Innovation Law Insights

Podcast

AI compliance assessment – Is your company doing it right?

Assessing an AI system’s compliance is rapidly becoming critical for businesses as AI transitions from pilot projects to full-scale integration in core operations.

Regulatory scrutiny, particularly regarding compliance with EU standards, has intensified significantly. The pressing question for organizations now is whether their business is properly assessing the compliance of AI systems.

Listen the episode on the topic here. 

Legal Leaders Insights | Anna Rosa Cosi, General Counsel of Siemens Italy

How is the legal function evolving in the age of smart factories, connected machines, and AI-driven industrial solutions?

In this episode of Legal Leaders Insights, host Giulio Coraggio sits down with Anna Rosa Cosi, General Counsel of Siemens Italy, one of the world’s leading industrial technology companies, to explore how the legal function is evolving in the era of Industry 4.0.

Listen the episode on the topic here. 

 

AI and Gambling

What are the legal obligations for online gambling operators using AI?

Integrating AI into online gambling platforms has revolutionized the industry. It offers enhanced user experiences, improved risk management, and streamlined operations. But what are the legal obligations for operators?

This article delves into the multifaceted legal landscape surrounding the use of AI in online gambling.

Complying with the EU AI Act

The EU’s AI Act establishes a comprehensive legal framework for using AI systems. Online gambling operators using AI have to assess the classification of the AI systems based on the application’s level of risk. And they have to comply with the obligations provided under the AI Act. High-risk AI systems are subject to stringent requirements, including rigorous data governance, transparency measures, and continuous monitoring to ensure safety and compliance.

Example: An online gambling operator deploys an AI-powered risk scoring tool to detect potentially problematic gambling behavior (as required under the new regime provided by Italian law) and prevent fraud. Because the system affects users’ financial standing and access to services, it might be considered high-risk under the AI Act. The operator has to implement extensive documentation, human oversight mechanisms, and undergo conformity assessments before deploying the tool.

Some AI systems used on online gambling platforms might qualify as prohibited AI systems as they exploit players’ vulnerabilities. In this respect, it’s crucial to perform a prior assessment to avoid the risk of an erroneous classification of the AI system. The matter is quite urgent since the provisions of the AI Act on prohibited AI systems already apply.

Adhering to Data Protection Laws

AI systems in online gambling often process vast amounts of personal data, necessitating strict compliance with data protection regulations such as the General Data Protection Regulation (GDPR). Operators have to ensure that AI-driven data processing activities are transparent, secure, and respect user privacy. This scenario might include obtaining explicit consent from users or properly identifying the alternative legal basis eg legitimate interest that has to be adequately supported, implementing robust data security measures, and providing clear information about how AI systems use personal data.

Example: An online gambling operator uses an AI system to analyze user behavior for personalized game recommendations. The system collects and processes users’ location, game preferences, time spent playing, and transaction history. Under the GDPR, the operator has to inform users about the data being collected, the purpose of processing, and ensure that adequate safeguards, such as data minimization and encryption, are in place. Bearing in mind that the most relevant fines issued so far for using AI systems come from data protection authorities, operators should address the matter very carefully.

Addressing algorithmic bias and fairness

The potential for algorithmic bias in AI systems can lead to unfair outcomes, such as discriminatory practices in user interactions or game results. The AI Act allows for the processing of sensitive personal data to detect and correct such biases, provided appropriate safeguards are in place. Operators have to implement measures to identify, assess, and mitigate biases in their AI systems, ensuring that outcomes are fair and non-discriminatory.

Example: An AI tool used to detect bonus abuse patterns unintentionally flags players from a specific region more frequently due to biased training data. This results in unfair account suspensions. To comply with the AI Act and anti-discrimination laws, the operator has to retrain the AI model with more representative data and implement periodic bias audits. If an AI system is substantially customized to fit an operator’s needs, the operator could be requalified as a provider of the AI system. And this means more stringent obligations under the EU AI Act will apply.

Establishing robust AI governance frameworks

Effective AI governance is crucial for managing the compliance risks associated with AI deployment in online gambling. Operators should establish internal committees comprising legal, IT, compliance, data, and cybersecurity experts to oversee AI-related risks. These committees are responsible for policy approvals, vendor management, and integrating AI into existing risk structures. Setting specific internal governance rules, an operator can limit the risk of employees using AI systems that haven’t been previously approved and might jeopardize the business. At the same time, banning any use of AI systems would push employees to use them, for instance on private computers.

Example: A gambling platform uses AI chatbots for customer service, including handling self-exclusion requests. Without proper oversight, the chatbot incorrectly denies a self-exclusion request due to an NLP misinterpretation. A robust AI governance framework would require human escalation protocols and regular training data reviews to ensure the chatbot functions reliably and ethically.

Ensuring transparency in automated decision-making

Gambling operators have to provide users with meaningful information about the logic, significance, and potential consequences of automated decisions made by AI systems. This transparency is essential for complying with data protection laws and for maintaining user trust. While protecting proprietary algorithms is important, operators cannot use trade secret protections to withhold information required by regulations.

Example: An AI system automatically adjusts user betting limits based on behavioral patterns. A user whose limit is suddenly reduced challenges the decision. Under the GDPR, the operator must provide a clear explanation of the logic behind the automated decision and offer an option for human review.

AI related intellectual property legal risks for gambling operators

Using AI in generating content or making decisions in online gambling raises questions about intellectual property rights. Gambling operators have to ensure that AI-generated content doesn’t infringe upon existing copyrights and that they have the appropriate rights to use the content. Clear policies should be in place regarding the ownership of AI-generated works to prevent potential disputes.

Example: A gambling operator uses a generative AI tool to create unique promotional artwork, game themes and images of athletes. If the tool is trained on copyrighted content without proper licensing, the operator may face copyright infringement claims. The operator has to ensure transparency from the AI provider about training data and secure appropriate content usage rights.

With the use of AI systems quickly shifting from pilot projects to operations, gambling operators have to proactively implement compliance. This includes mapping existing AI systems, assessing their risk levels, implementing necessary controls, and staying informed about evolving legal requirements. Early preparation can prevent costly adjustments and ensure seamless integration of AI technologies in the legal framework.

While AI presents significant opportunities for innovation in online gambling, operators have to diligently address the associated legal obligations. By implementing comprehensive governance frameworks, ensuring compliance with data protection laws, addressing algorithmic biases, and preparing for forthcoming regulations, operators can responsibly harness AI’s potential while safeguarding user interests and maintaining regulatory compliance.

Author: Giulio Coraggio

 

Space Law

Italian bill on the New Space Economy: New frontier of space law and investments

On 6 March 2025, the Italian Chamber of Deputies approved a bill that will allow Italy to have a space law to regulate and develop the space economy (the Space Bill).

The adoption of the bill is proposed in the context of the New Space Economy, an ecosystem focused on research, development and innovation in the space sector including through the involvement of private players.

The potential of the New Space Economy is growing in the more traditional upstream sector (or Space Industry) – which involves the design, development and production of space infrastructure, such as satellites, launchers, space stations and future moon bases. But innovation in the sector is driven primarily by the evolution of the downstream segment, which exploits the resources generated by space infrastructure, for example by processing and commercializing data collected by satellites for applications such as environmental monitoring, satellite navigation and telecommunications, also thanks to the creation of complementary terrestrial infrastructure (so-called midstream sector).

Among the fastest growing areas is the application of satellite technologies for Earth observation, which benefits a broad category of sectors, including logistics and transportation, precision agriculture, weather forecasting, and disaster management. The launch of new satellite constellations is also facilitating the expansion of satellite communications, making them increasingly accessible and efficient, with significant impacts for both civil and military uses.

The space economy boom

In 2024, the space sector saw an annual growth of 11%, exceeding 470 billion by 2023. According to the World Economic Forum, by 2035 the space economy will reach a value of USD1.8 trillion, with an average increase of 9% annually.

Italy is the sixth largest country in the world in terms of space investment compared to GDP. In 2023, Italian investments reached EUR4.6 billion, thanks to national contributions, PNRR and participation in the Artemis program (NASA). The goal for 2026 is to reach EUR7.3 billion in investments, involving ESA, ASI, PNRR and European funds.

Italian regulatory framework for space law

Italy’s proposed legislation, intended to mainly affect the upstream segment, regulates the space economy sector by first defining its scope: according to Article 3, the provisions apply to all space activities conducted domestically, and those conducted abroad by Italian operators. The space activities to be regulated by the Space Bill involve the:

• launching, releasing, managing on-orbit and re-entry of space objects;
• exploring, extracting and using natural resources from space;
• launching, flying, and permanence of living things in space;
• every other activity carried out on celestial bodies and in outer space (above 100 km above sea level), including suborbital flights, which are the new frontier for the commercial exploitation of space.

As for the subjective scope of the Space Bill, the bill defines “space operators” as natural or legal persons who intend to conduct space activities under their own responsibility. But operations conducted by the Ministry of Defense and security agencies are excluded, ensuring regulatory and strategic autonomy for initiatives related to defense and national security.

Licenses and permits

To operate in space, private companies have to get a permit certifying that they meet specific requirements. These include objective criteria (Article 5), which relate to the safety, resilience and environmental sustainability of the individual operation, and subjective requirements (Article 6), which relate to the operator’s conduct, technical competence, financial soundness and the presence of adequate insurance coverage.

The authorization system follows a mixed regime (Articles 4-10), applicable to both single missions and continuous operations, such as satellite constellation launches. The duration of the approval process is set by the Space Bill at 120 days, with no possibility of tacit approval. It’s not necessary to obtain a new authorization if the space activity is carried out on the basis of an authorization issued by a foreign state, recognized by the Italian state under an international treaty.

Registering space objects

According to Article 15 of the Space Bill, every space object launched from Italy must be registered in the National Registry. Operators have to report essential information, including the launch state, name and orbital parameters, and the purpose and duration of the mission. They also have to report any transfers of ownership or changes in management.

Controls and penalties

The Italian Space Agency (ASI) is responsible for overseeing and regulating space activities, exercising powers to inspect, request documents and monitor operations. Penalties for non-compliance are severe: those who fail to comply with reporting requirements can face fines of between EUR150,000 and EUR500,000, while operating without authorization can lead to imprisonment of three to six years.

Liability and insurance

Among the most significant innovations proposed by the Space Bill is updating the current liability regime, which international treaties recognize directly upon states that authorized space operations. The Space Bill, alongside the liability of states, also envisages a strict liability on individual space operators for damage caused to people and property on Earth, as well as to aircrafts in flight. But the Space Bill doesn’t go so far as to regulate the regime for damage caused in outer space. The launching state will be held responsible under the principle of fault-based liability defined by the 1972 Convention on International Liability for Damage Caused by Space Objects. The liability regime is also affected, including in terms of potential limitations on market access. The Space Bill introduces mandatory insurance covering up to EUR100 million per damage claim (with possible reductions for innovative startups and research projects).

Incentives and new opportunities

To support the growth of the New Space Economy, the Space Bill proposes to establish a National Plan for the Space Economy, aimed at promoting the conclusion of innovative partnership agreements between institutional stakeholders and private space operators, through strategic planning of resource allocation. The creation of a EUR35 million Space Economy Fund by 2025 is also planned to foster market development of space technology-based products and services, including by startups and SMEs. To further incentivize the presence of startups and SMEs in the space business market, the Space Bill reserves them a mandatory subcontracting quota of at least 10%.

Satellites and national sovereignty

Article 25 introduces a reserve of national transmission capacity aimed at ensuring, in critical situations or when terrestrial networks are not available, the use of satellites and constellations in geostationary orbit, increasing diversification and ensuring national security. This measure aims to protect the strategic sector of satellite communications by entrusting the reserve of national transmission capacity exclusively to entities belonging to the EU or NATO. It also aims to encourage the development of autonomous satellite infrastructure and facilitate an adequate industrial return for Italy.

Article 26 addresses frequencies management. The Ministry of Enterprise and Made in Italy will define criteria to limit interference between satellites and terrestrial networks, and conduct studies to harmonize criteria for the location of terrestrial gateways suitable for hosting multiple sites, minimizing aggregate interference. The issue has become particularly relevant after recent clashes between some leading satellite communications and telecommunications companies, highlighting the need for a clear regulatory framework to balance technological innovation and protect national infrastructure.

Conclusion

With the proposed Italian Space Law, which the Senate is currently analyzing, Italy intends to strengthen its position in the New Space Economy by defining an organic framework for conducting space activities. There are growing investments, new business opportunities and incentives for SMEs and startups. But there are also critical issues related to foreign companies accessing a strategic sector such as satellite communications, which are particularly relevant in an ever-changing geopolitical context.

Authors: Marianna Riedo, Dorina Simaku

 

Intellectual Property

UPC Mannheim Local Division clarifies jurisdiction and applicable law

On 11 March 2025, Mannheim Local Division provided important clarifications – among other things – regarding the jurisdiction of the UPC and the applicable law in case of acts of infringement committed before the entry into force of the UPCA on 1 June 2023.

According to the court, in the absence of a rule limiting its scope ratione temporis, there’s no doubt that the jurisdiction of the UPC also extends to acts that took place before 1 June 2023.

This conclusion is further supported by Article 3 UPCA, which establishes that the court has jurisdiction over any European patent that hadn’t expired when the agreement entered into force. What matters is whether the patent in dispute was still in effect when the agreement entered into force.

Determining the applicable law, the court had to consider the general principles developed at both European and international level concerning the retroactivity of substantive law.

The court distinguished between three categories of infringing acts: those committed and completed before the entry into force of the UPCA, those committed after it, and those that began beforehand but continued beyond that date.

For infringements committed and completed before 1 June 2023, only national law applies. Conversely, acts committed after this date must be assessed under the substantive rules established by the UPCA.

The rules of the UPCA will also apply to infringements that began before its entry into force and continued after. In determining whether continuation exists, the court rejected the alleged infringer’s atomistic approach to the act. Instead, according to the Local Division it will be necessary to consider whether the infringer, despite having the opportunity to cease the activity upon the entry into force of the UPCA, deliberately chose to continue.

With regard to acts committed before 1 June 2023, parties can invoke the application of national law if it’s more favorable to them. However, the burden is on the interested party to substantiate why national provisions should prevail over those of the UPCA. Given that the court doesn’t have to be familiar with all national laws, it can, if necessary, seek the opinion of an expert pursuant to Article 57 UPCA.

Author: Laura Gastaldi

 

EU Commission publishes new guide on “Geographical Indications in the European Union”

The European Commission has recently published the guide “Geographical Indications in the European Union” a key reference document that provides a detailed overview of the requirements and procedures for registering geographical indications in the EU. The guide offers a clear and structured regulatory framework, enabling producers to understand how to protect their products by officially recognizing their geographical origin.

Geographical indications are an intellectual property right aimed at safeguarding the name of a product whose quality, reputation, or specific characteristics are closely linked to its geographical area of origin. The EU regulatory system, governed by Regulation (EU) No. 2024/1143, provides protection for agricultural products, foodstuffs, spirit drinks, and wines. As of 1 December 2025, protection will also be extended to artisanal and industrial products, such as jewelry, textiles, and glass, under Regulation (EU) 2023/2411.

The European Commission’s guide provides a detailed analysis of the three main categories of geographical indications recognized in the EU:

• Protected Designation of Origin (PDO): The names of products registered as PDOs have the strongest links with the place from which they originate.
• Protected Geographical Indication (PGI): The PGI emphasizes the relationship between a specific geographical region and the name of the product when a particular quality, a certain reputation, or another specific characteristic is essentially attributable to its geographical origin.
• Geographical Indication for spirit drinks (GI): The GI protects the name of a spirit drink originating from a country, region, or locality where a particular quality, reputation, or other characteristics of the product are essentially attributable to its geographical origin.

A central aspect addressed in the guide is the registration process for geographical indications. The application for registration is usually submitted by groups of producers, although in exceptional cases, individual producers or public authorities may also apply. A detailed product specification must be provided, including the description, geographical area, production methods, and traceability. The process consists of two stages: a national phase, in which the competent authority examines and publishes the application, allowing for potential objections, and an EU-level phase, where the European Commission evaluates the request and opens an additional opposition period before making the final decision. At the international level, GIs can be protected through the Lisbon System or via bilateral and multilateral agreements. Once registered, the name can only be used by producers who comply with the product specifications, ensuring the quality and authenticity of the protected designation.

The guide also highlights the difference between trademarks and geographical indications. Trademarks are distinctive tools used by businesses to identify their products on the market, whereas geographical indications ensure the collective protection of products closely linked to their territory of origin and production method.

To prevent conflicts between trademarks and geographical indications, a new trademark won’t be granted if it infringes the rights of an existing GI. Similarly, an application to register a geographical indication can’t be approved if it conflicts with a previously registered trademark. The Commission recommends that entities seeking to register new trademarks conduct a thorough verification in the official databases of GIs and registered trademarks.

Extending protection to geographical indications for artisanal and industrial products is a significant step toward greater safeguarding of Europe’s productive heritage. This protection system offers substantial benefits to both producers and consumers, contributing to the preservation of cultural heritage and traditional knowledge of a territory, strengthening the commercial value of products through a recognizable certification, and ensuring transparency regarding origin and quality. It’s an essential tool in combating counterfeiting, providing effective defense against imitations and protecting the work of local producers. The collective management of geographical indications also facilitates a fairer distribution of costs among producers, encouraging sustainable and responsible production practices that enhance the product’s value and competitiveness in international markets.

Author: Rebecca Rossi

 

Technology Media and Telecommunication

Public consultation by BEREC on Very High Capacity Networks

The Body of European Regulators for Electronic Communications (BEREC) has launched a public consultation on the updated draft guidelines on Very High Capacity Networks.

The draft guidelines were developed on the basis of Article 82 of Directive (EU) 2018/1972 (establishing the European Electronic Communications Code – EECC), which mandates BEREC to issue and update “guidelines on the criteria that a network is to fulfil in order to be considered a very high capacity network” with particular focus on “down- and uplink bandwidth, resilience, error-related parameters, and latency and its variation.”

The first version of the guidelines was published in 2020. The guidelines identified four criteria for classifying a network as a Very High Capacity Network. In 2023, a new version was adopted. Based on the data provided by mobile operators and in light of the developments in 5G technology, some criteria have been updated to identify ultra-high-capacity networks.

Another update of the guidelines must be completed by 31 December 2025.

The consultation document opens with an introductory section, placing BEREC’s efforts in the context of the EU’s strategic objectives on connectivity and digital transformation. It highlights the importance of Very High Capacity Networks in achieving the goals of the “Gigabit society”, a measure included in the European Commission’s “connectivity package”, which aims to ensure 1 Gigabit per second connectivity for citizens and businesses in the EU.

The second section of the draft guidelines focuses on the definition of a “Very High Capacity Network”, which, pursuant to Article 2, paragraph 2 of the EECC, is “an electronic communications network which consists wholly of optical fibre elements at least up to the distribution point at the serving location, or an electronic communications network which is capable of delivering, under usual peak-time conditions, similar network performance in terms of available downlink and uplink bandwidth, resilience, error-related parameters, and latency and its variation.”

To qualify as a Very High Capacity Network, as per the consultation document, at least one of the following criteria must be met:

• The network must provide a fixed-line connection where the fiber reaches at least a multi-dwelling building.
• The network must provide a wireless connection where the fiber reaches a base station.
• The network must provide a fixed-line connection capable of delivering, under usual peak-time conditions, services to end-users with specific quality of service standards meeting certain “performance thresholds” (performance thresholds 1).
• The network must provide a wireless connection capable of delivering, under usual peak-time conditions, services to end-users in compliance with specific quality standards (performance thresholds 2).

The draft guidelines dedicate a section to defining the “performance thresholds” mentioned above.

The document is subject to public consultation and includes practical indications – addressed particularly to national regulatory authorities – on applying the criteria mentioned above.

Interested parties can submit their comments on the draft guidelines by 30 April 2025.

Authors: Massimo D’Andrea, Flaminia Perna, Matilde Losa

---

Innovation Law Insights is compiled by DLA Piper lawyers, coordinated by Edoardo Bardelli, Carolina Battistella, Carlotta Busani, Noemi Canova, Gabriele Cattaneo, Maria Rita Cormaci, Camila Crisci, Cristina Criscuoli, Tamara D’Angeli, Chiara D’Onofrio, Federico Maria Di Vizio, Nadia Feola, Laura Gastaldi, Vincenzo Giuffré, Nicola Landolfi, Giacomo Lusardi, Valentina Mazza, Lara Mastrangelo, Maria Chiara Meneghetti, Deborah Paracchini, Maria Vittoria Pessina, Marianna Riedo, Tommaso Ricci, Rebecca Rossi, Roxana Smeria, Massimiliano Tiberio, Federico Toscani, Giulia Zappaterra.

Articles concerning Telecommunications are curated by Massimo D’Andrea, Flaminia Perna, Matilde Losa and Arianna Porretti.

For further information on the topics covered, please contact the partners Giulio Coraggio, Marco de Morpurgo, Gualtiero Dragotti, Alessandro Ferrari, Roberto Valenti, Elena Varese, Alessandro Boso Caretta, Ginevra Righini.

Learn about Prisca AI Compliance, the legal tech tool developed by DLA Piper to assess the maturity of AI systems against key regulations and technical standards here.

You can learn more about “Transfer”, the legal tech tool developed by DLA Piper to support companies in evaluating data transfers out of the EEA (TIA) here, and check out a DLA Piper publication outlining Gambling regulation here, as well as Diritto Intelligente, a monthly magazine dedicated to AI, here.

If you no longer wish to receive Innovation Law Insights or would like to subscribe, please email Silvia Molignani.