This month, our specialist life sciences team in Italy covers the key issues in the sector, including:

• Regulatory; 
• White Collar Crime and Compliance;
• IP; 
• Data, Privacy & Cybersecurity; 
• Product Liability; 
• Antitrust; and
• Tax. 

Regulatory

New leadership of AIFA: The Board, the Commission, and the President

On 20 March 2024, the Board of Directors of the Italian Medicines Agency (AIFA) took office for a five-year term. On 26 March 2024, the new Scientific and Economic Commission (CSE) became operational. On the following day, the Ministry of Health proposed Robert Giovanni Nisticò as the new president of AIFA, pending ratification by the State-Regions Conference.

AIFA issues guidelines on medicinal substances incorporated in medical devices

On 15 March 2024, the Italian Medicines Agency (AIFA) issued guidelines outlining the process for obtaining a scientific opinion on ancillary medicinal substances used in class III medical devices (i.e. substances incorporated, as integral components, in a medical device and capable of exerting an ancillary action on the body, supplementary to that of the device itself). This guideline facilitates the consultation procedure between AIFA and notified bodies concerning medicinal substances falling under Art. 1 of Directive 2001/83/EC, aiming to provide parties with relevant information on procedural aspects, format, and data requirements.

AIFA updates procedure for authorizing conferences and meetings

On 8 March 2024, the Italian Medicines Agency (AIFA) launched a new version of the online service “Authorisation of Conferences and Meetings”. Starting from 2 April 2024, pharmaceutical companies that intend to sponsor conferences and meetings related to medicinal products must submit the communication outlined in Art. 124 of Legislative Decree 219/2006 through the updated version of the online service.

AIFA announces deadline for annual self-certification and 7% contribution

On 4 March 2024, the Italian Medicines Agency (AIFA) announced that all pharmaceutical companies must submit the annual self-certification indicating the total amount spent on promotional activities in 2023, excluding personnel costs, no later than 30 April 2024. By the same deadline, companies must deposit a 7% contribution of the self-certified expenses into a dedicated fund as required by Art. 48, par. 17-18, of Law 326/2003 and Art. 11, par. 1, of Law 175/2021.

WCC/Compliance

4th NRRP Law Decree expands criminal provisions: New risks in the fields of labour regulations and anti-mafia controls

On 2 March 2024, the 4th Decree for the implementation of the National Resistance and Resilience Plan (Law Decree 19/2024) entered into force. Among others:

• Precautionary measures, indictments, or convictions (even if not final) for several tax offences are now included in the list of potential indicators of mafia infiltration for the purposes of the “anti-mafia interdiction notice”, whose adoption prohibits the awarding of any license, authorization, and public procurement contract to the addressed company;
• The offence of “fraudulent transfer of assets” (Art. 512-bis Italian Criminal Code) was extended; the new provision – which can also trigger corporate criminal liability – now punishes anyone who fictitiously ascribes to others the ownership of companies, shares or corporate offices, to avoid the controls on anti-mafia documentation with reference to companies participating in public tender procedures;
• With reference to workforce supply, and, in general, labour relations, criminal sanctions are now provided for: irregular contracting (appalto) and employee detachment (distacco); fraudulent supply of workforce; unauthorized exercise of the employment agencies’ activities.

National Anticorruption Authority releases a report on the implementation of whistleblowing regulations

On 18 March 2024, the Italian National Anticorruption Authority (ANAC) published a detailed report on critical issues in the application of the recently adopted Whistleblowing Decree (Legislative Decree 24/2023). The report focuses on several points, including:

• Coordinating reporting channels provided by special legislations (e.g. anti-money laundering) with those adopted for whistleblowing purposes;
• Receiving and managing anonymous reports;
• Sharing internal reporting channels, either within the same corporate group or not;
• Managing internal reporting channels.

In these regards, ANAC conducted a survey aimed at assessing how public and private sector entities have dealt with these issues.

Release of a national plan for preventing improper use of fentanyl and synthetic opioids

On 12 March 2024, the Italian government adopted a national plan to prevent and contrast the potential propagation of improper use of fentanyl and similar synthetic opioid drugs. The plan aims to strengthen the pervasiveness of relevant controls to enhance the effectiveness of criminal investigations related to drug-trafficking. Among others, specific responsibilities are assigned to Public Prosecutors, specialized police forces (NAS), and customs offices.

Italian Supreme Court rules on term for filing criminal complaints in case of internal investigations

On 13 March 2024, the Italian Supreme Court (Corte di Cassazione) ruled on the starting date of the three-month term for filing criminal complaints in case of internal investigation carried out by companies aimed at ascertaining possible illicit conducts committed by their managers/employees (decision no. 10934/2024). The Italian Supreme Court clarified that, in such cases, the three-month term starts from the conclusion of the investigative activities, i.e. the moment in which the company has the knowledge of the author of the criminally relevant conduct (if possible) as well as the understanding of the actual facts. The decision strengthens the crucial relevance of the internal investigative initiatives for companies operating in any business sector.

Extension of the rule of “reasonable prediction of conviction” to criminal proceedings against legal entities

On 19 March 2024, Legislative Decree 31/2024 was published in the Official Gazette. The Decree entered into force on 4 April 2024, amending, among others, Legislative Decree 231/2001 on corporate criminal liability. The new Decree extends the rule providing that the trial phase can start only if the judicial authority deems that the elements gathered within preliminary investigations allow to formulate “a reasonable prediction of conviction” of the entity itself to criminal proceedings against legal entities. While aligning the rule of judgment for both legal entities and individuals involved in criminal proceedings, this sector-neutral amendment aims at reducing the number and overall length of criminal trials.

IP

UPC Court of Appeal overturns the preliminary injunction issued by the Munich local division

The UPC Court of Appeal recently issued its first substantive decision in a dispute between two major biotech companies on compositions and methods for analyte detection, overturning a preliminary injunction granted by the Munich local division. The latter, upholding the claimant’s request, granted a preliminary injunction immediately enforceable in all 17 UPC Member States against the respondent, on the assumption that the enforced patent was most likely valid. On the contrary, the Court of Appeal questioned the validity of the patent and held that, on the balance of probabilities, “it was more likely than not that the subject-matter of claim 1 of the patent in the version asserted in the main request will prove to be not patentable”. The Court ruled that the likelihood of the validity of the applicant’s patent was not sufficient to justify the granting of the precautionary measure. You can find more information about the judgement on the article published in our weekly UPC column.

Data, Privacy & Cybersecurity

Italian DPA issues guidelines on platforms that connect healthcare professionals and patients

On 28 March 2024, the Italian Data Protection Authority published a 10-point document on the privacy-related requirements for healthcare platforms facilitating patient-professional interactions. The guidelines address the three macro-types of processing operations performed in this context:

• Processing patients’ data necessary to provide services connected to healthcare delivery (e.g. booking medical examination);
• Processing healthcare professionals’ data for several purposes (e.g. managing doctors’ schedule); and
• Processing patients’ data for purposes of diagnosis and treatment.

The guidelines identify the appropriate legal basis, roles, responsibilities, and obligations of the entities managing the platforms for each macro-type of processing. The guidelines also stress the importance of adopting appropriate technical and organizational security measures and conducting prior data protection impact assessments. A final paragraph is devoted to the information the entities managing the platforms must provide their users.

European Parliament and Council reach a provisional agreement on the European Health Data Space

On 15 March 2024, the European Parliament and the Council reached an important agreement on the European Health Data Space (EHDS), marking a pivotal step toward establishing a robust European Health Union. The rules initially proposed in May 2022 serve two primary objectives: improving individuals’ access to and control over their electronic health data and enabling certain data to be reused for public interest, policy support, and scientific research purposes. The provisional agreement amends the European Commission’s original proposal in a number of key areas, including opt-out, restricted information, sensitive data, trusted data holders, and clinically significant findings.

The EHDS represents a groundbreaking initiative for companies operating in the healthcare sector. It will foster the reuse of health data for innovation, research, and public health endeavours, enabling the development of life-saving treatments and personalized medicines. Moreover, it will enhance crisis preparedness while adhering to stringent data security protocols and access conditions. The provisional agreement will now have to be endorsed by the Council and the European Parliament. It will then be formally adopted by both institutions after legal-linguistic revision. The regulation will enter into force 20 days after publication in the EU Official Journal.

4th NRRP Law Decree: Impact on the healthcare sector

On 2 March 2024, the 4th Decree for the implementation of the National Resistance and Resilience Plan (Law Decree 19/2024) entered into force. The Decree affects several sectors, including healthcare. Specifically, Artt. 42 and 43 introduce provisions on the new national electronic health record (Fascicolo sanitario elettronico), surveillance systems in the healthcare sector, digital healthcare governance, and interoperability of digital healthcare certifications. In contrast, Art. 44 amends Art. 2-sexies of the Italian Privacy Code concerning the processing of special categories of personal data for substantial public interest purposes. According to amended Art. 2-sexies, the Ministry of Health (MoH), the National Health Center (Istituto Superiore di Sanità), the National Agency for Regional Healthcare Services (Agenzia nazionale per i servizi sanitari regionali), the Italian Medicines Agency (AIFA), the National Institute for the Promotion of the health of migrant populations and the contrast of poverty diseases (Istituto nazionale per la promozione della salute delle popolazioni migranti e per il contrasto delle malattie della povertà), and the Italian Regions and Autonomous Provinces can process pseudonymized health data, also using interconnection, for the respective institutional purposes, as better determined by one or more decrees that the MoH must adopt to define the characteristics and establish a secure processing environment for health data. The Decree also strengthens the role of the National Agency for Regional Healthcare Services in implementing the new national electronic health record.

DARWIN EU expands its capacity to deliver real-world data for studies

On 6 March 2024, the European Medicines Agency (EMA) announced that the Data Analysis and Real-World Interrogation Network DARWIN EU seeks to add ten new data partners in 2024, to bolster its capacity for real-world data (RWD) studies. Currently operating with 20 public or private institutions across 13 European countries, DARWIN EU generates real-world evidence from sources such as hospitals, primary care, health insurance, registries, and biobanks to support regulatory activities of EMA’s scientific committees and national regulators in the EU. With access to data from approximately 130 million patients across Europe, DARWIN EU facilitates the delivery of valid and reliable evidence for regulatory activities, based on RWD. Data is converted into a common data model and is stored and analysed locally by the data partners to ensure compliance with data protection principles. The network aims to scale up its output significantly, planning to conduct over 70 RWD studies in 2024 and over 140 studies annually from 2025 onwards. This expansion will enhance data-driven decision-making processes concerning medicines in the EU, ultimately benefiting healthcare stakeholders and patients alike.

CLUSIT’s Annual Report on ICT Security in Italy: Special focus on the healthcare sector

On 19 March 2024, CLUSIT – the Italian National Cybersecurity association – published its Annual Report on the ICT Security. Based on data exclusively referred to publicly known and effective attacks, the Report shows that the healthcare sector scored the fourth position among the sectors most heavily and frequently affected by cyberattacks. In 2023 the healthcare area suffered more than 600 cyberattacks, more than doubling the number of the previous year. According to the Report, ransomware, unauthorized accesses from hackers, and network-connected medical devices are the most frequent conducts affecting cybersecurity in the healthcare sector.

Product Liability

European Parliament approves the proposal for a new EU Product Liability Directive

On 12 March 2024, the European Parliament adopted at first reading a legislative resolution on the proposal for a Directive of the European Parliament and of the Council on liability for defective products. The proposal aims to update the existing Directive on the liability of defective products, which is now almost 40 years old. The proposal introduces new provisions to address liability for products such as software (including medical devices and AI systems) and digital services that affect how the product works. It also removes obstacles that consumers may face when seeking compensation for defective products. When it comes to AI technology, consumers will also be protected by fault-based rules in the upcoming AI Liability Directive, which is currently being examined by Parliament and Council.

The proposal will now have to be formally approved by the Council. The Directive will enter into force on the 20th day following its publication in the EU Official Journal. The new rules will apply to products placed on the market 24 months after entry into force of this Directive.

Antitrust

Italian Competition Authority updates merger control rules

On 11 March 2024, the Italian Competition Authority (ICA) raised the cumulative turnover thresholds above which prior notification of mergers and acquisitions becomes mandatory, bringing them to EUR567 million (total turnover achieved in Italy by all the undertakings concerned) and EUR5 million (turnover achieved individually in Italy by at least two of the undertakings concerned).

In addition, the ICA published an updated notice regarding the communication of below-threshold mergers and acquisitions, i.e. those transactions that do not meet the turnover thresholds and that can be filed to the ICA either by the parties on a voluntary basis or at the ICA's request.

Finally, the ICA also adopted a new form for merger filings, which replaces the one in use since 2017.

Tax

Ineligibility for Superbonus 110% for social housing activities

On 21 March 2024, the Italian Revenue Agency published the Tax Ruling no. 75, confirming the applicability of the Superbonus 110% to certain socio-sanitary institutions such as ONLUS, OdV, and APS, since it is dedicated to expenses related to real estate in which social and healthcare activities are performed. However, the mere provision of housing services in a real estate facility without any specific provision of assistance activities to disadvantaged people is not an eligible requirement to benefit from the Superbonus 110%. In the case at stake, the Italian Revenue Agency denied the applicability of the Superbonus 110% to a non-profit organization which said it conducts mere “social housing” activities (consisting only in the rental of housing and housing services to indigent individuals) in a building owned by a religious institution.

Italian Supreme Court rules on property tax

On 6 March 2024, the Italian Supreme Court (Corte di Cassazione) published an ordinance stating that the property owned by a foundation, operating, under an agreement with the Lombardy Region, as a nursing home (RSA) cannot benefit from property tax (i.e. IMU) exemption due to the commercial nature of the healthcare services offered (i.e. a fee was paid for the provision of the services). Only when the nursing activity has a social purpose (i.e. it is performed on voluntarily basis or against the payment of a symbolic fee), the foundation can benefit from the tax exemption.

Italian Foundation of Chartered Accountants: VAT exemptions for non-profit organizations of social utility in the transition to third sector entities

On 21 March 2024, the Italian Foundation of Chartered Accountants (FCA) published a research on the impact of VAT changes proposed by the Third Sector Code (TSC) for non-profit organizations of social utility (NPOs), in view of the repeal of their fiscal regime with reference to the applicability of the VAT exemptions regime currently provided by law.