Corporate Governance 2026 Comparisons

The Italian legal system encompasses a variety of corporate/business forms, each with differing levels of liability, governance, and capital requirements.

A preliminary distinction may be drawn between:

• partnerships (società di persone), where participants are often also directors and have unlimited liability;
• capital companies (società di capitali), where directors may also be non-participants and participants have limited liability (save for extraordinary circumstances provided for under applicable law); and
• “hybrid” companies, which have two categories of participants: participants with unlimited liability and management powers (accomandanti) and participants without management powers and limited liability.

Partnerships are mostly used for small-sized enterprises and may be set up as:

• società in nome collettivo (SNC), a general partnership where all partners have unlimited liability); and
• società semplice (SS), the simplest form of partnership used primarily for professional or agricultural activities. An SS is not allowed to engage in commercial business activities and its partners have unlimited liability.

Capital companies may be set up as:

• società a responsabilità limitata (SRL), a limited liability company mostly used for small-to-medium-sized enterprises (SMEs), where corporate capital is divided into quotas (not shares), the participants are referred to as “quota-holders” and corporate governance rules are flexible; and
• società per azioni (SPA), a joint stock company mostly used by medium-to-large-sized enterprises and those wishing to access capital markets, where corporate capital is divided into shares and corporate governance rules are more rigid and must follow one of three possible governance models (see 3.1 Board Structure).

“Hybrid” companies may be set up as:

• società in accomandita semplice (SAS), where corporate capital is divided into quotas (and not shares); and
• società in accomandita per azioni (SAPA), where corporate capital is divided into shares.

The categories above are indicative, as Italian corporate law allows the corporate governance rules to be further customised within a company’s by-laws. Capital companies may also be used for small-sized enterprises with a direct involvement of participants in the management (typical of partnerships).

Further distinctions may be drawn within some of the different corporate forms indicated above, depending – for instance – on the corporate purpose (eg, if the company pursues a lucrative or mutualistic purpose), business activity (eg, an SPA may be used as collective investment undertaking in the form of a SICAF (ie, investment company with fixed capital) or a SICAV (ie, investment company with variable capital)), and access to capital markets (ie, non-listed and listed companies).

It is also possible to set up a company in Italy in the form of societas europea or European Company, pursuant to Council Regulation No 2157/2001.

For sake of clarity, in this chapter we will focus on the rules applicable to SPAs and ordinary SRLs (ie, not considering the special rules applicable to so-called simplified SRL, the SME SRL and the Innovative Start-Up SRL), as these are the most common forms of corporate organisations.

The analysis will be limited to rules applicable to the generality of Italian companies, without regard to special sector laws.

Corporate governance rules applicable to Italian companies listed on an Italian regulated market (hereinafter simply referred to as “listed companies”), will be considered, not including a comprehensive analysis of the rules applicable to companies listed on Italian multilateral trading facilities (MTF), which are set forth under the applicable listing rules.

The principal source of corporate governance requirements for Italian companies is the Italian civil code (the “Civil Code”).

The general corporate governance structure of each company is reflected in its deed of incorporation and by-laws. Each company may adopt further internal rules and policies on specific aspects of its corporate governance (eg, board internal regulation, shareholder meeting regulation).

An Italian listed company is also subject to specific corporate governance laws, and most notably:

• Part IV of the Unified Financial Code (“UFC”, Legislative Decree 58/1998), an overarching legislative decree regulating the financial sector;
• second-level regulations issued by the Italian market authority, Consob (most notably, Consob Regulation No 11971/1999 on issuers);
• Consob Regulation No 17221/2010 on related parties’ transactions; Articles 15 to 18 of Consob Regulation No 20249/2017, setting forth requirements for listed entities in specific situations);
• guidelines, Q&As and notices issued by Consob; and
• further EU and Italian laws and regulations regarding specific aspects that may impact corporate governance, such as market abuse regulation (Regulation EU 596/2014 and relevant delegated and implementing EU and Italian regulations), and financial audit (Legislative Decree No 39/2010).

The Italian Stock Exchange (Borsa Italiana S.p.A.) has also set forth specific corporate governance rules applying to any company whose securities are listed on its markets.

Italian listed companies may also voluntarily decide to adopt corporate governance codes sponsored by regulated markets and/or private associations. As of the end of 2023, 97% of Italian companies on the regulated market managed by the Italian stock exchange, Borsa Italiana S.p.A. (representing 99% of market capitalisation of those companies) adopted the “Corporate Governance Code” of the Italian Corporate Governance Committee, which brings together issuers’ associations (ABI, ANIA, Assonime, Confindustria), the Italian Stock Exchange (Borsa Italiana S.p.A.) and professional investors’ association (Assogestioni) (the “Code of Corporate Governance”).

Pursuant to Italian Law (ie, Legislative Decree 231/2001), a legal entity may be liable for specific crimes committed in their interest or to their benefit by individuals in senior positions or under their direction or supervision. To avoid liability, an entity may adopt and effectively implement an “Organisational Model”, designed to identify and prevent the risks of commission of a long list of potential criminal offenses on behalf or in the interest of the company, establish protocols for decision-making and internal controls and appoint a supervisory body (Organismo di Vigilanza) tasked with monitoring the Model’s effectiveness and compliance.

Companies operating in specific regulated sectors are also subject to EU and Italian corporate governance laws and regulation, including banks (eg, Bank of Italy Circular No 285/2013), insurance companies (eg, Legislative Decree No 209/2005), financial intermediaries and asset management companies.

Below is a summary of specific corporate governance requirements applicable to listed SPAs, divided between mandatory and voluntary requirements.

Mandatory Requirements

Italian listed companies are subject to stricter and mandatory corporate governance requirements under Italian law, including on:

• appointment of members of the board of directors and of the board of statutory auditors through a slate-voting mechanism, aimed at ensuring that the minority shareholders have a right to appoint at least one candidate (Articles 147-ter and 148 of the UFC);
• appointment of a minimum number of independent directors in the board of directors;
• rules to ensure gender diversity in the board of directors and the board of statutory auditors (ie, at least two-fifths of their members must be of the “less-represented gender”);
• stricter integrity requirements for directors;
• appointment of a financial reporting officer responsible for fair accounting and financial disclosures (Article 154-bis of UFC);
• the adoption of a policy on related parties’ transactions (Consob Regulation No 17221/2010);
• the adoption of internal rules and procedure to comply with market abuse regulations (eg, rules on insider list and internal dealing, management of inside information) and disclosure obligations of inside information;
• lower quorums for shareholder meetings and thresholds for the exercise of shareholders’ rights (eg, right to call a meeting and submit voting proposals) and to initiate derivative suits and challenge shareholders’ resolutions;
• specific rules on proxy voting and participation through a “designated representative”;
• binding shareholders’ vote on the remuneration policy of the company and non-binding shareholders’ vote on directors’ remuneration (so-called say-on-pay);
• wider disclosure obligations with respect shareholder meetings (eg, obligation to include a report on the items on the agenda) and longer notice period;
• additional reporting obligations, including semi-annual financial reporting (see 6.1 External Auditors), annual “report on corporate governance and ownership structure” and “remuneration report”; and
• increased transparency on shareholder ownership and shareholders’ agreements.

Even Italian companies listed on an Italian MTF are subject to stricter and mandatory corporate governance requirements under Italian law than those applicable to non-listed companies. For instance, an Italian SPA that intends to be listed on the Euronext Growth Milan market (a MTF managed by the Italian Stock Exchange) must comply with specific corporate governance rules set forth in the relevant listing rules, including for instance:

• appointment of at least one independent director;
• the adoption of a policy on related parties’ transaction;
• mandatory shareholders’ vote for major business transactions; and
• disclosure obligations (in addition to those applicable pursuant to mandatory EU and Italian laws on market abuse).

In addition to the requirements above, companies operating in specific regulated sectors (eg, banks, financial intermediaries and asset management companies) are also subject to additional corporate governance requirements under EU and Italian laws (eg, appointment of board committees).

Voluntary Requirements

As indicated above, the large majority of Italian listed companies have adopted the Code of Corporate Governance.

Adoption of the rules of the Code is voluntary; an issuer that has formally adopted the Code of Corporate Governance may decide not to comply with specific rules of the Code, if it provides an explanation thereof (so-called comply-or-explain principle).

Each listed company must indicate in an annual “report on corporate governance and ownership structure” whether it has adopted a corporate governance code and highlight and explain any decision to depart from any of its provisions.

The Code of Corporate Governance includes several principles and recommendations, including for instance on:

• the role of the board to pursue “sustainable success” and promote dialogue with shareholders and other stakeholders;
• the adoption of a procedure for the internal and external management of documents and information concerning the company (including inside information);
• the board’s composition and diversity;
• the appointment of independent directors and annual assessment of their independence;
• the adoption of internal rules and procedures that define the functioning of the board and its committees;
• the appointment of a “lead independent director” in specific instances, who has the task of collecting and co-ordinating the requests and contributions of non-executive directors and co-ordinating the meetings of the independent directors;
• the appointment of board committees with informative, propositional and consultative functions, and in particular:
1. a Control and Risk Committee;
2. a Remuneration Committee; and
3. a Nomination Committee;
• conducting of a periodic self-assessment by the board;
• guidelines for remuneration policies for executive directors and top management; and
• the adoption of an internal control and risk management system.

Recent changes to the Italian regulatory framework have not materially altered the admission requirements for listing, but they have significantly affected the corporate governance framework applicable to listed companies and, to a certain extent, companies traded on Italian MTFs.

The most recent and relevant developments stem from the 2026 comprehensive reform of the UFC introduced by Legislative Decree No 47 of 27 March 2026, which pursued, inter alia, a broader simplification and competitiveness agenda while also introducing additional governance safeguards in areas such as shareholders’ meetings, remuneration, internal controls and risk disclosure.

In particular, disclosure requirements have been expanded. Listed companies must now include, in their corporate governance report, where such policies have been adopted, a description of policies concerning the use and monitoring of new technologies, including artificial intelligence, within their administrative, organisational and accounting structures. They must also disclose, where adopted, policies relating to the management and monitoring of IT and cybersecurity risks.

The reform also affects remuneration disclosure. In particular, it clarifies that the remuneration report to be submitted by the board of directors to the shareholders’ meeting in connection with the approval of the annual financial statements must include, at a minimum, the company’s remuneration policy with respect to directors, general managers, strategic managers (unless otherwise provided in the by-laws) and members of the control bodies. The new framework also allows the by-laws to provide that the shareholder vote on the remuneration policy is non-binding. However, where the vote is negative, the company must submit a new remuneration policy to shareholders no later than the next annual shareholders’ meeting approving the financial statements.

The 2026 UFC reform also gives listed companies greater flexibility in the organisation of shareholders’ meetings, with the aim of facilitating digital participation and simplifying meeting procedures while preserving minority shareholder protections. By-laws may now expressly provide for fully virtual meetings or meetings held exclusively through the designated proxy pursuant to Article 135-undecies UFC. Where the by-laws are silent, the board may determine the format of the meeting, subject in certain cases to the favourable opinion of the independent directors. Shareholders representing at least 5% of the voting share capital (or any lower threshold set out in the by-laws) may nevertheless request that the meeting be held with physical attendance and not exclusively through the designated proxy or by means of telecommunications.

The by-laws may also provide that, where the shareholders’ meeting is held physically or by means of telecommunications, the right to take part in the discussion is subject to the holding of a minimum shareholding threshold, which may in no event exceed 0.5% of the share capital.

The reform also revises several procedural deadlines relating to shareholders’ rights, including those concerning requests to supplement the agenda and submit additional draft resolutions.

SPA

The corporate governance of an SPA may be based upon three possible models.

So-called traditional model

The “traditional model” is the most common and default governance model. It is comprised of a management body (a sole director or a board of directors) and a control collective body (ie, the board of statutory auditors), both appointed by the shareholder meeting.

Typically, the board of directors has a general management and strategic role and delegates specific managerial powers to a chief executive officer and/or to one or more additional executive directors and/or an executive committee. The board of statutory auditors has a control function and is required to ensure that the company’s management is in compliance with the law, the by-laws and with the principles of proper management, and in particular with respect to the adequacy of the organisational, administrative and accounting structure of the company. Furthermore, the board of statutory auditors may be required to conduct the financial audit of the company, if the company has not appointed an external auditor or audit firm (see 7.1 ESG Requirements).

The two-tier model

The two-tier model is inspired by the German governance system and contemplates a supervisory board appointed by the shareholders’ meeting and a management board, appointed by the supervisory board.

An external auditor or audit firm mandatorily conducts the statutory financial audit.

A one-tier model

The one-tier model contemplates a single management body appointed by the shareholder meeting, which includes in itself an internal audit committee comprised of independent directors.

An external auditor or audit firm mandatorily conducts the statutory financial audit.

In companies subject to a mandatory financial audit (eg, listed companies), the supervisory body – board of statutory auditors, supervisory board or internal audit committee, depending on the governance system – is also required to serve as audit committee pursuant to Legislative Decree 39/2010 (which implemented  EC Directive 2006/43) and in that capacity monitor the financial reporting process and effectiveness of internal control, internal audit and risk management systems.

Since most of the Italian SPAs have adopted the traditional model, this analysis will be limited to the corporate governance rules applicable to the traditional model.

See 4.1 Companies and Shareholders for a more detailed description of the structure of a board of directors in an SPA with the “traditional” governance model.

A company (typically, a large-sized SPA and less frequently an SRL) may appoint a General Manager (Direttore Generale), a top manager with wide managerial powers and responsibilities. The General Manager may be appointed in alternative or in addition to the CEO.

SRL

In an SRL, the by-laws contemplate a wide range of possible management structures:

• sole director;
• a board of directors; and
• multiple directors, with joint or separate powers.

An SRL is not required to appoint a supervisory body (ie, sole auditor or board of statutory auditors) or an external auditor, unless it exceeds certain dimensional thresholds set out in Article 2477 of the Civil Code, is required to prepare consolidated financial statements, controls a company subject to mandatory statutory audit, or it is required to by special laws (eg, due to its specific business activity).

In an SRL, corporate governance rules are more flexible and depend heavily on the by-laws.

Typically, boards of directors define the overall strategy (eg, the business plan) and organisational structure of the company. The board appoints the chairperson (if not appointed by the shareholders), the board committees, and defines the overall strategy and organisation of the company.

The board may delegate managerial powers to a chief executive officer, one or more executive directors, or an executive committee, provided that under Italian law some matters may not be delegated by the board of directors, such as, according to Article 2381, paragraph 4, Civil Code:

• issuance of convertible bonds;
• approval of the draft annual financial statements;
• approval of capital increases;
• resolutions regarding capital losses; and
• merger and demerger proposals.

Board committees perform informative, propositional and consultative functions vis-à-vis the board.

SPA

In an SPA with a board of directors, the decision-making process typically follows these steps:

• the chairperson calls the board meeting pursuant to the by-laws. Generally, by-laws provide that a board meeting must be convened, if so requested by a minimum number of directors;
• the board members meet in person and/or through distance connection (as provided under the by-laws). Unless provided otherwise in the by-laws, the meeting is validly held if the majority of directors in office are present and resolutions are taken by a majority vote of those present; and
• resolutions are recorded in the minutes of the meeting, which are signed by the chairman and the secretary and included in an official book of board resolutions.

In an SPA, board resolutions may not be taken through circular resolutions (unlike in SRL).

SRL

In an SRL with a board of directors, board resolutions may be taken through board meetings in person or through distance connection (like in an SPA) as well as by circular resolutions (ie, “written consultation” or “express written consent”. However, resolutions regarding specific matters are taken only through a board meeting (the approval of draft financial statements, merger and de-merger projects and a capital increase).

All resolutions must be recorded in an official book.

In an SRL and an SPA the chairperson is appointed by the shareholders/quota-holders or by the board itself.

Once appointed, the board of directors may then appoint among its members:

• a chairperson (if not appointed by the shareholders);
• a chief executive officer and one or more executive directors, granting them delegated powers;
• an executive committee, granting it delegated powers; and
• board committees (eg, remuneration committee, risk and control committee, nomination committee).

The appointment of internal committees is required pursuant to EU and Italian laws for companies operating in specific sectors (eg, banks and management companies), or recommended by codes of corporate governance (eg, Corporate Governance Code).

Typically, in a board of directors there are executive directors who have specific roles in the company or are entrusted with delegated powers, and non-executive directors.

In listed companies as well as those operating in related sectors (eg, banks, financial institutions and management companies) the board must also include a minimum number of non-executive and independent directors.

As indicated under 1.3 Companies With Publicly Traded Shares, the Corporate Governance Code also recommends the appointment of a lead independent director in specific instances, who has the task of collecting and co-ordinating the requests and contributions of non-executive directors and co-ordinating the meetings of the independent directors.

In an SPA, all directors are required to perform their duties with diligence and in an informed manner. They must request any necessary information from the CEO and executive directors and propose any required action if they become aware and/or have grounded suspicion of any possible prejudicial facts or anomalies. Directors are also required to comply with “principles of proper management”, following general criteria of economic rationality over time identified by business science and assessing the adequacy of a company’s organisation, as well as its administrative and accounting structure based on the information received.

Independent directors (where appointed) are expected to play a key role within the board of directors, exercising a check-and-balance function as well as contributing to the overall discussions with their perspective.

The CEO and the executive directors are required to fulfil their duties and exercise their delegated powers with diligence. They also have a duty to inform the entire board of directors and the board of statutory auditors, at least at the intervals set forth in the by-laws and in any event at least once every six months, on the general performance and outlook, as well as on the most significant transactions of the company and its subsidiaries, in terms of size or characteristics. They are also required to ensure that the organisational, administrative and accounting structure is appropriate to the nature and size of the company.

The chairperson is responsible for calling and setting the agenda of the meetings of the board of directors, co-ordinating the meetings and ensuring that all directors are provided with adequate information on the items on the agenda. These tasks are further developed by the Corporate Governance Code. Companies operating in specific business areas (eg, banks and financial institutions) are also subject to specific requirement pursuant to sector laws (eg, in a bank the chairperson cannot have executive roles).

The board of directors may also appoint board committees, with investigative, propositional and consultative functions regarding specific areas. The area of competence of each committee is indicated in the by-laws and/or in internal regulations approved by the board of directors. The appointment of board committees is recommended for listed companies pursuant to the Code of Corporate Governance and required under specific sector laws (eg, banks and financial institutions).

The general principles set forth above apply also to an SRL.

Italian corporate law does not mandate any composition requirements or recommendations for an SRL and a non-listed SPA (except for those subject to sector laws, such as banks and financial institutions).

Listed companies are subject to specific composition requirements under Italian law, as indicated in 1.3 Companies With Publicly Traded Shares, including on the appointment of directors by minority shareholders, appointment of independent directors and gender diversity.

The Code of Corporate Governance also recommends (in Article 2) that in a listed company:

• the board should be comprised of executive and non-executive directors;
• the directors should have professional skills and competence that are appropriate to their tasks and the number and skills of non-executive directors should ensure significant influence in the decision-making process of the board and guarantee an effective monitoring of management;
• a significant number of non-executive directors should be independent (in general, at least two independent directors; in larger companies with a concentrated ownership structure, at least one-third of the board; in other larger companies, at least half of the board);
• the company should apply diversity criteria to the composition of the board of directors, ensuring the primary objective of adequate competence and professionalism of its members; and
• each company should define the diversity criteria for the composition of the board of directors and the control body, and identify the most suitable tool for their implementation, considering its ownership structures.

It bears noting that listed companies are required to include in their annual “report on corporate governance and ownership structure” a description of the diversity policies applied in relation to the composition of the administrative and control bodies or explain the reasons why it decided not to adopt any diversity policy (unless the information is referred to in the “sustainability report”, see 2.2 Types of Decisions).

Specific composition requirements are also mandated pursuant to specific sector laws (eg, banks and financial institutions).

In SPAs and SRLs a person that has been disqualified or declared bankrupt or sentenced to a penalty involving a prohibition to hold public offices or managerial roles may not be appointed director (Article 2382 of the Civil Code). Additional requirements apply to listed SPAs (as set forth in Ministerial Decree 162/2000) as well as to companies subject to specific sector laws (eg, directors of banks are required to comply with so called “fit and proper” requirements).

Under Italian law, the mechanisms for appointing and removing directors vary depending on the corporate form and whether a company is listed, as indicated below.

SRL

In an SRL, directors are appointed and may be removed through a vote of the quota-holders, unless the by-laws provide otherwise (Article 2475 of the Civil Code).

SPA

Directors are appointed by the ordinary shareholder meeting (Article 2383 of the Civil Code). The by-laws may entitle specific categories of shareholders and/or holders of participation financial instruments with a right to appoint directors. Directors may be removed any time by the shareholder meeting, provided that in the event of a removal without cause the removed director is entitled to damages.

In a listed SPA, the appointment of directors by the shareholder meeting is conducted through a slate-voting mechanism provided in the by-laws (see 1.3 Companies With Publicly Traded Shares), designed to ensure representation of minority shareholders (Article 147-ter UFC). The composition of the board of directors must comply with specific gender diversity requirements.

Italian corporate law does not require companies to appoint independent directors, except for listed companies and entities subject to sector laws (eg, banks, financial institutions), as indicated above (1.3 Companies With Publicly Traded Shares). It bears highlighting that an SPA is required to appoint a board of statutory auditors, which has a control function and whose members must be independent.

There are rules and requirements under general Italian corporate law designed to regulate situations of potential conflicts of interests, as indicated below.

SPA

Italian corporate law prohibits directors of an SPA from engaging in activities that compete with the company. In particular, directors may not act as unlimited liability partners in competing firms, undertake competing activities on their own or on behalf of others, or serve as directors or general managers of competing companies – unless expressly authorised by the shareholder meeting (Article 2390 of the Civil Code). This authorisation may be general, prior, or implicit in the appointment resolution. A breach of this prohibition exposes a director to dismissal and liability for damages.

Directors and members of supervisory boards of companies operating in the credit, financial and insurance sectors are also subject to an “interlocking ban” (Article 36 of Law Decree 201/2011), that limits their right to hold management, supervisory or top executive roles in competing firms.

Italian corporate law also requires directors to disclose any personal interest, whether direct or on behalf of third parties, in transactions undertaken by the company to the other directors and statutory auditors (Article 2391 of the Civil Code). This obligation applies even if the relevant interest is not in conflict with the company (eg, if the company and the director have a concurring interest in a transaction)

An “interested” director must disclosure the nature, terms, origin and extent of the interest. Once a personal interest is disclosed, the relevant director is not required to abstain from voting on the matter. Instead, the board is required to justify the transaction thoroughly, explaining its benefits. A duty to abstain exists for directors of an SPA operating in specific sectors (eg, banks and financial institutions), if they hold an interest that conflicts with the interest of the company.

If the CEO holds a personal interest, they must abstain from executing the transaction.

If the company is managed by a sole director, they must disclose its interest to the shareholder meeting.

The board is collectively liable if a resolution lacks proper reasoning or fails to consider potential consequences and the “interested” director may be individually liable for any damage resulting from failure to disclose its interest.

Directors may also be liable if they misappropriate corporate opportunities or confidential information learned through their role (Article 2391, paragraph 5, Civil Code).

SRL

The rules under Italian corporate law on conflict of interests of directors in an SRL are less strict than those applicable in an SPA (Article 2475-ter Civil Code).

In particular, in the event a director has a personal interest in conflict with the company a resolution of the board of directors may be challenged by the other directors and auditor(s) if:

• the vote of the relevant director in conflict was decisive for the quorum; and
• the resolution causes financial damage to the company.

Moreover, any contracts executed on behalf of the company by a director with an interest in conflict with the company (whether it is a personal interest or an interest on behalf of another third party) may be annulled at the request of the company if the conflict was known or recognisable by the counterparty.

The main legal duties of directors of an SPA pursuant to the Italian Civil Code may be summarised as follows.

• Duty of care – directors must fulfil their duties pursuant to applicable laws and by-laws with care, consistently with the nature of their office and their individual skills (Article 2392, paragraph 1, of the Civil Code).
• Duty to act in an informed manner – directors must base their decisions on adequate information and request that any necessary information be provided to the board of directors (Article 2381, paragraph 6, of the Civil Code).
• Duty to intervene – directors who become aware of potentially prejudicial facts must act to prevent or mitigate damages (Article 2392, paragraph 2, of the Civil Code).
• Duty of loyalty – directors must perform their duties with independence of judgement, directing their action to the pursuit of the company purpose.
• Duty of proper management – directors must ensure adherence to general business rationality and contribute to the implementation of an adequate organisational, administrative and accounting structure.

In addition to the general duties applicable to all directors, delegated executive directors are also subject to the following additional general duties.

• Duty to ensure organisational adequacy – delegated executive directors must ensure that a company’s organisation and administrative and accounting structures are adequate considering its nature and size (Article 2381, paragraph 5, of the Civil Code).
• Duty to inform – delegated executive directors must periodically report to the board of directors and the board of statutory auditors on company performance and its foreseeable prospects, as well as on significant transactions carried out by the company and its subsidiaries (Article 2381, paragraph 5, of the Civil Code).

The same general duties indicated above may be applied to the directors of an SRL (Articles 2475 and 2476 of the Civil Code).

Directors owe their duties primarily to the company, its shareholders (or quota-holders, in an SRL) as well as to its creditors (as to the capacity of the company to pay its debts).

The by-laws of a company may also require directors to pursue the interest of other stakeholders, including employees, clients, suppliers, creditors, public administration and society in general (ie, so called società benefit). 

It bears noting that according to the Code of Corporate Governance, a listed SPA should pursue “sustainable success”, aiming at creating long-term value for the benefit of the shareholders, “taking into account the interests of other stakeholders relevant to the company”.

Under Italian law, the rules regarding the enforcement of directors’ duties and claims for damages differ depending on the corporate form.

SPA

The directors are liable for damages against the company, its shareholders (or quota-holders, in an SRL) and creditors in the event of a breach of their duties.

In an SPA, the following claims for damages may be brought against directors in the event of a breach of their duties:

• claim for damages on behalf of the company, pursuant to:
1. a resolution by the shareholder meeting; or
2. a resolution by the board of statutory auditors;
• claim for damages on behalf of the company, initiated by minority shareholders (at least 20% of the capital or the percentage set forth in the by-laws in a non-listed SPA; at least 2.5% of the capital or the lower percentage set forth in the by-laws, in a listed company).
• claim for damages by the company’s creditors (if the ability of the company to pay its debts has been infringed);
• claim for damages by individual shareholders and/or third parties (in the event they have been directly affected by a breach of the directors’ duties).

In case of insolvency, the legal actions under the first three bullet points above may be initiated by the officer responsible for the relevant insolvency proceeding.

SRL

In an SRL, the following legal actions may be brought against directors in the event of a breach of their duties:

• claim for damages by any quota-holder (regardless of their participation);
• claim for damages by the company’s creditors (if the ability of the company to pay its debts has been infringed); and
• claim for damages by individual quota-holders and/or third parties (in the event they have been directly affected by a breach of the directors’ duties).

According to prevailing case law and majority of legal scholars, a claim for damages may also be brought against the directors on behalf of the company as well as, in case of insolvency, by the officer responsible for the relevant insolvency proceeding.       

Parent Companies

Where a company – either an SPA or SRL – controls and exercises direction and co-ordination over another company and there is a breach of the “principles of proper corporate and business management”, the directors of the parent company may be liable jointly with the parent company itself vis-à-vis:

• the participants in the controlled entity, for any damages to the profitability and value of the participation; and
• the creditors of the controlled entity, as to the capacity of the company to pay its debts).

In addition to the cases indicated above under 3.8 Breach of Directors’ Duties, in case of a breach of corporate governance requirements a director may also be subject to:

• administrative fines, for breaches of specific corporate governance- related administrative obligations (eg, omissions in the registration of corporate resolutions in the Companies’ Registry); and
• criminal liability, for specific corporate-governance related criminal offences (eg, false communications to the public, fraudulent influence on the shareholder meeting).

Criminal and administrative liability is generally non-waivable.

On the other hand, civil liability for damages of a director vis-à-vis the company and shareholders may be mitigated through an insurance policy (so called “Directors and Officers” Insurance Policy). The shareholders may also decide to grant a waiver to the directors for any potential liability (eg, through a vote of the shareholder meeting), in relation to event and circumstances that occurred beforehand (whereas a pre-emptive discharge of liability is not admissible).

In an SRL and in a non-listed SPA the remuneration of directors and officers is generally determined by the shareholders, unless established in the by-laws, and is disclosed within the annual financial statements, on an aggregate basis. Failure to comply with the applicable approval requirements may result in the relevant remuneration being challenged and may give rise to restitution claims and directors’ liability, particularly where payments have been made without the required corporate approval or in breach of the company’s by-laws.

Each listed SPA must issue a “remuneration report”, providing a comprehensive description of any remuneration paid to each director and member of the board of statutory auditors, and in aggregate for other key personnel. Following the 2026 reform of the UFC, the remuneration policy must include, at least, the company’s policy with respect to directors, general managers, members of the control bodies, unless otherwise provided in the by-laws, strategic managers. The by-laws may also provide that the shareholders resolution on the remuneration policy is non-binding, the shareholders decision shall be made available to the public; furthermore, if the outcome of the shareholders meeting vote is negative, the company shall submit a new policy to shareholders no later than the next annual shareholders’ meeting approving the financial statement. The remuneration policy is submitted to the shareholders’ meeting pursuant to the so called “say on pay” mechanism. In addition to the consequences outlined above with respect to SPAs generally, failures by listed companies to comply with the approval, procedural and disclosure requirements relating to remuneration policies and reports may also give rise to administrative sanctions under the UFC and the relevant Consob implementing regulations.

Specific approval and disclosure requirements on directors’ remuneration apply to companies operating in regulated businesses pursuant to sector laws (eg, banks, insurance companies and financial intermediaries).

The relationship between the company and its shareholders is of contractual nature and is regulated in the relevant incorporation deed and by-laws as well as in mandatory provisions of Italian corporate law.

Each SPA is required to keep and regularly update a record of the shareholders of a company, which is not publicly available and may be consulted by the shareholders. In addition, each non-listed SPA is required to file with the Company’s Registry a list of its shareholders on a yearly basis (within 30 days from the approval of the financial statements), which is publicly available.

In an SRL, there is a record of the quota-holders, which is registered with the Companies’ Registry and publicly available.

In general, shareholders of an SPA are excluded from the management of the company (unless a shareholder is also appointed director or officer of the company). However, the by-laws may provide that specific management decisions require an authorisation of the shareholders.

In an SRL, quota-holders may be directly involved in the management of the company, as provided in the by-laws (eg, the by-laws may provide that the directors must be quota-holders and/or that specific management decisions are resolved upon by the quota-holders).

The Italian civil code reserves certain decisions to the shareholder meeting (eg, the appointment of the board of directors, the board of statutory auditors and external auditors; changes to the by-laws; merger, demerger and liquidation proceedings). In both an SPA and an SRL a shareholder meeting is to be held at least on a yearly basis for the approval of the annual financial statements and when the term of office of the board of directors and board of statutory auditors has expired.

The rules that govern the holding and conduct of shareholder meetings differ depending on the corporate form and whether the company is listed or not listed.

SPA

In an SPA, a shareholder meeting may be “ordinary” or “extraordinary”, depending on the relevant subject matters. “Ordinary” meetings require lower quorums and are not in notarial form, whereas “extraordinary” meetings require higher quorums and must be in notarial form.

Typically, the board of directors or the chairman (the board of statutory auditors, in case of inaction) call the meeting with a notice, that indicate the place and time of the meeting and the agenda.

In a non-listed SPA, the notice may be sent by email or any other means to each shareholder at least eight days in advance or, alternatively, be published on an Official Publication (the Official Gazette) or at least one Newspaper at least 15 days in advance.

A listed SPA is required to publish the notice at least 30 days in advance and post it on the company’s website (or the different period, as required for specific items on the agenda), together with a report explaining the items on the agenda.

If so provided under the by-laws, the meeting may take place anywhere in Italy or even abroad, as well as by means of telecommunication.

At the opening of the meeting, the chairperson is required to identify the attendees, their entitlement to participate (in person or by proxy), the reaching of the relevant quorum and the validity of the meeting.

The chairperson appoints a secretary, that is tasked with the drafting of the minutes of the meeting.

The chairperson conducts the meeting, leaves the floor to the managers that are called to explain the different items and/or shareholders that intend to intervene, puts the items on the vote and proclaims the result of each voting.

In a listed SPA, the by-laws may entitle the board of directors to provide that the shareholders may participate in a meeting only through a designated proxy (ie, the shareholders may vote only through voting instructions given to the designated proxy ahead of the meeting).

The minutes of each meeting are signed by the chairperson and the secretary and included in the official book of shareholder meetings.

SRL

The rules governing the holding and conduct of quota-holder meetings in an SRL are very flexible. The by-laws of each SRL may determine the means and timing for the calling of a meeting.

Shareholders are entitled to claim damages against the directors, in the event of a breach of their duties, as well as against the parent company (if it exercises direction and coordination over the company) and its directors, in case of breach of the “principles of proper corporate and business management” (see 3.8 Breach of Directors’ Duties).

In general, under Italian law each person is required to notify the Market Authority (Consob) and the relevant listed company whenever it acquires or reduces its participation above or under specific thresholds of the voting share-capital (ie, 3%, 5%, 10%, 15%, 20%, 25%, 30%, 50%, 66.6%, and 90%). For SMEs (small and mid-size enterprises), the initial threshold is reduced to 5%.

Disclosure obligations also apply when a person acquires a significant “long-position” on the shares of a listed company through financial instruments, derivatives and other contracts (subject to specific thresholds and exemptions).

The disclosure includes the identity of the first person/entity at the beginning of the ownership chain. See 5.4 Global Anti-Money Laundering as to the disclosure of the beneficial owners of a company pursuant to applicable anti-money laundering regulation.

In addition to the disclosure obligations above, any person acquiring a participation above the 10%, 20% and 25% thresholds in the voting share-capital of a listed company are also required to disclose additional information, including its future plans regarding the company for the subsequent six months and the origin of the funds used for the acquisition.

The shareholders of an Italian listed company are also required to disclose the existence and content of any shareholders’ agreement (including any subsequent changes and termination).

Specific disclosure requirements apply to shareholders that have launched a takeover bid or that have triggered the thresholds of the mandatory takeover bid.

Specific disclosure requirements apply also to institutional investor and asset managers as to their engagement, investment strategies and management agreements, in furtherance to specific provisions of Italian law implementing the EU “Shareholders’ Right Directive II” (those provisions also impose specific disclosure requirements on proxy advisors).

Non-Listed SPAs

A non-listed SPA is required to prepare and publish financial statements on an annual basis, but is not required to approve any interim financial reporting, unless so required by the company’s by-laws and/or sector laws.

Draft annual financial statements are drawn up by the management body of the SPA (eg, the board of directors) and approved by the shareholder meeting within 120 days (or 180 days under specific conditions) after the end of each financial year (Articles 2423 and subsequent of the Civil Code).

Listed SPAs

A listed SPA is subject to enhanced transparency and periodic reporting requirements under Italian law (primarily, the UFC).

In particular, a listed SPA is required to publish:

• annual financial statements, which are drawn up by the management body of the SPA (eg, the board of directors) and approved by the shareholder meeting within 120 days (or 180 days under specific conditions) after the end of each financial year (articles 154-ter of UFC and 2423 and subs. of the Civil Code); and
• half-yearly financial statements, which are drafted and approved by the management body (not approved by the shareholders) within three months from the end of the first semester of the financial year.

A listed SPA may also decide to voluntarily publish further periodic financial statements, if disclosure requirements set forth in Consob’s Issuer Regulation are complied with (Article 82-ter).

Publication of interim financial statements may be required by the Italian Stock Exchange for specific market segments (eg, companies listed on the Euronext STAR Milan segment of the Italian Stock Exchange are required to publish quarterly financial statements).

In specific circumstances (eg, companies in financial distress), Consob may mandate a listed company to publish additional periodic financial statements, on a monthly or quarterly basis (Article 114, paragraph 5, UFC).

Even an SPA that is listed on an MTF (and not listed on an Italian regulated market) may be subject to enhanced transparency and periodic reporting requirements, as required by applicable listing standards. For instance, an Italian SPA listed on the Euronext Growth Milan market (an MTF managed by the Italian Stock Exchange) is required to publish not only annual financial statements (like any other SPA), but also half-yearly financial statements.

Parent Companies

Under Italian law (ie, Articles 25 and subs. of Legislative Decree No 127/1991, which implements EU Directive 83/349/EEC), an SPA or SRL that controls another entity is required to publish consolidated financial statements on an annual basis, unless specific exemptions apply.

SRLs

An SRL is required to prepare and publish financial statements on an annual basis and is not required to approve any interim financial reporting (unless so required by the company’s by-laws and/or sector laws).

Draft annual financial statements are drawn up by the management body of the SRL and approved by the quota-holders within 120 days (or 180 days under specific conditions) after the end of each financial year (Article 2478-bis of the Civil Code).

Non-listed companies are not required to disclose their corporate governance arrangements in any periodic report. However, the deed of incorporation and the by-laws of any SRL and SPA are registered with the Companies’ Registry and publicly available.

Listed companies are required to issue every year a comprehensive “report on corporate governance and ownership structure”, including detailed information on their shareholding and corporate governance arrangements, including (among others) information on  the main features of the risk management and internal control systems in place in relation to the financial reporting process, the functioning of the shareholder meeting, composition and functioning of the administrative and control bodies and their committees, a description of the diversity policies applied (Article 123-bis of the UFC).

This report should also indicate whether a company adheres to a corporate governance code (explaining also the reasons for any decision to departure from any provision of a code to which it has adhered) as well as the actual corporate governance practices adopted by it.

Listed companies are required to disclose and post on its website any shareholders’ agreement that has been notified to it by the relevant shareholders.

SPAs and SRLs are incorporated and registered with the competent Companies’ Registry, which is managed by the local Chamber of Commerce.

The incorporation of an SPA and an SRL requires a notarial deed in front of a notary (even through a videoconference, with respect to an SRL and subject to specific restrictions) and the filing of the relevant incorporation deed and of the by-laws attached thereto with the Companies’ Registry.

Italian companies are required to file a long list of documents and information with the Companies Registry, which are then publicly available. These documents and information include (without limitation):

• deed of incorporation, by-laws and any amendments thereof;
• appointment, cessation, revocation, of directors and members of the board of statutory auditors;
• transfer of the corporate seat;
• grant or revocation of powers of attorney;
• minutes of shareholder meetings approving extraordinary transactions and approving the annual financial statements;
• annual financial statements and consolidated financial statements;
• the fact that the company has (or ceased to have) a sole participant;
• the fact that the company is subject to the direction and coordination of another entity (Article 2497-bis Civil Code);
• documentation regarding extraordinary transactions (eg, merger, demerger, transformation);
• liquidation and appointment of liquidators;
• in a listed SPA, any shareholders’ agreement; and
• in an SRL only, any transfers of quotas and any update to the quota-holders’ list.

Italian Anti-Money Laundering Law requires companies to disclose the identity of their beneficial owner to the Companies’ Registry. However, this obligation is currently suspended pursuant to a court order and a case is pending in front of the Court of Justice of the European Union.

Failure to make required filings may have different consequences, depending on the nature of the actual filing:

• some corporate acts must be filed to produce any legal effect and are void until the relevant filing is completed and processed (eg, incorporation deed and amendments of the by-laws); and
• some other corporate acts are unenforceable against third parties until the relevant filing is completed and processed.

A failure to complete a required filing within the relevant deadline may also lead to pecuniary fines against directors, statutory auditors and General Manager (Articles 2630 of the Civil Code).

Company directors may be held personally liable for damages suffered by the company, shareholders, or third parties due to their failure to file required documents (eg, pursuant to articles 2395, 2476 and 2497-bis of the Civil Code).

The Companies’ Registry exercises a formal and administrative review of the documentation and information provided to it, without any substantive legal review. The Companies’ Registry may reject the registration of a corporate act, if it lacks formal mandatory requirements or appears to be unauthentic or filed by a person void of relevant powers.

A more substantive legal review is carried out by the notary with respect to deeds in notarial form (eg, deed of incorporation, amendments to the by-laws, minutes of shareholders’ extraordinary resolutions).

Reporting Requirements (AML)

Under Italian anti‑money laundering legislation, legal entities are subject to specific beneficial ownership transparency obligations. Companies are required to:

• identify their beneficial owner (ie, the natural person or persons, other than the legal entity, who ultimately own or control it, and on whose behalf a business relationship is established, a professional service is provided, or a transaction is carried out by the entity) and
• communicate the relevant information to the competent Companies Register. This obligation forms part of the broader EU AML framework, which requires transparency on the ownership and control of legal persons.

The identification of the beneficial owner must be carried out by the directors on the basis of statutory criteria, applied in hierarchical order, relating to ownership (direct or indirect), control and, residually, powers of representation or administration. In carrying out this assessment, directors must rely on all available corporate and accounting information and may request relevant data from shareholders and the beneficial owner.

Companies must maintain adequate, accurate and up‑to‑date information on their beneficial ownership for at least five years and are required both to file such information with the Companies Register and to provide it to AML “obliged entities” (including banks, financial institutions, insurers, professionals and notaries) in the context of business relationships or qualifying transactions.

It should be noted that, at the time of writing, the effectiveness of the filing obligation and access to the beneficial ownership register are suspended, pending a preliminary ruling of the Court of Justice of the European Union following a referral by the Italian Council of State.

Board Oversight of AML Matters

Italian AML legislation does not establish a standalone board regime for all companies comparable to that applicable to regulated intermediaries; however, it clearly allocates responsibility for compliance with beneficial ownership obligations to the board of directors.

In particular, directors are required to ensure the proper identification, verification, recording and updating of beneficial ownership information, exercising a standard of diligence consistent with their general fiduciary duties under corporate law. This entails establishing adequate internal processes to collect and verify ownership information and ensuring that such data is promptly updated and, where applicable, notified to the Companies Register and to counterparties that are subject to AML obligations.

Companies and Directors’ Liability for AML Non-Compliance

Directors may face multiple layers of liability in connection with failures to comply with AML-related obligations.

First, Administrative liability may arise for the company in the event of a failure to file beneficial ownership information, which is subject to monetary penalties.

Second, directors may incur civil liability towards the company where non-compliance results from a breach of their duties of care and proper management, for instance where they fail to adopt adequate procedures to identify or update beneficial ownership information.

Third, in more serious cases, directors may be exposed to criminal liability, particularly where inaccurate or misleading information is intentionally provided or where the conduct is connected to underlying money laundering offences, which are punishable under Italian criminal law.

In addition, specific consequences attach to the conduct of shareholders: unjustified refusal to provide information or the provision of manifestly inaccurate data results in the suspension of voting rights and may lead to the annulment of resolutions adopted with the decisive vote of the non-compliant shareholder.

An external audit is an official auditor or audit firm, included in special Registry held by the Ministry of Economy and Finance, appointed by a company to conduct the financial audit of the financial statement of a company. This external auditor is separate from the board of statutory auditors, which is a control body required in each SPA with the so called “traditional” governance model.

In an SPA with the so called “traditional” governance model, the board of statutory auditors is required to conduct the audit of the financial statements, unless an external auditor is appointed.

An SPA appoints an external auditor voluntarily or when required to pursuant to applicable law (eg, the company (i) has issued instruments listed on a regulated market; (ii) is required to prepare consolidated financial statements, (iii) is a regulated entity, (iv) is controlled by, controlling or jointly controlled by, an entity indicated under previous letters (i)–(iii)).

The relationship between the company and the external auditor is governed by a set of statutory, contractual, and professional rules, which contemplates for instance:

• the appointment by the shareholder meeting based on a proposal of the board of statutory auditors;
• the maximum length of each appointment, different for non-listed and listed companies and companies operating in specific sectors);
• cases in which the appointment of an external auditor may be revoked for cause;
• duties of diligence and care; and
• relations with the board of statutory auditors.

Considering the limitations applicable to an SRL’s ability to access the trading venues and to conduct regulated business, most often an SRL appoints an external auditor if it is controlled or controls a company that is required to appoint an external auditor.

Under Italian law, geopolitical risk is not subject to a specific regulatory framework applicable to all companies.

With the Legislative Decree No 125/2024, the Italian legislator has implemented the EU Corporate Sustainability Reporting Directive, or “CSRD” (Directive EU 2022/2464), which requires large companies and listed SMEs (excluding so called “micro-enterprises”) and parent companies of large groups to prepare and publish a yearly comprehensive report on sustainability, in accordance with the European sustainability reporting standards (ESRS), covering environmental and social impacts, governance frameworks, sustainability-related risks and opportunities, and strategic objectives.

The new legislation has introduced the role of the sustainability auditor, who is required to provide assurance on a company's sustainability reporting, ensuring its accuracy and compliance with regulatory requirements and standards like the European Sustainability Reporting Standards (ESRS).

The schedule for the entry into force of the new reporting obligations is different, depending on the different category of each relevant entity.

Other than the new rules implementing the CSRD, there is not a general reporting obligation on ESG matters.

However, companies may decide to voluntarily adopt ESG principles and provide periodic information on the implementation of such principles. Some companies may also decide to voluntarily adopt international standards such as the Global Reporting Initiative (GRI), Sustainability Accounting Standards Board (SASB) or the Task Force on Climate-related Financial Disclosures (TCFD) to enhance transparency and credibility in their ESG communication.

A company may also decide to include in its corporate purposes the pursuit of the interest of other stakeholders (ie, other than the shareholders), including those of the employees, clients, suppliers, creditors, public administration and society in general. Pursuant to a specific set of rules adopted by the Italian legislator (Law No 208/2015, paragraph 1, Sections 376 to 384), these companies may therefore adopt the status of so called società benefit, be included in special registry and become subject to specific yearly reporting (so called impact reporting), to be annexed to the annual financial statements

Under Italian law, there is no single, comprehensive statutory framework governing ESG matters across all companies. Instead, ESG obligations arise from a combination of EU legislation, national laws and corporate governance principles, which generally apply only to specific categories of companies and/or sectors of activity and therefore have a limited scope of application.

Against this background, the current global political climate has not led to a formal rollback of ESG requirements in Italy. Rather, it has triggered a shift in how ESG is approached at governance level, moving from a broad, compliance-driven perspective to a more selective and risk-based focus on material issues:

In particular, recent practice shows a tendency among boards to:

• integrate ESG considerations into core business strategy and risk management, rather than treating them as standalone compliance topics;
• focus on ESG factors that have a direct impact on enterprise value and operational risk; and
• streamline governance structures (for example, by embedding ESG oversight into the board or risk committees or maintaining dedicated ESG committees).

It should be noted, however, that these developments concern primarily more structured companies, in particular:

• listed companies and large corporates;
• entities operating in regulated sectors (such as banking, financial and insurance); and
• companies subject to specific ESG-related disclosure and governance requirements at EU or national level.

For smaller or non-regulated companies, ESG considerations remain largely embedded in general corporate law duties and are typically addressed with a lower degree of formalisation.

Italian law does not provide for a fully codified system of board oversight of artificial intelligence as a standalone matter. However, a structured framework now emerges from the combined application of the EU Artificial Intelligence Act and Law No 132/2025, together with general duties of directors under the Civil Code.

Law No 132/2025 introduces a set of general principles governing the development and use of AI, including transparency, human oversight, non-discrimination, data quality, and cybersecurity across the entire lifecycle of AI systems. These principles are expressly anthropocentric and require that AI systems remain subject to human control and responsibility.

Within this framework, directors are required to ensure that the company’s organisational, administrative, and risk management structures adequately address AI-related risks. This includes the integration of AI into internal control systems, the adoption of governance policies, and the supervision of compliance with both EU and national requirements.

In practice, oversight is typically allocated to the board of directors as a whole, with operational monitoring delegated to control and risk committees. The introduction of national principles under Law No 132/2025 further reinforces the expectation that boards actively supervise the ethical, legal, and operational use of AI, particularly where fundamental rights or high-risk applications are involved.

AI-related risks in Italy are governed by a layered framework combining EU regulation and national legislation. Alongside the GDPR and sector-specific rules, Law No 132/2025 establishes binding principles for AI development and use, focusing on the protection of fundamental rights, transparency, accountability, and technological reliability.

The most significant regulatory development remains the EU Artificial Intelligence Act, which introduces a risk-based classification of AI systems and corresponding compliance obligations. Law No 132/2025 complements this framework by reinforcing key safeguards, including human oversight, prevention of discriminatory outcomes, data governance standards, and system security.

From a governance perspective, AI risk management is typically structured across multiple corporate functions. Senior management is responsible for implementation, while the board retains overall responsibility for supervision and strategic direction. Risk and audit committees are increasingly tasked with overseeing AI-related risks, particularly in relation to internal controls and compliance.

The Italian framework also places increasing emphasis on reputational and ethical risks, requiring companies to ensure that AI systems are explainable, reliable, and aligned with constitutional principles. As a result, many organisations are adopting internal AI governance frameworks, including risk classification models, human oversight procedures, and internal validation processes.

The use of AI systems exposes directors and officers to liability under both general corporate law and the emerging AI-specific framework. Law No 132/2025 strengthens this exposure by explicitly linking AI use to the protection of fundamental rights and by introducing additional areas of civil and criminal liability.

Key liability risks include unlawful data processing, discriminatory or biased outputs, lack of transparency, unsafe or unreliable AI systems, and failures in human oversight. The law also introduces specific attention to issues such as deepfakes, misuse of AI-generated content, and professional obligations to inform users or clients about the use of AI systems.

Directors may be held liable where they fail to implement adequate governance structures or to ensure compliance with applicable AI principles. This includes failures to adopt appropriate risk management systems, inadequate supervision of high-risk AI applications, or omission of necessary corrective actions.

Enforcement may occur through civil claims by the company, shareholders, creditors, or third parties, as well as through regulatory sanctions. In certain cases, criminal liability may arise under the provisions introduced or reinforced by Law No 132/2025, particularly where AI is used in a way that harms individuals or infringes legally protected interests.

Italian law does not yet impose a comprehensive, standalone disclosure regime specifically dedicated to AI. However, disclosure obligations arise indirectly from multiple sources, including corporate reporting rules, sustainability reporting frameworks, and the principles introduced by Law No 132/2025.

Under this law, transparency is a core requirement: individuals must be informed when interacting with AI systems, and companies must ensure that the functioning and risks of such systems are understandable and accessible. This principle is likely to influence corporate disclosure practices, particularly in relation to customer-facing AI and decision-making systems.

Listed companies are required to disclose material risks, governance structures, and internal control systems. Where AI systems materially impact business operations or risk exposure, related information should be included in annual reports and corporate governance disclosures.

In addition, under the CSRD, companies may be required to disclose information on digital governance, risk management, and technological impacts, including AI where relevant. The combined effect of EU and national rules is leading to a gradual increase in transparency expectations, particularly regarding AI governance, risk mitigation measures, and accountability frameworks.