The Challenge of Implementing the New EU Digital Market Regulations and the Regulation/Enforcement Activities of the Italian Telecoms Regulator

As part of the EU, Italy is adapting to the new regulations on the digital market, which are progressively being approved by the EU institutions and coming into force. The new provisions are contained in a series of new regulations which comprise the Platform-to-Business Regulation, the Digital Services Act, the Digital Markets Act, the Data Governance Act, the Data Act and the Artificial Intelligence Act. Such an unprecedented regulatory effort is bound to shape and re-define the legal issues regarding digital platforms and services; however, the issues regarding the implementation of the new regulations pose new legal issues for the national regulators and enforcement agencies and will have to be addressed carefully by all the EU member states. 

The Digital Markets Act and the Digital Services Act are enforced directly by the EU Commission and the problems they present at a national level are mainly related to co-ordination between national and EU authorities. The national agencies de facto relinquish many of their powers regarding the surveillance of and sanctions on the digital platform and services to the EU Commission; they therefore have to adapt their operating procedures to the new scenario in which rules which were enforced only in the form of remedies on a case-by-case basis have become general obligations, sanctioned by directly enforceable laws.

The players on the Italian market eagerly await the coming into force and first cases of enforcement of the Digital Markets Act (deadline for compliance is 8 March 2024) in the hope that, when large platforms modify their business models to comply with the new rules, new competition opportunities will open up that were previously not possible for smaller national and EU players. 

A particular case concerning compliance with new EU Digital Markets Act involves the Platform-to-Business Regulation (the “P2B Regulation”), which imposes obligations on platforms which mediate between the vendor and the consumer. The Italian Communications’ Regulation Authority (AGCOM) is the competent body for the Italian enforcement of rules on intermediary platforms which mediate between businesses and consumers (eg, search engines, booking, comparison sites). The obligations in question are – in essence – very pervasive transparency obligations towards enterprises which provide intermediation services and consumers. AGCOM has devised a series of compliance and transparency obligations for entities subject to the P2B Regulation, including registering in its Registry of Communication Operators and, thereby, being obliged to pay an annual fee to AGCOM based on turnover and provide financial information to AGCOM. Such AGCOM provisions were challenged in the Administrative Court by Google, Airbnb, Amazon, Expedia and Vacation Rentals on the account that non-Italian platforms cannot be subject to additional obligations to report and pay Italian agencies which do not directly result from the P2B Regulation. The case is now being examined the Court of Justice of the EU (CJEU), to which the Italian Court posed a prejudicial question on the case and the conclusions filed by the EU Advocate General to the CJEU seem to be contrary to the AGCOM additional obligations. If AGCOM loses the case it may have to limit its enforcement activity, vis-à-vis non-Italian-based intermediation platform providers, to the provisions and sanctions of the P2B Regulation (which, however, does include sanctions of up to 5% of the national turnover of the service), without being able to request a yearly fee from these kinds of providers.

AGCOM was very active on the regulatory side in 2023. It approved a new regulation which empowers it to issue to ISPs a take-down order of services which are streaming copyrighted content without authorisation, upon the request of registered rightholders. ISPs are required to take down the illegal streaming service within 30 minutes of receiving the order. In the same year, it approved new regulations which impose on ISPs serving Italian customers the adoption of parental control systems, which can be activated by users and able to filter calls to URLs which are contained in security blacklists and known to host content which is categorised as adult/violent/gambling/auctions/dating/drugs/alcohol/ tobacco/cults/hate/discrimination/etc.

AGCOM has issued new guidelines on influencer marketing, which are also considered to be very innovative and could set a precedent in other member states. Influencers who regularly post video content (at least 24 pieces of advertising-backed content in one year and have an engagement rate on relevant platforms of 2% and more) are being subject to a set of rules regarding the transparency of advertising, the prohibition of violence and discrimination, the protection of minors and the prohibition of subliminal technologies, which are very similar to those governing television media services and content streaming platforms. In the last few months, Italian newspapers have reported on a scandal concerning one of Italy’s most popular influencers (Chiara Ferragni) who advertised a Christmas cake with her logo as part of a charity initiative, when – allegedly – the earnings from the sales which were donated to the charity were minimal. AGCOM has also recently imposed very large fines on Google and other platforms for illegal gambling advertising activities. 

Furthermore, the Italian Data Protection Authority (Garante Privacy) is very active and is diving deeper into the personal data protection of information society services. Last year, its case against Chat-GPT set a benchmark which has started a trend on both sides of the Atlantic. Chat-GPT was ordered to modify its service to comply with GDPR on several matters, including the protection of minors and the use of personal data for machine learning. In January 2024, the Garante issued a final warning to Chat-GPT to comply with its 2023 order and is working on this matter together with all the EU data protection authorities. In the case of non-compliance, OpenAI faces the risk that the Garante confirms the ban on personal data processing of Italian residents and introduces sanctions up to 4% of the global turnover. Should OpenAI not comply, it could be ordered to block all personal data processing of Italian users. The same order was issued, on a temporary basis, in the first phase of the procedure and ceased once OpenAI declared that it had complied. 

Meanwhile, the government has appointed a special commission to study and propose solutions to fake news and copyright problems deriving from the use of AI in the editorial sector.

Electronic Identity Services and Identity Wallets

Italy is advancing in its effort to become a paperless country. It has been ten years since the government pioneered electronic identity legislation by introducing the SPID, which is a national electronic identity system which can be used for accessing online public administration and private sector services. The system has become very popular, with about 40,000,000 users and over one billion online authentications per year.

The government has announced that 2024 will be the year in which the SPID system and the parallel CIE (the electronic identity card) system will be merged into a national identity wallet, which will introduce some functions of the future EU wallet. 

The services associated with electronic identity are now increasing in the private sector and it is expected that the introduction of the wallet system will bring new opportunities and innovation in the market. A challenge to be addressed is that of aggregating services, so that the user is provided with a one-stop-shop to use electronic identity and signatures. Italian e-id still lacks functions which would make it an easy system to address parental control issues (SPID for minors is very complicated to use) and a suitable credential for business use. Furthermore, service providers are evaluating some concerns on the competition side, since the new wallet systems encompass signature and payment services, potentially reducing the market for providers of e-signature and payment services.

A few years ago the Italian government launched, through its controlled company PagoPA, the so-called IO application, which currently supports notifications to the citizen by public administrations and contains a system for managing e-payments to public administrations (the use of this system is mandatory by law). The IO-app will be evolved to support ID-wallet services and it is to be seen how the government will structure the new version of the application in order to avoid being accused of restricting competition in the trust services sector.

In the meantime, e-signature providers are requesting intervention on the national rules of advanced e-signatures. Italy has a problem in the fact that national regulations on this tool, approved prior to the entry into force of pan-European rules with the eIDAS Regulation, are still enforced by the Italian Digital Agency (Agid). These rules provide that the entity issuing an advanced signature should be covered by mandatory insurance and that the signature will only be valid for signing documents relevant to direct relationships with the issuing entity. These two restrictions are not included in the eIDAS Regulation and many doubt that they should still be considered valid in Italy. 

It should also be said that, in 2023, e-signature and e-identity providers have done much work to strengthen the security of their systems and procedures, due to increased criminal activity, using false documents to obtain credentials and using them for identity theft. This opens a lot of opportunities to implement identity assurance technologies in the procedures of public and private providers. 

Use of Personal Data in Telemarketing Activities and New Obligations on Influencer Marketing

Italy has always been a big market for telemarketing operators. A large part of the market for utility services uses the phone as one of the main marketing channels. Category associations of utility services and telemarketing have submitted to the Garante a Code of Conduct which aims to regulate the whole sector, including list providers and call centres, in order to provide a transparent service “from the call to the contract”. The new monitoring body of the Code was appointed in March 2024 and the telemarketing operators and companies using telemarketing will soon be able to register for its adoption. 

Also, telephone number spoofing in marketing calls is being tackled, with several proposals being evaluated by the regulators, which seek to have the regulator ensure that telecoms operators adopt technical solutions to block calls which do not offer sufficient guarantees that the calling number declared (CLI) is the real number of the caller. Similar solutions are used in France, the UK and the USA.

Italy has also established a so-called “Oppositions’ Registry”, a sort of Robinson list whereby consumers who do not want to receive telemarketing calls can enter their phone number in the registry. This action revokes all standing telemarketing consents, save for entities which already have a valid contract with the consumer. To be fully effective, this solution requires that spoofed calls be technically impossible, since these calls often come from foreign telemarketers who are not required to check the Oppositions’ Registry.

The Garante has issued several very large sanctions in the field of telemarketing and is now faced with potential problems deriving from a massive expected increase of teleselling, due to regulations in the energy sector which terminate State-regulated tariffs on energy contracts and provide that consumers must to choose one of the offers available on the market. This means that all energy companies are actively engaging potential customers through teleselling practices and, since spoofed calls are still a possibility, there is a high risk of fraudulent activity.

Broadband Networks

Italy is carrying out an ambitious project to cover 100% of its territory with high-speed broadband. The country still has white areas due to its complex geography, with many mountains and some areas of the country having obsolete copper networks, which are difficult to replace with fibre.

To do this, Infratel, the government-owned company entrusted to carry out activities necessary for building the networks, with public tenders (won by Openfiber, TIM, Fastweb and Intred ‒ the latter two for schools/hospitals), by which providers are required to build passive fibre infrastructures capable of providing at least 1 GB/200 Mbps at peak time to users. Once these networks are operational, they become the property of the State and telecoms providers can provide services to users on these network based on a wholesale offer.

The challenging speed requirement is causing some headaches for winning providers and delays are expected in coverage activities.

Meanwhile, satellite broadband based on Low Earth Orbit (LEO) technologies is advancing and is being examined by public and private entities as a potential solution to tackle coverage in areas where the public high-speed network is not yet available. The EU Guidelines on Broadband State Aid do not currently allow or encourage solutions based on satellite broadband and it is to be seen if the introduction of these technologies in Europe will be considered by the EU Commission as a valid reason to modify the current guidelines.