Agent-based AI systems, capable of planning autonomously, using external tools and executing sequences of actions with minimal human intervention, raise two important legal questions. The first concerns their classification under Regulation (EU) 2024/1689 (‘AI Act’), whilst the second concerns the liability regime for damages arising therefrom. Both issues are addressed by the two recent draft legislative decrees implementing Law No. 132 of 23 September 2025, which were approved at a preliminary reading by the Council of Ministers on 10 June 2026.

  • The classification of the agent as an AI system under the AI Act

The AI Act does not define the agent and regulates only the ‘AI system’ referred to in Article 3(1). It is therefore important to consider whether the agent constitutes an autonomous and distinct AI system, and as such is subject to the obligations of the Regulation. The Commission’s Guidelines of 6 February 2025 provide guidance on the scope of this concept; whilst not binding – and subject to the binding interpretation of the Court of Justice – they break down the definition into seven constituent elements and require a non-mechanical assessment, conducted on a case-by-case basis, of the architecture and function of the individual system. In light of these criteria, the answer is often in the affirmative, since the agent generally presents itself as an automated system with variable autonomy, capable of adapting after deployment and of generating outputs that affect physical or virtual environments, to which are added planning, the invocation of tools via APIs, unsupervised execution and adaptation based on feedback.

  • The recent delegated decrees implementing Law 132/2025

Of the two implementing decrees for Law 132/2025, only the preliminary approval and accompanying information are currently known; the text of the decrees is not yet available, as it may change following parliamentary opinions and the second reading in the Council of Ministers. The two draft decrees bring the legal framework into line with Regulation (EU) 2024/1689. The first defines the governance structure. AgID acts as the notifying authority and ACN as the market supervisory authority and single point of contact pursuant to Article 70, without prejudice to the sector-specific competences of the Bank of Italy, CONSOB and IVASS, and the Data Protection Authority’s competence regarding high-risk systems under Article 74. Penalties are in line with Article 99 of the Regulation, up to €35 million or 7 per cent of annual global turnover for prohibited practices, with mitigating factors for SMEs and start-ups. A regulatory sandbox is provided for under Articles 57 et seq. In the field of employment, employers are prohibited from making decisions based solely on automated processing in relation to recruitment, disciplinary measures and termination; human oversight is required, and any dismissal carried out in breach of this provision is deemed null and void. The second framework regulates the use of AI in policing and introduces provisions on civil and criminal liability.

  • The civil liability regime

In civil matters, measures are provided to shift the burden of proof in favour of the injured party. These include access to the system’s technical documentation, a relative presumption of causation linked to a breach of the obligations set out in the AI Act, the right of a natural person who is the injured party to bring proceedings before the court of their place of residence, and the right to bring a direct action against the insurer of the liable party.

A comparison with the Proposal for a Directive on AI Liability, AILD COM(2022)496, is interesting. That proposal harmonised non-contractual civil liability based on fault, with disclosure of evidence (Article 3) and a presumption of causality subject to a breach of a duty of care (Article 4), and was listed for withdrawal in the 2025 Work Programme and formally withdrawn by the Commission via a notice published in the Official Journal of the European Union on 6 October 2025. The decree adopts its presumptive framework and disclosure mechanisms but diverges from it in three respects. It extends the framework to criminal liability and the liability of legal persons, which are outside the scope of the AILD. It anchors the presumption not to fault but to a breach of the compliance rules of the AI Act, in line with the objective logic of Directive (EU) 2024/2853 on product liability, to be transposed by 9 December 2026, to which it intended to link the framework. It adds non-harmonised domestic procedural remedies such as the right of the injured party (a natural person) to bring proceedings in their own jurisdiction and direct action against the insurer.

 

 

Edited by: Alessandro Manca and Edoardo Lombardo Siviero

 

More from WST