🇮🇹 Italy compliance
Software whistleblowing per Italia
In Italia, il Decreto Legislativo 24/2023 recepisce la Direttiva UE 2019/1937 e obbliga le aziende con 50+ dipendenti (dal 17 dicembre 2023) a istituire un canale interno di segnalazione riservato. Le segnalazioni devono essere riscontrate entro 7 giorni e gestite con feedback sostanziale entro 3 mesi. Le sanzioni amministrative per inadempienza arrivano a €50,000.
Confidly is a GDPR-compliant whistleblowing channel built for companies in Italy (Italia) operating under Decreto Legislativo 24/2023 (Dlgs 24/2023). The intake form is auto-configured with the categories and disclosures Dlgs 24/2023 requires. Reporters can attach audio or video oral statements to a web submission; a native phone-hotline or voicemail channel is on roadmap. The mandatory 7-day acknowledgement and 3-month feedback updates are automated. Set up in 15 minutes. Hosted in the EU. Used by compliance teams from 50 to 5,000 employees.
| Law | Decreto Legislativo 24/2023 |
| In force since | 15 July 2023 |
| Who must comply | 50+ employees (since 17 Dec 2023) |
| Enforcement | Autorità Nazionale Anticorruzione (ANAC) |
| Max fine | €50,000 |
| Companies affected | ~40,000 companies with 50+ employees |
What Dlgs 24/2023 requires you to do
Decreto Legislativo 24/2023 transposes the EU Whistleblower Directive 2019/1937 into Italy national law. The core obligations for companies above the threshold (50+ employees (since 17 Dec 2023)):
- Maintain a confidential internal reporting channel
- Acknowledge every report within 7 days
- Provide feedback to the reporter within 3 months
- Designate a person or unit to handle reports
- Protect the reporter from retaliation
- Keep records for the case duration + the audit window
In Italy, enforcement sits with Autorità Nazionale Anticorruzione (ANAC). Maximum fines for non-compliance reach €50,000.
Estimate your exposure under Dlgs 24/2023 with the fines calculator.
How Confidly covers Dlgs 24/2023
- Country-specific intake template for Dlgs 24/2023: the form is auto-configured with the categories, disclosures and fields the Italy transposition requires. No manual setup per channel.
- Anonymous intake available where Italy law permits. Reporters get a server-issued case code and their own 6-digit secret. No email, no IP, no identifier stored.
- Oral-statement attachments on every plan: reporters upload audio or video oral statements directly into the web form, with EXIF/metadata stripping. A staffed phone hotline or AI-transcribed voicemail channel is on roadmap, in support of the oral-reporting requirement that Dlgs 24/2023 carries from EU Directive 2019/1937 Art. 16.
- Form pre-translated into IT, EN. AI translates incoming reports to your working language on the admin side.
- Auto reporter status updates at 7 days (acknowledgement) and 3 months (status), in the reporter's language. Dlgs 24/2023 feedback obligation satisfied by default.
- AI investigation copilot (Pro): AI summarises, classifies severity, drafts neutral replies, and clusters multi-reporter patterns to surface systemic issues.
- Append-only audit log required for Autorità Nazionale Anticorruzione (ANAC) audits. Every action recorded with actor, timestamp and metadata.
- EU data residency: all data stored in EU data centres. Per-channel residency on Enterprise (data for Italy entities stays in Italy). No third-country transfers.
- Native HRIS sync (Pro): Personio, BambooHR. Auto-revoke channel access on offboarding; flag when a named-in-report person leaves the company.
What does Confidly cost in Italy?
Three plans, EUR-priced (VAT reverse-charged for EU B2B). Pick a tier by company size; everything else is included.
Frequently asked questions: Dlgs 24/2023
- Is a whistleblowing channel mandatory in Italy?
- Yes. Decreto Legislativo 24/2023 (Dlgs 24/2023), the Italy transposition of EU Directive 2019/1937, requires companies with 50+ employees (since 17 Dec 2023) to operate a confidential internal whistleblowing channel. The law has been in force since 15 July 2023.
- What are the fines for non-compliance with Dlgs 24/2023?
- Maximum administrative fines under Dlgs 24/2023 reach €50,000. Enforcement is carried out by Autorità Nazionale Anticorruzione (ANAC). Fines apply both for failing to establish a channel and for retaliation against reporters.
- Does Dlgs 24/2023 require anonymous reporting?
- Dlgs 24/2023 permits anonymous reporting where Italy national law allows. Confidly's reporter UI issues a server-side case code and reporter-only secret (no email, IP address, or browser identifier is stored), so reporters can submit and follow up entirely anonymously.
- What are the timelines under Dlgs 24/2023?
- Companies must acknowledge a report within 7 days of receipt and provide substantive feedback to the reporter within 3 months. Confidly's dashboard tracks both SLAs with automatic reminders.
- Is GDPR satisfied by Dlgs 24/2023 compliance?
- Dlgs 24/2023 compliance and GDPR are complementary, not equivalent. Confidly is hosted entirely in the EU, signs a GDPR-compliant Data Processing Agreement, and runs an append-only audit log that satisfies both Autorità Nazionale Anticorruzione (ANAC) inspections and Article 30 GDPR records.
- How long does it take to deploy a whistleblowing channel for Italy?
- 15 minutes for the channel itself. Branding, IT, EN translations, and policy import take an additional 1-2 hours. Most Italy customers go live the same day they sign up.