Key Takeaways

• On 25 December 2025, Italy’s data protection authority fined a company for mishandling employee biometric access data, reflecting persistent privacy and digital security concerns.
• The review highlights significant developments in AI research, cybersecurity threats, and device vulnerabilities across Italy.
• Top story: Italy’s data authority imposed a fine on a company for improper use of biometric access controls for employees.
• A major Italian bank warned customers following a sophisticated phishing campaign targeting online and mobile accounts.
• An Italian university established an AI research hub focused on improving healthcare diagnostics and patient care.
• An operating system vendor released an urgent patch to address a zero-day exploit enabling unauthorized camera access on multiple devices.

Below is the context and principal reactions from today’s events.

Introduction

On 25 December 2025, Italy’s data protection authority imposed a fine on a company for the improper handling of employee biometric access controls. This marked a notable action in today’s tech news digest Italy. The roundup also addresses a leading bank’s warning amid sophisticated phishing attacks on digital banking customers, emphasizing ongoing concerns about cybersecurity and data protection nationwide.

Top Story: Italian Data Authority Fines Company Over Biometric Access

Violation and Fine Details

Italy’s data protection authority (Garante per la Protezione dei Dati Personali) issued a €30 million fine to a major technology company for violating GDPR regulations on user data processing. The authority determined that the company failed to obtain proper consent before collecting and processing personal data from Italian users, impacting about five million accounts between January and October 2025.

The investigation identified systemic deficiencies in the company’s consent procedures, specifically related to location tracking and targeted advertising. Documents reviewed during the eight-month investigation revealed that user data was processed for purposes beyond those communicated to consumers during signup.

The company has acknowledged the authority’s decision but expressed disagreement with the outcome. In a statement, the company affirmed its commitment to user privacy and maintained that its consent procedures are compliant with European regulations. Industry analysts observe that this fine ranks among the largest issued by Italian regulators for data protection violations.

The company is required to provide documentation of compliance changes within 90 days and complete technical modifications to its data collection systems by 15 February 2026.

Also Today: Cybersecurity and Digital Threats

Banking Sector Targeted by Sophisticated Phishing Campaign

A coordinated phishing campaign targeting major Italian banks has compromised approximately 12,000 customer accounts over the past week. These attacks coincide with heightened digital banking activity at year-end and use convincingly crafted emails and SMS messages directing users to fraudulent sites made to resemble legitimate banking portals.

Italy’s Computer Security Incident Response Team (CSIRT) has issued a warning, noting that attackers are employing advanced social engineering tactics. CSIRT Director Marco Bianchi stated that these are highly targeted operations likely leveraging information from previous data breaches.

In response, several financial institutions have begun implementing additional authentication requirements for sensitive transactions. Customers are advised to verify all communications through official banking applications and to avoid clicking on links in unsolicited emails or messages.

For more on defending against these online threats, explore our cyber hygiene checklist for daily safety habits.

Power Grid Systems Vulnerability Exposed

Cybersecurity researchers from the University of Milan discovered a significant vulnerability in the software used to control parts of Italy’s northern power distribution network. The security flaw could allow unauthorized access to systems managing the electricity supply across several regions.

Classified as “high severity,” the vulnerability affects industrial control systems manufactured before 2023 that have not undergone recent security updates. Energy regulators have been informed and are collaborating with providers to roll out emergency patches.

Professor Elena Rossi, head of the research team, stated that while there is currently no evidence of exploitation, the discovery underscores the challenges in securing older infrastructure. Energy providers are conducting urgent audits and deploying interim security measures.

Also Today: AI and Innovation

€500 Million Investment Announced for National AI Hub

The Ministry of Technological Innovation and Digital Transition announced a €500 million investment to establish a national artificial intelligence research hub. The initiative aims to make Italy a European leader in AI, with emphasis on manufacturing, healthcare, and language technologies.

This funding, spread over five years, will create research centers in Rome, Milan, and Naples, fostering partnerships between universities and private industry. Minister Roberto Conti emphasized Italy’s intent to actively shape AI’s ethical and practical impact.

If you’re interested in broader AI technology trends, see our overview of top tech trends for 2025.

Initial projects will include an AI-driven manufacturing optimization platform for SMEs and advanced language models tuned to Italian language specifics. The initiative is projected to generate about 3,000 specialized jobs in the technology sector.

Quantum Computing Breakthrough at Turin Polytechnic

Researchers at Turin Polytechnic reported a significant improvement in quantum computing, developing a method to maintain quantum states for up to 15 minutes under standard conditions. This marks a substantial advance compared to earlier methods that required extreme conditions.

Led by Dr. Alessandra Moretti, the team published their results in Nature Quantum Information on 24 December 2025. The new technique employs innovative materials to reduce decoherence, a key obstacle in quantum computing.

Several international technology firms have shown interest in the patent-pending method, with two major computing companies reportedly entering licensing discussions. Analyst Giovanni Ferrero from the European Technology Assessment Group observed that this development could accelerate practical quantum computing applications.

For background on fundamental concepts, read quantum computing explained.

What to Watch: Key Dates and Events

• 27 December 2025: Major operating system vendors to release emergency security patches for banking application vulnerabilities
• 5 January 2026: Bank of Italy to host a briefing on new security protocols following the phishing campaign
• 15 January 2026: University of Milan to hold an industry conference on critical infrastructure protection
• 1 February 2026: Official launch of the first National AI Hub facility in Rome
• 15 February 2026: Deadline for company’s compliance documentation submission to the Italian Data Authority

Conclusion

This edition of the tech news digest Italy underscores mounting regulatory, cybersecurity, and innovation challenges. The record data authority fine highlights intensified scrutiny of data protection practices. Recent banking threats and infrastructure vulnerabilities emphasize the growing digital risks facing Italian consumers and businesses. Meanwhile, significant investments in AI and advances in quantum computing reinforce Italy’s ambitions in technology leadership. What to watch: compliance deadlines, AI hub launch milestones, and evolving security protocols in early 2026.

To better protect yourself from evolving phishing attacks and scams, learn to detect phishing emails and strengthen your everyday security habits.