Artificial Intelligence and AI Act
-

Mapping the risks of Artificial Intelligence: NIST, MIT, CSA and ENISA compared
Before managing AI risks you have to be able to name them. Four tools, all public and free, offer as many perspectives: NIST’s management framework, MIT’s taxonomic repository with over 1,700 catalogued risks, the Cloud Security Alliance’s controls matrix and ENISA’s cybersecurity framework. A reasoned map for those building AI governance. Anyone setting out to…
-

Facial recognition in Italian cities: the moratorium extended to 2027 and the AI Act’s limits
After Trento, the Garante scrutinised Rome’s metro and Turin’s “intelligent” cameras. Meanwhile, the Italian moratorium on the use of facial recognition in public places has been extended to 31 December 2027, and the AI Act has set directly applicable prohibitions, from the scraping of facial images to real-time remote biometric identification. The updated map of…
-

ISO/IEC 42005 and the impact assessment of AI systems: a compass between FRIA and DPIA
Published in May 2025, ISO/IEC 42005 offers organisations guidance for assessing the impact of AI systems on individuals, groups and society. A voluntary tool that sits in an ecosystem crowded with mandatory assessments: the FRIA of Article 27 of the AI Act and the DPIA of Article 35 of the GDPR. How do these three…
-

EN 18286: the quality-management system for Article 17 of the AI Act nears publication
It is the most awaited European standard of the AI Act construction site: EN 18286 on the quality-management system for the Regulation’s regulatory purposes. Public enquiry closed, formal vote concluded in June 2026, publication imminent. But for the presumption of conformity a further step will still be needed: citation in the Official Journal of the…
-

GPAI models and the Code of Practice: the voluntary route to Chapter V compliance under the AI Act
Since 2 August 2025 the obligations of Chapter V of the AI Act apply to providers of general-purpose AI models. The General-Purpose AI Code of Practice, delivered to the Commission on 10 July 2025 and signed by over twenty providers, is its voluntary implementing tool: three chapters, from transparency to copyright to the safety and…
-

Certifying Artificial Intelligence: how an AIMS scheme works and what it does not promise
With ISO/IEC 42001 came the first certifiable standard on Artificial Intelligence management systems; with ISO/IEC 42006:2025 came the requirements for the bodies issuing the certifications. But how does an AIMS scheme actually work? And why is the certificate not — and cannot be — a “conformity licence” for the AI Act? The distinction between the…
-

Health digital twins: GDPR, the AI Act and the EHDS put to the test by the patient’s digital twin
Digital twins in healthcare promise to simulate disease progression and personalise care. But a patient’s digital twin is, first of all, a large-scale processing of health data: when do synthetic data remain personal data? Who is the controller in a federated architecture? And what happens to the data of the deceased? The reflections that follow…
-

The AI Act on the horizon: what will happen to Italian municipalities?
The AI Act’s prohibitions apply from 2 February 2025, most of its provisions from 2 August 2026, while the obligations for high-risk systems slip — by effect of the Digital Omnibus — to 2 December 2027 and 2 August 2028. Italian municipalities are part of this moving calendar too: not spectators, but deployers of AI…
-

Drinking water: how does it reach our homes? Artificial Intelligence put to the test on water networks
Making cities inclusive, safe, resilient and sustainable is Goal 11 of the UN 2030 Agenda. Yet in Italy more than 42% of the water fed into distribution networks is still lost, and in 2024 abstractions for drinking use hit their lowest level in twenty-five years. Between the national recovery plan (PNRR), the Internet of Things…
-

Italian cities go digital: from the European Mission Label to Trento’s lesson on intelligent surveillance
All nine Italian cities in the European mission “100 climate-neutral and smart cities by 2030” have now obtained the Mission Label. But the opening of the cities to the digital has also met its first, severe legal test: the Garante’s sanction against the Municipality of Trento for the “intelligent” surveillance projects Marvel and Protector. Between…