The use of Artificial Intelligence systems for company decision-making processes concerning employees – such as recruitment, task assignment, performance evaluation or disciplinary measures – is permitted only when adequate safeguards are in place. This is what is established by the Guidelines for the implementation of AI in the workplace, published by the Ministry of Labour in June 2025.

What can a company do to comply with the Guidelines?

• Conduct a comprehensive mapping of the AI systems used within the company, specifying their objectives, the data processed, areas of application, and the responsible parties.

• Ensure mandatory human oversight: any decision affecting an employee’s legal position (such as hiring or dismissal) must be verifiable and validated by a competent human reviewer.

• Ensure algorithmic transparency: employees must be informed, in clear language, about how the AI system works, the criteria it uses, and their right to challenge decisions.
• Carry out a Data Protection Impact Assessment (DPIA) and a Legitimate Interest Assessment to identify and mitigate risks of discrimination, bias, errors, or privacy breaches.
• Update internal documentation (privacy notices, internal policies, processing records, authorisation letters) with explicit reference to the use of AI.
• Review contracts with IT suppliers: it must be clear who develops, monitors, and maintains the system, as well as the limits of liability.

Improper management of AI systems exposes the company not only to risks of breaching data protection laws (GDPR) but also to potential penalties and litigation for violating workers’ rights, with reference to Article 4 of the Workers’ Statute and the principles of non-discrimination, as well as to the information obligations under Legislative Decree 104/2022 (the so-called Transparency Decree).

HR Managers are required to carefully handle data breaches scenarios and behaviors that points to a “disloyal” employee. The legal framework and the possibility of such events occurring require HR Managers to adopt a strategy that protects the company, its employees and its team. 

It is worth considering that HR Managers are proactive in implementing a comprehensive data management system, supported by structured processes and ongoing training. This ensures that employees are fully aware of their responsibilities and the appropriate actions to be taken to protect both personal and corporate data. 

Continue reading the full version published in HR Link