authorized in advance in accordance with Articles 59, 60, and 63 MiCAR.

1. What is an order book and why is it a service regulated by MiCAR?

In the lexicon of digital markets, the order book is the system by which a trading platform aggregates and organizes, buy and sell offers for crypto-assets submitted by several users. From the perspective of the European legislator, the management of an order book represents the operational core of a trading platform and, as such, qualifies the activity of a trading platform operator as falling within the scope of MiCAR.

According to Article 3, paragraph 1, No.18 MiCAR, a trading platform consists in:

“the management of one or more multilateral systems, which bring together or facilitate the bringing together of multiple third-party purchasing and selling interests in crypto-assets, in the system and in accordance with its rules, in a way that results in a contract, either by exchanging crypto-assets for funds or by the exchange of crypto-assets for other crypto-assets”.

It follows that any legal entity, European or non-European, participating in the management of an order book falling within the concept of “multilateral system” must be authorized as a CASP under MiCAR.

2. ESMA's clarification: the illegality of sharing order books with unauthorized entities.

ESMA has provided decisive clarification on the practice of shared management of order books by authorized entities with third-country entities that are not authorized under MiCAR.

The case considered by ESMA is where several trading platforms, including non-EU platforms, aggregate their order books into a single operational flow, thereby allowing them to buy and sell orders from their respective clients to be matched. This is an integrated model that creates a single liquidity pool managed by operators from different jurisdictions but which, precisely because of this characteristic, implies the joint responsibility of each of them in the management of the multilateral system and in the interaction between different clients.

According to ESMA, it follows that any entity involved in the management of the shared order book must be qualified as a CASP under the Regulation. In the absence of authorization under Article 63, such participation constitutes an abusive provision of services under Article 59.

While not ruling out in absolute terms that other models of interoperability between order books may in theory be compatible with MiCAR, the Q&A suggests that any form of joint management with unauthorized non-EU entities will presumably be considered unlawful. The Authority's approach is therefore based on a restrictive and strict interpretation of the rules on access to the single market for crypto services.

3. From the Public Statement to the Q&A: restrictions on the broker-dealer model as the systematic basis for the new prohibition.

The prohibition on sharing the order book with unauthorized entities is not an isolated turning point but is part of a broader regulatory framework already outlined by the Authority in its Public Statement published less than a year ago.

In that document, addressed to the National Competent Authorities (NCAs), ESMA drew attention to the risk that some operators, formally authorized as CASPs for the mere reception and transmission of orders, could draw on the market liquidity they manage on trading platforms located outside the EU, thus circumventing the more stringent conditions laid down in Europe for this service.

The model examined is the so-called intra-group broker-dealer, in which the European CASP receives orders from its clients but systematically transmits them to intra-group entities established in third countries, which act as liquidity providers through the trading platforms they operate.

According to ESMA, this model generates two main categories of risk:

• First, conflict of interest: the intermediary receiving and routing orders within its own corporate group may have an incentive to favor intragroup channels, with little transparency and potential distortions in execution.
• Secondly, the effective protection of the client's interest in best execution is called into question: the choice of execution channel could be guided by internal, organizational, or economic considerations rather than by the principle of the best possible result for the client, in violation of the duties of diligence and impartiality imposed on CASPs.

Precisely, in light of this limitation, entities in the process of obtaining MiCAR licenses have decided to opt for a model compliant with the Public Statement, i.e., establishing a trading platform in Europe in accordance with MiCAR rules, but whose liquidity is fed not only by the European market, but also by the non-European market through the shared order book mechanism.

In this context, the Q&A is a coherent follow-up to the Public Statement. By clarifying that even the technical sharing of an order book with unauthorized entities implies joint responsibility for the management of the multilateral system, ESMA consolidates a rigorous and systemic interpretation of the scope of authorization.

ESMA's objective is twofold:

• on the one hand, to prevent the single market from being opened up to entities that do not offer equivalent guarantees in terms of supervision, transparency, and investor protection to those required of authorized CASPs;
• on the other hand, to prevent limited-service providers, particularly those authorized only to receive and transmit orders, from providing, “indirectly” through group companies, services like those of a trading venue operator, thereby circumventing the more stringent authorization conditions and governance requirements imposed by MiCAR.

4. An isolationist choice? The logical implications of ESMA's ban on liquidity and access to crypto markets.

The Q&A marks an interpretative shift that is set to have structural impacts on the functioning of European markets for crypto-assets and has provoked strong criticism from the industry. Stakeholders have highlighted how ESMA's approach risks amplifying liquidity fragmentation within the European market, preventing the formation of adequate trading pools.

The concrete impact on the market is significant. The foreclosure of shared order books forces European platforms to operate on limited liquidity pools, accentuating the risk of wider spreads, shallower depth, and greater volatility of crypto assets. In a context where competitiveness is also measured by the ability to ensure efficient execution and global access, the EU risks losing ground to jurisdictions that, while pursuing similar regulatory objectives, adopt more open and proportionate models.

In conclusion, although the Authority's choice is inspired by more than legitimate and necessary objectives of market control and integrity, it raises the issue of the compatibility between a strongly endogenous approach and the aspiration for a fully integrated and globally competitive European market. In the absence of a more balanced reflection on the operational scope of key concepts such as the inherently decentralized nature of CASPs, there is a risk that MiCAR, created to harmonize and strengthen, will end up isolating and rigidifying.

Author: Andrea Pantaleo e Giulio Napolitano

 

Intellectual Property

Trade Secrets: U.S. Tech Company Acts Against Former Employee for Misappropriation

A leading company in the development of tech devices has filed a lawsuit in the Superior Court of the State of California for the County of Santa Clara against a former employee, claiming he misappropriated trade secrets and confidential information related to an augmented reality headset currently under development.

According to the documents submitted by the company, the senior engineer allegedly copied thousands of confidential files, including technical documentation and proprietary information concerning unreleased products. This conduct is said to violate the contractual obligations the former employee made under his employment contract and the company's Confidentiality and Intellectual Property Agreement (IPA).

U.S. Trade Secret Law

Under U.S. federal law, a trade secret is defined as any financial, commercial, scientific, economic, or engineering information, such as code, formulas, designs, prototypes, or programs, that holds actual or potential economic value by virtue of not being generally known or readily accessible to others who could economically benefit from its disclosure or use.

To be protected as trade secrets, such information must be subject to reasonable measures of secrecy and protection, including specific contractual provisions with employees and collaborators of the trade secret holder.

The acquisition or misuse of trade secrets is considered unlawful when carried out through improper or fraudulent means, such as theft or breach of confidentiality obligations.

The Data Exfiltration

The company claims that, based on a forensic investigation of the engineer's work computer, the data exfiltration began shortly before the termination of his employment. According to the company, the former employee manually selected hundreds of confidential files containing trade secrets, moved, renamed and uploaded them to his personal cloud account, and ultimately deleted them from his corporate device in an apparent attempt to eliminate any trace of the activity.

When communicating his resignation, the engineer stated he was leaving for personal reasons, failing to disclose that he had already accepted a position with a competing firm also active in the development of augmented reality devices. This omission prevented the company from taking timely measures to limit the former employee's access to trade secrets and proprietary information.

The company’s measures adopted to protect trade secrets

Indeed, the tech company places particular emphasis on protecting its confidential business data. Signing the IPA is a mandatory condition of employment, and the agreement imposes obligations on employees to protect the company's confidential information and to refrain from disclosing it to third parties, even after termination. The company also provides regular training to reinforce confidentiality obligations.

Special attention is paid to offboarding procedures: when employees leave the company, strict measures are implemented to prevent the loss or misuse of sensitive information. These include returning company-issued devices, deleting all confidential files or software (company-owned or third-party), and completing a checklist highlighting the obligation to return or destroy any document containing confidential or proprietary information.

The company's legal demands

The U.S.-based tech giant alleges that the former employee, who acted in breach of his contractual obligations and internal offboarding protocols, may use the stolen trade secrets and data to benefit his new employer. The competing company is reportedly developing its own AR headset, and the misappropriated information could significantly accelerate its product development.

Accordingly, the digital devices manufacturer has asked the court for damages (amount yet to be determined) and has requested that the former employee be ordered to return the proprietary materials. It also seeks authorization to perform forensic analysis of the former employee's personal devices and cloud accounts to verify the deletion of stolen data.

Protecting trade secrets in the tech sector starts with employees

This case highlights the growing tension in the tech sector around trade secret protection, especially in an increasingly competitive landscape where innovation in advanced devices is at the core of market success. As a result, safeguarding trade secrets and confidential information has become a strategic priority for technology companies.

To mitigate the risks associated with the misuse or leakage of such intangible assets, companies must adopt targeted preventive and organizational measures. These include requiring employees to sign tailored agreements governing the use and confidentiality of corporate data and enforcing strict exit protocols. These protocols should involve the return of all company assets, deletion of confidential files from all media under the former employee's control, and a formal obligation not to retain any proprietary documentation. Such instruments are essential to preserve the integrity of a company's information assets and to reduce the risk of trade secret misappropriation.

Author: Chiara D'Onofrio

 

Food and Beverages

Counterfeit Food and Beverages: EUIPO and Europol Join Forces Against Organised Crime in the Agri-Food Sector

In June 2025, the European Union Intellectual Property Office (EUIPO) launched the campaign "What’s on Your Table?" to raise awareness about the widespread phenomenon of counterfeit food and beverages in the EU.

Contrary to the common perception that counterfeiting affects only fashion and luxury goods, the agri-food sector is increasingly targeted by organised criminal networks, with serious consequences both for public health and for the lawful economy. According to EUIPO data, the counterfeit wine and spirits sector alone is estimated to have caused a loss of USD2.289 billion in the European Union between 2013 and 2027, with nearly 5,700 jobs lost.

Further evidence underscores the relevance of the phenomenon: Operation OPSON XIII, jointly coordinated by Europol and Interpol in 2024, resulted in the seizure of over EUR91 million worth of counterfeit or non-compliant food and beverages, including more than 22,000 tonnes of food and 850,000 litres of beverages, and the dismantling of 11 criminal organisations.

The findings of Europol's Serious and Organised Crime Threat Assessment 2025 (EU-SOCTA 2025) also confirm the growing involvement of organised crime in the food supply chain. Counterfeiters frequently adulterate products, falsify geographical indications, tamper with labels, and misrepresent origin and composition. Among the most common violations are honey diluted with corn syrup, deceptively labelled fish, and counterfeit extra virgin olive oil. Products bearing protected geographical indications (PDOs, PGIs) are especially exposed, due to their high market value and the strong trust they command among consumers.

These offences are facilitated by the fragmentation of supply chains, limited traceability controls, and the increasing reliance on e-commerce and small parcel shipments. Public health risks are also significant: in recent seizures, authorities found counterfeit foodstuffs containing methanol, mercury, fipronil and other banned pesticides.

The EUIPO campaign is accompanied by multilingual consumer materials and aims to encourage responsible purchasing habits, including checking product origin, verifying official logos, and avoiding suspiciously low-priced items. For businesses - particularly those operating under protected designations - this is a call to reinforce IP protection, invest in traceability technologies, and cooperate with enforcement authorities to prevent misuse of their reputation and rights.

To respond effectively, companies in the food and beverage sector could carry out systematic trademark monitoring, conduct supply chain audits (including online sales channels), implement anti-tampering packaging features and establish clear procedures for reporting infringements. Participating in EU-level databases and rapid-alert systems and fostering direct contact with customs and law enforcement bodies can make the difference in detecting and stopping illicit activities before they reach consumers.

Author: Federico Maria Di Vizio

 

Legal Design

Legal Design Trick #9 – Information Architecture: Plan It, Don’t Wing It!

You simplified your language? Now it’s time to organize your content in a way that’s clear, logical… and readable!

Why structure matters?

Confusing, cluttered, or repetitive content frustrates users, slows down understanding, and increases the risk of errors.

A well-structured legal document, instead, guides, orients, and empowers the reader to act with confidence.

What is Information Architecture?

Information architecture is the art of organizing content so it is clear and functional.
In legal writing, it helps structure communication to make it navigable, coherent, and user-friendly.

Remember: a clear layout = readable content. But how?

• Add white space to let the text breathe
• Use boxes, icons, and bullet points to highlight key parts
• Keep visual consistency (fonts, margins, colors)
• Use bold and caps sparingly and only when needed

How to structure your text?

A good document follows a hierarchical and sequential logic.

Discover below how to shape your structure:

• Include a table of contents à helps users find their way
• Use clear, descriptive headings and subheadings à anticipate meaning
• Write short, well-ordered paragraphs à one idea per block
• Add an introduction and a conclusion à set the context and wrap it up

Redesigning an existing document: where to start?

You do not always need to rewrite a legal document from scratch. Sometimes, reorganizing is enough!

1. Spot what works and what causes confusion
2. Cut out repetition and redundancy
3. Group similar sections and reorder them logically
4. Add (if needed) headings, boxes, definitions, or reading guides

Layering helps simplify

Information layering is a core principle in Legal Design.

It allows you to present complex content in a way that’s easier to digest:

• Start with the essentials, then go deeper (e.g., a short intro followed by detailed explanations)
• Focus attention on what the user needs right now (e.g., use questions or catchy headings)
• Include internal links or external references for extra details (e.g., appendices, FAQs, detailed notices, final glossaries)

Remember: It’s the logic of progressive disclosure widely used in UX and digital design.

A practical trick: Card Sorting

"Card sorting" is a simple, powerful technique to design your document structure:

1. Write each topic or content block on a sticky note
2. Ask yourself what needs to come first and what follows?
3. Organize the notes like a table of contents

Remember: It is a great way to design the logical flow of your document, making it clear, concise, and user-focused.

Did you know?

According to a study by the UX guru Nielsen Norman Group, users read only 20–28% of the text on a digital page.

That's why organizing content well is key: it helps users read more, saves time, and boosts comprehension!

What’s next?

You have learned how to organize content.

But how do you create legal documents that look engaging too?

Stay tuned: in the next episode of Legal Design Tricks, we’ll dive into visual design for legal documents!

Author: Deborah Paracchini

 

---

Innovation Law Insights is compiled by DLA Piper lawyers, coordinated by Edoardo Bardelli, Carolina Battistella, Carlotta Busani, Noemi Canova, Gabriele Cattaneo, Maria Rita Cormaci, Camila Crisci, Cristina Criscuoli, Tamara D’Angeli, Chiara D’Onofrio, Federico Maria Di Vizio, Enila Elezi, Nadia Feola, Laura Gastaldi, Vincenzo Giuffré, Nicola Landolfi, Giacomo Lusardi, Valentina Mazza, Lara Mastrangelo, Maria Chiara Meneghetti, Giulio Napolitano, Deborah Paracchini, Maria Vittoria Pessina, Marianna Riedo, Tommaso Ricci, Rebecca Rossi, Roxana Smeria, Massimiliano Tiberio, Federico Toscani, Giulia Zappaterra, Enila Elezi.

Articles concerning Telecommunications are curated by Massimo D’Andrea, Flaminia Perna, Matilde Losa and Arianna Porretti.

For further information on the topics covered, please contact the partners Giulio Coraggio, Marco de Morpurgo, Gualtiero Dragotti, Alessandro Ferrari, Roberto Valenti, Elena Varese, Alessandro Boso Caretta, Ginevra Righini.

Learn about Prisca AI Compliance, the legal tech tool developed by DLA Piper to assess the maturity of AI systems against key regulations and technical standards here.

You can learn more about “Transfer”, the legal tech tool developed by DLA Piper to support companies in evaluating data transfers out of the EEA (TIA) here, and check out a DLA Piper publication outlining Gambling regulation here, as well as Diritto Intelligente, a monthly magazine dedicated to AI, here.

If you no longer wish to receive Innovation Law Insights or would like to subscribe, please email Silvia Molignani.