Legislative decree 103/2024, in force from 2 August 2024, introduces in Italy the ‘simplification’ of official controls regarding environmental protection, hygiene and public health, and worker safety. (1)
1) Simplification of official controls in Italy. Premise
The reform of official controls on economic activities responds to the EU Council’s repeated requests to improve the efficiency of public administration in Italy.
The goals of the decree in question concern:
– the elimination of unnecessary requirements
– simplification on the basis of the principle of proportionality
– coordinated planning between the various public administration structures and the exchange of information through shared and interoperable databases
– the use of warnings or other measures to optimize the restoration of compliance.
2) Scopes of application
Official controls subject of the simplification in question concern:
– ‘the verification of compliance with rules aimed at protecting the public interest’
– by public administrations, (2) towards
– economic activities, which consist of ‘in the production and supply of goods and services on the market’, and gods
– controlled subjects who carry out such activities.
Are excluded vice versa, tax and anti-mafia controls, as well as those ordered by the prefects or otherwise required for national security and defense needs. Without prejudice to the obligations imposed by European and international law (Legislative Decree 103/24, article 1).
3) Simplification of administrative obligations
Simplification of administrative obligations postulates the ability of public administrations to:
– ‘ensure full knowledge of the obligations to which the controlled subjects they are required’, and
– ‘eliminate overlapping and duplication of controls’ (Legislative Decree 103/24, article 2).
3.1) Census of controls
The work calendar is structured as follows:
– by October 1, 2024 the Department of Public Function at the Presidency of the Council develops ‘a standardized scheme for carrying out the census of controls’
– in the following 150 days the public administrations concerned publish the inspection records on their institutional websites’
– by June 30, 2025 the same PAs will send the Department a report on the controls carried out in the last three years and the related results, taking into account the size and type of subjects controlled. With ‘percentage evidence of cases in which the control concluded with the finding of irregularities’
– by October 30, 2025 the Department, after hearing the relevant trade associations, develops a summary framework in order to identify areas of overlap and duplication between the controls carried out at different administrative levels
– the above document is sent to the Presidency of the Council of Ministers, to the Ministry of Economy and Finance as well as to that of Enterprise and Made in Italy. With ‘possible reporting of control procedures which, also in light of a cost-benefit assessment, can be eliminated, suspended for a specific time interval, scheduled on a periodic basis, with the exclusion of random checks, or strengthened’
– the Minister for Public Administration also transmits the aforementioned document to Parliament, with updates on a three-yearly basis (Legislative Decree 103/24, article 2).
3.2) Transparency regarding the obligations of economic operators
The control bodies must publish on their institutional websites, in the ‘transparent administration’ section, ‘controls on economic activities’:
– ‘the list of obligations and obligations covered by the control activities that operators are required to comply with when carrying out economic activities to comply with regulatory provisions, according to a scheme developed by the Department of Public Function, also indicating those eliminated’.
Such lists – whose publication deadlines are indefinite – must be updated ‘at least every three years’. Instead of, as would be logical, in time for the application of new requirements (Legislative Decree 103/24, article 3).
4) Risk assessment and control planning
Risk assessment linked both to the sector and operational sector, and to individual operators (based on the level of organization and previous non-conformities) must always constitute the basis for the planning of official controls.
This criterion – established in general terms in the Official Controls Regulation (EU) No 2017/625, for controls in the agri-food chain (3) – finds some application implications in the legislative decree in question.
4.1) ‘Low risk’ certified
The Italian Government introduces first of all, for the purposes of programming controls, ‘a risk identification and management system on a voluntary basis, referring to the following homogeneous areas:
- environmental Protection
- hygiene and public health
- public security
- protection of public faith
- worker safety’.
UNI, the Italian national unification body elaborates for each of the aforementioned areas ‘technical standards or reference practices suitable for defining a low risk level to which a certification report can be associated’(Legislative Decree 103/24, article 3).
4.2) ‘Certification report’
The essential elements, the period of validity, cases of forfeiture and other procedural rules of the ‘certification report’ are established by decree of the Ministry of Business and Made in Italy, on the basis of the UNI indications above.
Determining the level of risk for certification purposes it considers various parameters, including:
– possession of at least one management system certification, issued by an accredited body pursuant to Reg. (EU) No 765/2008
– other certifications, always issued by accredited bodies, ‘attributable to ESG (Environmental, Social, Governance) principles
– the outcome of the checks undergone in the previous three years of activity (4)
– the economic sector in which the controlled entity operates
– the characteristics and size of the economic activity carried out by the controlled party’.
The ‘certification report‘ is issued by certification bodies accredited by Accredia, which carry out periodic audits. With revocation obligation, to be notified to Accredia, in the cases of:
– confirmed absence of ‘low risk’ conditions (Legislative Decree 103/24, article 3)
– failure to comply with the provisions contained in the warning (see paragraph 5.3 below)
– violations of regulations concerning the protection of health, safety and public safety, safety in the workplace (Legislative Decree 103/24, article 6).
4.3) Company IT file
In view of the programming in ‘the inspection activity based on the risk profile, the administrations that carry out control functions, before starting the supervisory activities, consult and feed the company IT file with the results of the controls’.
There is no set deadline peremptory for the processing of IT files. It is however:
– ‘in the event of failure by the administration to file the report containing the outcome of the checks in the IT file, the company may request the administration to do so by means of a specific request, also filed in the file, containing the protocol number of the report and the copy of the deed accompanied by a specific ‘declaration’. And the PA must comply within the following 5 days
– ‘the proceeding administration (…) accesses the IT file, directly and in its entirety (…), also making use of the data present therein concerning the checks already carried out by the same administration or by different administrations operating in the same sector and of the data relating to the establishment, when starting to carry out economic activities’
– the administrations responsible for controls they cannot request the production of documents and information already available in the electronic file or in any case in their possession’. In application of the EU ‘once only’ principle, and under penalty of serious sanctions. (5)
It is expected ‘the strengthening of the infrastructures used by the administrations involved in control activities’, For ‘guarantee high standards of systemic reliability’(Legislative Decree 103/24, article 4).
5) Controls on companies, general principles
‘Control is based on the principle of trust in the legitimate, transparent and correct action of the administrations that plan and carry out the controls, as well as on the principles of effectiveness, efficiency and proportionality, taking into account the information in possession of the competent administrations in order to minimize documentary requests according to the criterion of minimum organizational sacrifice for the controlled party’.
Immediate execution checks are due in cases of:
– requests from the judicial authority
– detailed reports from private or public entities
– provisions of European Union law
– safety checks in the workplace and, in any case,
– whenever risk situations emerge (Legislative Decree 103/24, article 5.3).
Control planning, outside of the aforementioned cases, postulates their execution at ‘time intervals related to the severity of the risk’.
5.1) Frequency of checks
The frequency of ordinary checks, without prejudice to the immediate checks referred to in paragraph 5 above, is subject to the following limits:
– prohibition on carrying out two or more different inspections on the same economic operator at the same time, ‘unless the administrations agree in advance to carry out a joint inspection’
– no more than one check each year on economic activities with the ‘low risk certification report’ referred to in paragraph 4.2 above
– exemption for 10 months from the same checks, where the outcome of a check is ascertained ‘compliance with the obligations and obligations imposed by the reference regulations’ (Legislative Decree 103/24, article 5, paragraph 4,5,6 ).
5.2) Notice, cross-examination, sanctions
Administration provides notice in electronic format, at least 10 days before the expected access to the premises of the economic activity, with a list of the documentation necessary for the inspection. The notice is not due only in the cases of:
- circumstances foreseen for the immediate execution of the checks (see supra , para. 5)
- reasons for the urgency of the control
- ‘needs to resort to unexpected or unannounced inspection access.
‘The administrations base their activities on compliance with the adversarial principle and adopt the measures within their competence, including any sanctions, in a proportional manner to
- level of risk (…)
- harm caused
- size of the controlled entity and – economic activity carried out’ (Legislative Decree 103/24, article 5, paragraph 8,7). (6)
5.3) Violations that can be remedied, warning
The institution of the warning – already introduced with law 71/21, for controls in the agri-food chain (7) – is extended to the generality of cases of:
– remediable violations, subject to a pecuniary administrative sanction not exceeding a maximum of €5.000
– ascertained for the first time within a five-year period
– with the exclusion of crimes and violations relating to the protection of health, safety and public safety, safety in the workplace.
If the aforementioned conditions are met the supervisory body warns the interested party to:
– put an end to the violation
– fulfill the violated provisions
– remove the consequences of the administrative offence, within a period not exceeding twenty days from the date of notification of the act.
In case of compliance to the warning within the indicated deadline, the sanctioning procedure is extinguished limited to the non-compliances remedied. In case of non-compliance, the supervisory body carries out the notification (Legislative Decree 103/24, article 6).
5.4) Non-punishment for innocent error of fact
‘In any case the controlled party is not responsible when the violations are committed by mistake in a fact not caused by fault’(Legislative Decree 103/24, article 6).
Nothing new with respect to law 689/1981, which in turn provides the following:
– ‘in violations to which an administrative sanction is applicable, everyone is responsible for their own conscious and voluntary action or omission, whether intentional or negligent.
– In the event that the violation is committed by mistake in fact, the agent is not responsible when the mistake is not caused by his fault’(Article 3).
6) Dialogue and collaboration mechanisms
The national associations of category – provided they are represented in at least 5 chambers of commerce (8) – can contact the central administration or the competent region in cases of:
– ‘conditions of objective uncertainty on the correct interpretation of regulatory sources regarding cases of a general, general or particularly important nature or
– serious and repeated application discrepancies within the national territory, relating to obligations and obligations that are the subject of controls (…)
– proposing a reasoned solution’.
Dialogue and cooperation in the aforementioned forms they are not admitted for other associations – despite their effective national representation of specific categories of operators. Nor’ when the administration has already provided a response to requests corresponding to the one presented through documents published in the “Controls on companies” subsection of the “Transparent administration” section of the institutional website’.
The questions must be found ‘within reasonable terms and in any case within the deadline established by law, pursuant to law 241/90, article 2’ (9).
Some broods provided by central administrations alone are published in the aforementioned subsection of the institutional website and constitute general interpretative criteria. (Legislative Decree 103/24, article 7).
7) Training of administrative staff
The Department of Civil Service at the Presidency of the Council, subject to agreement at the State-Regions conference, ‘defines
– a specific training plan for staff to be provided through the National School of Administration and Formez PA, with particular reference to skills in the field of
– digitalisation of planning and control tools
– cooperation with economic operators
– coordination between administrations
– standardized criteria and methods for carrying out the census of obligations and fulfilments ‘(v. supra , paragraph 3.2).
To the training of the staff responsible for the controls, the relevant bodies can contribute, also through forms of agreement with universities, chambers of commerce and trade associations’(Legislative Decree 103/24, article 8).
8) Use of technological solutions in control activities
‘Within available resources to current legislation and’, the administrations’ adopt measures aimed at progressively automating their activities, using technological solutions, including artificial intelligence ones, in line with the principle of proportionality to risk (…).
Technological solutions guarantee the security and interoperability of IT systems and information flows for the circulation and exchange of data and for access to services provided online by the administrations carrying out controls’.
Decision making processes on conformity assessments must always be validated by a ‘human contribution’ (according to the principle of non-exclusivity of the algorithmic decision) and the controlled subjects have the right to know both the existence of automated decision-making processes that concern them and the logic used ( Legislative Decree 103/24, article 9). (10)
8.1) Processing of personal data
Data processing referred to in this decree must obviously comply with the requirements of the General Data Protection Regulation (EU) No 2016/679, GDPR. (11)
The data controllers , in particular:
– ‘operate with the appropriate technical measures to guarantee IT security,
– in order to ensure a level of security of personal data adequate to the risk of
– destruction, loss, modification or unauthorized access to the data processed’(Legislative Decree 103/24, article 10).
9) Financial invariance clause
The implementation of the decree under consideration, ça va sans dire, must not entail new or greater burdens on public finances. ‘The administrations concerned shall carry out the obligations set out in this decree with the human, instrumental and financial resources available under current legislation..
10) Status quo. Health administrations
The Prevention Departments – in the more structured Italian regions – have already organized checks on hygiene, public health and food safety in accordance with the provisions in question. By:
– recording of control activities in the databases shared with the regional body, specifying the compliance levels detected and the measures adopted (i.e. warnings, prescriptions, sanctions, crime reports)
– annual planning of checks by each structure, based on the risk classification carried out also in light of the data recorded in the regional database
– collaboration with other structures or authorities, including through joint or specialist inspections
– control approach oriented towards dialogue with operators, according to the spirit introduced by the Hygiene Package. Preferring where possible, to bring non-remediable deficiencies into compliance, the adoption of non-repressive measures such as the provisions set out in the art. 138 of the reg. EU 2017/625. (12,13).
11) Challenges and prospects
The biggest challenge – and the most golden prospect – is to finally obtain coordination of the activities of entities that depend on different ministries and departments (regional and municipal), which still overlap in official controls on economic and non-economic activities. (14,15,16)
Dario Dongo, Sarah Lanzilli and Claudio Biglia
Footnotes
(1) Legislative Decree 12 July 2024, n. 103. Simplification of controls on economic activities, in implementation of the delegation to the Government referred to in article 27, paragraph 1, of law 5 August 2022, n. 118. On Normattiva https://tinyurl.com/trawr3et
(2) ‘By public administrations we mean all state administrations, including (…) autonomous state companies and administrations, regions, provinces, municipalities, mountain communities, and their consortia and associations, university institutions, ( …) the Chambers of commerce, industry, crafts and agriculture and their associations, all national, regional and local non-economic public bodies, the administrations, companies and bodies of the National Health Service, the Agency for the negotiation representation of public administrations (ARAN) and Agencies [which carry out technical-operational activities of national interest, currently exercised by ministries and public bodies, at the service of public administrations, including regional and local ones, ed.] referred to in Legislative Decree 30 July 1999, n. 300‘ (Legislative Decree 165/01, article 1.2)
(3) Dario Dongo. Official public controls, operator ratings and transparency. Is a turning point promised? DO (Food and Agriculture Requirements). 28.4.17
(4) We note the lack of specific consideration of more serious violations (e.g. crimes) and incidents of varying severity, in a period prior to three years, although they are also essential to evaluate the risk levels of both individual economic activities and of their managers
(5) Violation of the aforementioned rule entails managerial and disciplinary responsibility, pursuant to the Digital Transition Code (Legislative Decree 82/05, article 18, paragraph 4, first sentence. On Normattiva https://tinyurl.com/y82j8v4t)
(6) Public administrations are thus asked to evaluate risk levels on the basis of the criteria indicated by UNI for the purposes of voluntary certification. A clear conceptual confusion
(7) Dario Dongo, Andrea Sodero. Official controls. Law 71/2021, converting Legislative Decree 42/2021, and warning of operators . GIFT (Great Italian Food Trade).
(8) The trade associations represented in at least 5 chambers of commerce, or in the CNEL, and their territorial and trade branches, ‘are entitled to bring actions in court both to protect interests relating to the generality of subjects belonging to the professional category, and to protect homogeneous interests relating only to some subjects.
The most representative trade associations at national, regional and provincial level are entitled to challenge administrative acts detrimental to widespread interests’ (law 180/2011. Rules for the protection of freedom of enterprise. Company statute. Article 4)
(9) Maximum term of 90 days, or 180 days in certain cases, without prejudice to the different provisions adopted by decree of the Presidency of the Council of Ministers
(10) See also General Data Protection Regulation (EU) No 2016/679, GDPR, article 22
(11) Fabio Zaninetti, Dario Dongo. Privacy and GDPR, the ABC . GIFT (Great Italian Food Trade). 20.3.19
(12) See Dario Dongo’s ebook ‘ Food safety, mandatory rules and voluntary standards ‘ (FARE, Food and Agriculture Requirements, Rome, 2016)
(13) Dario Dongo. Controls, the role of the health administration . GIFT (Great Italian Food Trade). 30.12.17
(14) The restriction of the scope of application of Legislative Decree 103/24 to companies alone implies a possible constitutional flaw, in that it excludes third sector bodies which also carry out similar activities (even if not classified as ‘economic ‘)
(15) Dario Dongo, Amaranta Traversa, Sarah Lanzilli and Claudio Biglia.
Official controls, Legislative Decree 27/21. Implementation of reg. EU 2017/625 . GIFT (Great Italian Food Trade). 14.3.21
(16) Dario Dongo. Official controls, the Far West in Reggio Calabria . GIFT (Great Italian Food Trade). 9.6.20