The AI Act’s prohibitions apply from 2 February 2025, most of its provisions from 2 August 2026, while the obligations for high-risk systems slip — by effect of the Digital Omnibus — to 2 December 2027 and 2 August 2028. Italian municipalities are part of this moving calendar too: not spectators, but deployers of AI systems, from intelligent video-surveillance to essential services. What must — and can no longer — local administrations do?
When discussing the AI Act, attention runs to the big tech companies. But the Regulation, with its risk-based approach, closely concerns public administrations too and, in particular, municipalities: not as providers of AI systems but, in the generality of cases, as deployers — users of systems developed by third parties, from “intelligent” video-surveillance to the management of local public services. This seems the right place to clarify what is already prohibited for local authorities, what will become mandatory, and the deadlines, redrawn by the recent Digital Omnibus.
What is already prohibited: the bans applicable from 2 February 2025
Under Article 113 of the AI Act, the Regulation “applies from 2 August 2026. However: (a) Chapters I and II apply from 2 February 2025”. Chapter II sets out the prohibited AI practices: for municipalities, therefore, the bans are already law in force, and were not touched by the Omnibus deferrals. Two prohibitions in particular touch local administrative experience closely. The first is the ban on social scoring under Article 5(1)(c), which strikes down AI systems for the evaluation or classification of natural persons based on their social behaviour or personal characteristics where the score leads to detrimental treatment in contexts unrelated to those in which the data were collected, or unjustified or disproportionate treatment. Anything but theoretical for Italian local authorities, as the season of “points-based citizenship” projects — on which the Garante had already opened scrutiny in 2022 — demonstrates.
The second front is biometric surveillance in public spaces, with the prohibitions and strict conditions of Article 5 on remote biometric identification — terrain on which the Garante had intervened even before the AI Act’s applicability, fining the Municipality of Trento for the “intelligent” surveillance projects Marvel and Protector and stigmatising “the massive and invasive processing carried out”, with the warning that “such forms of surveillance in public spaces may alter people’s behaviour and also condition the exercise of democratic freedoms”.
High risk for administrations: Annex III
The prospective core of the Regulation, for municipalities, is however Annex III: it covers, among others, AI systems used in fields such as biometrics, education, employment and — of most interest to local authorities — access to essential public and private services. Those who employ such systems as deployers will be bound, among other things, by the obligations of Article 26 (use in accordance with instructions, human oversight, monitoring) and, as bodies governed by public law, by the fundamental-rights impact assessment under Article 27. As to deadlines, the picture was redrawn by the Digital Omnibus on AI, finally approved by the European Parliament on 16 June 2026: the obligations for high-risk AI systems will apply from 2 December 2027 for stand-alone systems and from 2 August 2028 for those embedded as safety components. This is crucial for municipal offices: the deferral of the high-risk obligations is not a suspension of the AI Act. The bans operate from 2 February 2025; most provisions from 2 August 2026; and the time gained until December 2027 should be used to map the systems in use, qualify them against Annex III and prepare governance, skills and documentation.
What to do now: a minimum road map for local authorities
In the light of the above, we indicate, non-exhaustively, the operational lines we consider priorities. First, mapping the AI systems in use or being acquired, from video-surveillance to citizen-service chatbots, with their qualification: prohibited practice, high risk, limited or minimal risk. Second, the immediate check of compliance with the Article 5 prohibitions, with particular regard to any behavioural-scoring mechanism and any surveillance project in public spaces; a check to be carried out together with GDPR oversight, which remains fully applicable — legal basis, impact assessment under Article 35, measures against re-identification, as the Trento affair teaches. Third, preparation for the deployer obligations for high-risk systems: qualified human oversight, staff training, record-keeping, information of data subjects and the fundamental-rights impact assessment — obligations presupposing skills that authorities should start building now, not in November 2027. Finally, attention to the simplifications and support tools, from the national regulatory sandboxes expected by August 2027 to the harmonised standards under development within CEN-CLC/JTC 21.
Conclusions
For Italian municipalities the AI Act is no longer on the horizon: it is largely already here. The bans have been in force for a year and a half, most provisions apply from 2 August 2026, and the deferral of high risk to 2027-2028 is a time for preparation, not a moratorium. The Trento affair, even before the AI Act, showed how costly — economically and reputationally — an innovation not overseen by the law can be. In the light of the above, one wonders whether local administrations, often lacking dedicated technical skills, will manage to use the time that separates them from the 2027 deadlines to take stock of the systems in use, classify them against Annex III and build the necessary competences, rather than wait for the last useful month, as the Trento affair already warns against doing.
