Italy's leadership of artificial intelligence in corporate governance

With the final approval of the decree reforming the Tuf, expected in today's Council of Ministers, Italia's legal system will record a global first: it is the first to adopt alegislative discipline on the use of artificial intelligence in corporate governance. This is the first regulatory consecration of a phenomenon that has accelerated in the last five years, bringing to a close the parabola of the integration of AI in business realities: a parabola that began with the entry of such tools from the external door of the financial markets (FinTech), consolidated with the incorporation at the regulatory level (RegTech) and completed with the increasing use in the dynamics of corporate governance (CorpTech). In this perspective, the expression 'governance of artificial intelligence' is not only valid to emphasise the leading role that AI can play in contributing to a more efficiententerprise governance, but also as an objective genitive: AI must also be the object of governance and careful monitoring by administrative and control bodies.

In a corporate law landscape that until now did not even contemplate the term artificial intelligence in the self-regulatory codes, the novelty of the Italian reform is as timely as it is significant: far from limiting the use of new technologies, it will spur operators to equip themselves with appropriate systems without discouraging innovation, and will also act as a potential driver for subsequent self-regulatory interventions.

The intervention is on two fronts. The first is on thetransparency front, requiring the directors of listed companies to provide information to the market on the subject of digital transition. More specifically, the rewording of Article 123-bis requires them to illustrate the policies adopted on the use and monitoring of new technologies and in particular of Ia systems, as well as the policies for the management of information technology risks, including those of cybersecurity and those arising from the integration of new technologies into administrative, organisational and accounting structures. These policies are destined to have a marked impact on thestrategic sustainability of companies, constituting a central piece of industrial and financial plans that are increasingly based on the transformative impact of new technologies. Top management options that, on the one hand, transcend the purely technical sphere of IT departments and deserve to be brought to the attention of the board and the endoconsiliar committees; on the other, they must be made known to the market, allowing visibility into aspects that are likely to direct the choices of investors and, at the same time, incentivising competition between more virtuous operators.

On the second front is the new Article 149-ter, which refers to the continuous, automatic and predictive monitoring systems used for the purposes of internal control, requiring companies - the bodies and functions that adopt them - to verify that they are adequate and proportionate to the nature and size of the company and the risks to which it is exposed. The provision, with an evidently programmatic vocation, constitutes the pendant on the control side of the amendments made to Article 123-bis on the management side.

For both, it is worth pointing out that the incorporation of new technologies must necessarily take place in a manner consistent with the characteristics of the enterprise. The objective of the reform clearly does not lie in a vain attempt to harness the use of new technologies, which would risk encroaching on the space of free economic initiative and technological progress. On the contrary, it urges a more conscious and effective use, responding to the need for an adequate governance of technological risks: on the one hand, thanks to a more incisive control by the market, placed in the condition of being able to know aspects that are by now fundamental in the evaluation of issuers; on the other hand, by specifying that the technological evolution of governance systems cannot but extend to internal controls as well.