---
title: "AI Voice Agents in Italy: Garante & GDPR Compliance Guide 2026"
description: "Deploy AI voice agents in Italy under the Garante, the Codice Privacy, RPO opt-out register, GDPR and EU AI Act. Lawful basis, consent, fines, vendor checklist."
url: "https://ainora.lt/blog/ai-voice-agent-italy-garante-compliance-2026"
---

# AI Voice Agents in Italy: Garante & GDPR Compliance Guide 2026

**Important Disclaimer:** This article provides general guidance only. It is not legal advice. Consult an Italian data protection specialist (DPO or avvocato in protezione dati) before deploying any AI calling system in Italy.

AI voice agents in Italy must comply with **GDPR** (Regulation 2016/679), the Italian **Codice Privacy** (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018), and the **EU AI Act** - supervised by the **Garante per la protezione dei dati personali**. For outbound commercial calling, the **Registro Pubblico delle Opposizioni (RPO)** opt-out register applies.

## Key Italian compliance terms

- **Garante** - Italian Data Protection Authority.
- **Codice Privacy** - D.Lgs. 196/2003 as amended.
- **RPO** - Registro Pubblico delle Opposizioni (opt-out register).
- **AGCOM** - communications authority co-regulating telemarketing.
- **EU AI Act** - Art. 50 requires AI disclosure.

## What Is the Italian Compliance Framework for AI Voice?

Four layers: GDPR baseline, Codice Privacy national overlay, telecom/AGCOM rules + RPO for commercial outbound, EU AI Act transparency from 2 August 2026.

## Who Is the Garante?

Italian supervisory authority. Among the most active in EU. Has issued multiple decisions on automated calling, AI processing, biometric data. Garante has explicitly addressed AI in customer service (provvedimenti on conversational AI, biometric voice processing).

## How Does the Italian Codice Privacy Overlay GDPR?

Key additions:
- Specific provisions on minors (consent age = 14).
- Telemarketing rules (Art. 130 Codice Privacy).
- Workplace monitoring rules (Statuto dei Lavoratori Art. 4 + GDPR).
- Heightened security for sensitive categories.

## What Lawful Basis Applies to AI Voice Calls in Italy?

| Call type | Primary lawful basis | Italian rule |
| --- | --- | --- |
| Inbound customer service | Art. 6(1)(b) contract | Codice Privacy transparency |
| Inbound appointment | Art. 6(1)(b) contract | AI disclosure (EU AI Act 50) |
| Outbound B2C commercial | Art. 6(1)(a) consent | RPO screen + Art. 130 Codice Privacy |
| Outbound B2B commercial | Art. 6(1)(f) LI | RPO screen if personal number |
| Outbound debt collection | Art. 6(1)(b)/(f) | Codice Privacy Art. 24 + good practice |
| Call recording for QA | Art. 6(1)(f) LI | Pre-disclose to staff (Statuto dei Lavoratori) |
| Sensitive data | Art. 9(2)(a) explicit consent | Heightened security |

## How Does the Registro Pubblico delle Opposizioni Work?

RPO is the Italian opt-out register. Consumers register phone numbers + addresses to refuse unsolicited commercial communication. Telemarketers must:
- Consult RPO before campaign.
- Refresh consultation at least every 15 days (industry best practice).
- Keep proof of consultation for at least 3 years.
- Apply consent rules for any not-opted-out numbers separately.

## What Are Italian Call Recording and Consent Rules?

- Disclose recording at call start.
- Codice Privacy + GDPR Art. 13/14 transparency requirements.
- Workplace monitoring of agents requires prior notice to staff + union consultation under Statuto dei Lavoratori Art. 4.
- Sensitive content (health) requires explicit consent.

## How Does the EU AI Act Apply to Voice Agents in Italy?

Art. 50: must disclose AI nature. AGID + Garante will likely co-supervise. Transparency obligations from 2 August 2026.

## What Has the Garante Decided About Automated Calling?

The Garante has imposed multiple multi-million-euro sanctions on telecom and energy operators for unsolicited commercial calling (Enel, Eni, Tim, Vodafone Italia). Most centered on RPO violations + lawful basis issues.

## Garante-Aligned Vendor Checklist

- DPA signed (GDPR Art. 28).
- Transparency notice in Italian.
- AI disclosure script (EU AI Act Art. 50).
- RPO screening for outbound commercial.
- Call recording disclosure.
- 72-hour Garante breach notification.
- DPIA for high-risk processing.
- Staff notification + union consultation for QA monitoring.

## Sources

- GDPR (Regulation 2016/679)
- Codice Privacy (D.Lgs. 196/2003 + D.Lgs. 101/2018)
- EU AI Act (Regulation 2024/1689)
- Garante decisions + guidance
- Registro Pubblico delle Opposizioni
- Statuto dei Lavoratori (workplace monitoring)