Art. 39 of the Presidential Decree No. 633 of 1972 states that electronic archives related to accounting data for VAT declarations may be kept in a foreign country only if some kind of convention has been concluded between Italy and the receiving country governing the exchange of information in the field of direct taxation. Therefore, such limitation does not apply intra-EU.

The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. Italy implemented the GDPR by means of the Personal Data Protection Code.

Under the EU Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid. However, not all national laws that implemented the Directive have been overturned.
In Italy, the Directive has been implemented through an amendment to the Privacy Code effective as of August 2009 and still applies today. Under the Privacy Code, providers of a public communications network or a publicly available electronic communications service must retain "telephone traffic data" and "electronic communications traffic data" for 24 months or 12 months, respectively, for law enforcement purposes. A 30-day retention period applies in case data related to unsuccessful calls are processed on a provisional basis.

In Italy, operators are obliged to retain data for extended periods on the basis of that Anti-Terrorism Decree. As a result of the amendment to the Anti-Terrorism Decree through Law No. 167 of 2017, companies under the scope of the Anti-Terrorism Decree to this end shall set a retention period of 72 months (6 years) for both telephone and traffic data.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
Legislative Decree 09/04/2003 No. 70 transposes Directive 2000/31/EC in Italy.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
Legislative Decree 09/04/2003 No. 70 transposes Directive 2000/31/EC in Italy.

It is reported that Italy imposes an identity requirement for SIM registration. Anyone wanting to purchase a SIM card has to provide their national ID card or a passport in case of foreigners to activate a new prepaid SIM card.

Art. 17 of Directive 2019/790 on Copyright in the Digital Single Market (DSM Directive) mandates that providers of content-sharing services seek authorisation from rights holders and implement technical solutions to remove and prevent unauthorised uploads by their users (so-called upload filters), under penalty of losing their liability safe harbour. Further arrangements are envisaged for complaints and dispute resolution mechanisms. Such upload filters are reported to be a significant cost for online platforms. Graduated exemptions are expected to be put in place for new providers active in the EU for less than three years with a turnover under EUR 10 million, and with fewer than five million users. The provision is subject to a challenge in the Court of Justice by Poland (C-401/19).
To implement Directive 2019/790, the President has promulgated Legislative Decree No. 177, therefore making online content-sharing service providers partially liable for copyright violations on their platforms.

It is reported that the Autorita per le Garanzie Nelle Comunicazioni (AGCOM), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

It is reported that there is no sector in which foreign investment is prohibited.

In Italy, Law No. 21/2012 and subsequent implementing regulations such as Decree of the President of the Republic No. 86, Decree of the President of the Council No. 85 of March 2014, Decree of the President of the Council No. 108 of June 2014, establish the "Golden Power Rules" framework, providing a comprehensive foreign investment framework in Italy. In this context, the Italian government may impose concrete conditions on a transaction or exercise a veto, mainly based on national interests connected to strategic sectors, including:
- Critical infrastructure, whether physical or virtual, including energy, transport, water, health, communications, media, data processing or storage, aerospace, defence, electoral or financial infrastructure, and sensitive facilities, as well as land and real estate crucial for the use of such infrastructure;
- Critical technologies and dual-use items, including artificial intelligence, robotics, semiconductors, cybersecurity, aerospace, defence, energy storage, quantum and nuclear technologies, as well as nanotechnologies and biotechnologies;
- Supply of critical inputs, including energy or raw materials;
- Access to sensitive information, including personal data, or the ability to control such information, the freedom and pluralism of the media; and
- Telecommunication sector.
- Contracts or agreements with non-EU entities relating to the supply of 5G technology infrastructure, components and services.
Additionally, Law No. 199 of November 2021 introduces a governmental review of the transfer of high technological intensity assets, mainly focusing on cybersecurity assets. Italy has used the "Golden Power Rules" to block numerous investments in areas relevant for digital trade, most recently vetoing the acquisition of an Italian semiconductor company by a Chinese group.

The Italian government implemented Law No. 21/2022, on "Emergency Measures Decree to React to the Economic and Humanitarian Effects of the Ukrainian Crisis". The decree further expanded the Italian government's “Golden Power Rules”, the power to limit or block foreign direct investments and corporate transactions regarding national strategic assets on any transactions concerning 5G communication networks and cloud technologies. In addition, any company involved in transactions concerning 5G communication networks triggering the Golden Rules have reporting obligations, such as the submission of a detailed annual report describing 5G technology implementation.

In October 2023, Law No. 136/2023 entered into effect, which converted Decree-Law No. 104/2023 (Asset Decree) into law and introduced amendments to the golden power legislation. The amendment expands the application of government "special powers" to include certain asset acquisitions in a list of critical technologies when these assets are covered by intellectual property rights and involve entities outside the European Union (EU) within the same group. The intellectual property rights mentioned include those related to AI, semiconductor production machinery, and cybersecurity (Art. 7).

Foreign entities shall act before the Italian Intellectual Property Office through a representative registered in Italy. (see Art. 201 Italian Industrial Property Law). Patent applications are subject to formal examination.

Italy is a party to the Patent Cooperation Treaty (PCT).