Innovation Law Insights

Artificial Intelligence

EU reaches deal on AI Act changes: What the new compromise really means

The EU has finally reached a political deal on the changes to the AI Act, ending weeks of uncertainty around one of the most controversial reforms of the EU’s digital rulebook.

After overnight negotiations, the European Parliament and the Council agreed on a compromise package that substantially reshapes how parts of the AI Act will apply in practice, particularly for industrial AI systems and products already regulated under sector-specific legislation.

The agreement is the first real political acknowledgment that the original AI Act created major implementation problems for companies operating across regulated sectors such as manufacturing, machinery, automotive, medical devices, and connected products.

It arrives just months before the original 2 August 2026 deadline for high-risk AI obligations.

The AI Act changes were driven by one core problem

The central issue behind the negotiations wasn’t whether Europe should regulate AI. The real question was whether the AI Act, as originally drafted, had become unworkable for businesses already subject to extensive sectoral regulation. This became particularly evident for AI systems embedded into products already governed by European product safety frameworks.

Manufacturers were facing the prospect of complying simultaneously with:

• the AI Act
• the Machinery Regulation
• medical device rules
• automotive safety frameworks
• cybersecurity obligations
• broader product compliance requirements

For many businesses, the result wasn’t legal certainty, but overlapping and potentially duplicative compliance obligations. That’s precisely where the negotiations became politically explosive.

Machinery rules become the biggest winner of the deal

The most significant aspect of the compromise concerns machinery. Under the AI Act agreement, machinery products will largely avoid direct overlap with the AI Act where equivalent obligations already exist under the Machinery Regulation.

Instead of imposing parallel compliance frameworks, AI-related health and safety requirements for machinery will now primarily be addressed through sectoral product legislation. This is a major shift in regulatory strategy.

The European Commission will still retain powers to adopt delegated acts introducing AI-specific health and safety requirements where needed, but the compromise clearly reflects pressure from industrial stakeholders – particularly Germany – to avoid a regulatory duplication scenario.

Germany pushed extremely hard for this outcome. German Chancellor Friedrich Merz openly criticised what he described as an excessively restrictive regulatory framework for industrial AI, arguing that European competitiveness was at risk if industrial sectors were burdened with overlapping AI compliance obligations. In practice, the deal signals that Europe is starting to accept something businesses have been warning about for months; AI regulation cannot operate in isolation from existing product regulation.

Different compliance deadlines confirm the shift

Another key part of the agreement is the postponement of certain AI Act obligations. The compromise introduces differentiated timelines depending on the type of AI system involved.

Under the new framework:

• high-risk AI systems involving biometrics, education, employment, law enforcement, border management, and critical infrastructure will apply from 2 December 2027;
• AI systems embedded into products will instead become subject to obligations from 2 August 2028.

This distinction is extremely important. It effectively acknowledges that product-integrated AI systems raise significantly more operational complexity than standalone AI applications. Many companies were still struggling to understand how AI Act conformity assessments would interact with existing product certification processes.

The reform is an attempt to redesign the operational interaction between the AI Act and Europe’s broader regulatory ecosystem.

The deal goes beyond industrial AI

While the debate largely focused on industrial sectors, the compromise also introduces several other important changes to the AI Act. One of the most politically visible reforms is the explicit prohibition of “nudifier” applications and AI systems capable of generating child sexual abuse material or sexually explicit deepfake content involving identifiable individuals.

The prohibition will apply from 2 December 2026.

This reflects increasing political concern around generative AI misuse and synthetic content risks. The agreement also shortens the implementation timeline for transparency obligations relating to AI-generated content. Providers will now have only three months – instead of six – to implement transparency solutions once the relevant obligations become applicable.

Importantly, the compromise also restores the obligation to register high-risk AI systems in the EU database after earlier discussions had questioned whether that requirement would survive.

That point is particularly relevant because the registry is likely to become one of the main enforcement and transparency tools for regulators.

The personal data point could become highly relevant

One aspect of the agreement that deserves particular attention from privacy professionals is the new wording relating to the use of personal data for bias detection and correction. The compromise expressly allows organisations to process personal data where strictly necessary to identify and mitigate bias in AI systems, provided appropriate safeguards are implemented.

This change could become one of the most operationally important elements of the reform. Many companies have been struggling with a fundamental tension: how do you properly test AI systems for discriminatory outcomes without processing sensitive or representative personal data?

The agreement appears designed to create greater legal certainty on that point. But it also raises obvious questions regarding the interaction with GDPR principles, particularly purpose limitation and data minimisation.

And this is another example of the broader issue emerging across the AI Act debate: AI regulation is increasingly colliding with existing European legal frameworks.

What happens next

The agreement is still provisional. It now needs formal endorsement by both the European Parliament and the Council before final adoption and publication in the Official Journal of the European Union.

The institutions are expected to finalise the process before 2 August 2026 to avoid legal uncertainty linked to the original entry into application of the high-risk AI provisions. But politically, the direction is now clear.

The EU isn’t abandoning the AI Act. But it is already recalibrating it before the most burdensome obligations have even entered into force. And that alone says a great deal about how difficult AI regulation becomes once it moves from political ambition to operational reality.

For businesses, the message is equally clear. The AI Act is no longer a static piece of legislation. It’s rapidly evolving into a dynamic compliance framework where the interaction between AI rules and sector-specific regulation may become just as important as the AI Act itself.

What companies should do now

The biggest mistake companies can make at this stage is treating the AI Act changes as a reason to pause compliance projects. The opposite is true. The deal confirms that the regulatory framework is becoming more complex, not less. Businesses now need to reassess whether their AI systems fall directly under the AI Act, under sector-specific legislation, or under a combination of both.

For many organisations, particularly in manufacturing, automotive, medtech, connected products, and industrial technology, this exercise can no longer be handled only by legal teams in isolation.

Companies should now:

• map AI systems embedded into products and services;
• identify whether sectoral legislation may partially replace AI Act obligations;
• review conformity assessment and product compliance processes;
• reassess contractual allocation of compliance responsibilities across the supply chain;
• evaluate transparency obligations for AI-generated content; and
• align AI governance with GDPR, cybersecurity, product safety, NIS2, and DORA requirements where applicable.

Another critical point is governance. The deal shows that the AI Act will continue evolving through delegated acts, implementing acts, and regulatory guidance. That means compliance cannot be approached as a one-off legal exercise completed before a deadline.

Businesses need governance structures capable of continuously monitoring regulatory developments and adapting internal controls accordingly. This is particularly important because many of the practical compliance expectations under the revised framework will likely emerge only over the next 12 to 24 months through secondary legislation and regulatory interpretation.

In practice, the companies that will manage the AI Act transition more effectively aren’t necessarily those waiting for complete legal certainty, but those already building operational AI governance frameworks that can evolve alongside the regulation.

Author: Giulio Coraggio

 

The review of the DMA in the age of AI: Regulatory caution or a missed opportunity?

On 28 April 2026, the European Commission published the report on the first review of the Digital Markets Act (DMA), conducted pursuant to Article 53 of the Regulation. In the report, the Commission notes that, two years after the start of its application, although the DMA has not yet fully expressed its potential, it remains adequate to achieve its objectives and doesn’t, at this stage, require revision.

At the same time, the Commission highlights the need to intensify its focus on certain expanding digital markets, in particular those relating to AI-based services and cloud computing, with regard to which increasing concerns are emerging about the risk that their contestability and fairness may be undermined by the conduct of certain dominant operators.

The approach adopted appears to be characterised by a certain degree of caution, if not a wait-and-see stance. The Commission seems to rely on its ability to address emerging issues through the tools already provided for under the DMA. Nevertheless, divergent views among stakeholders have not been lacking. While a significant number of stakeholders have argued that the emerging challenges, including those relating to AI-based services, can be addressed through more robust enforcement of existing rules, others have emphasised the need for regulatory intervention. Proposals have included extending the scope of core platform services to encompass generative AI services, as well as broadening both the scope and substance of the obligations, for example with regard to data sharing and the prohibition of self-preferencing practices. Finally, a minority position has called for caution, stressing that the AI sector is still in a developmental phase and characterised by competitive dynamics that may render further regulatory intervention premature.

Despite the difficulties arising from the fact that significant growth in the AI services market took place only after the entry into force of the DMA, the Commission has, from the outset, undertaken a monitoring activity of its dynamics and effects. This activity has identified several key areas of concern:

Interoperability: interoperability has been identified as a central issue in the context of AI-based services, particularly to ensure effective integration between core platform services, such as operating systems, and AI services, including chatbots. Stakeholders have pointed out that the high degree of vertical integration and the presence of extensive ecosystems on the part of gatekeepers may create incentives to limit such interoperability, thereby increasing the risk of user lock-in.

Self-preferencing: there’s widespread concern that gatekeepers may favour their own AI-based products and services to the detriment of those offered by third-party providers, leveraging their control over digital ecosystems. A growing trend has been identified towards vertical integration, or tying, of generative AI technologies within gatekeeper ecosystems and services, with potentially exclusionary effects on competing services.

Access to data: access to data is regarded as a key factor for the development of competitive AI services. In this context, the availability of proprietary datasets and the data-sharing conditions imposed by gatekeepers for access to their core platform services may create significant competitive advantages, limiting market entry and growth opportunities for both existing and potential competitors.

Cloud dependencies: cloud computing services are considered essential infrastructures for the training and operation of AI models and services. Several stakeholders have highlighted the risks arising from reliance on a limited number of large providers for the provision of such services. In this context, calls have been made to designate major cloud computing services within the scope of the DMA and to extend certain existing obligations to them.

Conclusions

In light of these concerns, while the Commission has chosen not to proceed with a revision of the DMA, considering the current regulatory framework to be adequate, it has clarified that it will continue to closely monitor market developments, in particular by assessing whether certain AI services should be qualified as virtual assistants; and whether it would be appropriate to launch a market investigation under Article 19 of the DMA, to assess the possible inclusion of AI services among core platform services and the adequacy of existing obligations.

At the same time, it’s important to emphasise that the DMA is neither capable of, nor designed for, addressing all competition issues arising along the AI value chain. For new types of conduct or practices falling outside the scope of the Regulation’s obligations, it will be necessary to rely on other tools, in particular competition law. In this regard, reference can be made, for example, to the initiatives already launched by the Commission to assess Google’s use of online content for AI training purposes, and Meta’s policy aimed at restricting the use of WhatsApp as a distribution channel by third-party AI service providers.

On the one hand, gatekeepers should prepare to be subject to increasingly stringent scrutiny under the DMA with regard to the AI-based services they offer, with the consequent possibility that the first non-compliance proceedings in this area may emerge in the near future. On the other hand, smaller operators, in particular SMEs, should become more aware of the opportunities offered by the Regulation, including, foremost, enhanced interoperability with core platform services and broader access to data that would previously not have been available.

Author: Josaphat Manzoni

 

Data Protection and Cybersecurity

NIS2 categorisation in Italy: ACN’s operational guidance for NIS entities

The new framework on NIS2 categorisation in Italy introduces significant compliance obligations for entities falling within the scope of the Italian NIS2 regime. The purpose of the categorisation exercise is to enable ACN to determine which additional cybersecurity measures will apply depending on the services provided by the relevant entity. 

With the adoption of the 13 April 2026 determination by the Italian National Cybersecurity Agency (ACN), issued pursuant to Article 30(2) of Legislative Decree No. 138 of 4 September 2024 (the Italian NIS Decree), essential and important entities now have to identify, characterise, and categorise their activities and services.

In addition to the “basic security measures,” ACN will progressively introduce further “long-term” cybersecurity obligations that companies will need to implement for their network and information systems based on the relevance category assigned to their activities and services.

Why NIS2 categorisation in Italy matters

The categorisation exercise isn’t merely an administrative obligation. Instead, it represents the basis upon which future cybersecurity compliance obligations under the Italian NIS2 framework will be built.

As a result, companies falling within the NIS2 perimeter must carefully assess not only their services and activities, but also the operational impact that a compromise of those services may have on their overall operations.

ACN’s categorisation models and relevance categories

The Determination introduces two separate categorisation models, both structured around ten homogeneous macroareas designed to cover all organisational functions.

Each macroarea is associated with a predefined relevance category intended to measure the impact that a compromise of a specific activity or service could have on the entity’s ability to operate correctly.

The categorisation model set out in Annex 1 of the Determination applies to entities operating in sectors such as:

• energy
• transport
• healthcare
• public administration
• wastewater and drinking water
• postal and courier services
• waste management
• manufacturing
• production and distribution of chemicals
• food production, processing, and distribution
• manufacturing of medical devices and in vitro diagnostic medical devices
• ICT service management providers

The categorisation model set out in Annex 2 instead applies to the remaining NIS entities, including:

• cloud providers
• data centres
• online marketplaces

The ten macroareas identified by ACN

ACN identifies the following ten macroareas for the NIS2 categorisation in Italy framework:

1. Monitoring and control
2. Production of goods and services
3. Research, development and design
4. Financial management
5. Customer management
6. Human resources management
7. Logistics
8. Communication and marketing
9. Administrative management
10. Other services and activities

Interestingly, the macroareas are substantially identical in both categorisation models under Annexes 1 and 2. The only material difference concerns the logistics area, which ACN considers slightly more impactful for entities covered by Annex 1.

For each macroarea, the Determination identifies a possible relevance category. The Determination establishes four levels:

1. high impact
2. medium impact
3. low impact
4. minimal impact

The scale reflects the effect that a compromise of the relevant service would have on the overall operations of the NIS entity. However, companies aren’t strictly bound by the predefined categories.

Entities may modify the assigned relevance level based on their own internal assessment and operational realities. Nevertheless, where companies deviate from ACN’s predefined relevance categories, they should carefully document the rationale supporting their assessment.

Compliance challenges for NIS entities

The framework on NIS2 categorisation in Italy requires companies not only to map all their activities and services but also to determine the operational impact associated with each of them.

This creates a significant compliance burden for companies within the NIS2 perimeter. Businesses must: catalogue all services and activities; conduct a concrete risk assessment; evaluate operational dependencies; and justify the assigned relevance levels.

Importantly, while the Determination expressly allows entities to adapt the categorisation to their actual operational environment, it’s highly likely that ACN will request evidence of those assessments during supervisory or audit activities relating to NIS2 compliance.

As a result, companies should approach the categorisation process as a formal governance and risk assessment exercise rather than as a simple reporting obligation.

What companies must do

Under the Determination, NIS entities must identify and categorise all activities performed and services provided, both internally and externally, and allocate them to the relevant macroareas under the applicable model.

For each activity or service, companies must specify the relevant macroarea; the name and description of the activity or service; and the assigned relevance category.

Importantly, ACN doesn’t require entities to adopt a specific methodology for identifying activities and services. Companies are free to use the methodology most appropriate for their organisational structure and operational context.

Nevertheless, the exercise remains particularly demanding because entities must comprehensively map their services and carry out a concrete operational risk assessment.

Key deadline for NIS2 categorisation in Italy

The categorisation exercise must be completed and submitted to ACN through the dedicated portal by 30 June of each year with the first deadline being 30 June 2026. For 2026, this represents the first implementation of the obligation. Consequently, it’s particularly important for companies to begin the process as soon as possible.

Final considerations on NIS2 categorisation in Italy

Companies shouldn’t underestimate the significance of NIS2 categorisation in Italy.

The categorisation framework isn’t a standalone compliance obligation. Instead, it constitutes the basis for the application of cybersecurity and organisational measures under the Italian NIS2 regime and will likely become a central element of ACN’s supervisory and enforcement activities.

For many organisations, this will require close coordination among cybersecurity, legal, compliance, risk management, and operational teams to ensure that the categorisation accurately reflects the entity’s actual operational exposure and can withstand regulatory scrutiny.

Author: Giulia Zappaterra

 

Intellectual Property

Pastiche and sampling: Court of Justice defines the limits of the exception

With its judgment of 14 April 2026 (Case C-590/23), the Court of Justice returns to the long-standing litigation on musical sampling, this time addressing the limits of exceptions, in particular the pastiche exception provided for in Article 5(3)(k) of Directive 2001/29/EC.

The case and the preliminary questions

The dispute arises from the use, in the track Nur mir, of a rhythmic sample of approximately two seconds taken from Metall auf Metall by Kraftwerk. Following a lengthy procedural history, the referring court asked the Court of Justice, in essence, to clarify two issues:

• whether the pastiche exception has a residual character, such as to encompass any form of creative reuse, including sampling;
• whether, for its application, it is necessary to establish the user’s intention, or whether it’s sufficient that the result is objectively recognisable.

Pastiche isn’t a general clause for creative reuse

The court expressly rules out the interpretation of pastiche as a residual or catch-all clause. This interpretation, the court observes, would deprive the other exceptions provided for in the same provision (caricature and parody) of their substance, undermining the effectiveness of the system established by the EU legislature.

This leads to a first important clarification: Article 5(3)(k) doesn’t introduce a generalised form of “fair use,” but rather provides for three autonomous categories, each serving its own function.

The notion of pastiche: Evocation and creative dialogue

The court then proceeds to define the essential features of pastiche, treating it as an autonomous concept of EU law. In particular, the exception covers creations that: evoke one or more pre-existing works, display perceptible differences from them, use protected characteristic elements, and establish a recognisable artistic or creative dialogue with the original work.

It is noteworthy that the court doesn’t require a humorous intent (as in parody), nor necessarily a strict stylistic imitation. The creative dialogue may take different forms, including homage, critical engagement, or stylistic exercise.

At the same time, the court draws a clear boundary: concealed uses or uses akin to plagiarism are excluded. The use must be “open,” ie recognisable as a reuse of pre-existing material.

The role of sampling

One of the most significant aspects of the judgment concerns sampling directly. The court acknowledges that sampling constitutes a form of artistic expression protected by the freedom of the arts (Article 13 of the Charter). However, its use without authorisation is justified only where the conditions of the pastiche exception are met.

From this perspective, sampling may fall within the exception only where it contributes to establishing the artistic or creative dialogue with the original work that characterises pastiche.

This is a key clarification: not every reuse of a sound fragment is lawful, but only those that perform a recognisable expressive function in relation to the sampled work.

An objective criterion: Recognisability

As regards the second question, the court adopts an objective approach.

It’s not necessary to establish the user’s subjective intention. It’s sufficient that the pastiche character is recognisable to a person who is familiar with the original work and has the necessary awareness to perceive the reference.

While this solution is consistent with legal certainty, it inevitably leaves national courts with the task of assessing, in concreto, whether the “dialogue” between the works is perceptible.

Balancing exclusive rights and artistic freedom

The judgment clearly fits within the broader framework of balancing intellectual property rights (Article 17(2) of the Charter) with freedom of expression and freedom of the arts (Articles 11 and 13).

The court reiterates that exceptions must not be interpreted restrictively, as they serve to safeguard fundamental freedoms. At the same time, they cannot be extended to the point of undermining the normal exploitation of works.

The outcome is a definition of pastiche which, while excluding overly broad interpretations, remains deliberately flexible.

Conclusion

The judgment provides important guidance, but doesn’t eliminate all interpretative uncertainties.

While certain key points are clarified – most notably the absence of a residual character and the irrelevance of subjective intent – the notion of a “recognisable artistic or creative dialogue” remains inherently open-ended. Much will depend on how national courts assess, on a case-by-case basis, whether the reuse of protected elements constitutes a genuine creative engagement with the original work.

The decision appears to confirm a broader trend in EU case law: copyright is increasingly understood not only in proprietary terms, but also in relational terms, where significance is attached to how works interact with one another.

Whether this approach, though theoretically coherent, will ensure a sufficient level of predictability in practice remains to be seen.

Author: Lara Mastrangelo

 

Publication of the 2025 IAP Annual Report: Self-regulation, advertising transparency and influencer marketing at the heart of the Institute’s activity

The Italian Advertising Self-Regulation Institute (Istituto dell’Autodisciplina Pubblicitaria, IAP) has published its 2025 Annual Report, providing an updated overview of the Institute’s activity and confirming the central role of self-regulation in the regulation of commercial communication in Italy.

The report comes in a context in which advertising communication is increasingly exposed to new forms of dissemination, especially digital ones, and in which the recognisability of commercial messages, the accuracy of the information provided to consumers and the transparency of promotional campaigns are becoming increasingly relevant issues for companies, agencies, creators and platforms.

One of the most significant figures emerging from the report concerns the overall number of cases examined: in 2025, IAP handled 251 cases, of which 138 originated from external reports. Some 38% of the cases handled originated from reports submitted by the public, confirming the active involvement of citizens-consumers in the system for monitoring commercial communication.

In terms of outcomes, the report identifies 31 overall measures, including injunctions and decisions, 218 cases resolved through the short-form procedure by the Review Board, 19 injunctions issued by the Review Board and 12 decisions issued by the Jury. This figure confirms the relevance of the self-regulatory procedure not only as a formal decision-making tool, but also as a rapid mechanism for the adjustment and correction of potentially non-compliant commercial communications.

The report also refers to 93 pre-clearance opinions, including 46 express opinions. The preventive advisory function continues to represent a tool of particular interest for companies, allowing them to verify the compliance of commercial communications that have not yet been disseminated and to reduce the risk of subsequent challenges: the sectors that requested the highest number of pre-clearance opinions  were banking and investments, sports information websites, food and non-alcoholic beverages, food supplements and electronic devices.

As regards injunctions, the main area of intervention remains misleading advertising, which accounts for 90% of cases. This is followed, with lower percentages, by issues relating to the dignity of the person and transparency in influencer marketing. The media involved were press, television and social media, showing that issues concerning advertising fairness do not relate only to digital channels, but continue to affect traditional media as well.

A further area of interest concerns the consolidation of institutional relations. In 2025, the cooperation between IAP and AGCOM, launched in 2018, was further strengthened, representing an example of co-regulation consistent with European approaches aimed at promoting cooperation between public authorities and self-regulatory bodies. The renewal of the agreement, which took place in November 2025, introduced significant elements of innovation, with particular attention to the recognisability of commercial communications disseminated by influencers, in line with IAP’s Digital Chart Regulation, which is referred to by AGCOM’s Code of Conduct for Influencers.

Overall, the 2025 Annual Report confirms that advertising self-regulation continues to play a relevant role within the Italian commercial communication system.

For companies, the data published by IAP represent an important reminder: the fairness of advertising messages, the recognisability of commercial communications and the management of relationships with influencers and creators must be integrated from the campaign design phase, through internal review procedures, appropriate contractual controls and a careful preventive assessment of the content intended for dissemination.

Author: Federico Maria Di Vizio

 

Unfair competition and AI-generated content: Automation doesn’t exclude liability

By order of 19 March 2026, the Court of Pistoia addressed an interesting case at the intersection of unfair competition and generative AI.

The dispute arose from the defendant company’s use of the claimant’s registered trademark and the names of endorsers bound to the claimant by exclusive sponsorship agreements as search engine keywords and website metatags. At first glance, the case appeared to fall within the traditional framework of confusing unfair competition and misleading advertising. However, the matter involved an innovative element: the blog content through which the disputed conduct had been carried out was entirely generated by an AI-based editorial system, without any direct human intervention.

This issue became the central point of the proceedings. The defendant attempted to rely on automation as a defence, arguing that the absence of conscious human involvement excluded the subjective element required to establish unfair competition. The court rejected this argument, affirming a principle of broader significance: liability for unlawful conduct remains attributable to the entrepreneur who chooses to adopt and configure an automated system. The fact that an algorithm materially generates the content doesn’t allow the operator to circumvent the prohibitions set out in Article 2598 of the Italian Civil Code.

On the merits, the court classified the conduct as parasitic unfair competition through misappropriation of another party’s merits under Article 2598(1)(2) of the Italian Civil Code. The advertising use of endorsers’ names contractually linked to a competitor is not neutral conduct: it enables the defendant to intercept the visibility created by another company’s investments and to derive an undue competitive advantage from it. The harm operates on two levels: economically, through the improper exploitation of another party’s reputation; and competitively, through the potential diversion of customers and the resulting erosion of the claimant’s market share.

At the interim stage, the court ordered the defendant to immediately cease any use of the claimant’s image and distinctive signs, refrain from disseminating misleading advertising content, and discontinue any conduct capable of creating confusion or parasitic association.

Beyond the specific facts of the case, the ruling establishes a clear principle: in the age of AI, liability for unfair competition doesn’t disappear into the machine.

Author: Noemi Canova

 

---

Innovation Law Insights is compiled by DLA Piper lawyers, coordinated by Edoardo Bardelli, Carolina Battistella, Noemi Canova, Gabriele Cattaneo, Maria Rita Cormaci, Camila Crisci, Cristina Criscuoli, Tamara D’Angeli, Chiara D’Onofrio, Federico Maria Di Vizio, Enila Elezi, Laura Gastaldi, Vincenzo Giuffré, Nicola Landolfi, Giacomo Lusardi, Josaphat Manzoni, Valentina Mazza, Lara Mastrangelo, Maria Chiara Meneghetti, Giulio Napolitano, Andrea Pantaleo, Deborah Paracchini, Maria Vittoria Pessina, Marianna Riedo, Rebecca Rossi, Roxana Smeria, Massimiliano Tiberio, Federico Toscani, Giulia Zappaterra.

Articles concerning Telecommunications are curated by Massimo D’Andrea, Flaminia Perna, Matilde Losa and Arianna Porretti.

For further information on the topics covered, please contact the partners Giulio Coraggio, Marco de Morpurgo, Gualtiero Dragotti, Alessandro Ferrari, Roberto Valenti, Elena Varese, Alessandro Boso Caretta, Ginevra Righini.

Learn about Prisca AI Compliance, the legal tech tool developed by DLA Piper to assess the maturity of AI systems against key regulations and technical standards here.

You can learn more about “Transfer”, the legal tech tool developed by DLA Piper to support companies in evaluating data transfers out of the EEA (TIA) here, and check out a DLA Piper publication outlining Gambling regulation here, as well as Diritto Intelligente, a monthly magazine dedicated to AI, here.

If you no longer wish to receive Innovation Law Insights or would like to subscribe, please email Silvia Molignani.