AI Act is Law: What Really Changes for Web Professionals in Italy
Artificial intelligence has its rules. Even in Italy.
On August 1, 2024, EU Regulation 2024/1689 entered into force, better known as the AI Act. It is the first law in the world that regulates the use of artificial intelligence in an organic way, and concerns anyone who uses or develops AI systems in the European Union — including Italian SMEs and web professionals.
If you have a website with a chatbot, use AI tools to generate content, or offer automated digital services, this law concerns you. Directly.
How it works: the risk-based system
The AI Act does not ban artificial intelligence. It classifies it by risk level and establishes proportional obligations.
Unacceptable risk — prohibited
Mass surveillance systems, behavioral manipulation, real-time biometric recognition in public spaces. Prohibited without exceptions.
High risk — strict obligations
Systems used in critical contexts: personnel selection, bank credit, education, justice. They require technical documentation, audits, mandatory human oversight.
Limited risk — mandatory transparency
Chatbots, content generators, deepfakes. The user must know they are interacting with an AI. Nothing more, but it is mandatory.
Minimal risk — no specific obligations
Anti-spam filters, product recommendations, automatic translation. Free from particular constraints.
What changes for web professionals
If you manage a website, e-commerce or offer digital services, here are the concrete points that concern you.
Do you have a chatbot on your site?
It falls into the limited risk category. You must clearly inform the user that they are talking to an AI system — a small disclaimer hidden in the footer is not enough.
Do you use AI to generate content?
Texts, images, translations generated by AI must be identifiable as such when there is a risk of confusion with human content. For a company blog or product sheets, a label on every paragraph is not required, but general transparency is mandatory.
Do you offer selection, scoring or profiling services?
Here the risk level rises. You need technical documentation, human control measures and, in some cases, registration with the competent authorities.
The deadlines you need to know
The AI Act did not enter into force all at once. It has a precise calendar:
- February 2025 — Ban on systems with unacceptable risk
- August 2025 — Obligations for general purpose AI models (GPT, Claude, Gemini)
- August 2026 — Full obligations for high-risk systems
- August 2027 — Entry into force for some pre-existing regulated systems
For most Italian websites, concrete obligations already concern transparency towards users today.
The penalties
Not respecting the AI Act is not a theoretical issue. Fines follow the same model as GDPR:
- Up to 35 million euros or 7% of global revenue for serious violations
- Up to 15 million euros or 3% for violations of general obligations
- Up to 7.5 million euros or 1.5% for false information to authorities
For an Italian SME, even the lowest thresholds are significant amounts.
What to do now
You don't need to turn everything upside down. You need a methodical approach:
- Map the AI systems you use — chatbots, text generators, automation tools
- Classify the risk level for each one
- Update privacy policy and terms of service with reference to the AI Act
- Add clear notices where the user interacts with AI systems
- Document the technical choices and measures adopted
WebGlobalBuild has already implemented all of this — from the AI transparency page to the chatbot notice, through to complete legal document updates. If you want to understand how to adapt your digital project, we are available for a consultation.