As of April 29, 2026, artificial intelligence is no longer merely a technological lever or a topic to be managed from an innovation standpoint. With Legislative Decree 47/2026, it formally enters the perimeter of corporate governance and becomes subject to reporting, oversight, and accountability.
This is an important step, because it confirms an increasingly evident principle: when AI affects decision-making processes, information flows, and risk management, it cannot remain outside the company’s governance system. It becomes part of the organisational, administrative, and accounting structure and, as such, requires clear rules, roles, and controls.
From Innovation to Accountability
The decree intervenes on Article 123-bis of the TUF (Consolidated Finance Act) and requires that the corporate governance report provide evidence of policies relating to the use and monitoring of new technologies, with a specific focus on artificial intelligence systems employed within company structures.
In parallel, companies are also required to describe policies for managing and monitoring IT risks, including cybersecurity risks and those arising from the integration of new technologies into corporate processes.
The message is clear: AI becomes a domain to be governed. And governing means being able to document decisions, explain the safeguards adopted, and demonstrate that innovation has been integrated in a conscious and controlled manner.
What Is Required in Practice
For companies, this translates into some very concrete operational requirements. If AI is involved in critical decisions, controls, or processes, it must be accompanied by formalised internal policies, a defined accountability framework, and human oversight mechanisms appropriate to the level of risk.
The logic of human-in-the-loop is now, more than ever, a governance safeguard: it serves to prevent automated or unbalanced decisions from producing effects potentially incompatible with corporate objectives.
In addition, there is the need to monitor AI from a cybersecurity and compliance perspective, because the quality of the system depends not only on the model adopted, but on the entire organisational context into which that model is embedded.
A Chain Reaction
The entry of AI into corporate governance produces a chain reaction across other regulatory areas that companies must consider in a coordinated manner.
On the privacy front, for example, a DPIA under Article 35 of the GDPR may be required when the processing presents high risks to the rights and freedoms of individuals. On the AI Act front, the obligation to ensure an adequate level of AI literacy among staff remains central, as required by Article 4 of Regulation (EU) 2024/1689.
To this must be added the assessment of occupational health and safety risks and the integration of AI into cybersecurity and risk management models. In other words, AI must be read as a cross-cutting issue that touches technology, organisation, and accountability together.
The Lever of Awareness
One of the most significant aspects is perhaps cultural before it is regulatory. The AI literacy obligation should not be understood as a formal compliance requirement, but as the minimum condition for actually using artificial intelligence in a reliable way.
An organisation can only control what it understands. This is why training, internal awareness, and the ability to read the limitations, risks, and potential of AI systems become an integral part of governance.
In this scenario, companies that are able to build solid, measurable, and transparent processes will have a competitive advantage not only in terms of compliance, but also in terms of market trust.
From Control to Value
For Datrix, this change confirms a precise vision: artificial intelligence creates value only when it is integrated in a structured, explainable, and governed manner.
In practice, the question is no longer “whether” to adopt AI, but how to adopt it in a “governed” way — consistently with business objectives, with the responsibilities of corporate bodies, and with a control system that adapts to the nature and size of the business.
And it is precisely here that the transformation becomes concrete. AI enters official documents, control processes, and governance decisions; but above all, it enters the organisational maturity of the company.
Conclusion
Legislative Decree 47/2026 marks a paradigm shift: artificial intelligence becomes a structural element of corporate responsibility.
For companies that want to grow in a solid way, this means one simple but decisive thing: innovation must first be implemented, but above all it must be governed. And today, governing AI is one of the conditions for achieving tangible and sustainable results over time.
