AI: Failure to implement security measures is a criminal offence

Two draft legislative decrees were approved by the Council of Ministers on 10 June to implement the delegated powers under Law 132/2025 concerning artificial intelligence, which are now under review by the parliamentary committees, the Conference of Regions and the relevant authorities.

The first, which concerns the powers of the competent national authorities (the National Cybersecurity Agency and the Agency for Digital Italia, the Bank of Italy, Consob, Ivass and the Data Protection Authority), refers to memoranda of understanding to ensure the sharing of data and information and establishes the so-called ‘Italian AI Experimentation Space’, aimed at supporting the sharing of best practice, promoting innovation and competitiveness, and fostering the development of an AI ecosystem. As for training, provision is made for specific courses for students, teachers, professionals, public administration bodies and magistrates.

The second draft decree, concerning the use of artificial intelligence for police work (biometric identification, which has also been introduced into criminal proceedings under the new Article 359-bis of the Criminal Code, namely facial recognition), the offence of ‘failure to implement security measures in artificial intelligence systems and unlawful tampering with systems’ (Article 437-bis, Criminal Code), which also serves as a basis for the liability of legal entities alongside the offence of unlawful dissemination of artificially generated or manipulated content (Article 612-quater, Penal Code), already introduced by Law 132/2025 (Article 25-vicies, Legislative Decree 231/2001).

This provision punishes anyone who, with intent or gross negligence (in which case the sentence is reduced by one-third to one-sixth), in the design, training, production, placing on the market or professional use of high-risk AI systems, fails to implement appropriate technical measures to prevent malfunctions or alterations to the operation of the systems, or measures to human supervision, where the act results in a real danger to life or personal safety (punishable by imprisonment for between one and five years) or to public safety or national security (punishable by imprisonment for between two and eight years); and, unless the act constitutes a more serious offence, any person who tampers with high-risk AI systems (punishable by imprisonment for a term of between three and 10 years).

These are separate offences, as required by the enabling legislation, centred on a specific, serious danger arising from acts of tampering or failure to exercise due care similar to those already provided for in relation to accidents at work (Article 437, Criminal Code), which require a discretionary assessment by the judge both of the preventive adequacy of the technical measures that were not implemented – which must in any case relate to typical events (and not hic et nunc) of system alterations or malfunctions (as has already been seen in relation to the adequacy of organisational models under Legislative Decree 231/2001) and on the assessment of the seriousness of the negligence through the identification of possible indicators (drawing on precedent in the field of medical liability): ranging from the specific activity carried out (design, production, placing on the market or mere use), to testing and the degree of technological innovation of the systems, as well as the circumstances of the specific case.