AGCOM introduces new technical obligations to combat phone spoofing: mandatory filters from August 19, 2025
Telemarketing
With a resolution dated April 30, 2025, published on May 19, 2025, the Italian Communications Authority («AGCOM») introduced a new regulatory framework aimed at systematically combating the phenomenon of telephone spoofing.
Spoofing refers to the falsification of the caller ID number, a practice often used to make calls appear more credible and facilitate fraudulent behavior, especially those involving the theft of personal data, banking credentials, or credit card information. Call recipients see on their display a number that appears local and trustworthy, but in reality, the call originates from a foreign network, thus bypassing the trust barriers typically associated with domestic communications.
Starting from August 19, 2025, the first technical obligations will come into effect, requiring network operators to implement filters capable of blocking incoming international calls that use falsified Italian landline numbers, such as those with “02” or “06” prefixes. From November 19, 2025, these measures will also apply to international calls using spoofed Italian mobile numbers, with real-time checks against national and ministerial databases to verify whether the number is legitimately roaming or actually registered in Italy.
Operators will therefore be required to implement and manage technical solutions capable of automatically and selectively blocking calls that breach the new CLI (Calling Line Identification) authenticity parameters. The AGCOM resolution sets out detailed requirements for these filtering systems, including proactive checks before call termination and assigns direct responsibility to operators for adopting network architectures that can prevent the routing of suspicious or anomalous traffic.
From a regulatory standpoint, this measure marks a shift from the traditional consent-based approach or opt-out registers (such as the National Do Not Call Registry), introducing for the first time a mandatory, infrastructure-level mechanism. The obligations focus on network quality and reliability, directly affecting how incoming traffic is managed and placing accountability on the operators.
AGCOM’s initiative, by strengthening technical safeguards against the misuse of phone numbers, constitutes both a direct consumer protection measure and a stringent regulatory obligation for operators, who must adapt their infrastructures and verification processes by the established deadlines.
The Data & Technology Innovation Team is available to further explore the regulatory and compliance implications and to assess the required infrastructure and procedural adjustments.
AI act: second phase starts on August 2, 2025
Artificial intelligence
With Regulation (EU) 2024/1689 (“AI Act”), which came into force on August 1, 2024, the European Union introduced the first unified legal framework for regulating artificial intelligence. The AI Act provides for a phased implementation, with the first stage effective from February 2, 2025 (general provisions—including mandatory AI literacy for providers and deployers—and prohibited practices). A significant milestone will be reached on August 2, 2025, when several key provisions will become applicable, including:
- Title III, Section IV concerning notifying authorities and notified bodies;
- Title V on General-Purpose AI (GPAI) models;
- Title VII on the governance of the European AI system;
- Article 78 on confidentiality obligations;
- Title XII concerning the sanctions regime.
Particular attention should be paid by GPAI model providers (systems trained on large datasets and capable of performing a broad range of tasks), who will need to comply with specific obligations, including the preparation and maintenance of detailed technical documentation and adopting transparency measures to inform the public about the model’s training methods and functional capabilities. For models posing systemic risks—presumed when a significant computational threshold is exceeded during training—the AI Act imposes additional obligations for risk mitigation.
In terms of governance, Member States are required to establish or designate national competent authorities by August 2, 2025. These authorities will act as notifying authorities and market surveillance bodies and must report to the European Commission. In Italy, the draft AI legislation («DDL IA»), recently approved in a second reading by the Chamber of Deputies, designates AgID (Agency for Digital Italy) as the notifying authority and ACN (National Cybersecurity Agency) as the market surveillance authority, with inspection, enforcement, and coordination roles with EU institutions.
Simultaneously, the sanctioning provisions under Title XII will become applicable. Article 99 defines the types of violations and associated monetary penalties, granting Member States the option to introduce additional non-monetary sanctions. The enforcement mechanism of the AI Act is particularly relevant from a practical standpoint.
The Data & Technology Innovation Team at LEXIA is available to assist AI system providers and deployers in progressively complying with the AI Act, offering tailored legal advice, operational support, and training programs.
AI law: moving toward final approval with new protections for minors
Artificial intelligence
On June 25, 2025, the Italian Chamber of Deputies approved in a second reading Draft Law No. 2316-A, titled “Provisions and Delegations to the Government on Artificial Intelligence.” With 136 votes in favor, 94 against, and 5 abstentions, the bill—already approved by the Senate in its first reading—is now headed for a third reading due to modifications from the original text.
The draft law aims to complement the entry into force of Regulation (EU) 2024/1689 (“AI Act”), establishing general principles for the use of AI systems within the Italian context. Italy positions itself as the first EU country to adopt a comprehensive national AI law in implementation and integration of the EU regulation. The text under discussion incorporates the European Commission’s recommendations, outlined in Opinion C(2024) 7814 of November 5, 2024, to avoid conflicts with EU provisions and to establish a legal framework suited to Italy’s specific legal system.
The Chamber’s intervention introduced limited but substantial changes: the most significant is the extension of parental consent requirements for minors under fourteen years old, which will now apply not only to accessing AI technologies but also to any resulting personal data processing.
The draft law adopts a sectoral approach, with specific provisions for high-risk areas such as justice, healthcare, labor, public administration, and regulated professions. In the justice sector, the use of AI for interpretative or decision-making purposes is expressly prohibited, reserving all judicial interpretation and factual evaluation to judges. In healthcare, clinical decisions remain exclusively under the responsibility of licensed medical professionals, with AI functioning solely as a human-supervised support tool.
From a governance standpoint, the draft law designates AgID as the notifying authority and ACN as the market surveillance authority. It also provides for the adoption of a National Artificial Intelligence Strategy, to be updated biennially.
For a complete overview of the DDL IA and the updates introduced by the Chamber of Deputies, see the in-depth analysis by the Data & Technology Innovation Team at LEXIA, available here.
Space economy: law no. 89 of June 13, 2025, now in force
Space law
On June 25, 2025, Law No. 89 of June 13, 2025, titled “Provisions on the Space Economy” (the “Space Law”), entered into force following its publication in the Official Gazette No. 144 on June 24, 2025. This law represents the first national legislation in Europe addressing the space economy and aims to promote the technological, industrial, and scientific development of Italian space activities.
The Space Law responds to a global trend marked by increasing private-sector participation in space activities, often independently of public agencies. To address this evolution, the legislator introduced a comprehensive legal framework governing space activities conducted by both public and private entities. For an overview of the international legal framework and regulatory challenges, see the contribution by the Data & Technology Innovation Team at LEXIA, available [here].
Key provisions include:
Authorization and supervision regime (Articles 3–7): a mandatory authorization system for space activities is established, delegated to the Prime Minister or another designated political authority (defined in the law as the “Responsible Authority”), through the Italian Space Agency (ASI). Authorization is contingent on meeting objective requirements (e.g., safety, environmental sustainability, technical resilience) and subjective requirements (e.g., professional competence, financial soundness, insurance coverage). Under Article 11, ASI also assumes a permanent supervisory role over authorized operators.
Liability and insurance (Articles 18 and 21): a civil liability regime is introduced for damages resulting from space activities, covering harm to third parties on Earth as well as aircraft in flight and their passengers and cargo. Operators are required to take out insurance policies with coverage up to €100 million per incident, with reductions available (down to €20 million) for innovative startups or research-oriented entities.
Support for sector development (Article 23): a Space Economy Fund is established at the Ministry of Enterprises and Made in Italy (MIMIT), with an initial allocation of €35 million for 2025. The Fund is intended to support innovative projects, particularly involving SMEs and startups. Article 27 introduces special provisions on procurement and support for enterprises. Additionally, a National Plan for the Space Economy is established as a strategic planning tool for the sector.
The Data & Technology Innovation Team at LEXIA is available to support businesses and public entities in interpreting and applying the new provisions.e e gli operatori pubblici nella lettura e nell’applicazione delle nuove disposizioni.