Italy: Communications Regulatory Authority adopted Regulation for the Protection of Minors in the Digital Environment (Resolution no. 96/25/CONS) including data protection provision

On 18 April 2025, the Italian Communications Regulatory Authority (AGCOM) adopted Resolution 96/25/CONS, implementing Law No. 159/2023. The Resolution stipulates that platforms offering content in Italy are obligated to verify the age of users using certified third parties, through a two-step process involving identification and authentication. Verification may be conducted via applications such as digital identity wallets and must be applied per session. The Resolution delineates the responsibilities of data processors and controllers by stipulating mechanisms that preclude the association of user identities with accessed services. It is important to note that verification providers do not receive information on the service being accessed, and platforms do not receive identifying user data. AGCOM has established a technology-neutral framework, encompassing principles such as data minimisation, information security, proportionality, accuracy, accessibility, usability, non-discrimination, user education, and complaint handling. Platforms are required to implement compliant systems within a period of 6 months. The provisions may be updated in line with future European Commission guidance.