The post TARIFF ON EXTRA-EU PARCELS: A BRAKE ON COUNTERFEITING appeared first on Studio Legale De Berti Jacchia Franchini Forlani.

The European Council has definitively adopted the measure introducing, from July 1, 2026, a fixed customs duty of €3 on “small packages” with a value below €150 coming from third countries, particularly on purchases made through very large non-EU online platforms such as Shein, Temu, and Alibaba, which until now were exempt from duties.

The aim is to rebalance competitive conditions in e-commerce and counter unfair competition dynamics, often linked to customs evasion practices, less stringent control standards, and the circulation of products that may infringe intellectual property rights or fail to fully comply with European regulations on safety and conformity.

Andrea Terragni, interviewed by Class Xinhua on the topic, reiterated that “the €3 tariff on small packages represents one element of a broader EU strategy aimed at rebalancing competitive conditions in e-commerce and strengthening the protection of consumers and intellectual property rights.”

READ THE FULL ARTICLE IN ITALIAN

DOWNLOAD THE FULL ARTICLE

The post IT’S OFFICIAL: €3 TARIFF ON SMALL “CHINESE” PACKAGES IN EUROPE appeared first on Studio Legale De Berti Jacchia Franchini Forlani.

AGCM fines Enel X over €2.3 million: abuse of dominant position found in the electric charging market. The complainant Route220 was assisted by the law firm De Berti Jacchia

The decision confirms the importance of interoperability and equal access to electric vehicle charging infrastructure in a market that is strategic for the ecological transition.

The Italian Competition Authority (AGCM) has fined Enel X S.r.l. and Enel X Way Italia S.r.l. jointly for a total of €2,305,102.35, finding an anticompetitive conduct of margin compression (so-called margin squeeze) in the electric vehicle charging services market.

The proceedings originated from a complaint filed by Route220 S.r.l., a company active since 2014 in the electric mobility sector under its proprietary brand “evway,” a pioneer in Italy in promoting interoperable charging models. The company was assisted during the proceedings by the law firm De Berti Jacchia, with a team composed of lawyers Antonella Terranova and Ilaria Sgrilli, as well as Prof. Fabio Ferraro.

The sanctioned conduct consisted of Enel X applying wholesale (roaming) rates reserved for competing operators (Mobility Service Providers – MSPs) that were higher than the retail prices charged to final consumers through the Enel X Way app. The Authority found that this practice violated Article 102 of the TFEU by compressing competitors’ operating margins, thereby hindering their access to or permanence in the market under fair competitive conditions.

With decision no. 31646 of 29 July 2025, the AGCM found the violation and ordered Enel X and Enel X Way Italia to refrain from similar conduct in the future.

The decision falls within the new European regulatory framework established by Regulation (EU) 2023/1804 (AFIR), which entered into force on 12 October 2023 and has been applicable since 13 April 2024. The Regulation reinforces the principle of non-discrimination in access to charging infrastructure, confirming the central role of interoperability and competition in the transition to sustainable mobility.

“This AGCM decision represents an important precedent for safeguarding pluralism and fairness in digital and infrastructure markets,” said Prof. Fabio Ferraro of De Berti Jacchia.

“It is essential that operators, even in emerging sectors such as electromobility, can access essential infrastructure under fair and non-discriminatory conditions.”

“This case confirms the concrete relevance of the new AFIR Regulation and the impact of contractual practices between vertically integrated operators and independent competitors,” added lawyer Antonella Terranova, who handled the proceedings together with lawyer Ilaria Sgrilli.

Download the full press review.

The post DE BERTI JACCHIA ASSISTS ROUTE220 IN THE AGCM PROCEEDING AGAINST ENEL X appeared first on Studio Legale De Berti Jacchia Franchini Forlani.

In a precedent-setting decision, on 29 April 2025 the Italian Data Protection Authority (“Garante della privacy”) issued its first sanction under the General Data Protection Regulation (GDPR) for the unlawful storage of so-called “metadata” of employees’ e-mails and web surfing activities, applying for the first time the Guidelines published in June 2024.

As part of the inspections carried out in order to assess the compliance of the processing operations carried out at work by the Regione Lombardia (the regional government of Lombardy) with the rules on the protection of personal data, the Garante had found that the latter had kept metadata and navigation logs for 90 and 365 days respectively, a period of time far longer than that provided for by the Guidelines. Moreover, the Regione Lombardia had kept non-anonymous logs relating to each employee’s access attempts to websites listed on a blacklist. As a result, the Garante started proceedings against the Regione Lombardia given that that the processing of the data concerned was contrary: to i) the sector regulations on remote control with regard to the storage of metadata generated by the activities of employees in relation to both the use of the e-mail service and internet browsing; ii) the conditions laid down by the sector regulations with regard to the use of the metadata collected for other purposes connected with the management of the employment relationship; and iii) the storage periods of the logs relating to internet browsing as well as the data relating to requests for technical assistance.

The Garante has preliminarily recalled that e-mails’ metadata are backed by confidentiality guarantees, which are also constitutionally protected, and are intended to ensure protection of the essential core of a person’s dignity and the full development of his/her personality in social settings, so that, even at work, there is a legitimate expectation of confidentiality with regard to correspondence and, similarly, to the elements that can be inferred from the external data thereof, which define its temporal profiles as well as its qualitative and quantitative aspects also with regard to the addressees and the frequency of contact (which, in turn, are susceptible to aggregation, processing and control). The Workers’ Statute, moreover, strictly identifies the purposes for which instruments may be used at work, establishing precise procedural guarantees.

Although the Regione Lombardia claimed that electronic e-mails were used by the employee to work, such notion within the meaning of the Workers’ Statute can only include services, software or applications that are strictly functional to the latter. This, however, is not the case where e-mail’s metadata are collected and stored, in a preventive and generalised manner, over an extended period by computer programmes and services for managing e-mails. Such processing operations, in fact, are carried out, for the employer’s own needs, automatically and independently of the employee’s perception and will. The metadata concerned, moreover, remain at the exclusive disposal of the employer and, on his/her behalf, of the service provider, documenting the traffic even after the possible deletion of the message by the worker who, instead, retains the availability of the messages that, as sender or recipient, he/she exchanges within the mailbox assigned to him/her by the employer, with the subsequent risk of an indirect remote control of the workers’ activity.

In such a context, therefore, in order for Article 4(2) of the Workers’ Statute to be deemed applicable, the collection and storage of only those metadata necessary to ensure the operation of the e-mail system infrastructure and the fulfilment of the most essential computer security guarantees, on the basis of technical assessments and in compliance with the principle of accountability, may be carried out for a period limited to a few days, in any case not exceeding 21, unless the data controller adequately shows that particular conditions that make such an extension necessary on account of the specificities of his/her technical and organisational reality are actually present. Conversely, the generalised collection and storage of e-mail’s metadata, for a longer period, in the presence of requirements in any case attributable to the security and protection of the employer’s assets, makes it necessary to exercise the guarantees provided for by Article 4(1) of the Statute, since it may entail an indirect remote control of the workers’ activities.

The systematic collection and storage of all log files generated by employees’ use of the Internet in the context of the employment relationship gives rise to a generalized processing of data. This includes data on unsuccessful attempts to access websites already listed on a blacklist, which are in any case blocked by the system.

Since employees remain identifiable, and there is a clear link between the activity, the employee, and their specific workstation, such processing makes it possible to reconstruct their actions through technological systems.

In these cases, the employer must comply with the procedural safeguards set out in Article 4(1) of the Workers’ Statute. These safeguards are a legal requirement for the lawful processing of the data in question.

Given that the Regione Lombardia had collected and processed all the employee’s internet surfing logs in the absence of the prior conclusion of a collective agreement with the competent trade unions, the processing at stake therefore took place, within the limits of that timeframe, in breach of the GDPR.

All of that considered, the Garante decided, on the one hand, to sanction the Regione Lombardia with a EUR 50,000 fine and, on the other hand, to order it, among other things, to limit the storage of navigation logs to 90 days and then proceed to anonymisation, to minimise and encrypt e-mail’s metadata, to limit access to metadata to authorised personnel only, and to update internal policies and privacy documentation.

In light of the Garante’s findings, companies are called upon to review their metadata and network log management practices very carefully. Even before the decision, a high level of caution was needed in the handling of e-mails, requiring, for example, transparency on the checks carried out and the timely deletion of the boxes of terminated employees. The recent sanction introduces a further level of caution, extending the compliance obligation also to so-called “external” data, such as metadata and log files, which can lead to indirect monitoring of work activity. In this regard, e-mail’s metadata should normally be retained for no longer than 21 days, while browsing logs should be limited to 90 days, followed by anonymisation. It is also crucial to update privacy notices, limit data access, encrypt data and adopt consistent internal policies. Only a structured and compliant approach can guarantee the protection of workers’ rights and corporate compliance and avoid significant consequences for the organisation, including with regard to sanctions by the competent authorities, as demonstrated by this case.

Download the article

The post THE ITALIAN DATA PROTECTION AUTHORITY HAS ISSUED A SANCTIONING DECISION REGARDING THE PROCESSING OF EMPLOYEES’ METADATA appeared first on Studio Legale De Berti Jacchia Franchini Forlani.

On 22 April 2025, the Commission proposed a new Regulation[1] amending several funding programmes in order to enhance the EU’s ability to develop and innovate in key defence capabilities and support faster, more flexible and coordinated investments in the European Defence Technology and Industrial Base (EDTIB)[2], thereby implementing the ReArm Europe Plan[3].

The Regulation finds its rationale in the severe underinvestment and lack of efficient spending in the EU’s military capabilities, affecting the EDTIB’s production capacities and its innovation potential as well as fragmenting the defence market. In line with the White Paper, and in order to develop the necessary capabilities and military readiness to secure the future of the EU, therefore, the Proposal highlights the need for a massive increase in European defence spending over a prolonged period, and introduces modifications to the so-called “STEP Regulation”[4] as well as to those of other programmes covered by the latter.

More particularly, the Proposal extends the scope of the STEP Regulation by introducing a fourth strategic sector covering all defence-related technologies and products, including those falling under the priority capability areas identified in the White Paper. This way, the STEP could be leveraged to direct additional resources into the defence sector, supporting the development of cutting-edge technologies essential for the EU’s defence preparedness and boosting investments in critical technologies for defence under cohesion policies funded by the EU budget.

Second, the Proposal amends the EDF[5] and the ASAP Regulations[6], on the one hand, to enable cumulation of funding with other Union programmes for the same action and, on the other hand, to allow Member States, on a fully voluntary basis, to transfer resources allocated to them under cohesion policy funds to these two programmes. The ASAP’s duration, furthermore, is extended until 31^st December 2026.

Third, the Digital Europe Programme (DEP)[7] is expanded to include dual-use applications amongst its objectives and to use its budget flexibility to support additional investments for the competitiveness and strategic autonomy of the EU. This, in turn, will offer crucial support for defence products such as connecting cloud and AI factories, which are vital to increase the production of advanced technologies with dual-use capabilities that are relevant to both civilian and defence sectors.

Fourth, the reach of the European Innovation Council (EIC) introduced by the Horizon Europe Regulation[8] will be expanded to start-ups working on dual-use and defence-related innovations, in order to speed up the development and deployment of cutting-edge technologies. Unused amounts and potential returns from investments made by the EIC Fund during the pilot phase under Horizon 2020, furthermore, should be made available in order to finance additional projects in dual-use and defence.

Finally, the Connecting Europe Facility (CEF)[9] was also amended to enhance military mobility and dual-use digital infrastructure, which will entail more favorable conditions for Member States to transfer cohesion funds to the Programme.

The Regulation will now be discussed by the Parliament and by the Council, and will complement the Omnibus Defence Simplification Package expected to be presented in June 2025 in order to further enable faster and more efficient defence investment and cooperation across Member States.

Download the article

The post EUROPEAN DEFENSE. THE COMMISSION’S PROPOSAL FOR A MORE FLEXIBLE BUDGET appeared first on Studio Legale De Berti Jacchia Franchini Forlani.

On 1^st April 2025, the Commission launched ProtectEU[1], a European Internal Security Strategy to bolster the EU’s ability to keep its citizens safe and to better counter future threats through a sharper legal toolbox, enhanced cooperation between Member States and EU agencies as well as increased information sharing.

Complementing the ReArm Europe Plan[2] and the Preparedness Union Strategy[3], the Proposal finds its rationale in the need to review the EU’s approach to internal security in light of an evolving geopolitical landscape characterized by proliferating organised crime networks, hybrid threats by hostile foreign states and state-sponsored actors as well as terrorists increasingly operating online. Despite, in the last decade, the EU improved its collective mechanisms for action areas such as, amongst the others, law enforcement, judicial cooperation, border security and counter-terrorism, indeed, the nature of the nowadays threats requires a step further. The Strategy, therefore, provides a comprehensive response aimed at promoting a cohesive approach to security, which should enhance the EU’s ability to prevent, detect and respond to upcoming threats.

First, the Strategy highlights the importance for the EU to rely on a comprehensive and up-to-date situational awareness and threat analysis. Building on the  risk and threat assessments produced at EU level and for specific sectors, therefore, the Commission will prepare regular EU internal security threat analyses to identify the main security challenges and to enable targeted policy interventions in a timely manner. In this regard, the Commission will revise its corporate security governance framework and establish an Integrated Security Operations Centre (ISOC) to protect people and businesses.

Second, in order to develop new law enforcement tools as well as better means to ensure secure data exchange and lawful access, the Commission will, on the one hand, propose to reinforce Europol’s mandate to bolster its technological expertise and capacity to support national law enforcement agencies and, on the other hand, create a European Critical Communication System (EUCCS) based on operational mobility, strong resilience and strategic autonomy to link Member States’ next generation critical communication systems. Moreover, the Schengen Information System (SIS)[4] will be enhanced in 2026 to enable Member States to enter alerts about third-country nationals involved in terrorism and other serious crimes, based on data shared by third countries with Europol.

Third, Member States should strengthen their resilience against threats to critical infrastructures by timely transposing and implementing the CER[5] and NIS2[6] Directives as well as exchanging good practices on national strategies and on risk assessments as regards essential services. The Commission, on its part, will focus on the security and resilience of ICT supply chains and infrastructure in the ongoing revision of the Cybersecurity Act[7] and introduce new measures to secure cloud and telecom services.

Fourth, the Strategy emphasizes the need for stronger rules in the fight against organised crime networks. In this regard, the EU institutions are working on an anti-corruption framework and on a strategy to strengthen coordination among all relevant authorities and stakeholders in this area, and a legislative proposal for modernized rules on organised crime is expected to be proposed in 2026. Moreover, the Commission will introduce a renewed EU Strategy on combatting trafficking in human beings covering all stages from prevention to prosecution, with a focus on victim support at both EU and international level.

Finally, Member States need to ensure that the EU is well equipped to anticipate threats, to prevent radicalization and to protect citizens and public spaces from terrorist attacks. Therefore, a new Agenda on preventing and countering terrorism and violent extremism will be presented in 2025, with the EU Knowledge Hub on Prevention of Radicalization[8] stepping up its support to practitioners and policymakers with a new prevention toolbox to allow for early identification and interventions focusing on vulnerable individuals.

Download the article

The post INTERNAL SECURITY. THE COMMISSION LAUNCHES PROTECT EU appeared first on Studio Legale De Berti Jacchia Franchini Forlani.

On 26 March 2025, the Commission launched the Preparedness Union Strategy[1], a new Plan meant to create a secure and resilient EU with the capabilities required to anticipate and manage threats and hazards, independently of their nature or origin, and to ensure that European citizens have adequate protection.

In line with the ReArm Europe Plan[2], the Strategy finds its rationale in the increasingly complex and unstable security landscape the EU is actually facing, including rising geopolitical tensions, cyberattacks, sabotage targeting critical assets and foreign interference adding up to the still ongoing consequences of the coronavirus pandemic, which showed that the Union’s health services and supply chains can be profoundly disrupted.

Despite the EU has developed and reinforced over time its multiple tools to build structural resilience to tackle some types of risks and to respond to crises in a number of sectors, the European preparedness framework is still experiencing shortcomings like, amongst the others, i) a mostly reactive rather than pro-active crisis management system, ii) a fragmented toolbox, and iii) limits of scale and resources within the existing structures and mechanisms at EU level.

The Strategy, therefore, includes 30 key actions distributed along seven areas of focus to advance towards a real Preparedness Union and to preserve the vital functions of the society in all circumstances.

First, the Strategy highlights the need for EU capabilities to include fully interoperable, end-to-end and multi-hazard early-warning systems based on timely and reliable data to better inform decision-makers on risks and potential interrelated effects. To ensure such approach, the Commission will, on the one hand,  develop a comprehensive EU risk and threat assessment integrating insights from multiple policy areas and, on the other hand, develop a crisis dashboard bringing together sectoral rapid alert systems and improving coordination for decision-makers. Furthermore, the Commission will ensure that the Emergency Response Coordination Centre (ERCC) is adequately equipped to produce regular briefings on cross-sectoral risks as well as to identify and analyze their effects.

Second, the Strategy clarifies that, in order to maintain vital societal functions under all circumstances, the EU must adopt minimum preparedness requirements by fully transposing and implementing the Union legal framework, in particular the CER[3] and NIS2[4] Directives, and by revising the legislative framework of the Union Civil Protection Mechanism (UCPM)[5] to further improve the effectiveness and efficiency in high-impact emergencies requiring a robust response and coordination at European level. Moreover, the Commission will propose a EU-wide stockpiling strategy integrating all existing national efforts, thereby strengthening access to critical resources across the EU.

Third, the Strategy focuses, on the one hand, on enhancing population preparedness by working with Member States, with a particular emphasis on fostering a culture of resilience at national and local level and, on the other hand, on empowering citizens to take proactive measures to prepare for crises by ensuring they can access quality and reliable information and have the necessary skills to evaluate it.

Fourth, the strategy reiterates the importance of public-private cooperation for the EU’s preparedness, ensuring that resources and expertise from all sectors are used effectively and efficiently. Therefore, the Commission will create a Preparedness Task Force drawing on the existing structures in order to gather key stakeholders from, amongst the others, public authorities, business, the scientific community and the civil society and to cooperate on strengthening the continuity management of vital functions and essential services, exchange information on supply-chain vulnerabilities and disruptions and provide frameworks and incentives to help private entities to ensure minimum preparedness requirements.

Fifth, bearing in mind that, in an increasing number of scenarios, civilian authorities need military support, the Strategy encourages Member States to improve the interaction between civilian and military actors without calling into question their respective competences. More particularly, the EU should, on the one hand, further operationalize the Mutual Assistance[6] and Solidarity[7] clauses as well as strengthen its cooperation with NATO and, on the other hand, develop arrangements for civil-military preparedness, which will clarify roles, responsibilities and priorities of EU institutions as well as Member States for preparing for and responding to incidents and crises.

Sixth, the EU needs to reinforce its crisis coordination, building on existing structures such as the Integrated Political Crisis Response (IPCR)[8] and the ERCC, and to strengthen its response capabilities and strategic crisis reserves to address critical shortages and ensure a rapid response. In this regard, the Commission will create an EU crisis coordination hub, with a focus on anticipating and managing the consequences of crises at all levels by working towards a common understanding of their implications and providing support to the lead services.

Finally, Member States should continue to develop bilateral and plurilateral partnerships with EU candidates and neighboring countries and strengthen their cooperation with NATO, integrating preparedness and resilience into their initiatives.

Download the article

The post CRISES AND EMERGING THREATS. THE COMMISSION LAUNCHES THE PREPAREDNESS UNION STRATEGY appeared first on Studio Legale De Berti Jacchia Franchini Forlani.

On 19 March 2025, the Commission presented several strategic defense initiatives to respond to the crisis in Ukraine but also to address the long-standing need to boost Europe’s security and defense infrastructures as well as to reduce its reliance on external allies. The White Paper for European Defence The White Paper[1] finds its rationale in the deep changes Europe is undergoing because of its pivotal role in the major geopolitical challenges of the past century, which highlighted a severe under-investment and lack of efficient spending in its military capabilities. The Paper aims at offering lines of action to close this critical capability gap and encourages Member States to invest in defense and defense systems and build up the readiness of the European defense industry over the long run. In the first place, the Paper sets out seven priority areas[2] which are critical to build a robust European defense, filling the capability gaps already identified by Member States. Since the scale, cost and complexity of most projects in these areas go beyond Member States’ individual capacity, a coordinated action benefiting from the Union’s support would facilitate cost-effective procurement and prompt the ramp-up of European defense industrial resources. In this regard, the Paper points at collaborative procurement as the most efficient means to acquire large quantities of consumables such as ammunition, missiles and drones, as well as deliver on more complex projects since aggregation of demand curtails costs, shortens lead times and ensures interoperability and interchangeability. In the second place, the Paper outlines a vision to increase direct military assistance and associate Ukraine in its development and procurement of defense capabilities. More particularly, the support to Ukraine should focus on two mutually reinforcing priorities. On the one hand, the EU and its Member States should, amongst others, i) provide large-caliber artillery ammunition with a minimum objective of 2 million rounds per year, ii) train and equip Ukrainian brigades and actively support the regeneration of battalions, iii) directly support Ukraine’s defense industry through direct procurement orders, and iv) grant enhanced access to EU space assets and services. On the other hand, the Ukrainian defense industry should be integrated into the European Defence Technology and Industrial Base (EDTIB)[3], which will help it to scale up, modernize and provide cost-efficient products in the global market. In the third place, the Paper points out that, despite being indispensable for defense readiness, the European defense industry still features structural weaknesses preventing it from producing systems and equipment in the quantities and with the speed needed by Member States. Therefore, a massive ramp-up of European production capacity is a prerequisite for Member States to acquire the critical capabilities they currently lack. Industry access to critical inputs is also a cardinal factor, to avoid relying only on one or a handful of suppliers of key-goods, services or other inputs. Moreover, EU policies and investments should strengthen European economic security by minimizing the potential for the weaponization of dependencies or economic coercion. Finally, Member States should work together to build a true EU-wide Market for Defense equipment, which would help achieve key objectives such as global competitiveness, readiness and greater industrial scale. The ReArm Europe Plan The ReArm Europe Plan is a  package outlining the legal and financial means to support the defense investments of Member States, expected to enable the spending of over €800 billion, structured around three pillars. First, in light of the current extraordinary geo-political situation, the Commission proposes[4] to unlock additional flexibility for higher defense spend through a coordinated activation of the national escape clause, which allows Member States to deviate from their net expenditure path, set by the Council in the context of its medium-term fiscal structural plan, in case of exceptional circumstances outside the control of their national authorities and which have a major impact on their public finances, provided that such deviation does not endanger fiscal sustainability over the medium term[5]. The flexibility range under the national escape clause should be capped at 1.5% of the gross domestic product (GDP) compared to the net expenditure path set by the Council, a threshold designed to ensure that fiscal sustainability is preserved while allowing all Member States to benefit from greater flexibility. The new mechanism would be available for four years starting from 2025, after which Member States would need to be ready to sustain a structurally higher spending level through a gradual re-prioritization within their national budgets, and increases in defense expenditure would be calculated compared to the 2021 levels. Second, the Commission launched a Security Action for Europe (SAFE)[6], a new financial instrument which will provide Member States with up to EUR 150 billion of loans[7] backed by the EU budget, helping them to boost their defense capabilities through common procurement[8]. In this regard, Member States may request financial assistance where they plan to carry out activities, expenditures and measures through common procurement with the aim of supporting the adaptation of the EDTIB to the structural changes[9]. More particularly, Member States will need to submit a European Defense Industry Investment Plan including, amongst others, a description of the activities, expenditures and measures for which the loan is requested, the defense products it intends to procure, and, where relevant, the foreseen involvement of Ukraine in the activities[10].  The Commission will then assess if the plan submitted fulfils all the conditions required, making the financial assistance available by means of an implementing decision[11]. Finally, the Plan relies on the European Investment Bank Group (EIB) to widen the scope of its lending to defense and security projects while safeguarding its financing capacity, which, besides unlocking substantial funding, also ought to send a positive signal to the markets. The European Council is now expected to deliberate on both proposals at its upcoming meetings, which should lead to concrete commitments to materialise the vision outlined therein.

Download the article

The post EUROPEAN DEFENSE. THE COMMISSION’S PROPOSALS TO BOOST EU’S SECURITY appeared first on Studio Legale De Berti Jacchia Franchini Forlani.

On 11 March 2025, the Commission proposed a Regulation[1] to improve the availability of critical medicines in Europe and to protect human health by incentivising supply chain diversification and boosting pharmaceutical manufacturing.

The Proposal finds its rationale in the fact that, over the past decade, several categories of medicines have become increasingly prone to shortages due to challenges arising along the pharmaceutical chain such as, amongst others, manufacturing hurdles and vulnerabilities in the supply of key ingredients. More particularly, the coronavirus pandemic and the recent geopolitical tensions, which are unfortunately ongoing, highlighted that shortages can be extremely problematic in crisis situations, where demand increases sharply, thereby putting patients’ lives at risk and placing a significant stress on healthcare systems. By complementing the reform of the Union’s pharmaceutical legislation and the enhanced role of the European Medicines Agency in managing shortages, the Proposal aims to reduce that risk and prevent supply chain vulnerabilities and market failures as well as coping with Europe’s dependency on single suppliers and third countries.

In the first place, the Proposal defines the criteria for projects located in the Union and related to creating or increasing manufacturing capacity considered as strategic. More particularly, industrial ventures could be recognised as Strategic Projects if they create, increase or modernise the European manufacturing capacity of critical medicines and their key ingredients[2]. Such Projects will be awarded incentives such as, amongst others, fast-track permit procedures, streamlined environmental assessments[3], administrative and scientific support[4] as well as easier access to EU funding[5].

In the second place, the Proposal introduces measures related to public procurement as a way to incentivise secure supply chains and make markets more attractive for manufacturers, whilst giving Member States access to a stable supply of medicines. Procurers will be expected to also apply procurement requirements other than price in their public procedures for critical medicines, such as, amongst others, criteria aimed at the diversification of sourcing of input material, and improving stockpiling and monitoring of supply chains. In case of high dependency on a single or a limited number of source-countries, however, procurers should be also encouraged to design requirements that favour critical medicine production in the Union[6]. Moreover, Member States will be required to develop national programmes to ensure secure supply of critical medicines via procurement, and, possibly, coherent pricing and reimbursement practices[7]. Finally, the Proposal provides Member States with several options to request the Commission’s support in the engineering of different collaborative procurement tools for critical medicines and other medicines of common interest, depending on the context and respecting the principles of subsidiarity and proportionality[8].

In the third place, the Proposal establishes a Critical Medicines Coordination Group, composed of the Commission and Member States’ representatives and whose main task will be to facilitate the application of the Regulation and enable discussions on strategic partnerships[9]. Without prejudice to the prerogatives of the Council, the Commission shall actively explore the possibility of concluding such partnerships[10].

The Proposal will now need to be discussed and approved by the Council and the Parliament, and will enter into force once the legislative process will be over.

Download Article

The post CRITICAL MEDICINES. THE COMMISSION’S PROPOSAL TO MAKE SUPPLY CHAINS MORE RESILIENT appeared first on Studio Legale De Berti Jacchia Franchini Forlani.

In data 13 febbraio 2025, la Corte di Giustizia dell’Unione Europea si è pronunciata nella Causa C-383/23, ILVA A/S,sull’interpretazione dell’articolo 83, paragrafi da 4 a 6, del Regolamento (UE) 2016/679 del Parlamento europeo e del Consiglio, del 27 aprile 2016, relativo alla protezione delle persone fisiche con riguardo al trattamento dei dati personali, nonché alla libera circolazione di tali dati e che abroga la direttiva 95/46/CE (General Data Protection Regulation, GDPR)^[1]. Tale domanda era stata presentata nell’ambito di un procedimento penale avviato dall’Anklagemyndigheden (pubblico ministero danese) nei confronti dell’ILVA A/S (“ILVA”), una società che gestisce una catena di negozi di mobili e fa parte del Lars Larsen Group, per asserite violazioni degli obblighi ad essa incombenti in forza del GDPR.

Più particolarmente, l’ILVA era imputata in un procedimento dinanzi ai giudici danesi per essere venuta meno, nel periodo tra maggio 2018 e gennaio 2019, agli obblighi ad essa incombenti nella sua qualità di titolare del trattamento dei dati personali nell’ambito della conservazione dei dati di almeno 350 000 ex clienti. Su raccomandazione del Datatilsynet (Autorità danese per la protezione dei dati), pertanto, il pubblico ministero aveva chiesto di imporre all’ILVA una sanzione pecuniaria pari a circa 201.000 euro, il cui importo era basato non solo sul suo fatturato, e bensì anche su quello complessivo del Lars Larsen Group.

In data 12 febbraio 2021, il retten i Aarhus (Tribunale di Aarhus) aveva dichiarato l’ILVA colpevole dei fatti che le erano stati contestati e l’aveva condannata al pagamento di una sanzione pecuniaria pari a circa 13.400 euro, ritenendo che essa avesse agito per negligenza, contrariamente a quanto sostenuto dal pubblico ministero. Quest’ultimo, pertanto, aveva proposto appello dinanzi al Vestre Landsret (Corte regionale dell’Ovest; il “giudice del rinvio”) che, alla luce della necessità di interpretare la normativa europea rilevante in materia, aveva deciso di sospendere il procedimento e di chiedere alla Corte di Giustizia se l’articolo 83, paragrafi da 4 a 6^[2], del GDPR, letto alla luce del suo considerando 150^[3], debba essere interpretato nel senso che il termine “impresa”, di cui a tali disposizioni, corrisponde alla nozione di “impresa” ai sensi degli articoli 101 e 102 del Trattato sul Funzionamento dell’Unione Europea (TFUE) cosicché, nel caso in cui sia inflitta una sanzione pecuniaria per violazione del GDPR ad un titolare del trattamento di dati personali, che è o fa parte di un’impresa, l’importo della sanzione pecuniaria è determinato sulla base di una percentuale del fatturato mondiale totale annuo dell’esercizio precedente dell’impresa, ai sensi di tali articoli 101 e 102.

La Corte ha preliminarmente ricordato che la nozione di “impresa” ai sensi degli articoli 101 e 102 TFUE non incide sulla questione se e a quali condizioni una sanzione amministrativa pecuniaria possa essere inflitta ai sensi dell’articolo 83 del RGPD ad un titolare del trattamento che sia una persona giuridica^[4], assumendo rilievo solo in sede di determinazione del suo importo ai sensi dei paragrafi da 4 a 6 di quest’ultimo^[5]. Ai fini dell’applicazione delle norme in materia di concorrenza di cui agli articoli 101 e 102 TFUE, infatti, tale nozione comprende qualsiasi ente che eserciti un’attività economica, a prescindere dal suo status giuridico e dalle sue modalità di finanziamento. Di conseguenza, essa si riferisce ad un’unità economica anche qualora, sotto il profilo giuridico, quest’ultima sia costituita da più persone fisiche o giuridiche, consistendo in un’organizzazione unitaria di elementi personali, materiali e immateriali che persegue stabilmente un determinato fine di natura economica^[6]. Dall’articolo 83, paragrafi da 4 a 6, del GDPR, pertanto, risulta che, nel caso in cui il destinatario della sanzione amministrativa pecuniaria sia o faccia parte di un’impresa ai sensi degli articoli 101 e 102 TFUE, l’importo massimo della sanzione amministrativa pecuniaria è calcolato sulla base di una percentuale del fatturato mondiale totale annuo dell’esercizio precedente dell’impresa interessata^[7].

La determinazione di tale importo massimo, tuttavia, deve essere distinta dal calcolo stesso dell’importo di una sanzione pecuniaria che l’autorità di controllo competente deve infliggere per la o le violazioni specifiche del GDPR che tale sanzione pecuniaria punisce. Più particolarmente, ciascuna autorità di controllo provvede affinché le sanzioni amministrative pecuniarie inflitte in forza dell’articolo 83 per le violazioni del GDPR di cui ai paragrafi da 4 a 6 di quest’ultimo siano, in ciascun caso, effettive, proporzionate e dissuasive. Oltre al rispetto di queste tre condizioni, inoltre, l’autorità di controllo competente, al fine di decidere se infliggere una sanzione amministrativa pecuniaria e fissarne l’importo, deve tenere debitamente conto, in ciascun caso concreto, di un certo numero di elementi quali, tra gli altri, la natura, la gravità e la durata della violazione, il suo carattere doloso o colposo nonché il numero di interessati lesi dal danno. Sebbene tali elementi non facciano riferimento alla nozione di impresa ai sensi degli articoli 101 e 102 TFUE, solo una sanzione pecuniaria che tiene conto non solo di tutti gli elementi che caratterizzano in tal modo le violazioni constatate del GDPR, e bensì anche, se del caso, della capacità economica reale o materiale del suo destinatario può essere allo stesso tempo effettiva, proporzionata e dissuasiva. Di conseguenza, per valutare tali condizioni, occorre tener conto della questione se tale destinatario faccia parte di un’impresa ai sensi degli articoli 101 e 102 TFUE^[8].

Tutto ciò premesso, la Corte ha pertanto statuito che:

“L’articolo 83, paragrafi da 4 a 6, del regolamento (UE) 2016/679 del Parlamento europeo e del Consiglio, del 27 aprile 2016, relativo alla protezione delle persone fisiche con riguardo al trattamento dei dati personali, nonché alla libera circolazione di tali dati e che abroga la direttiva 95/46/CE (regolamento generale sulla protezione dei dati), letto alla luce del considerando 150 di tale regolamento, deve essere interpretato nel senso che il termine «impresa», di cui a tali disposizioni, corrisponde alla nozione di «impresa», ai sensi degli articoli 101 e 102 TFUE, cosicché, quando viene inflitta una sanzione pecuniaria per violazione del regolamento 2016/679 a un titolare del trattamento di dati personali, che è o fa parte di un’impresa, l’importo massimo della sanzione pecuniaria è determinato sulla base di una percentuale del fatturato mondiale totale annuo dell’esercizio precedente dell’impresa. La nozione di «impresa» deve altresì essere presa in considerazione per valutare la capacità economica reale o materiale del destinatario della sanzione pecuniaria e verificare così se la sanzione pecuniaria sia al contempo effettiva, proporzionata e dissuasiva”.

Download Article

The post LA CORTE DI GIUSTIZIA SI PRONUNCIA SULLA NOZIONE DI “IMPRESA” E SULLA VIOLAZIONE DEL GDPR DA PARTE DI UNA SOCIETÀ FIGLIA appeared first on Studio Legale De Berti Jacchia Franchini Forlani.