HomeAnalyticsAlertsDigital Services Regulation in Italy: New Requirements for Technology Companies

Digital Services Regulation in Italy: New Requirements for Technology Companies

Italy has moved decisively to enforce its national obligations under the EU Digital Services Act. Italian authorities have now issued implementing measures that impose concrete, enforceable requirements directly on technology companies operating in the country. Companies that have not yet aligned their operations with these rules face the immediate risk of regulatory investigation, substantial fines, and potential suspension of digital services. The compliance window is narrow, and enforcement activity has already begun.

Italy's implementation of digital services regulation imposes binding obligations on online platforms, intermediary service providers, and technology companies offering digital services to Italian users, effective from the enforcement dates now active under Italian regulatory legislation. Affected companies must designate a legal representative, establish complaint and redress mechanisms, and submit to algorithmic accountability requirements enforced by the designated Italian supervisory authority. Non-compliance exposes operators to fines calculated as a proportion of global annual turnover.

This alert identifies which business categories are subject to the new rules, sets out the applicable threshold criteria, and lists the immediate actions international companies must take to avoid enforcement risk in Italy.

What has changed – the regulatory development and its scope

Italy's national regulatory authority, Autorità per le Garanzie nelle Comunicazioni (AGCOM – the Authority for Communications Guarantees), has been designated as the primary Digital Services Coordinator for Italy. AGCOM now exercises supervisory and enforcement powers over a wide range of digital service providers. This designation became operational during 2024 and its enforcement posture has intensified into 2026.

The applicable body of law draws from EU digital services legislation as transposed and applied in Italy. It covers online intermediaries, hosting services, online platforms, and very large online platforms. Italian technology law and software liability rules supplement the EU regime in specific areas, including requirements tied to technology licensing agreements and conditions for lawful automated decision-making tools deployed to Italian users.

The most significant change for international companies is the shift from a country-of-origin model to a country-of-destination enforcement posture for certain obligations. A technology company established outside Italy but offering digital services to Italian users is now directly subject to Italian and EU supervisory jurisdiction for specific compliance duties. This means that having no Italian establishment is no longer a shield against regulatory scrutiny.

AI Act compliance intersects directly with the Italian digital services regime. Companies deploying AI-driven recommendation systems, content moderation tools, or automated user-profiling features must align those systems with both the EU AI regulation and the digital services body of law. Failure to do so creates compounding regulatory exposure across two distinct legislative regimes.

For companies with questions about how these obligations interact with intellectual property rights in their technology products. The intellectual property law practice for Italy at Ferraz & Whitmore addresses licensing, software protection. Additionally, technology ownership issues under Italian law.

Who is affected – threshold criteria and business categories

The Italian digital services regulatory regime applies differently depending on the size and nature of the operator. There are three primary categories to assess.

Intermediary service providers – including mere conduit, caching, and hosting services – are subject to baseline obligations. These apply to any provider offering such services to recipients located in Italy, regardless of where the provider is established. The obligations include maintaining basic transparency, providing a point of contact for Italian authorities, and implementing notice-and-action procedures.

Online platforms – providers that store and disseminate information at users' request – face a more demanding set of requirements. This category captures marketplace operators, app distribution platforms, social networking tools, and collaborative economy platforms. If an online platform has fewer than 45 million average monthly active recipients in the EU, it qualifies as a small or medium-sized provider and benefits from certain exemptions. However, Italian-specific implementing measures impose reporting duties that apply irrespective of size once a platform has a material presence in the Italian market.

Very large online platforms – those exceeding the 45 million average monthly active recipient threshold across the EU – are subject to the most extensive obligations. These include mandatory risk assessments, independent audits, algorithmic accountability obligations, enhanced transparency on recommender systems, and crisis-response protocols.

Technology companies providing digital services that are not strictly classified as platforms. such as cloud infrastructure providers, software-as-a-service operators. Additionally. Technology licensing businesses. are subject to the baseline intermediary provisions where their services facilitate the transmission or hosting of third-party content. Those whose services involve automated decision-making or AI-driven outputs directed at Italian users should treat AI Act compliance as a parallel, non-optional obligation.

To receive an expert assessment of your company's exposure under the Italian digital services regime, contact us at info@ferrazwhitmore.com.

What to do now – immediate actions and compliance timeline

International companies that have not yet conducted a structured review of their Italian regulatory position should treat the following steps as urgent priorities.

First: classify your service category. Determine whether your offering falls within the intermediary, online platform, or very large online platform tier. This classification drives every downstream obligation. Misclassification – either by underestimating scale or by incorrectly treating an AI-driven product as outside the digital services regime – is a common and costly error.

Second: designate a legal representative in Italy. Providers established outside the EU that offer digital services to Italian users must appoint a legal representative authorised to engage with AGCOM and Italian courts. This representative must be identifiable and reachable within the timeframes set by Italian regulatory legislation. Absence of a designated representative is an independent basis for enforcement action.

Third: establish or audit your complaint and redress mechanism. Italian law requires that users in Italy have access to an effective internal complaint system. That system must be capable of handling notices about illegal content, intellectual property infringements, and violations affecting individual rights. It must generate records accessible to AGCOM on request.

Fourth: review algorithmic accountability obligations. If your platform uses recommender systems or automated content-ranking tools, you must provide users with at least one option that is not based on profiling. You must also publish a clear description of the main parameters used by each recommender system. This is an area where the digital services body of law and AI Act compliance requirements converge directly.

Fifth: prepare for AGCOM engagement. Italian supervisory activity is now active. AGCOM has issued information requests to operators and is conducting preliminary investigations. Companies in the technology sector should ensure their compliance documentation is current, their legal representative is briefed, and their response protocols are ready before receiving any formal regulatory communication. Delayed or incomplete responses to AGCOM inquiries escalate enforcement risk substantially.

Operators seeking broader guidance on AI and technology law obligations in Italy can find detailed practice information through our AI and technology law services for Italy. For a comparison of how Italy's approach interacts with similar regulatory developments across Southern Europe, see our related alert on digital services regulation in Portugal.

About Ferraz & Whitmore

Ferraz & Whitmore is an international law firm based in Lisbon, advising technology companies, investors, and institutional clients across 46 jurisdictions. Our AI and technology law practice covers digital services compliance, AI Act obligations, algorithmic accountability, software liability, and technology licensing across European and international markets. Our team combines Portuguese civil law expertise with English common law tradition to advise clients operating under multiple regulatory regimes simultaneously. The firm's technology practice includes practitioners with experience before EU and national regulatory bodies, and our Lisbon base provides direct access to EU regulatory channels relevant to technology operators active in Southern Europe. Engaging a lawyer in Italy with cross-border regulatory experience is essential when digital services obligations intersect with AI Act compliance – our team provides that integrated advisory support. As an international law firm in Italy and across the EU, Ferraz & Whitmore helps technology businesses build structured, enforceable compliance positions. To discuss your company's regulatory position in Italy, contact us at info@ferrazwhitmore.com.

Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. Ferraz & Whitmore assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@ferrazwhitmore.com.