Training and teaching
-

Italian cities go digital: from the European Mission Label to Trento’s lesson on intelligent surveillance
All nine Italian cities in the European mission “100 climate-neutral and smart cities by 2030” have now obtained the Mission Label. But the opening of the cities to the digital has also met its first, severe legal test: the Garante’s sanction against the Municipality of Trento for the “intelligent” surveillance projects Marvel and Protector. Between…
-

Digital cities and “deserving” citizens: from points-based citizenship to the AI Act’s ban on social scoring
In recent years several Italian municipalities trialled “points-based citizenship” schemes that closely echoed the much-criticised Chinese social-control model: virtuous-citizen wallets, digital licences, scorecards. Today that debate has a new legal frame: since 2 February 2025, social scoring is an AI practice prohibited by Article 5 of the AI Act. What remains of those projects, and…
-

Neurorights and neural data: the UNESCO Recommendation on the ethics of neurotechnology, the first global standard protecting the mind
On 11 November 2025 the UNESCO General Conference adopted the Recommendation on the Ethics of Neurotechnology, the first global normative instrument in the field: definitions of neurotechnology and neural data, mental privacy, a ban on manipulation, and the qualification of neural data as sensitive data. A significant step. But will a soft-law instrument be enough…
-

ISO/IEC 42001 and the AI Act: why certification is not (yet) a presumption of conformity
On 18 March 2026 EN ISO/IEC 42001:2026 was published, the European adoption of the standard on Artificial Intelligence management systems, while the work of CEN-CLC/JTC 21 on harmonised standards supporting the AI Act proceeds rapidly. But beware of confusing the levels: the AIMS of ISO/IEC 42001 is not the quality-management system required by Article 17…
-

Scientific research and the GDPR: the EDPB’s Guidelines 1/2026 bring clarity, but the puzzle is not complete
On 15 April 2026 the European Data Protection Board adopted Guidelines 1/2026 on the processing of personal data for scientific research purposes, put out for public consultation until 25 June 2026. Six key factors to qualify research, a presumption of compatibility of secondary use, and openness to so-called broad consent: a long-awaited piece of the…
-

NIS 2 put to the test: notifications, categorisation and security measures in the 2026 roll-out
2026 marks the shift of the Italian transposition of the NIS 2 Directive from the declaratory phase to the implementation phase: the duty to notify significant incidents to CSIRT Italia, the first window for the categorisation of activities and services, and the deadline for adopting baseline security measures. How to find one’s way among ACN…
-

The hybrid lawyer and cyberethics: between new skills and new responsibilities
From the Law & Technology review · salvisjuribus.it.
-

Italy produces cybersecurity talent but cannot retain it: here’s why
From the Law & Technology review · agendadigitale.eu.
-

Lawyers and artificial intelligence
From the Law & Technology review · statigeneralinnovazione.it.