Doing business in Italy

How does Italy’s complex tax landscape impact foreign companies’ financial structures, including transfer pricing policies, tax incentives, and potential risks of double taxation?

Italy certainly has a complex tax landscape, made up of many jumbled and in some respects unorganised regulations, which complicate its implementation. For this reason the extensive and structured tax reform expected in the coming months is particularly important and should impact significantly both direct income taxes and indirect taxes.

Although the landscape is currently articulated, Italian tax legislation always moves within the framework of the OECD discipline and, in the case of EU source taxes, in compliance with the European Directives (eg VAT and its EU matrix discipline). Likewise, Italy has signed a treaty to eliminate double taxation with all the most industrialised countries in the world and, in general, with most of existing countries. The model of these treaties is borrowed from the OECD standard and allows for easy interpretation.

A similar argument can be made for transfer pricing policies, where Italian legislation is in line with OECD principles. In Italy, the area of transfer pricing analysis applied between companies in the same group is increasingly developing in order to ensure compliance with tax regulations and protect companies.

This is the context for various tax advantages that Italy has recently introduced to attract foreign companies and human capital to our country. These measures are strongly increasing the flow of people and companies that decide to move or invest in Italy.

For this reason despite the complex bureaucracy, a legislative environment in line with world standards and ad hoc measures designed to attract capital are the ideal terrain for many multinational groups wishing to acquire or develop many Italian excellences.

In recent years, our firm has seen many groups from various foreign countries acquire Italian companies, typically small or medium-sized ones, perhaps taking advantage of certain tax incentives, in order to increase their strategic presence and enrich their corporate assets.

In various industries, what disparities exist in Italy’s regulatory landscape, and what precise compliance obligations must general counsel be well-versed in for their particular sectors?

The Italian regulatory landscape is extremely complex and varies significantly between sectors. The disparities are so many that an answer for each sector would be required. Thus, general counsels must be well-versed in the specific compliance obligations relevant to their sectors, which are governed by specific sectorial regulations, both domestic and transnational.

The three main compliance areas a company must deal with are healthcare and safety, privacy and 231 liability, but the specific issues related to them vary a lot depending on the company’s type of activity.

Currently, the healthcare and pharmaceuticals sector certainly is among those who are subject to the most complex regulation. Italy has a rich regulatory framework for drugs, including pricing and reimbursement regulations, clinical trial requirements, intellectual property protection and healthcare providers must comply with regulations regarding patient data protection, healthcare standards, and licensing requirements.

Likewise, the energy sector has reached a great relevance due to its recent development. It is influenced by both EU and national sources, essentially for compliance with energy efficiency and emissions reduction targets, renewable energy incentives and environmental compliance.

When it comes to corporate governance, what are the particular requirements foreign-owned subsidiaries must adhere to in Italy, particularly with regard to board composition and shareholder rights?

Corporate governance in Italy plays a crucial role in ensuring transparency, accountability, and the protection of shareholders’ and stakeholders’ rights. Thus, foreign-owned subsidiaries operating in Italy must meet specific requirements – which are influenced by both Italian law and EU directives – to ensure the above.

One of the key aspects of corporate governance is the board composition. Italian law mandates that companies, including foreign-owned subsidiaries, appoint one or more directors or a board of directors, and – depending on the company type – also a board of statutory auditors. The board composition may include both executive and non-executive directors, with some directors appointed as independent to maintain a balanced system.

With respect to shareholders’ rights, shareholders in Italian companies have certain rights, such as attending and voting at the shareholder meetings, where usually relevant decisions – such as director appointments, financial statement approvals and bylaws amendments – are made. Shareholders also have the right to access important company information, including financial reports, and are entitled to receive dividends based on their participation in the company capital.

With regard to the transparency and disclosure issues in Italian corporate governance, listed companies and foreign-owned subsidiaries with significant operations in Italy must meet strict requirements. These includes the obligation to publish financial information, annual reports and compliance with recognised accounting standards.

To prevent conflicts of interest and money laundering, Italian law imposes strict rules regarding related-party transactions. Foreign-owned subsidiaries must disclose and seek approval for transactions involving related parties to ensure transparency and fairness.

Regarding data privacy and cybersecurity, what legal obligations and potential liabilities should companies anticipate when handling personal data, ensuring compliance with Italy’s data protection laws?

Italy’s data protection laws (Legislative Decree 196/2003 – the Italian Privacy Code – and GDPR) ensure that personal data are processed respecting interested party’s rights, particularly with regard to confidentiality of data concerning personal identity.

An interested party must be especially informed on: the purposes and modalities for which their data are processed, the entities or persons to whom such data may be communicated/given access to.

In addition to the obligation to collect interested party’s consent to the processing of their data (after being duly informed as explained above) data processors are also required to treat such data in a way that is not excessive in relation to the declared purposes and for no longer than the time necessary.

Companies must ensure the interested party’s rights set out in article 15-22 GDPR, have specific procedures for handling requests for the exercise of such rights and appoint specific persons to ensure the best data protection (for example, a data controller, a data processor, a system administrator, and a DPO – if required by the GDPR).

In application of the accountability principle, companies must ‘structure’ the data processing in such a way as to provide the guarantees required by the Regulation and protect the rights of the interested party, taking into account the overall context in which the processing takes place and the risks for the rights of the interested party (‘data protection by design’ and ‘by default’).

With regard to cybersecurity, companies must also consider all possible implications of technological innovations, and implement measures that minimise the risk of data destruction, loss, or unauthorised system access – whether by accident or not.

The data controller must fulfil its obligations under the law and is liable for any sanctions in the event of non-compliance.

The Code, together with the GDPR, provides for sanctions of up to a maximum of €20,000,000 or 4% of annual turnover. Furthermore, whoever causes damage to another as a consequence of the processing of personal data shall be liable to pay damages pursuant to article 2050 of the Civil Code.

What measures and legal safeguards should general counsel implement to mitigate risks related to corruption, bribery, and compliance with anti-corruption laws when conducting business in Italy?

In Italy, the matter is regulated by Legislative Decree 231/2001, which introduces the liability of companies for certain offences – such as corruption and bribery – committed in Italy or abroad on behalf or for the benefit of such the company by individual persons having a representative, administrative or managerial position.

In case such offences are committed and the company is found to be liable, both administrative and financial penalties are provided for – including, in the most serious cases, several types of ‘exclusions’ such as the suspension or withdrawal of licences and permits, the prohibition to sign agreements with the Italian Public Administration or perform certain activities, exclusion from, or withdrawal of financings and contributions, and the prohibition to advertise goods and services.

The main safeguard of a company against such liability is to have a compliance programme (a specific set of rules and procedures aimed at preventing such crimes to be committed) and appoint a compliance officer responsible for the application of the programme.

To set up such programme, companies must map all their ‘at-risk activity areas’, ie those activities within which offences are more likely to be committed, and then draw up specific prevention measures and procedures.

In addition to this, the general counsel may also define and approve a Code of Conduct listing, by way of example, the guiding ethical principles, rules of conduct and prohibited behaviours.