AI Regulatory Registry

150 official documents on artificial intelligence, privacy, cybersecurity and governance — all verified from primary institutional sources.

EU Regulations in Force (35)

AI Act

Reg. (UE) 2024/1689

Artificial Intelligence Act

In force

GDPR

Reg. (UE) 2016/679

General Data Protection Regulation (GDPR)

In force

LED

Dir. (UE) 2016/680

Law Enforcement Directive (LED)

In force

ePrivacy Directive

Dir. 2002/58/CE (mod. 2009/136/CE)

ePrivacy Directive

In force

NIS2

Dir. (UE) 2022/2555

Network and Information Security Directive (NIS2)

In force

CER

Dir. (UE) 2022/2557

Critical Entities Resilience Directive (CER)

In force

CRA

Reg. (UE) 2024/2847

Cyber Resilience Act (CRA)

In force

Cybersecurity Act

Reg. (UE) 2019/881

Cybersecurity Act

In force

DORA

Reg. (UE) 2022/2554

Digital Operational Resilience Act (DORA)

In force

PLD

Dir. (UE) 2024/2853

Product Liability Directive (PLD recast)

In force

Data Act

Reg. (UE) 2023/2854

Data Act

In force

DGA

Reg. (UE) 2022/868

Data Governance Act (DGA)

In force

Open Data Directive

Dir. (UE) 2019/1024

Open Data Directive

In force

DSA

Reg. (UE) 2022/2065

Digital Services Act (DSA)

In force

DMA

Reg. (UE) 2022/1925

Digital Markets Act (DMA)

In force

Direttiva Copyright DSM

Dir. (UE) 2019/790

In force

EHDS

Reg. (UE) 2025/327

European Health Data Space (EHDS)

In force

European Accessibility Act

Dir. (UE) 2019/882

European Accessibility Act

In force

UCPD

Dir. 2005/29/CE

Unfair Commercial Practices Directive (UCPD)

In force

GPSR

Reg. (UE) 2023/988

General Product Safety Regulation (GPSR)

In force

MDR

Reg. (UE) 2017/745

Medical Devices Regulation (MDR)

In force

IVDR

Reg. (UE) 2017/746

In Vitro Diagnostic Medical Devices Regulation (IVDR)

In force

Machinery Regulation

Reg. (UE) 2023/1230

Machinery Regulation

In force

eIDAS 2.0

Reg. (UE) 2024/1183

eIDAS 2.0 Regulation

In force

Export Control — Dual Use

Reg. (UE) 2021/821

EU Dual-Use Export Control Regulation

In force

Dir. anti-discriminazione razziale

Dir. 2000/43/CE

Racial Equality Directive

In force

Dir. anti-discriminazione occupazionale

Dir. 2000/78/CE

Employment Equality Directive

In force

Dir. Whistleblowing

Dir. (UE) 2019/1937

Whistleblower Protection Directive

In force

CSRD

Dir. (UE) 2022/2464

Corporate Sustainability Reporting Directive (CSRD)

In force

EUCC

Reg. impl. (UE) 2024/482

EUCC — EU Common Criteria Cybersecurity Certification Scheme

In force

Reg. impl. NIS2

Reg. impl. (UE) 2024/2690

NIS2 Implementing Regulation — Technical Requirements

In force

Protezione dati istituzioni UE

Reg. (UE) 2018/1725

Regulation on the protection of personal data by EU institutions

In force

SCC

Dec. impl. (UE) 2021/914

Standard Contractual Clauses (SCC) for international data transfers

In force

EU-US DPF

Dec. impl. (UE) 2023/1795

EU-US Data Privacy Framework Adequacy Decision

In force

ESRS

Reg. delegato (UE) 2023/2772

European Sustainability Reporting Standards (ESRS)

In force

Italian Legislation (27)

Legge AI italiana

L. 23/9/2025, n. 132

Italian AI Law

In force

Recepimento NIS2

D.Lgs. 4/9/2024, n. 138

NIS2 Transposition Decree

In force

Legge Cybersecurity

L. 28/6/2024, n. 90

National Cybersecurity Strengthening Law

In force

PSNC

D.L. 21/9/2019, n. 105 conv. L. 133/2019

National Cybersecurity Perimeter Decree

In force

ACN — Istituzione Agenzia

L. 4/8/2021, n. 109 (conv. D.L. 82/2021)

National Cybersecurity Agency Establishment Law

In force

DPCM 81/2021

DPCM 14/4/2021, n. 81

DPCM 81/2021 — PSNC Incident Notification and Security Measures

In force

DPCM 111/2025

DPCM 4/6/2025, n. 111

DPCM 111/2025

In force

Codice Privacy

D.Lgs. 30/6/2003, n. 196 coord. D.Lgs. 101/2018

Italian Personal Data Protection Code (Privacy Code)

In force

Adeguamento GDPR

D.Lgs. 10/8/2018, n. 101

GDPR National Adaptation Decree

In force

Statuto dei Lavoratori

L. 20/5/1970, n. 300 (Art. 4)

Workers' Statute — Art. 4 (Remote monitoring)

In force

Trasparenza condizioni lavoro

D.Lgs. 27/6/2022, n. 104

Transparent Working Conditions Decree

In force

Whistleblowing IT

D.Lgs. 10/3/2023, n. 24

Italian Whistleblowing Decree

In force

D.Lgs. 231/2001

D.Lgs. 8/6/2001, n. 231

Administrative Liability of Legal Entities Decree (D.Lgs. 231/2001)

In force

Recepimento Copyright DSM

D.Lgs. 8/11/2021, n. 177

Italian Copyright DSM Transposition Decree

In force

Codice Appalti

D.Lgs. 31/3/2023, n. 36

Public Contracts Code

In force

LDA

L. 22/4/1941, n. 633

Italian Copyright Law (LDA)

In force

Codice del consumo

D.Lgs. 6/9/2005, n. 206

Italian Consumer Code

In force

CAD

D.Lgs. 7/3/2005, n. 82

Digital Administration Code (CAD)

In force

Anti-discriminazione razziale IT

D.Lgs. 9/7/2003, n. 215

Italian Racial Equality Decree

In force

Anti-discriminazione occupazione IT

D.Lgs. 9/7/2003, n. 216

Italian Employment Equality Decree

In force

Codice pari opportunità

D.Lgs. 11/4/2006, n. 198

Equal Opportunities Code

In force

DPCM 131/2020 — Regolamento PSNC

DPCM 30/7/2020, n. 131

PSNC Regulation (DPCM 131/2020)

In force

DPR 54/2021 — Procedimento verifica PSNC

DPR 5/2/2021, n. 54

PSNC ICT Verification Procedure (DPR 54/2021)

In force

DPCM 15/6/2021 — Categorie ICT PSNC

DPCM 15/6/2021

PSNC ICT Categories (DPCM 15/6/2021)

In force

DM MLPS 173/2025

DM 15/12/2025, n. 173

Establishment of the AI in the Workplace Observatory (DM MLPS 173/2025)

In force

DM MLPS 180/2025

DM 17/12/2025, n. 180

Guidelines on AI in the Workplace (DM MLPS 180/2025)

In force

Primo documento Osservatorio MLPS

MLPS, 2026

First document towards the AI in the Workplace Observatory

In force

Legislative Proposals (6)

Digital Omnibus on AI

COM(2025) 836 final — proc. 2025/0359(COD)

Digital Omnibus on AI

Proposed

Digital Legislation Omnibus

COM(2025) 837 final — proc. 2025/0360(COD)

Digital Legislation Omnibus

Proposed

AI Liability Directive

COM(2022) 496 — proc. 2022/0303(COD)

AI Liability Directive (AILD) — WITHDRAWN

Withdrawn

ePrivacy Regulation

COM(2017) 10 — proc. 2017/0003(COD)

ePrivacy Regulation — WITHDRAWN

Withdrawn

Standard CEN-CENELEC JTC 21

N/A — in sviluppo

CEN-CENELEC JTC 21 Harmonised Standards for the AI Act

Draft

EDPB Work Programme 2026–2027

N/A

EDPB Work Programme 2026–2027

In force

EDPB Guidelines (10)

EDPB Opinion 28/2024

Opinion 28/2024

Opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models

In force

EDPB GL 07/2020

Guidelines 07/2020 v2.0

Guidelines 07/2020 on the concepts of controller and processor in the GDPR

In force

EDPB GL 4/2019 — DPbDD

Guidelines 4/2019 v2.0

Guidelines 4/2019 on Article 25 Data Protection by Design and by Default

In force

WP248 — DPIA

WP248rev.01

Guidelines on Data Protection Impact Assessment (DPIA — Art. 35 GDPR)

In force

WP251 — Profilazione/ADM

WP251rev.01

Guidelines on Automated individual decision-making and Profiling (Art. 22 GDPR)

In force

EDPB GL 9/2022 — Data breach

Guidelines 9/2022 v2.0

Guidelines 9/2022 on personal data breach notification under GDPR

In force

EDPB Rec. 01/2020 — Trasferimenti

Recommendations 01/2020 v2.0

Recommendations 01/2020 on measures that supplement transfer tools

In force

EDPB GL 05/2021 — Interplay Art. 3/Cap. V

Guidelines 05/2021 v2.0

Guidelines 05/2021 on the Interplay between Art. 3 and Chapter V of the GDPR

In force

EDPB GL 05/2022 — Riconoscimento facciale

Guidelines 05/2022

Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement

In force

EDPB AI Privacy Risks LLMs

EDPB Support Pool of Experts Report

EDPB Support Pool of Experts — AI Privacy Risks & Mitigations for LLMs

In force

EDPS Guidance (1)

EDPS Guidance GenAI v2

EDPS Guidance on Generative AI v2

EDPS Guidance on Generative AI — Strengthening data protection in a rapidly changing digital era (v2)

In force

EU Commission / AI Office (19)

Guidelines Definizione sistema AI

C(2025) 5053

Commission Guidelines on the definition of an artificial intelligence system

In force

Guidelines Pratiche AI vietate

C(2025) 5052

Commission Guidelines on prohibited artificial intelligence (AI) practices

In force

Guidelines GPAI

Commission Guidelines on general-purpose AI — key concepts and scope

In force

Code of Practice GPAI

Code of Practice GPAI (Art. 56 AI Act)

Code of Practice for general-purpose AI models (GPAI)

In force

Explanatory Notice Training Content

Explanatory Notice Art. 53(1)(d) AI Act

Explanatory Notice and Template — Public summary of training content

In force

FAQ Navigating AI Act

N/A

Navigating the AI Act — Official FAQ

In force

AI Literacy Q&A

N/A

AI Literacy — Questions & Answers (Art. 4 AI Act)

In force

Repository AI Literacy

N/A

Repository of AI Literacy Practices

In force

Q&A CoP GPAI

N/A

Q&A on Code of Practice for GPAI

In force

Q&A GL GPAI providers

N/A

Q&A Guidelines GPAI providers

In force

Standardisation AI Act

N/A

Standardisation of the AI Act

In force

FAQ Standardisation AI Act

N/A

Understanding the standardisation of the AI Act — FAQ

In force

GL/CoP Transparent AI Art. 50

N/A

Guidelines and Code of Practice on transparent AI systems (Art. 50)

In force

AI Pact

N/A

AI Pact — Voluntary initiative for early compliance

In force

CoP GPAI Ch.1 Trasparenza

Code of Practice GPAI — Chapter 1

Code of Practice GPAI — Chapter 1: Transparency

In force

CoP GPAI Ch.2 Copyright

Code of Practice GPAI — Chapter 2

Code of Practice GPAI — Chapter 2: Copyright

In force

CoP GPAI Ch.3 Safety

Code of Practice GPAI — Chapter 3

Code of Practice GPAI — Chapter 3: Safety & Security

In force

CoP GPAI Landing Page

N/A

Code of Practice GPAI — Landing Page

In force

Template Training Content

Template Art. 53(1)(d) AI Act

Template — Public summary of training content

In force

ENISA & ACN (5)

ENISA NIS2 Tech. Guidance

ENISA NIS2 Technical Implementation Guidance v1.0

In force

ENISA Cybersecurity AI & Standardisation

ENISA Report

ENISA — Cybersecurity of AI and Standardisation

In force

ACN Det. 379907/2025

ACN Determinazione n. 379907/2025

ACN Determination 379907/2025 — NIS2 Baseline Security Measures

In force

ACN NIS Specifiche Base

ACN Determinazione NIS — Specifiche di base

ACN NIS Baseline Specifications

In force

ACN Linee guida incidenti

ACN Linee guida gestione incidenti

ACN — Guidelines on the cybersecurity incident management process

In force

ISO/IEC Standards (11)

ISO/IEC 42001

ISO/IEC 42001:2023

Artificial Intelligence Management System (AIMS)

In force

ISO/IEC 23894

ISO/IEC 23894:2023

Artificial Intelligence — Guidance on risk management

In force

ISO/IEC 22989

ISO/IEC 22989:2022

Artificial Intelligence — Concepts and terminology

In force

ISO/IEC 38507

ISO/IEC 38507:2022

Governance of IT — Governance implications of the use of AI by organizations

In force

ISO/IEC 27001

ISO/IEC 27001:2022

Information Security Management Systems (ISMS)

In force

ISO/IEC 27701

ISO/IEC 27701:2025

Privacy Information Management System (PIMS) — 2nd edition

In force

ISO/IEC 27036-1

Cybersecurity — Supplier relationships — Part 1: Overview and concepts

In force

ISO/IEC 27036-2

Cybersecurity — Supplier relationships — Part 2: Requirements

In force

ISO/IEC 27036-3

Cybersecurity — Supplier relationships — Part 3: Guidelines for ICT supply chain security

In force

ISO 19011

ISO 19011:2018

Guidelines for auditing management systems

In force

ISO/IEC 17024

ISO/IEC 17024:2012

Conformity assessment — General requirements for bodies operating certification of persons

In force

NIST Frameworks (8)

NIST AI RMF 1.0

NIST AI 100-1

NIST AI Risk Management Framework 1.0

In force

NIST AI 600-1 GenAI Profile

NIST AI 600-1

NIST AI 600-1 — Generative AI Profile for AI RMF

In force

NIST SP 800-61r3

NIST SP 800-61r3 — Incident Response Recommendations and Considerations

In force

NIST CSF 2.0

NIST CSWP 29

NIST Cybersecurity Framework 2.0

In force

NIST SP 800-53r5

NIST SP 800-53r5 — Security and Privacy Controls for Information Systems (Update 1)

In force

NIST SP 800-218 SSDF

NIST SP 800-218

NIST SP 800-218 — Secure Software Development Framework (SSDF) v1.1

In force

NIST SP 800-218A SSDF GenAI

NIST SP 800-218A

NIST SP 800-218A — SSDF Profile for Generative AI and Dual-Use Foundation Models

In force

NIST SP 800-161r1 C-SCRM

NIST SP 800-161r1

NIST SP 800-161r1 — Cybersecurity Supply Chain Risk Management (C-SCRM, Update 1)

In force

OWASP, MITRE, HLEG (5)

OWASP Top 10 LLM 2025

OWASP Top 10 for LLM 2025

OWASP Top 10 for LLM Applications 2025

In force

OWASP Top 10 Agentic AI 2026

OWASP Top 10 for Agentic AI 2026

OWASP Top 10 for Agentic AI Applications 2026

In force

MITRE ATLAS

MITRE ATLAS — Adversarial Threat Landscape for Artificial-Intelligence Systems

In force

HLEG Ethics Guidelines

HLEG Ethics Guidelines for Trustworthy AI

Ethics Guidelines for Trustworthy AI (HLEG)

In force

ALTAI

ALTAI — Assessment List for Trustworthy Artificial Intelligence (self-assessment)

In force

Italian DPA Rulings (8)

Provv. Blocco ChatGPT

Provv. 112/2023 — Docweb 9870832

Temporary restriction on OpenAI processing (ChatGPT block)

In force

Provv. Sanzione OpenAI €15M

Provv. 755/2024 — Docweb 10085455

Sanctioning measure against OpenAI (€15M fine)

In force

Provv. Web scraping

Provv. 329/2024 — Docweb 10020316

Measure on web scraping for generative AI training purposes

In force

Provv. Replika Sanzione €5M

Docweb 10130115

Sanctioning measure against Luka Inc. for Replika (€5M fine)

In force

Provv. Replika Blocco

Docweb 9852214

Temporary restriction on Luka Inc. for Replika (initial block)

In force

Provv. Replika Prescrizioni

Docweb 10013893

Prescriptive measure against Luka Inc. for Replika

In force

Provv. Clearview AI €20M

Docweb 9751362

Sanctioning measure against Clearview AI (€20M fine)

In force

Segnalazione Garante su IA

Docweb 9996508

Italian DPA signal to Parliament and Government on AI

In force

AgID Guidelines (11)

AgID Det. 17/2025

Determinazione AgID n. 17/2025

Start of consultation for AI adoption guidelines in public administration

Draft

Bozza LG Adozione IA PA

Bozza Linee guida adozione IA PA

Draft guidelines for AI adoption in public administration

Draft

Valutazione impatto IA AgID

Allegato — Valutazione d'impatto IA

AI Impact Assessment (AgID guidelines annex)

Draft

AgID Det. 43/2026

Determinazione AgID n. 43/2026

Start of consultation for AI development and procurement guidelines in PA

Draft

Bozza LG Sviluppo IA PA

Bozza Linee guida sviluppo IA PA

Draft guidelines for AI systems development in public administration

Draft

AgID Strumento A Sviluppo

Strumento A — Termini e definizioni (sviluppo)

Tool A — Terms and definitions for AI development in PA

Draft

AgID Strumento B Training

Strumento B — Training, validazione, fine-tuning e RAG

Tool B — Training, validation, fine-tuning and RAG

Draft

Bozza LG Procurement IA PA

Bozza Linee guida procurement IA PA

Draft guidelines for AI procurement in public administration

Draft

AgID Strumento A Procurement

Strumento A — Termini e definizioni (procurement)

Tool A — Terms and definitions for AI procurement in PA

Draft

AgID Strumento B Capitolato

Strumento B — Schema di capitolato tecnico

Tool B — Technical specification template for AI procurement

Draft

AgID Strumento C LCOAI

Strumento C — Esempio LCOAI

Tool C — AI Life Cycle Ownership Example (LCOAI)

Draft

Institutional Context (4)

Strategia Italiana IA

Strategia Italiana per l'IA 2024-2026

Italian Strategy for Artificial Intelligence 2024-2026

In force

Piano Triennale PA

Piano Triennale per l'Informatica nella PA 2024-2026

Three-Year Plan for IT in Public Administration 2024-2026

In force

Aggiornamento 2026 Piano Triennale

Aggiornamento 2026 del Piano Triennale 2024-2026

2026 Update to the Three-Year Plan for IT in PA

In force

Portale Osservatorio MLPS

Portale Osservatorio IA nel mondo del lavoro

Observatory on AI Adoption in the World of Work — Portal

In force