Summary: 1. The national legal framework.- 2. Experiences in the use of automation and algorithms in public-decision-making in the Italian Public Administration.- 2.1 Preliminary remarks.- 2.2. Automation when initiating the procedure (submission of applications etc.). 2.3. Automation in the preliminary investigation phase.- 2.3.1. As to document acquisition.- 2.3.2. As to data processing.- 2.4. Decision-making automation and the teacher-placement-algorithm’s case-law.- 3. Decision-making and automation: which, when, where and why not? Final remarks.

1. The national legal framework^[1]

In Italy, there is no national legal framework regulating algorithmic administrative decision-making, so far. The only provision which refers, although indirectly, to automation is Article 3-bis of l. n. 241/1990: our general law on administrative procedure, as modified by d.l. n. 76/2020 (the so-called “Simplification Decree” 2020)^[2].

According to the new of Art. 3-bis thereof, «In order to achieve greater efficiency in their activities, public administrations shall act by means of computerised and telematic tools, in their internal relations, between the different administrations and between these and private parties»^[3].

A reference to automation tools is also to be found in Article 35, of legislative decree no. 165/2001 (Consolidation Act on Public Employment), which allows them to be used in public selection procedures.

The consequences of the lack of specific general rules on the use of IA and automation in public administration decision making is that it is difficult to clearly identify the boundaries.

In some cases, the recourse to automation is expressly mentioned in secondary legislation. Most commonly the source is a soft law instrument adopted by the Public Administration: an internal guideline, mostly in the form of an administrative Circular. So, it is in fact difficult to have access to them and estimate their concrete impact on administrative decision making.

But this kind of scenario (the soft-law one) is still the best one.

In fact, one can estimate that, at present, in most cases automated and/or algorithmic decision making is a choice whose actual use by public administrations is not even made known to the addresses of administrative activity.

This occurs not only in the case of fully automated procedures, but also – and perhaps above all – in cases where the use of automation does not replace the entire procedure but only one or some stages of it.

An example to this effect is l. n. 58/2019, converting d.l. n. 34/2019, which introduced the discipline of so-called “regulatory sandboxes” (Article 36, paragraphs 2-bis to 2-septies). This legislative intervention introduced into the national legal system an instrument aimed at allowing the experimentation of FinTech applications which, by means of new technologies, such as artificial intelligence and distributed registers, can enable the innovation of services and products in the financial, credit, insurance and regulated markets sectors^[4].

2. Experiences in the use of automation and algorithms in public-decision-making in the Italian Public Administration

2.1. Preliminary remarks

Automation in administrative procedures and/or the possibility to use algorithms in public decision making has been the subject of debate in the Italian legal doctrine and jurisprudence for some years now.

The first question which has been raised is if art. 3-bis of l. n. 241/90 is a sufficient legal basis for resorting to automation in Public Administration decision-making.

If one (as I do)^[5] accepts the idea that, according to Italian Public law, Public Administrations are granted a form of “organizational autonomy”, which includes the decisions on how to enact their internal activity, it certainly is. But only in as far as the use of automation stays within the boundaries of administrative procedure^[6]. It cannot therefore cover automated-decision-making as such (adoption of the final decision/single case decision making)^[7].

There are many activities that fall under the notion of “Automation within administrative procedure” but are not, as such, algorithmic-decision-making:

1. Activities of procedural automation concerning initial application or ex officio initiation of an administrative procedure: submission of applications, preliminary investigation by a Public Administration in order to decide whether or not to initiate the procedure etc.^[8];
2. Use of machine-learning-systems to process data the Public Administration needs in order to decide whether and how to pursue a given policy or service, to identify the existence a predetermined recipient of the measure to be adopted etc.;
3. Use of algorithms and/or machine-learning-systems in the investigation phase of the administration procedure^[9];
4. Activities of procedural automation concerning all necessary communications/notifications once the decision is adopted.

2.2. Automation when initiating the procedure (submission of applications etc.)

As to case of automation concerning the submission of applications etc., when initiating the procedure, the automated systems used need to be able to verify the digital identity of the submitter.

This is what the Italian “Public Digital Identity System” (Spid – Sistema Pubblico di Identità Digitale) does, according to art. 64 of the Italian Digital Administration Code (CAD – Codice dell’Amministrazione Digitale)^[10]. In June 2022 about 103 thousand identities had been registered via the Public Digital Identity System or the Electronic Identity Card (C.I.E – Carta d’Identità Elettronica).

In this direction goes also d.l. n. 76/2020 already mentioned on “simplification and digital innovation”, pursuant to which, as of 28 February 2021, public administrations must integrate SPID (Sistema Pubblico di Identità Digitale – Public Digital Identity System) and CIE (Carta d’Identità Elettronica – Electronic Identity Card) into their information systems as a single identification system for access to digital services^[11].

2.3. Automation in the preliminary investigation phase

As to automation in the preliminary investigation phase of administrative procedures, in this context the automation of the activity performs two different functions: of document acquisition, in the once only perspective, possibly automated and of data processing.

2.3.1. As to document acquisition

With regard to document acquisition, it is interesting to focus on the projects implementing the once-only principle.

The once-only principle is an e-government concept that aims to ensure that citizens, institutions, and companies only have to provide certain standard information to the authorities and administrations once^[12].

In the direction of once only in obtaining data go the National Recovery and Resilience Plan (NRRP) investments that want to create a public cloud. The Presidency of the Council of Ministers, in accordance with the provisions of Article 35 of d.l. n. 76/2020, through the Department for Digital Transformation promotes the development of a high-reliability infrastructure located throughout the country for the rationalisation and consolidation of Data Processing Centres (DPCs) and related IT systems. The facility is called the “Strategic National Pole” (PSN) and is intended for all public administrations^[13].

On 22 June 2022, the European Notice was awarded for the implementation and management of the National Strategic Pole, as envisaged in the National Recovery and Resilience Plan (NRRP) and defined in the Cloud-Italy Strategy. Automation in the investigation phase is central, however, especially for processing a large amount of data in complex investigations, such as tax-related ones.

2.3.2. As to data processing

With regard to data processing, the most interesting projects so far have been developed by independent authorities, but they are not yet common among administrations^[14]. Two examples appear to be interesting, one by ARERA (the Italian Regulatory Authority for Energy, Networks and Environment) and one by Consob (the Authority for the supervision of financial markets).

Investigation support tools capable of analysing large amounts of data have been used by ARERA. ARERA uses Visual Analytics and Visual Statistics tools: these, rather than analysing the data per se, allow the technical staff of the different offices to have an overview and explore the data in greater depth. They are therefore tools to support the investigation, especially in the determination of tariffs^[15].

In its March 2022 report on its activities in 2021, Consob emphasised the importance of using AI tools in its preparatory activities^[16]. During 2021, the intelligence data lake project was launched and the institutional data warehouse system was completed: it integrates all the structured databases present in the Institute. The development of these tools enables the launch of pilot projects relating to innovative services to support supervisory actions; the project on the computerisation of the supervisory activity required by the issuers’ regulation is also interesting.

The first phase of the project aimed at the application of artificial intelligence for the predictive risk analysis of listed companies, to support the selection of the supervisory sample pursuant to Art. 89-quater of the Issuers’ Regulation.

The artificial intelligence platform will allow, through machine learning algorithms, to identify a cluster of riskier companies, as well as tagging the Key Audit Matters (KAMs) indicated by auditing firms in their opinions on the annual financial statements of issuers.

The tax administration is also running a pilot project: The project “A data driven approach to tax evasion risk analysis in Italy”. The strategic objective of the initiative (thanks to funds received from the EU with the support of the Directorate General for Structural Reform of the European Commission), aims to innovate non-compliance risk assessment processes^[17].

In essence, it will introduce, test and use innovative techniques of network analysis, machine learning and data visualisation techniques, in order to create a new system of support processes for the identification of subjects at high risk of tax fraud.

2.4. Decision-making automation and the teacher-placement-algorithm’s case-law

As to the automation of the decision-making, there are so far cases in Italy than can already be classified as “case-studies”, such as the ones concerning the use of the teacher-placement-algorithm (or “good-school-algoritm” – “algoritmo della buona scuola”). They gave rise to a huge public debate and led to considerable litigation and related administrative Court’s decisions^[18].

The decision-making automation in question was based on algorithms that fall under the notion of expert system (if/then model). These systems are also referred to as rule-based systems, and their functioning is perfectly determined ex ante. This makes them on the one hand suitable for use in the legal sphere, but on the other hand, being very rigid, their scope of application is often minimal, and only suitable for very simple tasks.

To explain briefly what happened, to implement the so-called law on “good school”^[19], the Italian Ministry of Education had decided to use a software which made use of expert system in order to quickly decide on the assignments of the places of service to hundreds of new selected teachers or in order to process the request for mobility of already recruited teachers.

The software in question was programmed in such a way that, once the data had been acquired (current rules, results of competitions, availability of places of service, etc.), it automatically drew up the rankings for assignments or transfers.

The very unsatisfactory results produced by this “automatic processing” gave rise to a considerable litigation that finally focused on two specific issues: the need to have access to the source code of the software and to be able to question the decisions produced “automatically” by the algorithm.

The Italian Council of State, which has had the final word on the matter, so far, on the one hand stated that, when faced with «serial or standardised procedures» involving the processing of large quantities of instances and characterized by the acquisition of certain and objectively verifiable data and the absence of any discretionary appreciation on the part of the Public Administration, the entrustment of this activity to an efficient algorithm is as a dutiful declinations of art. 97 of our Constitution, consistent with the current technological evolution^[20]. On the other hand, the Court drew attention to a fundamental aspect: that the use of «instruments» rendered available by ICT for decision-making automation cannot be a reason for circumventing «the principles that conform our legal system and govern the conduct of administrative activity»^[21]. The principle of transparency, which in the Court’s reasoning is connected also to the duty to give reason for the final decision, implies full knowledge of the existence of any automated decision-making processes and of the algorithms used for that purpose^[22].

3. Decision-making and automation: which, when, where and why not? Final remarks

Expert systems, even if they can raise many problems if improperly used, are suitable only for very simple and routine tasks not involving any margin of appreciation on the part of the decision maker.

In order to have support in the exercise of discretionary powers, systems based on machine learning come into play: here, knowledge about the scope of the system is no longer provided by humans, but rather is constructed by the machine, based on the data it has access to.

Three main types in machine learning can be identified: supervised learning, reinforcement learning and unsupervised learning^[23]. However, the use of machine learning systems in decision-making raises several critical issues, especially in areas of administrative activity where a substantive notion of the principle of legality is relevant. This is the case, for instance, when dealing with sanctioning measures (administrative sanctions), or in any case where the adoption of restrictive measures is involved (according to the German concept of “Eingriffsverwaltung”).

The problem, as it was correctly framed by the Italian Council of State in the above-mentioned decision, is not just about the need to substantially respect the principle of legality, but also about the need to comply with the principles of administrative transparency, the duty to give reasons, accountability principles etc.^[24].

Nonetheless, there are plenty of activities carried out by Public Administrations, which do not imply imposing something on someone as an expression of “Eingriffsverwaltung”. These “activities” are, in fact, much better suited to the use of these types of modern ICT technologies: this is the case, for example, with public services. Here, analysis of large quantities of data allows a tailor-made approach to public service, according to the needs of the recipient: which are clearer to the administration the more data it has at its disposal.

This applies also to the more day-to-day activities of local authorities: if, for example, a local authority has to organise a summer camp, the more geographical, age and working-time data it has, the easier it can organise the service. But it applies also to the most significant national policies, which require the processing of data on the entire territory.

Interesting in this sense is the “Nuovo Sistema di Garanzia” (NSG), a tool that makes it possible, with the wealth of information now available on the New Health Information System (Nuovo Sistema Informativo Sanitario – NSIS), to measure according to the dimensions of fairness, effectiveness, and appropriateness that all Italian citizens receive the care and services included in the so-called Essential Levels of Care (Livelli essenziali di assistenza – LEA)^[25].

This type of use, despite posing fewer reasons of conflict with the fundamental principles of our legal system, has, however, found little application so far. There are different reasons for that and the first one is, paradoxically enough, the lack of data; or rather the lack of properly structured data. In order to be properly used data must in fact not only exist, but they must be correctly collected and organised. They must be accompanied by metadata, i.e. additional information describing them, and they must be collected in standardised formats (also because risks of bias etc. are much more frequent in the case of incorrectly collected data, even if only because they are duplicated).

In addition, the use of the instrument itself is lacking, first of all because of the technological fragmentation of Italian Public Administrations. Despite what is provided for by the provisions of the Italian Digital Administration Code^[26] each administration – and especially local authorities, among the largest providers of public services to citizens – has its own technological stock, its own software, often proprietary, developed (by outsourcing them) according to its own needs.

No wonder, this is one of the crucial issues the National Recovery and Resilience Plan aims at dealing with^[27], by making available substantial economic resources^[28] and with the aim of «profoundly transforming the public administration through a strategy centred on digitalisation»^[29].

1. 1 Para. 1., 2.2. and 2.3. are by G. Pinotti; para. 2.1., 2.4. and 3. are by D.U. Galetta. ↑
2. On the principle of legality and automation see, ex multis, E. Carloni, I principi della legalità algoritmica. Le decisioni automatizzate di fronte al giudice amministrativo, in Dir.Amm., 2, 2020, p. 273 et seq.; A. Masucci, Procedimento amministrativo e nuove tecnologie: il procedimento amministrativo elettronico ad istanza di parte, Torino, Giappichelli, 2011; D.U. Galetta, J.G. Corvalan, Intelligenza Artificiale per una Pubblica Amministrazione 4.0? Potenzialità, rischi e sfide della rivoluzione tecnologica in atto, in Federalismi.it, 2019; R. Cavallo Perin, I. Alberti, Atti e procedimenti amministrativi digitali, in R. Cavallo Perin, D.U. Galetta (Eds.), Il Diritto dell’Amministrazione Pubblica digitale, Torino, Giappichelli, 2020, p. 120 et seq.; S. Civitarese Matteucci, “Umano troppo umano”. Decisioni amministrative automatizzate e principio di legalità, in Dir. pubbl., 2019, p. 23 et seq. ↑
3. Author’s translation. ↑
4. The Regulation on the discipline of the FinTech Committee and Experimentation was adopted by the Ministry of Economy and Finance by Decree No. 100 of 30 April 2021. ↑
5. D.U. Galetta, Digitalizzazione e diritto ad una buona amministrazione (Il procedimento amministrativo, fra diritto UE e tecnologie ICT), in R. Cavallo Perin, D.U. Galetta (Eds.), Il Diritto dell’Amministrazione Pubblica digitale, cit. ↑
6. Each subject, whether entity or body, when it holds a power, would also hold a power of self-discipline to regulate the exercise of that power, through which it would realise a regulation of action. On this point see A. Masucci, L’atto amministrativo informatico: primi lineamenti di una ricostruzione, Jovene, Napoli, 1993, 47 et seq. ↑
7. See also Council of State case law on this point, para. 2.4. ↑
8. On this point, see Articles 53 and 54 of the CAD, which identify the necessary characteristics of the websites of the administrations, as well as Article 24 of d.l. n. 90/2014: «The government, the regions and the local authorities, in implementation of the principle of loyal cooperation, shall conclude, at the Unified Conference, agreements […] to adopt, taking into account the specific regional regulations, unified and standardised forms throughout the national territory for the submission to the regional public administrations and local authorities of applications, declarations and reports with reference to construction and the start of production activities. The regional and local public administrations shall use the unified and standardised forms within the terms set out in the aforementioned agreements or understandings». ↑
9. On the administration’s investigative activities see, ex multis, F. Levi, L’attività conoscitiva della pubblica amministrazione, Torino, Giappichelli, 1967; M. T. Serra, Contributo ad uno studio dell’istruttoria del procedimento amministrativo, Milano, Giuffrè, 1991; M. P. Guerra, Funzione conoscitiva e pubblici poteri, Milano, Giuffrè, 1996. ↑
10. Para. 2-bis: «In order to promote the dissemination of online services and facilitate access to them by citizens and businesses, including on the move, the public system for managing the digital identity of citizens and businesses (SPID) is set up by the Digital Italy Agency», Author’s translation. ↑
11. See on this point the Guidelines for Public Administration: https://innovazione.gov.it/dipartimento/focus/linee-guida-decreto-semplificazione/. ↑
12. See, ex multis, G. Carullo, Gestione, fruizione e diffusione dei dati dell’amministrazione digitale e funzione amministrativa, Torino, Giappichelli, 2017.
 ↑
13. «The Pole will be geographically distributed across the country at appropriately identified sites to ensure adequate levels of business continuity and fault tolerance. The infrastructure will be managed by an economic operator selected through a public-private partnership at the initiative of a proposing party». For a more complete overview see: https://innovazione.gov.it/dipartimento/focus/polo-strategico-nazionale/. ↑
14. On the reasons for this non-diffusion see par. 3. ↑
15. See F. Artigas, S. A. Chun, Visual analytics for open government data, in Proceedings of the 14th Annual International Conference on Digital Government Research, 2013. ↑
16. See in particular page 40 et seq. on the computerisation of supervisory activities https://www.consob.it/documents/46180/46181/ra2021.pdf/5da5eda5-85a9-464b-8e08-944e462aec33. ↑
17. For an extensive presentation of the project see the Senate hearing of the Director of the Revenue Agency Fiscal digitisation and technological innovation projects: https://www.agenziaentrate.gov.it/portale/documents/20143/232968/Audizione+ADE+04.03.21+uv.pdf/34e48b94-d781-a4d0-caca-1512a6bfebef. ↑
18. See on this point, ex multis, R. Ferrara, Il giudice amministrativo e gli algoritmi. Note estemporanee a margine di un recente dibattito giurisprudenziale, Dir. Amm., 4, 2019, p. 773 et seq.; S. Civitarese Matteucci., “Umano troppo umano”. Decisioni amministrative automatizzate e principio di legalità, cit. ↑
19. L. n. 107/2015 on the Reform of the National Education and Training System and the Delegation for the Reorganisation of Existing Legislation, https://www.gazzettaufficiale.it/eli/id/2015/07/15/15G00122/sg. ↑
20. Cons. St., Sec. VI, 8 April 2019, n. 2270, in https://www.giustizia-amministrativa.it, paragraph 8.1. ↑
21. Author’s translation for «dei princìpi che conformano il nostro ordinamento e che regolano lo svolgersi dell’attività amministrativa». ↑
22. See further in D.U. Galetta, Algoritmi, procedimento amministrativo e garanzie: brevi riflessioni, anche alla luce degli ultimi arresti giurisprudenziali in materia, in Rivista Italiana di Diritto Pubblico Comunitario, 4, 2020, p. 501 et seq. ↑
23. See further in Cfr. J-C. Heudin, Comprendre le Deep Learning. Une introduction aux réseaux de neurones, Science-eBook, 2016; as well as A. Gad, F. Jarmouni, Introduction to Deep Learning and Neural Networks with Python. A Practical Guide, Elsevier, 2020. ↑
24. On this subject, see also G. Pinotti, Amministrazione digitale algoritmica e garanzie procedimentali, in Labour & Law Issues, 7, 2021, p. 77 et seq. ↑
25. https://www.salute.gov.it/portale/lea/dettaglioContenutiLea.jsp?lingua=italiano&id=5238&area=Lea&menu=monitoraggioLea. ↑
26. See The Italian Digital Administration Code at https://www.normattiva.it/uri-res/N2Ls?urn:nir:stato:decreto.legislativo:2005-03-07;82, especially para. 58 et seq. ↑
27. See National Recovery and Resilience Plan (NRRP – NextGenerationItaly), at https://www.governo.it/sites/governo.it/files/PNRR.pdf. ↑
28. As much as 27% of the NRRP resources are dedicated to the digital transition, as explicitly stated at p. 16 of the NRRP. ↑
29. Mission 1, Component 1of the NRRP cit. Author’s translation. ↑